Division 1 - General definitions
6 - Interpretation6AA - Meaning of responsible person6A - Breach of an Australian Privacy Principle6B - Breach of a registered APP code6BA - Breach of the registered CR code6C - Organisations6D - Small business and small business operators6DA - What is the annual turnover of a business?6E - Small business operator treated as organisation6EA - Small business operators choosing to be treated as organisations6F - State instrumentalities etc. treated as organisations6FA - Meaning of health information6FB - Meaning of health serviceDivision 2 - Key definitions relating to credit reporting
Subdivision A - Credit provider
6G - Meaning of credit provider6H - Agents of credit providers6J - Securitisation arrangements etc.6K - Acquisition of the rights of a credit providerSubdivision B - Other definitions
6L - Meaning of access seeker6M - Meaning of credit and amount of credit6N - Meaning of credit information6P - Meaning of credit reporting business6Q - Meaning of default information6R - Meaning of information request6S - Meaning of new arrangement information6T - Meaning of payment information6U - Meaning of personal insolvency information6V - Meaning of repayment history informationDivision 3 - Other matters
7 - Acts and practices of agencies, organisations etc.7A - Acts of certain agencies treated as acts of organisation7B - Exempt acts and exempt practices of organisations7C - Political acts and practices are exempt8 - Acts and practices of, and disclosure of information to, staff of agency, organisation etc.10 - Agencies that are taken to hold a record11 - File number recipients12A - Act not to apply in relation to State banking or insurance within that State12B - Severability—additional effect of this ActDivision 1 - Interferences with privacy
13 - Interferences with privacy13B - Related bodies corporate13C - Change in partnership because of change in partners13D - Overseas act required by foreign law13E - Effect of sections 13B, 13C and 13D13F - Act or practice not covered by section 13 is not an interference with privacy13G - Serious and repeated interferences with privacyDivision 2 - Australian Privacy Principles
14 - Australian Privacy Principles15 - APP entities must comply with Australian Privacy Principles16 - Personal, family or household affairs16A - Permitted general situations in relation to the collection, use or disclosure of personal information16B - Permitted health situations in relation to the collection, use or disclosure of health information16C - Acts and practices of overseas recipients of personal informationDivision 4 - Tax file number information
17 - Rules relating to tax file number information18 - File number recipients to comply with rulesDivision 1 - Introduction
19 - Guide to this PartDivision 2 - Credit reporting bodies
Subdivision A - Introduction and application of this Division etc.
20 - Guide to this Division20A - Application of this Division and the Australian Privacy Principles to credit reporting bodiesSubdivision B - Consideration of information privacy
20B - Open and transparent management of credit reporting informationSubdivision C - Collection of credit information
20C - Collection of solicited credit information20D - Dealing with unsolicited credit informationSubdivision D - Dealing with credit reporting information etc.
20E - Use or disclosure of credit reporting information20F - Permitted CRB disclosures in relation to individuals20G - Use or disclosure of credit reporting information for the purposes of direct marketing20H - Use or disclosure of pre screening assessments20J - Destruction of pre screening assessment20K - No use or disclosure of credit reporting information during a ban period20L - Adoption of government related identifiers20M - Use or disclosure of credit reporting information that is de identifiedSubdivision E - Integrity of credit reporting information
20N - Quality of credit reporting information20P - False or misleading credit reporting information20Q - Security of credit reporting informationSubdivision F - Access to, and correction of, information
20R - Access to credit reporting information20S - Correction of credit reporting information20T - Individual may request the correction of credit information etc.20U - Notice of correction etc. must be givenSubdivision G - Dealing with credit reporting information after the retention period ends etc.
20V - Destruction etc. of credit reporting information after the retention period ends20W - Retention period for credit information—general20X - Retention period for credit information—personal insolvency information20Y - Destruction of credit reporting information in cases of fraud20Z - Dealing with information if there is a pending correction request etc.20ZA - Dealing with information if an Australian law etc. requires it to be retainedDivision 3 - Credit providers
Subdivision A - Introduction and application of this Division
21 - Guide to this Division21A - Application of this Division to credit providersSubdivision B - Consideration of information privacy
21B - Open and transparent management of credit information etc.Subdivision C - Dealing with credit information
21C - Additional notification requirements for the collection of personal information etc.21D - Disclosure of credit information to a credit reporting body21E - Payment information must be disclosed to a credit reporting body21F - Limitation on the disclosure of credit information during a ban periodSubdivision D - Dealing with credit eligibility information etc.
21G - Use or disclosure of credit eligibility information21H - Permitted CP uses in relation to individuals21J - Permitted CP disclosures between credit providers21K - Permitted CP disclosures relating to guarantees etc.21L - Permitted CP disclosures to mortgage insurers21M - Permitted CP disclosures to debt collectors21N - Permitted CP disclosures to other recipients21NA - Disclosures to certain persons and bodies that do not have an Australian link21P - Notification of a refusal of an application for consumer creditSubdivision E - Integrity of credit information and credit eligibility information
21Q - Quality of credit eligibility information21R - False or misleading credit information or credit eligibility information21S - Security of credit eligibility informationSubdivision F - Access to, and correction of, information
21T - Access to credit eligibility information21U - Correction of credit information or credit eligibility information21V - Individual may request the correction of credit information etc.21W - Notice of correction etc. must be givenDivision 4 - Affected information recipients
22 - Guide to this DivisionSubdivision A - Consideration of information privacy
22A - Open and transparent management of regulated informationSubdivision B - Dealing with regulated information
22B - Additional notification requirements for affected information recipients22C - Use or disclosure of information by mortgage insurers or trade insurers22D - Use or disclosure of information by a related body corporate22E - Use or disclosure of information by credit managers etc.22F - Use or disclosure of information by advisers etc.Division 5 - Complaints
23 - Guide to this Division23A - Individual may complain about a breach of a provision of this Part etc.23B - Dealing with complaints23C - Notification requirements relating to correction complaintsDivision 6 - Unauthorised obtaining of credit reporting information etc.
