Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth)
This is a compilation of the
This compilation was prepared on 6 March 2015.
The notes at the end of this compilation (the
The effect of uncommenced amendments is not shown in the text of the compiled law. Any uncommenced amendments affecting the law are accessible on ComLaw ( The details of amendments made up to, but not commenced at, the compilation date are underlined in the endnotes. For more information on any uncommenced amendments, see the series page on ComLaw for the compiled law.
If the operation of a provision or amendment of the compiled law is affected by an application, saving or transitional provision that is not included in this compilation, details are included in the endnotes.
If the compiled law is modified by another law, the compiled law operates as modified but the modification does not amend the text of the law. Accordingly, this compilation does not show the text of the compiled law as modified. For more information on any modifications, see the series page on ComLaw for the compiled law.
If a provision of the compiled law has been repealed in accordance with a provision of the law, details are included in the endnotes.
Contents
This Act may be cited as the
Privacy Amendment (Enhancing Privacy Protection) Act 2012 .
(1) Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms.
Sections 1 to 3 and anything in this Act not elsewhere covered by this table | The day this Act receives the Royal Assent. | 12 December 2012 |
Schedules 1 to 4 | The day after the end of the period of 15 months beginning on the day this Act receives the Royal Assent. | 12 March 2014 |
Schedule 5, items 1 to 155 | The day after the end of the period of 15 months beginning on the day this Act receives the Royal Assent. | 12 March 2014 |
Schedule 5, item 156 | The day this Act receives the Royal Assent. | 12 December 2012 |
Schedule 5, items 157 to 161 | The day after the end of the period of 15 months beginning on the day this Act receives the Royal Assent. | 12 March 2014 |
Schedule 5, item 162 | The day this Act receives the Royal Assent. | 12 December 2012 |
Schedule 5, items 163 to 180 | The day after the end of the period of 15 months beginning on the day this Act receives the Royal Assent. | 12 March 2014 |
Schedule 6, Part 1 | The day this Act receives the Royal Assent. | 12 December 2012 |
Schedule 6, Parts 2 and 3 | The day after the end of the period of 15 months beginning on the day this Act receives the Royal Assent. | 12 March 2014 |
Schedule 6, Part 4 | The day this Act receives the Royal Assent. | 12 December 2012 |
Schedule 6, Parts 5 to 7 | The day after the end of the period of 15 months beginning on the day this Act receives the Royal Assent. | 12 March 2014 |
Note: This table relates only to the provisions of this Act as originally enacted. It will not be amended to deal with any later amendments of this Act.
(2) Any information in column 3 of the table is not part of this Act. Information may be inserted in this column, or information in it may be edited, in any published version of this Act.
Each Act that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.
Omit “, disclosure or transfer”, substitute “or disclosure”.
Omit “National”, substitute “Australian”.
Repeal the section.
4
Subsection 6(1) (paragraph (i) of the definition of agency ) Repeal the paragraph.
Insert:
APP complaint means a complaint about an act or practice that, if established, would be an interference with the privacy of an individual because it breached an Australian Privacy Principle.
Insert:
APP entity means an agency or organisation.
Insert:
APP privacy policy has the meaning given by Australian Privacy Principle 1.3.
Insert:
Australian law means:
(a) an Act of the Commonwealth or of a State or Territory; or
(b) regulations, or any other instrument, made under such an Act; or
(c) a Norfolk Island enactment; or
(d) a rule of common law or equity.
Insert:
Australian Privacy Principle has the meaning given by section 14.
Insert:
collects : an entitycollects personal information only if the entity collects the personal information for inclusion in a record or generally available publication.
Insert:
Commonwealth record has the same meaning as in theArchives Act 1983 .
Insert:
court/tribunal order means an order, direction or other instrument made by:
(a) a court; or
(b) a tribunal; or
(c) a judge (including a judge acting in a personal capacity) or a person acting as a judge; or
(d) a magistrate (including a magistrate acting in a personal capacity) or a person acting as a magistrate; or
(e) a member or an officer of a tribunal;
and includes an order, direction or other instrument that is of an interim or interlocutory nature.
Insert:
de facto partner of an individual has the meaning given by theActs Interpretation Act 1901 .
Insert:
de‑identified : personal information isde‑identified if the information is no longer about an identifiable individual or an individual who is reasonably identifiable.
15
Subsection 6(1) (definition of eligible case manager ) Repeal the definition.
16
Subsection 6(1) (after paragraph (b) of the definition of enforcement body ) Insert:
(ba) the CrimTrac Agency; or
17
Subsection 6(1) (after paragraph (c) of the definition of enforcement body ) Insert:
(ca) the Immigration Department; or
18
Subsection 6(1) (after paragraph (e) of the definition of enforcement body ) Insert:
(ea) the Office of the Director of Public Prosecutions, or a similar body established under a law of a State or Territory; or
19
Subsection 6(1) (after paragraph (l) of the definition of enforcement body ) Insert:
(la) the Corruption and Crime Commission of Western Australia; or
Insert:
enforcement related activity means:
(a) the prevention, detection, investigation, prosecution or punishment of:
(i) criminal offences; or
(ii) breaches of a law imposing a penalty or sanction; or
(b) the conduct of surveillance activities, intelligence gathering activities or monitoring activities; or
(c) the conduct of protective or custodial activities; or
(d) the enforcement of laws relating to the confiscation of the proceeds of crime; or
(e) the protection of the public revenue; or
(f) the prevention, detection, investigation or remedying of misconduct of a serious nature, or other conduct prescribed by the regulations; or
(g) the preparation for, or conduct of, proceedings before any court or tribunal, or the implementation of court/tribunal orders.
Insert:
entity means:
(a) an agency; or
(b) an organisation; or
(c) a small business operator.
22
Subsection 6(1) (definition of generally available publication ) Repeal the definition, substitute:
generally available publication means a magazine, book, article, newspaper or other publication that is, or will be, generally available to members of the public:
(a) whether or not it is published in print, electronically or in any other form; and
(b) whether or not it is available on the payment of a fee.
Insert:
government related identifier of an individual means an identifier of the individual that has been assigned by:
(a) an agency; or
(b) a State or Territory authority; or
(c) an agent of an agency, or a State or Territory authority, acting in its capacity as agent; or
(d) a contracted service provider for a Commonwealth contract, or a State contract, acting in its capacity as contracted service provider for that contract.
Insert:
holds : an entityholds personal information if the entity has possession or control of a record that contains the personal information.Note: See section 10 for when an agency is taken to hold a record.
Insert:
identifier of an individual means a number, letter or symbol, or a combination of any or all of those things, that is used to identify the individual or to verify the identity of the individual, but does not include:
(a) the individual’s name; or
(b) the individual’s ABN (within the meaning of the
A New Tax System (Australian Business Number) Act 1999 ); or(c) anything else prescribed by the regulations.
Insert:
Immigration Department means the Department administered by the Minister administering theMigration Act 1958 .
27
Subsection 6(1) (definition of Information Privacy Principle ) Repeal the definition.
Repeal the definition.
Insert:
misconduct includes fraud, negligence, default, breach of trust, breach of duty, breach of discipline or any other misconduct in the course of duty.
30
Subsection 6(1) (definition of National Privacy Principle ) Repeal the definition.
Insert:
non‑profit organisation means an organisation:
(a) that is a non‑profit organisation; and
(b) that engages in activities for cultural, recreational, political, religious, philosophical, professional, trade or trade union purposes.
Repeal the definition.
Insert:
overseas recipient , in relation to personal information, has the meaning given by Australian Privacy Principle 8.1.
Insert:
permitted general situation has the meaning given by section 16A.
Insert:
permitted health situation has the meaning given by section 16B.
36
Subsection 6(1) (definition of personal information ) Repeal the definition, substitute:
personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
Omit “means”, substitute “includes”.
38
Subsection 6(1) (paragraphs (b) and (c) of the definition of record ) Repeal the paragraphs, substitute:
(b) an electronic or other device;
39
Subsection 6(1) (at the end of the definition of record ) Add:
Note: For
document , see section 2B of theActs Interpretation Act 1901 .
Insert:
responsible person has the meaning given by section 6AA.
41
Subsection 6(1) (subparagraph (a)(viii) of the definition of sensitive information ) Omit “preferences”, substitute “orientation”.
42
Subsection 6(1) (at the end of the definition of sensitive information ) Add:
; or (d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(e) biometric templates.
Repeal the definition.
Insert:
solicits : an entitysolicits personal information if the entity requests another entity to provide the personal information, or to provide a kind of information in which that personal information is included.
Repeal the definition.
Repeal the subsection.
Omit “IPP”, substitute “APP”.
Repeal the paragraph.
Omit “NPP”, substitute “APP”.
Omit “and 16E”, substitute “and 16”.
Omit “(within the meaning of the
Acts Interpretation Act 1901 )”.
Insert:
(1) A
responsible person for an individual is:
(a) a parent of the individual; or
(b) a child or sibling of the individual if the child or sibling is at least 18 years old; or
(c) a spouse or de facto partner of the individual; or
(d) a relative of the individual if the relative is:
(i) at least 18 years old; and
(ii) a member of the individual’s household; or
(e) a guardian of the individual; or
(f) a person exercising an enduring power of attorney granted by the individual that is exercisable in relation to decisions about the individual’s health; or
(g) a person who has an intimate personal relationship with the individual; or
(h) a person nominated by the individual to be contacted in case of emergency.
(2) In this section:
child : without limiting who is a child of an individual for the purposes of subsection (1), each of the following is achild of an individual:
(a) an adopted child, stepchild, exnuptial child or foster child of the individual;
(b) someone who is a child of the individual within the meaning of the
Family Law Act 1975 .
parent : without limiting who is a parent of an individual for the purposes of subsection (1), someone is aparent of an individual if the individual is his or her child because of the definition ofchild in this subsection.
relative of an individual (thefirst individual ) means a grandparent, grandchild, uncle, aunt, nephew or niece of the first individual and for this purpose, relationships to the first individual may also be traced to or through another individual who is:
(a) a de facto partner of the first individual; or
(b) the child of the first individual because of the definition of
child in this subsection.
sibling of an individual includes:
(a) a half‑brother, half‑sister, adoptive brother, adoptive sister, step‑brother, step‑sister, foster‑brother and foster‑sister of the individual; and
(b) another individual if a relationship referred to in paragraph (a) can be traced through a parent of either or both of the individuals.
stepchild : without limiting who is a stepchild of an individual, someone is astepchild of an individual if he or she would be the individual’s stepchild except that the individual is not legally married to the individual’s de facto partner.
Repeal the heading, substitute:
Repeal the heading.
Omit “a National”, substitute “an Australian”.
Omit “that National Privacy Principle”, substitute “that principle”.
Omit “a National”, substitute “an Australian”.
Omit “the Principle”, substitute “the principle”.
Omit “a National”, substitute “an Australian”.
Omit “, disclosure and transfer”, substitute “and disclosure”.
Omit “(except section 16D)”.
Omit “, disclosure and transfer”, substitute “and disclosure”.
Omit “an eligible case manager or”.
Repeal the paragraph.
Omit “, an eligible hearing service provider or an eligible case manager”, substitute “or an eligible hearing service provider”.
Repeal the paragraphs.
Omit “Information Privacy Principles, the National”, substitute “Australian”.
Omit “section 16E”, substitute “section 16”.
Omit “National”, substitute “Australian”.
Omit “is not the record‑keeper in relation to”, substitute “does not hold”.
Omit “of the record‑keeper in relation to”, substitute “of the agency that holds”.
Repeal the section.
Repeal the heading, substitute:
Repeal the subsections.
Omit “as the record‑keeper in relation to”, substitute “to be the agency that holds”.
Repeal the section.
Omit “National” (wherever occurring), substitute “Australian”.
Omit “Principle 2”, substitute “Principle 6”.
Omit “National”, substitute “Australian”.
Omit “National” (wherever occurring), substitute “Australian”.
Omit “Principle 2”, substitute “Principle 6”.
Repeal the Divisions, substitute:
(1) The
Australian Privacy Principles are set out in the clauses of Schedule 1.(2) A reference in any Act to an Australian Privacy Principle by a number is a reference to the Australian Privacy Principle with that number.
An APP entity must not do an act, or engage in a practice, that breaches an Australian Privacy Principle.
Nothing in the Australian Privacy Principles applies to:
(a) the collection, holding, use or disclosure of personal information by an individual; or
(b) personal information held by an individual;
only for the purposes of, or in connection with, his or her personal, family or household affairs.
(1) A
permitted general situation exists in relation to the collection, use or disclosure by an APP entity of personal information about an individual, or of a government related identifier of an individual, if:
(a) the entity is an entity of a kind specified in an item in column 1 of the table; and
(b) the item in column 2 of the table applies to the information or identifier; and
(c) such conditions as are specified in the item in column 3 of the table are satisfied.
1 | APP entity | (a) personal information; or (b) a government related identifier. |
|
2 | APP entity | (a) personal information; or (b) a government related identifier. |
|
3 | APP entity | Personal information |
|
4 | APP entity | Personal information | The collection, use or disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim. |
5 | APP entity | Personal information | The collection, use or disclosure is reasonably necessary for the purposes of a confidential alternative dispute resolution process. |
6 | Agency | Personal information | The entity reasonably believes that the collection, use or disclosure is necessary for the entity’s diplomatic or consular functions or activities. |
7 | Defence Force | Personal information | The entity reasonably believes that the collection, use or disclosure is necessary for any of the following occurring outside Australia and the external Territories: |
(a) war or warlike operations; (b) peacekeeping or peace enforcement;
|
(2) The Commissioner may, by legislative instrument, make rules relating to the collection, use or disclosure of personal information that apply for the purposes of item 3 of the table in subsection (1).
Collection—provision of a health service
(1) A
permitted health situation exists in relation to the collection by an organisation of health information about an individual if:
(a) the information is necessary to provide a health service to the individual; and
(b) either:
(i) the collection is required or authorised by or under an Australian law (other than this Act); or
(ii) the information is collected in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation.
Collection—research etc.
(2) A
permitted health situation exists in relation to the collection by an organisation of health information about an individual if:
(a) the collection is necessary for any of the following purposes:
(i) research relevant to public health or public safety;
(ii) the compilation or analysis of statistics relevant to public health or public safety;
(iii) the management, funding or monitoring of a health service; and
(b) that purpose cannot be served by the collection of information about the individual that is de‑identified information; and
(c) it is impracticable for the organisation to obtain the individual’s consent to the collection; and
(d) any of the following apply:
(i) the collection is required by or under an Australian law (other than this Act);
(ii) the information is collected in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation;
(iii) the information is collected in accordance with guidelines approved under section 95A for the purposes of this subparagraph.
Use or disclosure—research etc.
(3) A
permitted health situation exists in relation to the use or disclosure by an organisation of health information about an individual if:
(a) the use or disclosure is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety; and
(b) it is impracticable for the organisation to obtain the individual’s consent to the use or disclosure; and
(c) the use or disclosure is conducted in accordance with guidelines approved under section 95A for the purposes of this paragraph; and
(d) in the case of disclosure—the organisation reasonably believes that the recipient of the information will not disclose the information, or personal information derived from that information.
Use or disclosure—genetic information
(4) A
permitted health situation exists in relation to the use or disclosure by an organisation of genetic information about an individual (thefirst individual ) if:
(a) the organisation has obtained the information in the course of providing a health service to the first individual; and
(b) the organisation reasonably believes that the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of another individual who is a genetic relative of the first individual; and
(c) the use or disclosure is conducted in accordance with guidelines approved under section 95AA; and
(d) in the case of disclosure—the recipient of the information is a genetic relative of the first individual.
Disclosure—responsible person for an individual
(5) A
permitted health situation exists in relation to the disclosure by an organisation of health information about an individual if:
(a) the organisation provides a health service to the individual; and
(b) the recipient of the information is a responsible person for the individual; and
(c) the individual:
(i) is physically or legally incapable of giving consent to the disclosure; or
(ii) physically cannot communicate consent to the disclosure; and
(d) another individual (the
carer ) providing the health service for the organisation is satisfied that either:
(i) the disclosure is necessary to provide appropriate care or treatment of the individual; or
(ii) the disclosure is made for compassionate reasons; and
(e) the disclosure is not contrary to any wish:
(i) expressed by the individual before the individual became unable to give or communicate consent; and
(ii) of which the carer is aware, or of which the carer could reasonably be expected to be aware; and
(f) the disclosure is limited to the extent reasonable and necessary for a purpose mentioned in paragraph (d).
(1) This section applies if:
(a) an APP entity discloses personal information about an individual to an overseas recipient; and
(b) Australian Privacy Principle 8.1 applies to the disclosure of the information; and
(c) the Australian Privacy Principles do not apply, under this Act, to an act done, or a practice engaged in, by the overseas recipient in relation to the information; and
(d) the overseas recipient does an act, or engages in a practice, in relation to the information that would be a breach of the Australian Privacy Principles (other than Australian Privacy Principle 1) if those Australian Privacy Principles so applied to that act or practice.
(2) The act done, or the practice engaged in, by the overseas recipient is taken, for the purposes of this Act:
(a) to have been done, or engaged in, by the APP entity; and
(b) to be a breach of those Australian Privacy Principles by the APP entity.
Repeal the items.
84
Subsections 54(2) and 57(2) (definition of agency ) Omit “, an eligible hearing service provider or an eligible case manager”, substitute “or an eligible hearing service provider”.
Omit “people who are
responsible (within the meaning of subclause 2.5 of Schedule 3)”, substitute “responsible persons”.
Repeal the subparagraph, substitute:
(v) a responsible person for the individual; and
Omit “
responsible for the individual (within the meaning of subclause 2.5 of Schedule 3)”, substitute “a responsible person for the individual”.
After “privacy”, insert “by agencies”.
Omit “Information” (wherever occurring), substitute “Australian”.
Repeal the heading, substitute:
Omit “National Privacy Principles (the
NPPs )”, substitute “Australian Privacy Principles”.
Omit “subparagraph 2.1(d)(ii) of the NPPs”, substitute “paragraph 16B(3)(c)”.
Omit “NPPs (other than paragraph 2.1(d))”, substitute “Australian Privacy Principles (disregarding subsection 16B(3))”.
Omit “subparagraph 10.3(d)(iii) of the NPPs”, substitute “subparagraph 16B(2)(d)(iii)”.
Omit “NPPs (other than paragraph 10.3(d))”, substitute “Australian Privacy Principles (disregarding subsection 16B(2))”.
Repeal the heading, substitute:
Omit “National Privacy Principles (the
NPPs )”, substitute “Australian Privacy Principles”.
Omit “subparagraph 2.1(ea)(ii) of the NPPs”, substitute “paragraph 16B(4)(c)”.
Omit “(whether or not the threat is imminent)”.
Omit “Information”, substitute “Australian”.
Omit “a National”, substitute “an Australian”.
Repeal the subsections, substitute:
(2) Before the Governor‑General makes regulations for the purposes of Australian Privacy Principle 9.3 prescribing a government related identifier, an organisation or a class of organisations, and circumstances, the Minister must be satisfied that:
(a) the relevant agency or State or Territory authority or, if the relevant agency or State or Territory authority has a principal executive, the principal executive:
(i) has agreed that the adoption, use or disclosure of the identifier by the organisation, or the class of organisations, in the circumstances is appropriate; and
(ii) has consulted the Commissioner about that adoption, use or disclosure; and
(b) the adoption, use or disclosure of the identifier by the organisation, or the class of organisations, in the circumstances can only be for the benefit of the individual to whom the identifier relates.
(3) Subsection (2) does not apply to the making of regulations for the purposes of Australian Privacy Principle 9.3 that relate to the use or disclosure of a government related identifier by an organisation, or a class of organisations, in particular circumstances if:
(a) the identifier is a kind commonly used in the processing of pay, or deductions from pay, of Commonwealth officers, or a class of Commonwealth officers; and
(b) the circumstances of the use or disclosure of the identifier relate to the provision by:
(i) the organisation; or
(ii) the class of organisations;
of superannuation services (including the management, processing, allocation and transfer of superannuation contributions) for the benefit of Commonwealth officers or the class of Commonwealth officers; and
(c) before the regulations are made, the Minister consults the Commissioner about the proposed regulations.
Repeal the Part.
Repeal the Schedules, substitute:
Note: See section 14.
Overview This Schedule sets out the Australian Privacy Principles.
Part 1 sets out principles that require APP entities to consider the privacy of personal information, including ensuring that APP entities manage personal information in an open and transparent way.
Part 2 sets out principles that deal with the collection of personal information including unsolicited personal information.
Part 3 sets out principles about how APP entities deal with personal information and government related identifiers. The Part includes principles about the use and disclosure of personal information and those identifiers.
Part 4 sets out principles about the integrity of personal information. The Part includes principles about the quality and security of personal information.
Part 5 sets out principles that deal with requests for access to, and the correction of, personal information.
Australian Privacy Principles The Australian Privacy Principles are:
Australian Privacy Principle 1—open and transparent management of personal information
Australian Privacy Principle 2—anonymity and pseudonymity
Australian Privacy Principle 3—collection of solicited personal information
Australian Privacy Principle 4—dealing with unsolicited personal information
Australian Privacy Principle 5—notification of the collection of personal information
Australian Privacy Principle 6—use or disclosure of personal information
Australian Privacy Principle 7—direct marketing
Australian Privacy Principle 8—cross‑border disclosure of personal information
Australian Privacy Principle 9—adoption, use or disclosure of government related identifiers
Australian Privacy Principle 10—quality of personal information
Australian Privacy Principle 11—security of personal information
Australian Privacy Principle 12—access to personal information
Australian Privacy Principle 13—correction of personal information
1.1 The object of this principle is to ensure that APP entities manage personal information in an open and transparent way.
Compliance with the Australian Privacy Principles etc.
1.2 An APP entity must take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to the entity’s functions or activities that:
(a) will ensure that the entity complies with the Australian Privacy Principles and a registered APP code (if any) that binds the entity; and
(b) will enable the entity to deal with inquiries or complaints from individuals about the entity’s compliance with the Australian Privacy Principles or such a code.
APP Privacy policy
1.3 An APP entity must have a clearly expressed and up‑to‑date policy (the
APP privacy policy ) about the management of personal information by the entity.1.4 Without limiting subclause 1.3, the APP privacy policy of the APP entity must contain the following information:
(a) the kinds of personal information that the entity collects and holds;
(b) how the entity collects and holds personal information;
(c) the purposes for which the entity collects, holds, uses and discloses personal information;
(d) how an individual may access personal information about the individual that is held by the entity and seek the correction of such information;
(e) how an individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint;
(f) whether the entity is likely to disclose personal information to overseas recipients;
(g) if the entity is likely to disclose personal information to overseas recipients—the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy.
Availability of APP privacy policy etc.
1.5 An APP entity must take such steps as are reasonable in the circumstances to make its APP privacy policy available:
(a) free of charge; and
(b) in such form as is appropriate.
Note: An APP entity will usually make its APP privacy policy available on the entity’s website.
1.6 If a person or body requests a copy of the APP privacy policy of an APP entity in a particular form, the entity must take such steps as are reasonable in the circumstances to give the person or body a copy in that form.
2.1 Individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with an APP entity in relation to a particular matter.
2.2 Subclause 2.1 does not apply if, in relation to that matter:
(a) the APP entity is required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or
(b) it is impracticable for the APP entity to deal with individuals who have not identified themselves or who have used a pseudonym.
Personal information other than sensitive information
3.1 If an APP entity is an agency, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities.
3.2 If an APP entity is an organisation, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of the entity’s functions or activities.
Sensitive information
3.3 An APP entity must not collect sensitive information about an individual unless:
(a) the individual consents to the collection of the information and:
(i) if the entity is an agency—the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities; or
(ii) if the entity is an organisation—the information is reasonably necessary for one or more of the entity’s functions or activities; or
(b) subclause 3.4 applies in relation to the information.
3.4 This subclause applies in relation to sensitive information about an individual if:
(a) the collection of the information is required or authorised by or under an Australian law or a court/tribunal order; or
(b) a permitted general situation exists in relation to the collection of the information by the APP entity; or
(c) the APP entity is an organisation and a permitted health situation exists in relation to the collection of the information by the entity; or
(d) the APP entity is an enforcement body and the entity reasonably believes that:
(i) if the entity is the Immigration Department—the collection of the information is reasonably necessary for, or directly related to, one or more enforcement related activities conducted by, or on behalf of, the entity; or
(ii) otherwise—the collection of the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities; or
(e) the APP entity is a non‑profit organisation and both of the following apply:
(i) the information relates to the activities of the organisation;
(ii) the information relates solely to the members of the organisation, or to individuals who have regular contact with the organisation in connection with its activities.
Note: For
permitted general situation , see section 16A. Forpermitted health situation , see section 16B.
Means of collection
3.5 An APP entity must collect personal information only by lawful and fair means.
3.6 An APP entity must collect personal information about an individual only from the individual unless:
(a) if the entity is an agency:
(i) the individual consents to the collection of the information from someone other than the individual; or
(ii) the entity is required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than the individual; or
(b) it is unreasonable or impracticable to do so.
Solicited personal information
3.7 This principle applies to the collection of personal information that is solicited by an APP entity.
4.1 If:
(a) an APP entity receives personal information; and
(b) the entity did not solicit the information;
the entity must, within a reasonable period after receiving the information, determine whether or not the entity could have collected the information under Australian Privacy Principle 3 if the entity had solicited the information.
4.2 The APP entity may use or disclose the personal information for the purposes of making the determination under subclause 4.1.
4.3 If:
(a) the APP entity determines that the entity could not have collected the personal information; and
(b) the information is not contained in a Commonwealth record;
the entity must, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de‑identified.
4.4 If subclause 4.3 does not apply in relation to the personal information, Australian Privacy Principles 5 to 13 apply in relation to the information as if the entity had collected the information under Australian Privacy Principle 3.
5.1 At or before the time or, if that is not practicable, as soon as practicable after, an APP entity collects personal information about an individual, the entity must take such steps (if any) as are reasonable in the circumstances:
(a) to notify the individual of such matters referred to in subclause 5.2 as are reasonable in the circumstances; or
(b) to otherwise ensure that the individual is aware of any such matters.
5.2 The matters for the purposes of subclause 5.1 are as follows:
(a) the identity and contact details of the APP entity;
(b) if:
(i) the APP entity collects the personal information from someone other than the individual; or
(ii) the individual may not be aware that the APP entity has collected the personal information;
the fact that the entity so collects, or has collected, the information and the circumstances of that collection;
(c) if the collection of the personal information is required or authorised by or under an Australian law or a court/tribunal order—the fact that the collection is so required or authorised (including the name of the Australian law, or details of the court/tribunal order, that requires or authorises the collection);
(d) the purposes for which the APP entity collects the personal information;
(e) the main consequences (if any) for the individual if all or some of the personal information is not collected by the APP entity;
(f) any other APP entity, body or person, or the types of any other APP entities, bodies or persons, to which the APP entity usually discloses personal information of the kind collected by the entity;
(g) that the APP privacy policy of the APP entity contains information about how the individual may access the personal information about the individual that is held by the entity and seek the correction of such information;
(h) that the APP privacy policy of the APP entity contains information about how the individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint;
(i) whether the APP entity is likely to disclose the personal information to overseas recipients;
(j) if the APP entity is likely to disclose the personal information to overseas recipients—the countries in which such recipients are likely to be located if it is practicable to specify those countries in the notification or to otherwise make the individual aware of them.
Use or disclosure
6.1 If an APP entity holds personal information about an individual that was collected for a particular purpose (the
primary purpose ), the entity must not use or disclose the information for another purpose (thesecondary purpose ) unless:
(a) the individual has consented to the use or disclosure of the information; or
(b) subclause 6.2 or 6.3 applies in relation to the use or disclosure of the information.
Note: Australian Privacy Principle 8 sets out requirements for the disclosure of personal information to a person who is not in Australia or an external Territory.
6.2 This subclause applies in relation to the use or disclosure of personal information about an individual if:
(a) the individual would reasonably expect the APP entity to use or disclose the information for the secondary purpose and the secondary purpose is:
(i) if the information is sensitive information—directly related to the primary purpose; or
(ii) if the information is not sensitive information—related to the primary purpose; or
(b) the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or
(c) a permitted general situation exists in relation to the use or disclosure of the information by the APP entity; or
(d) the APP entity is an organisation and a permitted health situation exists in relation to the use or disclosure of the information by the entity; or
(e) the APP entity reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
Note: For
permitted general situation , see section 16A. Forpermitted health situation , see section 16B.6.3 This subclause applies in relation to the disclosure of personal information about an individual by an APP entity that is an agency if:
(a) the agency is not an enforcement body; and
(b) the information is biometric information or biometric templates; and
(c) the recipient of the information is an enforcement body; and
(d) the disclosure is conducted in accordance with the guidelines made by the Commissioner for the purposes of this paragraph.
6.4 If:
(a) the APP entity is an organisation; and
(b) subsection 16B(2) applied in relation to the collection of the personal information by the entity;
the entity must take such steps as are reasonable in the circumstances to ensure that the information is de‑identified before the entity discloses it in accordance with subclause 6.1 or 6.2.
Written note of use or disclosure
6.5 If an APP entity uses or discloses personal information in accordance with paragraph 6.2(e), the entity must make a written note of the use or disclosure.
Related bodies corporate
6.6 If:
(a) an APP entity is a body corporate; and
(b) the entity collects personal information from a related body corporate;
this principle applies as if the entity’s primary purpose for the collection of the information were the primary purpose for which the related body corporate collected the information.
Exceptions
6.7 This principle does not apply to the use or disclosure by an organisation of:
(a) personal information for the purpose of direct marketing; or
(b) government related identifiers.
Direct marketing
7.1 If an organisation holds personal information about an individual, the organisation must not use or disclose the information for the purpose of direct marketing.
Note: An act or practice of an agency may be treated as an act or practice of an organisation, see section 7A.
Exceptions—personal information other than sensitive information
7.2 Despite subclause 7.1, an organisation may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:
(a) the organisation collected the information from the individual; and
(b) the individual would reasonably expect the organisation to use or disclose the information for that purpose; and
(c) the organisation provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and
(d) the individual has not made such a request to the organisation.
7.3 Despite subclause 7.1, an organisation may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:
(a) the organisation collected the information from:
(i) the individual and the individual would not reasonably expect the organisation to use or disclose the information for that purpose; or
(ii) someone other than the individual; and
(b) either:
(i) the individual has consented to the use or disclosure of the information for that purpose; or
(ii) it is impracticable to obtain that consent; and
(c) the organisation provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and
(d) in each direct marketing communication with the individual:
(i) the organisation includes a prominent statement that the individual may make such a request; or
(ii) the organisation otherwise draws the individual’s attention to the fact that the individual may make such a request; and
(e) the individual has not made such a request to the organisation.
Exception—sensitive information
7.4 Despite subclause 7.1, an organisation may use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose.
Exception—contracted service providers
7.5 Despite subclause 7.1, an organisation may use or disclose personal information for the purpose of direct marketing if:
(a) the organisation is a contracted service provider for a Commonwealth contract; and
(b) the organisation collected the information for the purpose of meeting (directly or indirectly) an obligation under the contract; and
(c) the use or disclosure is necessary to meet (directly or indirectly) such an obligation.
Individual may request not to receive direct marketing communications etc.
7.6 If an organisation (the
first organisation ) uses or discloses personal information about an individual:
(a) for the purpose of direct marketing by the first organisation; or
(b) for the purpose of facilitating direct marketing by other organisations;
the individual may:
(c) if paragraph (a) applies—request not to receive direct marketing communications from the first organisation; and
(d) if paragraph (b) applies—request the organisation not to use or disclose the information for the purpose referred to in that paragraph; and
(e) request the first organisation to provide its source of the information.
7.7 If an individual makes a request under subclause 7.6, the first organisation must not charge the individual for the making of, or to give effect to, the request and:
(a) if the request is of a kind referred to in paragraph 7.6(c) or (d)—the first organisation must give effect to the request within a reasonable period after the request is made; and
(b) if the request is of a kind referred to in paragraph 7.6(e)—the organisation must, within a reasonable period after the request is made, notify the individual of its source unless it is impracticable or unreasonable to do so.
Interaction with other legislation
7.8 This principle does not apply to the extent that any of the following apply:
(a) the
Do Not Call Register Act 2006 ;(b) the
Spam Act 2003 ;(c) any other Act of the Commonwealth, or a Norfolk Island enactment, prescribed by the regulations.
8.1 Before an APP entity discloses personal information about an individual to a person (the
overseas recipient ):
(a) who is not in Australia or an external Territory; and
(b) who is not the entity or the individual;
the entity must take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles (other than Australian Privacy Principle 1) in relation to the information.
Note: In certain circumstances, an act done, or a practice engaged in, by the overseas recipient is taken, under section 16C, to have been done, or engaged in, by the APP entity and to be a breach of the Australian Privacy Principles.
8.2 Subclause 8.1 does not apply to the disclosure of personal information about an individual by an APP entity to the overseas recipient if:
(a) the entity reasonably believes that:
(i) the recipient of the information is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information; and
(ii) there are mechanisms that the individual can access to take action to enforce that protection of the law or binding scheme; or
(b) both of the following apply:
(i) the entity expressly informs the individual that if he or she consents to the disclosure of the information, subclause 8.1 will not apply to the disclosure;
(ii) after being so informed, the individual consents to the disclosure; or
(c) the disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or
(d) a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1)) exists in relation to the disclosure of the information by the APP entity; or
(e) the entity is an agency and the disclosure of the information is required or authorised by or under an international agreement relating to information sharing to which Australia is a party; or
(f) the entity is an agency and both of the following apply:
(i) the entity reasonably believes that the disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body;
(ii) the recipient is a body that performs functions, or exercises powers, that are similar to those performed or exercised by an enforcement body.
Note: For
permitted general situation , see section 16A.
Adoption of government related identifiers
9.1 An organisation must not adopt a government related identifier of an individual as its own identifier of the individual unless:
(a) the adoption of the government related identifier is required or authorised by or under an Australian law or a court/tribunal order; or
(b) subclause 9.3 applies in relation to the adoption.
Note: An act or practice of an agency may be treated as an act or practice of an organisation, see section 7A.
Use or disclosure of government related identifiers
9.2 An organisation must not use or disclose a government related identifier of an individual unless:
(a) the use or disclosure of the identifier is reasonably necessary for the organisation to verify the identity of the individual for the purposes of the organisation’s activities or functions; or
(b) the use or disclosure of the identifier is reasonably necessary for the organisation to fulfil its obligations to an agency or a State or Territory authority; or
(c) the use or disclosure of the identifier is required or authorised by or under an Australian law or a court/tribunal order; or
(d) a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1)) exists in relation to the use or disclosure of the identifier; or
(e) the organisation reasonably believes that the use or disclosure of the identifier is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
(f) subclause 9.3 applies in relation to the use or disclosure.
Note 1: An act or practice of an agency may be treated as an act or practice of an organisation, see section 7A.
Note 2: For
permitted general situation , see section 16A.
Regulations about adoption, use or disclosure
9.3 This subclause applies in relation to the adoption, use or disclosure by an organisation of a government related identifier of an individual if:
(a) the identifier is prescribed by the regulations; and
(b) the organisation is prescribed by the regulations, or is included in a class of organisations prescribed by the regulations; and
(c) the adoption, use or disclosure occurs in the circumstances prescribed by the regulations.
Note: There are prerequisites that must be satisfied before the matters mentioned in this subclause are prescribed, see subsections 100(2) and (3).
10.1 An APP entity must take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that the entity collects is accurate, up‑to‑date and complete.
10.2 An APP entity must take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that the entity uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up‑to‑date, complete and relevant.
11.1 If an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information:
(a) from misuse, interference and loss; and
(b) from unauthorised access, modification or disclosure.
11.2 If:
(a) an APP entity holds personal information about an individual; and
(b) the entity no longer needs the information for any purpose for which the information may be used or disclosed by the entity under this Schedule; and
(c) the information is not contained in a Commonwealth record; and
(d) the entity is not required by or under an Australian law, or a court/tribunal order, to retain the information;
the entity must take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de‑identified.
Access
12.1 If an APP entity holds personal information about an individual, the entity must, on request by the individual, give the individual access to the information.
Exception to access—agency
12.2 If:
(a) the APP entity is an agency; and
(b) the entity is required or authorised to refuse to give the individual access to the personal information by or under:
(i) the Freedom of Information Act; or
(ii) any other Act of the Commonwealth, or a Norfolk Island enactment, that provides for access by persons to documents;
then, despite subclause 12.1, the entity is not required to give access to the extent that the entity is required or authorised to refuse to give access.
Exception to access—organisation
12.3 If the APP entity is an organisation then, despite subclause 12.1, the entity is not required to give the individual access to the personal information to the extent that:
(a) the entity reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
(b) giving access would have an unreasonable impact on the privacy of other individuals; or
(c) the request for access is frivolous or vexatious; or
(d) the information relates to existing or anticipated legal proceedings between the entity and the individual, and would not be accessible by the process of discovery in those proceedings; or
(e) giving access would reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
(f) giving access would be unlawful; or
(g) denying access is required or authorised by or under an Australian law or a court/tribunal order; or
(h) both of the following apply:
(i) the entity has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity’s functions or activities has been, is being or may be engaged in;
(ii) giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
(i) giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
(j) giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision‑making process.
Dealing with requests for access
12.4 The APP entity must:
(a) respond to the request for access to the personal information:
(i) if the entity is an agency—within 30 days after the request is made; or
(ii) if the entity is an organisation—within a reasonable period after the request is made; and
(b) give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so.
Other means of access
12.5 If the APP entity refuses:
(a) to give access to the personal information because of subclause 12.2 or 12.3; or
(b) to give access in the manner requested by the individual;
the entity must take such steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of the entity and the individual.
12.6 Without limiting subclause 12.5, access may be given through the use of a mutually agreed intermediary.
Access charges
12.7 If the APP entity is an agency, the entity must not charge the individual for the making of the request or for giving access to the personal information.
12.8 If:
(a) the APP entity is an organisation; and
(b) the entity charges the individual for giving access to the personal information;
the charge must not be excessive and must not apply to the making of the request.
Refusal to give access
12.9 If the APP entity refuses to give access to the personal information because of subclause 12.2 or 12.3, or to give access in the manner requested by the individual, the entity must give the individual a written notice that sets out:
(a) the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
(b) the mechanisms available to complain about the refusal; and
(c) any other matter prescribed by the regulations.
12.10 If the APP entity refuses to give access to the personal information because of paragraph 12.3(j), the reasons for the refusal may include an explanation for the commercially sensitive decision.
Correction
13.1 If:
(a) an APP entity holds personal information about an individual; and
(b) either:
(i) the entity is satisfied that, having regard to a purpose for which the information is held, the information is inaccurate, out‑of‑date, incomplete, irrelevant or misleading; or
(ii) the individual requests the entity to correct the information;
the entity must take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up‑to‑date, complete, relevant and not misleading.
Notification of correction to third parties
13.2 If:
(a) the APP entity corrects personal information about an individual that the entity previously disclosed to another APP entity; and
(b) the individual requests the entity to notify the other APP entity of the correction;
the entity must take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
Refusal to correct information
13.3 If the APP entity refuses to correct the personal information as requested by the individual, the entity must give the individual a written notice that sets out:
(a) the reasons for the refusal except to the extent that it would be unreasonable to do so; and
(b) the mechanisms available to complain about the refusal; and
(c) any other matter prescribed by the regulations.
Request to associate a statement
13.4 If:
(a) the APP entity refuses to correct the personal information as requested by the individual; and
(b) the individual requests the entity to associate with the information a statement that the information is inaccurate, out‑of‑date, incomplete, irrelevant or misleading;
the entity must take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.
Dealing with requests
13.5 If a request is made under subclause 13.1 or 13.4, the APP entity:
(a) must respond to the request:
(i) if the entity is an agency—within 30 days after the request is made; or
(ii) if the entity is an organisation—within a reasonable period after the request is made; and
(b) must not charge the individual for the making of the request, for correcting the personal information or for associating the statement with the personal information (as the case may be).
Insert:
Insert:
access seeker has the meaning given by subsection 6L(1).
Insert:
affected information recipient means:
(a) a mortgage insurer; or
(b) a trade insurer; or
(c) a body corporate referred to in paragraph 21G(3)(b); or
(d) a person referred to in paragraph 21G(3)(c); or
(e) an entity or adviser referred to in paragraph 21N(2)(a).
Insert:
amount of credit has the meaning given by subsection 6M(2).
Insert:
Bankruptcy Act means theBankruptcy Act 1966 .
Insert:
ban period has the meaning given by subsection 20K(3).
7
Subsection 6(1) (definition of commercial credit ) Repeal the definition, substitute:
commercial credit means credit (other than consumer credit) that is applied for by, or provided to, a person.
Insert:
commercial credit related purpose of a credit provider in relation to a person means the purpose of:
(a) assessing an application for commercial credit made by the person to the provider; or
(b) collecting payments that are overdue in relation to commercial credit provided by the provider to the person.
Insert:
consumer credit means credit:
(a) for which an application has been made by an individual to a credit provider, or that has been provided to an individual by a credit provider, in the course of the provider carrying on a business or undertaking as a credit provider; and
(b) that is intended to be used wholly or primarily:
(i) for personal, family or household purposes; or
(ii) to acquire, maintain, renovate or improve residential property for investment purposes; or
(iii) to refinance consumer credit that has been provided wholly or primarily to acquire, maintain, renovate or improve residential property for investment purposes.
Insert:
consumer credit liability information : if a credit provider provides consumer credit to an individual, the following information about the consumer credit isconsumer credit liability information about the individual:
(a) the name of the provider;
(b) whether the provider is a licensee;
(c) the type of consumer credit;
(d) the day on which the consumer credit is entered into;
(e) the terms or conditions of the consumer credit:
(i) that relate to the repayment of the amount of credit; and
(ii) that are prescribed by the regulations;
(f) the maximum amount of credit available under the consumer credit;
(g) the day on which the consumer credit is terminated or otherwise ceases to be in force.
Insert:
consumer credit related purpose of a credit provider in relation to an individual means the purpose of:
(a) assessing an application for consumer credit made by the individual to the provider; or
(b) collecting payments that are overdue in relation to consumer credit provided by the provider to the individual.
Insert:
court proceedings information about an individual means information about a judgement of an Australian court:
(a) that is made, or given, against the individual in proceedings (other than criminal proceedings); and
(b) that relates to any credit that has been provided to, or applied for by, the individual.
Insert:
CP derived information about an individual means any personal information (other than sensitive information) about the individual:
(a) that is derived from credit reporting information about the individual that was disclosed to a credit provider by a credit reporting body under Division 2 of Part IIIA; and
(b) that has any bearing on the individual’s credit worthiness; and
(c) that is used, has been used or could be used in establishing the individual’s eligibility for consumer credit.
Insert:
CRB derived information about an individual means any personal information (other than sensitive information) about the individual:
(a) that is derived by a credit reporting body from credit information about the individual that is held by the body; and
(b) that has any bearing on the individual’s credit worthiness; and
(c) that is used, has been used or could be used in establishing the individual’s eligibility for consumer credit.
Repeal the definition, substitute:
credit has the meaning given by subsections 6M(1) and (3).
Omit “loans” (wherever occurring), substitute “credit”.
Insert:
credit eligibility information about an individual means:
(a) credit reporting information about the individual that was disclosed to a credit provider by a credit reporting body under Division 2 of Part IIIA; or
(b) CP derived information about the individual.
18
Subsection 6(1) (definition of credit enhancement ) Omit “a loan”, substitute “credit”.
19
Subsection 6(1) (paragraphs (a) and (b) of the definition of credit enhancement ) Omit “the loan”, substitute “the credit”.
Insert:
credit guarantee purpose of a credit provider in relation to an individual means the purpose of assessing whether to accept the individual as a guarantor in relation to:
(a) credit provided by the provider to a person other than the individual; or
(b) credit for which an application has been made to the provider by a person other than the individual.
Insert:
credit information has the meaning given by section 6N.
22
Subsection 6(1) (definition of credit information file ) Repeal the definition.
23
Subsection 6(1) (definition of credit provider ) Omit “section 11B”, substitute “sections 6G to 6K”.
Repeal the definition.
25
Subsection 6(1) (definition of credit reporting agency ) Repeal the definition.
Insert:
credit reporting body means:
(a) an organisation; or
(b) an agency prescribed by the regulations;
that carries on a credit reporting business.
27
Subsection 6(1) (definition of credit reporting business ) Repeal the definition, substitute:
credit reporting business has the meaning given by section 6P.
Insert:
credit reporting information about an individual means credit information, or CRB derived information, about the individual.
Insert:
credit worthiness of an individual means the individual’s:
(a) eligibility to be provided with consumer credit; or
(b) history in relation to consumer credit; or
(c) capacity to repay an amount of credit that relates to consumer credit.
30
Subsection 6(1) (definition of current credit provider) Repeal the definition.
Insert:
default information has the meaning given by section 6Q.
32
Subsection 6(1) (definition of eligible communications service) Repeal the definition.
Repeal the definition, substitute:
guarantee includes an indemnity given against the default of a person in making a payment in relation to credit that has been applied for by, or provided to, the person.
Insert:
identification information about an individual means:
(a) the individual’s full name; or
(b) an alias or previous name of the individual; or
(c) the individual’s date of birth; or
(d) the individual’s sex; or
(e) the individual’s current or last known address, and 2 previous addresses (if any); or
(f) the name of the individual’s current or last known employer; or
(g) if the individual holds a driver’s licence—the individual’s driver’s licence number.
Insert:
information request has the meaning given by section 6R.
Insert:
interested party has the meaning given by subsections 20T(3) and 21V(3).
Insert:
licensee has the meaning given by theNational Consumer Credit Protection Act 2009 .
Repeal the definition.
Insert:
managing credit does not include the act of collecting overdue payments in relation to credit.
40
Subsection 6(1) (definition of mortgage credit ) Repeal the definition, substitute:
mortgage credit means consumer credit:
(a) that is provided in connection with the acquisition, maintenance, renovation or improvement of real property; and
(b) in relation to which the real property is security.
Insert:
mortgage insurance purpose of a mortgage insurer in relation to an individual is the purpose of assessing:
(a) whether to provide insurance to, or the risk of providing insurance to, a credit provider in relation to mortgage credit:
(i) provided by the provider to the individual; or
(ii) for which an application to the provider has been made by the individual; or
(b) the risk of the individual defaulting on mortgage credit in relation to which the insurer has provided insurance to a credit provider; or
(c) the risk of the individual being unable to meet a liability that might arise under a guarantee provided, or proposed to be provided, in relation to mortgage credit provided by a credit provider to another person.
42
Subsection 6(1) (definition of mortgage insurer ) Repeal the definition, substitute:
mortgage insurer means an organisation, or small business operator, that carries on a business or undertaking that involves providing insurance to credit providers in relation to mortgage credit provided by providers to other persons.
Insert:
National Personal Insolvency Index has the meaning given by the Bankruptcy Act.
Insert:
new arrangement information has the meaning given by section 6S.
Insert:
payment information has the meaning given by section 6T.
Insert:
penalty unit has the meaning given by section 4AA of theCrimes Act 1914 .
Insert:
pending correction request in relation to credit information or CRB derived information means:
(a) a request made under subsection 20T(1) in relation to the information if a notice has not been given under subsection 20U(2) or (3) in relation to the request; or
(b) a request made under subsection 21V(1) in relation to the information if:
(i) the credit reporting body referred to in subsection 20V(3) has been consulted about the request under subsection 21V(3); and
(ii) a notice has not been given under subsection 21W(2) or (3) in relation to the request.
Insert:
pending dispute in relation to credit information or CRB derived information means:
(a) a complaint made under section 23A that relates to the information if a decision about the complaint has not been made under subsection 23B(4); or
(b) a matter that relates to the information and that is still being dealt with by a recognised external dispute resolution scheme; or
(c) a complaint made to the Commissioner under Part V that relates to the information and that is still being dealt with.
Insert:
permitted CP disclosure has the meaning given by sections 21J to 21N.
Insert:
permitted CP use has the meaning given by section 21H.
Insert:
permitted CRB disclosure has the meaning given by section 20F.
Insert:
personal insolvency information has the meaning given by section 6U.
Insert:
pre‑screening assessment means an assessment made under paragraph 20G(2)(d).
Insert:
purchase , in relation to credit, includes the purchase of rights to receive payments relating to the credit.
Insert:
regulated information of an affected information recipient means:
(a) if the recipient is a mortgage insurer or trade insurer—personal information disclosed to the recipient under Division 2 or 3 of Part IIIA; or
(b) if the recipient is a body corporate referred to in paragraph 21G(3)(b)—credit eligibility information disclosed to the recipient under that paragraph; or
(c) if the recipient is a person referred to in paragraph 21G(3)(c)—credit eligibility information disclosed to the recipient under that paragraph; or
(d) if the recipient is an entity or adviser referred to in paragraph 21N(2)(a)—credit eligibility information disclosed to the recipient under subsection 21N(2).
Insert:
repayment history information has the meaning given by subsection 6V(1).
Insert:
residential property has the meaning given by section 204 of the National Credit Code (within the meaning of theNational Consumer Credit Protection Act 2009 ).
Insert:
respondent for a complaint made under section 23A means the credit reporting body or credit provider to which the complaint is made.
Insert:
retention period has the meaning given by sections 20W and 20X.
60
Subsection 6(1) (subparagraphs (a)(i) and (ii) of the definition of securitisation arrangement ) Repeal the subparagraphs, substitute:
(i) credit that has been, or is to be, provided by a credit provider; or
(ii) the purchase of credit by a credit provider;
61
Subsection 6(1) (paragraph (b) of the definition of securitisation arrangement ) Omit “loans”, substitute “credit”.
Insert:
securitisation related purpose of a credit provider in relation to an individual is the purpose of:
(a) assessing the risk in purchasing, by means of a securitisation arrangement, credit that has been provided to, or applied for by:
(i) the individual; or
(ii) a person for whom the individual is, or is proposing to be, a guarantor; or
(b) assessing the risk in undertaking credit enhancement in relation to credit:
(i) that is, or is proposed to be, purchased or funded by means of a securitisation arrangement; and
(ii) that has been provided to, or applied for by, the individual or a person for whom the individual is, or is proposing to be, a guarantor.
63
Subsection 6(1) (definition of serious credit infringement ) Repeal the definition, substitute:
serious credit infringement means:
(a) an act done by an individual that involves fraudulently obtaining consumer credit, or attempting fraudulently to obtain consumer credit; or
(b) an act done by an individual that involves fraudulently evading the individual’s obligations in relation to consumer credit, or attempting fraudulently to evade those obligations; or
(c) an act done by an individual if:
(i) a reasonable person would consider that the act indicates an intention, on the part of the individual, to no longer comply with the individual’s obligations in relation to consumer credit provided by a credit provider; and
(ii) the provider has, after taking such steps as are reasonable in the circumstances, been unable to contact the individual about the act; and
(iii) at least 6 months have passed since the provider last had contact with the individual.
Insert:
trade insurance purpose of a trade insurer in relation to an individual is the purpose of assessing:
(a) whether to provide insurance to, or the risk of providing insurance to, a credit provider in relation to commercial credit provided by the provider to the individual or another person; or
(b) the risk of a person defaulting on commercial credit in relation to which the insurer has provided insurance to a credit provider.
Repeal the definition, substitute:
trade insurer means an organisation, or small business operator, that carries on a business or undertaking that involves providing insurance to credit providers in relation to commercial credit provided by providers to other persons.
Repeal the subsections.
Omit “
credit ”, substitute “consumer credit ”.
Add:
; or (f) is a credit reporting body.
Insert:
General
(1) Each of the following is a
credit provider :
(a) a bank;
(b) an organisation or small business operator if:
(i) the organisation or operator carries on a business or undertaking; and
(ii) a substantial part of the business or undertaking is the provision of credit;
(c) an organisation or small business operator:
(i) that carries on a retail business; and
(ii) that, in the course of the business, issues credit cards to individuals in connection with the sale of goods, or the supply of services, by the organisation or operator (as the case may be);
(d) an agency, organisation or small business operator:
(i) that carries on a business or undertaking that involves providing credit; and
(ii) that is prescribed by the regulations.
Other credit providers
(2) If:
(a) an organisation or small business operator (the
supplier ) carries on a business or undertaking in the course of which the supplier provides credit in connection with the sale of goods, or the supply of services, by the supplier; and(b) the repayment, in full or in part, of the amount of credit is deferred for at least 7 days; and
(c) the supplier is not a credit provider under subsection (1);
then the supplier is a
credit provider but only in relation to the credit.
(3) If:
(a) an organisation or small business operator (the
lessor ) carries on a business or undertaking in the course of which the lessor provides credit in connection with the hiring, leasing or renting of goods; and(b) the credit is in force for at least 7 days; and
(c) no amount, or an amount less than the value of the goods, is paid as a deposit for the return of the goods; and
(d) the lessor is not a credit provider under subsection (1);
then the lessor is a
credit provider but only in relation to the credit.
(4) An organisation or small business operator is a
credit provider if subsection 6H(1), 6J(1) or 6K(1) provides that the organisation or operator is a credit provider.
Exclusions
(5) Despite subsections (1) to (4) of this section, an organisation or small business operator acting in the capacity of:
(a) a real estate agent; or
(b) a general insurer (within the meaning of the
Insurance Act 1973 ); or(c) an employer of an individual;
is not a
credit provider while acting in that capacity.
(6) Despite subsections (1) to (4) of this section, an organisation or small business operator is not a
credit provider if it is included in a class of organisations or operators prescribed by the regulations.
Omit “contained in a credit information file in the possession or control of the credit reporting agency”, substitute “held by the credit reporting body”.
Omit “agency”, substitute “body”.
Omit “agency”, substitute “body”.
Omit “the names, residential addresses and dates of birth contained in credit information files of other individuals”, substitute “personal information held by the body that is the names, residential addresses and dates of birth of other individuals”.
Repeal the heading, substitute:
Omit “agency” (first occurring), substitute “body”.
Omit “contained in a credit information file in the possession or control of the credit reporting agency”, substitute “held by the credit reporting body”.
Omit “the names, residential addresses and dates of birth contained in credit information files of other individuals”, substitute “personal information held by the credit reporting body that is the names, residential addresses and dates of birth of other individuals”.
Omit “contained in a credit information file in the possession or control of the credit reporting agency”, substitute “held by the credit reporting body”.
Omit “contained in an individual’s credit information file”, substitute “held by the credit reporting body”.
Omit “law for the purposes of paragraph 18K(1)(m)”, substitute “this Act for the purposes of paragraph 20E(3)(e)”.
Omit “agency”, substitute “body”.
Repeal the section, substitute:
Subject to section 35E, a credit reporting body must not collect or hold personal information about an individual that relates to a verification request or an assessment in relation to the individual.
Repeal the heading, substitute:
Omit “agency” (wherever occurring), substitute “body”.
Repeal the section, substitute:
A breach of a requirement of this Division in relation to an individual constitutes an act or practice involving an interference with the privacy of the individual for the purposes of section 13 of the
Privacy Act 1988 .Note: The act or practice may be the subject of a complaint under section 36 of that Act.
Omit “agency (within the meaning of section 11A of the
Privacy Act 1988 ) would be required, under subsection 18K(5)”, substitute “body (within the meaning of thePrivacy Act 1988 ) would be required, under subsection 20E(5)”.
Omit “agency (within the meaning of section 11A of the
Privacy Act 1988 ) would be required, under subsection 18K(5)”, substitute “body (within the meaning of thePrivacy Act 1988 ) would be required, under subsection 20E(5)”.
Omit “agency (within the meaning of section 11A of the
Privacy Act 1988 ) would be required, under subsection 18K(5)”, substitute “body (within the meaning of thePrivacy Act 1988 ) would be required, under subsection 20E(5)”.
131
Paragraph 88(3)(i) of the National Credit Code Repeal the paragraph, substitute:
(i) that, under the
Privacy Act 1988 , a credit reporting body (within the meaning of that Act) may collect and hold default information (within the meaning of that Act) in relation to the default; and
132
Paragraph 179D(2)(h) of the National Credit Code Repeal the paragraph, substitute:
(h) that, under the
Privacy Act 1988 , a credit reporting body (within the meaning of that Act) may collect and hold default information (within the meaning of that Act) in relation to the default; and
Omit “agency” (wherever occurring), substitute “body”.
Omit “record of the disclosure in the entity’s credit information file, as required by subsection 18K(5)”, substitute “written note of the disclosure as required by subsection 20E(5)”.
Repeal the paragraph, substitute:
(b) a statement about the operation of registered APP codes under the
Privacy Act 1988 that contain procedures covered by subsection (2), including details about the number of complaints made under codes, their nature and outcome.
Omit “an approved privacy code”, substitute “a registered APP code”.
Omit “an approved privacy code”, substitute “a registered APP code”.
Omit “the approved privacy code”, substitute “the registered APP code”.
Omit “approved privacy code”, substitute “registered APP code”.
Omit “an approved privacy code”, substitute “a registered APP code”.
Omit “the approved privacy code”, substitute “the registered APP code”.
Omit “an approved privacy code (as defined in that Act)”, substitute “a registered APP code (within the meaning of the
Privacy Act 1988 )”.
Omit “an approved privacy code”, substitute “a registered APP code”.
Omit “an approved privacy code”, substitute “a registered APP code”.
Omit “an approved privacy code”, substitute “a registered APP code”.
Omit “approved privacy code”, substitute “registered APP code”.
Omit “in the performance of the functions referred to in paragraph 27(1)(a) or 28(1)(b) or (c) of the
Privacy Act 1988 ”, substitute “under thePrivacy Act 1988 as an interference with the privacy of an individual under subsection 13(1) or (4) of that Act”.
148
Subsection 9(2) (table item 3, column headed “Provision”) Omit “, and the Schedule”.
Repeal the paragraphs, substitute:
(a) performing the functions, and exercising the powers, conferred on the Commissioner by Part IIIB of the
Privacy Act 1988 ;
Repeal the paragraph, substitute:
(c) the making of guidelines under paragraph 28(1)(a) or (b) of the
Privacy Act 1988 , or the variation or revocation of those guidelines;
Repeal the paragraph, substitute:
(d) the issue, variation or revocation of rules under:
(i) section 17 of the
Privacy Act 1988 ; or(ii) section 12 of the
Data‑matching Program (Assistance and Tax) Act 1990 ; or(iii) section 135AA of the
National Health Act 1953 ;
Omit “paragraph 27(1)(r)”, substitute “paragraph 28B(1)(c)”.
Repeal the paragraph.
Omit “guidelines”, substitute “rules”.
Omit “paragraphs 28(1)(a) and (f)”, substitute “section 17 and paragraph 28A(1)(d)”.
Omit “, 96”.
Omit “Guidelines”, substitute “Rules”.
Repeal the heading, substitute:
Omit “guidelines” (wherever occurring), substitute “rules”.
Omit “guidelines in the Schedule”, substitute “rules issued under section 12”.
Omit “guidelines”, substitute “rules”.
Omit “Part 5 and section 99”, substitute “Part V”.
Omit “guidelines”, substitute “rules”.
Repeal the subsection, substitute:
Assessment by Information Commissioner
(3) For the purpose of paragraph 33C(1)(a) of the
Privacy Act 1988 , a healthcare identifier is taken to be personal information.
Repeal the heading, substitute:
Repeal the heading, substitute:
Issuing rules
Omit “guidelines”, substitute “rules”.
Repeal the heading, substitute:
Replacing or varying rules
Omit “guidelines” (wherever occurring), substitute “rules”.
Repeal the heading, substitute:
Content of rules
Omit “guidelines” (wherever occurring), substitute “rules”.
Omit “guidelines”, substitute “rules”.
Omit “guidelines” (wherever occurring), substitute “rules”.
Repeal the heading, substitute:
When rules take effect
Omit “guidelines” (wherever occurring), substitute “rules”.
Repeal the heading, substitute:
Omit “guidelines”, substitute “rules”.
Omit “guidelines”, substitute “rules”.
Omit “guidelines”, substitute “rules”.
Omit “guidelines”, substitute “rules”.
In this Schedule:
commencement time means the time Schedule 1 to this Act commences.
Privacy Act means thePrivacy Act 1988 .
transition period means the period:
(a) starting on the day this Act receives the Royal Assent; and
(b) ending immediately before the commencement time.
The definition of
court/tribunal order in subsection 6(1) of the Privacy Act, as inserted by Schedule 1 to this Act, applies in relation to an order, direction or other instrument made before or after the commencement time.
3
Saving—guidelines relating to medical research etc.
(1) This item applies to guidelines if:
(a) the guidelines were issued or approved under subsection 95(1), 95A(2), 95A(4) or 95AA(2) of the Privacy Act; and
(b) the guidelines were in force immediately before the commencement time.
(2) The guidelines have effect, after that time, as if they had been issued or approved under that subsection, as amended by Schedule 1 to this Act.
(1) To the extent that the amendments of the Privacy Act made by Schedule 2 to this Act apply in relation to credit, they apply in relation to credit applied for, or provided, before or after the commencement time.
(2) The definition of
court proceedings information in subsection 6(1) of the Privacy Act, as inserted by Schedule 2 to this Act, applies in relation to a judgement of an Australian court made or given before or after the commencement time.(3) The definition of
serious credit infringement in subsection 6(1) of the Privacy Act, as inserted by Schedule 2 to this Act, applies in relation to an act done before or after the commencement time.(4) Paragraph 6N(k) of the Privacy Act, as inserted by Schedule 2 to this Act, applies in relation to activities done before or after the commencement time.
(5) Section 6R of the Privacy Act, as inserted by Schedule 2 to this Act, applies in relation to an information request made before or after the commencement time.
(6) Section 6V of the Privacy Act, as inserted by Schedule 2 to this Act, applies in relation to a monthly payment that is due and payable on or after the day this Act receives the Royal Assent.
5
Privacy codes may be developed etc. during the transition period (1) A function or power conferred on the Commissioner or an entity by Part IIIB of the Privacy Act, as inserted by Schedule 3 to this Act, may be performed or exercised during the transition period as if the Privacy Act, as amended by this Act, was in force during that period.
(2) The performance of such a function, or the exercise of such a power, during the transition period has effect, after the commencement time, as if it had been performed or exercised under Part IIIB of the Privacy Act as inserted by Schedule 3 to this Act.
Section 13G of the Privacy Act, as inserted by Schedule 4 to this Act, applies in relation to an act done, or a practice engaged in, after the commencement time.
7
Saving—guidelines relating to tax file number information
(1) This item applies to guidelines if:
(a) the guidelines were issued under subsection 17(1) of the Privacy Act; and
(b) the guidelines were in force immediately before the commencement time.
(2) The guidelines have effect, after that time, as if they had been rules issued under section 17 of that Act, as inserted by Schedule 4 to this Act.
8
Saving—guidelines prepared and published under the Privacy Act
(1) This item applies to guidelines if:
(a) the guidelines were prepared and published under paragraph 27(1)(e) or 28A(1)(e) of the Privacy Act; and
(b) the guidelines were in force immediately before the commencement time.
(2) The guidelines have effect, after that time, as if they had been made under paragraph 28(1)(a) of that Act, as inserted by Schedule 4 to this Act.
(1) This item applies if:
(a) before the commencement time, the Commissioner was conducting an audit under paragraph 27(1)(h) or (ha), 28(1)(e) or 28A(1)(g) of the Privacy Act; and
(b) immediately before that time, the audit has not been completed.
(2) Despite the amendments of the Privacy Act made by this Act, the Commissioner may continue, after the commencement time, to conduct the audit as if those amendments had not been made.
10
Application—amendment made by item 75 of Schedule 4 The amendment made by item 75 of Schedule 4 to this Act applies in relation to a representative complaint lodged after the commencement time.
11
Application—paragraph 41(1)(db) of the Privacy Act Paragraph 41(1)(db) of the Privacy Act, as inserted by Schedule 4 to this Act, applies in relation to a request made after the commencement time.
(1) This item applies to a determination if:
(a) the determination was made under section 72 of the Privacy Act; and
(b) the determination was in force immediately before the commencement time.
(2) The determination has effect, after the commencement time, as if it had been made under that section, as amended by Schedule 4 to this Act.
(3) The Commissioner may, by legislative instrument, vary the determination after the commencement time to take account of the amendments of the Privacy Act made by this Act.
(4) In deciding whether to vary the determination, the Commissioner may:
(a) consult any person or entity; and
(b) take into account any matter that the Commissioner considers relevant.
13
Application—subsection 73(1A) of the Privacy Act Subsection 73(1A) of the Privacy Act, as inserted by Schedule 4 to this Act, applies in relation to an application made under subsection 73(1) of the Privacy Act after the commencement time.
14
Application—review by the Administrative Appeals Tribunal Paragraphs 96(1)(c), (e), (f) and (g) of the Privacy Act, as inserted by Schedule 4 to this Act, apply in relation to a decision made after the commencement time.
(1) This item applies to guidelines if:
(a) the guidelines were issued under section 135AA of the
National Health Act 1953 or section 12 of theData‑matching Program (Assistance and Tax) Act 1990 ; and(b) the guidelines were in force immediately before the commencement time.
(2) The guidelines have effect, after that time, as if they had been rules issued under that section, as amended by Schedule 5 to this Act.
(1) This item applies if:
(a) before the commencement time, a complaint about an act or practice was made to the Commissioner under section 36 of the Privacy Act; and
(b) immediately before that time, the Commissioner has not:
(i) decided under Part V of that Act not to investigate, or not to investigate further, the act or practice; or
(ii) made a determination under section 52 of that Act in relation to the complaint.
(2) Despite the amendments of the Privacy Act made by this Act, the complaint may be dealt with under the Privacy Act after the commencement time as if those amendments had not been made.
(1) This item applies if:
(a) before the commencement time, the Commissioner commenced an investigation under subsection 40(2) of the Privacy Act; and
(b) immediately before that time, the Commissioner has not finished conducting the investigation.
(2) Despite the amendments of the Privacy Act made by this Act, the Commissioner may continue to conduct the investigation under the Privacy Act after the commencement time as if those amendments had not been made.
(1) This item applies if:
(a) before the commencement time, an act was done, or a practice was engaged in, by an agency or organisation; and
(b) the act or practice may be an interference with the privacy of an individual under section 13 or 13A of the Privacy Act (as in force immediately before that time); and
(c) immediately before that time:
(i) the individual has not made a complaint about the act or practice to the Commissioner under section 36 of that Act; and
(ii) the Commissioner has not decided to investigate the act or practice under subsection 40(2) of that Act.
(2) Despite the amendments of the Privacy Act made by this Act, the individual may, after the commencement time, complain to the Commissioner about the act or practice, and the complaint may be dealt with, under the Privacy Act as if those amendments had not been made.
(3) Despite the amendments of the Privacy Act made by this Act, the Commissioner may, after the commencement time, investigate the act or practice under subsection 40(2) of the Privacy Act as if those amendments had not been made.
19
Regulations may deal with transitional etc. matters The Governor‑General may make regulations dealing with matters of a transitional, application or saving nature relating to the amendments made by this Act.
The endnotes provide information about this compilation and the compiled law.
The following endnotes are included in every compilation:
Endnote 1—About the endnotes
Endnote 2—Abbreviation key
Endnote 3—Legislation history
Endnote 4—Amendment history
Endnotes about misdescribed amendments and other matters are included in a compilation only as necessary.
The abbreviation key sets out abbreviations that may be used in the endnotes.
Amending laws are annotated in the legislation history and amendment history.
The legislation history in endnote 3 provides information about each law that has amended (or will amend) the compiled law. The information includes commencement details for amending laws and details of any application, saving or transitional provisions that are not included in this compilation.
The amendment history in endnote 4 provides information about amendments at the provision (generally section or equivalent) level. It also includes information about any provision of the compiled law that has been repealed in accordance with a provision of the law.
A misdescribed amendment is an amendment that does not accurately describe the amendment to be made. If, despite the misdescription, the amendment can be given effect as intended, the amendment is incorporated into the compiled law and the abbreviation “(md)” added to the details of the amendment included in the amendment history.
If a misdescribed amendment cannot be given effect as intended, the amendment is set out in the endnotes.
A = Act | orig = original |
ad = added or inserted | par = paragraph(s)/subparagraph(s) |
am = amended | /sub‑subparagraph(s) |
amdt = amendment | pres = present |
c = clause(s) | prev = previous |
C[x] = Compilation No. x | (prev…) = previously |
Ch = Chapter(s) | Pt = Part(s) |
def = definition(s) | r = regulation(s)/rule(s) |
Dict = Dictionary | Reg = Regulation/Regulations |
disallowed = disallowed by Parliament | reloc = relocated |
Div = Division(s) | renum = renumbered |
exp = expires/expired or ceases/ceased to have | rep = repealed |
effect | rs = repealed and substituted |
F = Federal Register of Legislative Instruments | s = section(s)/subsection(s) |
gaz = gazette | Sch = Schedule(s) |
LI = Legislative Instrument | Sdiv = Subdivision(s) |
LIA = | SLI = Select Legislative Instrument |
(md) = misdescribed amendment | SR = Statutory Rules |
mod = modified/modification | Sub‑Ch = Sub‑Chapter(s) |
No. = Number(s) | SubPt = Subpart(s) |
o = order(s) | |
Ord = Ordinance | commenced or to be commenced |
Privacy Amendment (Enhancing Privacy Protection) Act 2012 | 197, 2012 | 12 Dec 2012 | Sch 1–4, Sch 5 (items 1–155, 157–161, 163–180) and Sch 6 (items 2–4, 6–19): 12 Mar 2014 (s 2(1) items 2, 3, 11, 13, 17, 19) Remainder: 12 Dec 2012 (s 2(1) items 1, 10, 12, 16, 18) | |
Statute Law Revision Act (No. 1) 2015 | 5, 2015 | 25 Feb 2015 | Sch 2 (items 4–6): 12 Mar 2014 (s 2(1) items 6, 7) | — |
item 102............................. | am No 5, 2015 |
item 103............................. | am No 5, 2015 |
item 71............................... | am No 5, 2015 |
0
0
0