24 - Obtaining credit reporting information from a credit reporting body24A - Obtaining credit eligibility information from a credit providerDivision 7 - Court orders
25 - Compensation orders25A - Other orders to compensate loss or damageDivision 1 - Introduction
26 - Guide to this PartDivision 2 - Registered APP codes
Subdivision A - Compliance with registered APP codes etc.
26A - APP entities to comply with binding registered APP codes26B - What is a registered APP code26C - What is an APP code26D - Extension of Act to exempt acts or practices covered by registered APP codesSubdivision B - Development and registration of APP codes
26E - Development of APP codes by APP code developers26F - Application for registration of APP codes26G - Development of APP codes by the Commissioner26H - Commissioner may register APP codesSubdivision C - Variation and removal of registered APP codes
26J - Variation of registered APP codes26K - Removal of registered APP codesDivision 3 - Registered CR code
Subdivision A - Compliance with the registered CR code
26L - Entities to comply with the registered CR code if bound by the code26M - What is the registered CR code26N - What is a CR codeSubdivision B - Development and registration of CR code
26P - Development of CR code by CR code developers26Q - Application for registration of CR code26R - Development of CR code by the Commissioner26S - Commissioner may register CR codeSubdivision C - Variation of the registered CR code
26T - Variation of the registered CR codeDivision 4 - General matters
26U - Codes Register26V - Guidelines relating to codes26W - Review of operation of registered codesDivision 1 - Introduction
26WA - Simplified outline of this Part26WB - Entity26WC - Deemed holding of information26WD - Exception—notification under the My Health Records Act 2012Division 2 - Eligible data breach
26WE - Eligible data breach26WF - Exception—remedial action26WG - Whether access or disclosure would be likely, or would not be likely, to result in serious harm—relevant mattersDivision 3 - Notification of eligible data breaches
Subdivision A - Suspected eligible data breaches
26WH - Assessment of suspected eligible data breach26WJ - Exception—eligible data breaches of other entitiesSubdivision B - General notification obligations
26WK - Statement about eligible data breach26WL - Entity must notify eligible data breach26WM - Exception—eligible data breaches of other entities26WN - Exception—enforcement related activities26WP - Exception—inconsistency with secrecy provisions26WQ - Exception—declaration by CommissionerSubdivision C - Commissioner may direct entity to notify eligible data breach
26WR - Commissioner may direct entity to notify eligible data breach26WS - Exception—enforcement related activities26WT - Exception—inconsistency with secrecy provisionsDivision 2 - Functions of Commissioner
27 - Functions of the Commissioner28 - Guidance related functions of the Commissioner28A - Monitoring related functions of the Commissioner28B - Advice related functions of the Commissioner29 - Commissioner must have due regard to the objects of the ActDivision 3 - Reports by Commissioner
30 - Reports following investigation of act or practice31 - Report following examination of proposed enactment32 - Commissioner may report to the Minister if the Commissioner has monitored certain activities etc.33 - Exclusion of certain matters from reportsDivision 3A - Assessments by, or at the direction of, the Commissioner
33C - Commissioner may conduct an assessment relating to the Australian Privacy Principles etc.33D - Commissioner may direct an agency to give a privacy impact assessmentDivision 4 - Miscellaneous
34 - Provisions relating to documents exempt under the Freedom of Information Act 198235 - Direction where refusal or failure to amend exempt document35A - Commissioner may recognise external dispute resolution schemesDivision 1A - Introduction
36A - Guide to this PartDivision 1 - Investigation of complaints and investigations on the Commissioner’s initiative
36 - Complaints37 - Principal executive of agency38 - Conditions for making a representative complaint38A - Commissioner may determine that a complaint is not to continue as a representative complaint38B - Additional rules applying to the determination of representative complaints38C - Amendment of representative complaints39 - Class member for representative complaint not entitled to lodge individual complaint40 - Investigations40A - Conciliation of complaints41 - Commissioner may or must decide not to investigate etc. in certain circumstances42 - Preliminary inquiries43 - Conduct of investigations43A - Interested party may request a hearing44 - Power to obtain information and documents45 - Power to examine witnesses46 - Directions to persons to attend compulsory conference47 - Conduct of compulsory conference48 - Complainant and certain other persons to be informed of various matters49 - Investigation under section 40 to cease if certain offences may have been committed49A - Investigation under section 40 to cease if civil penalty provision under Personal Property Securities Act 2009 may have been contravened50 - Reference of matters to other authorities50A - Substitution of respondent to complaint51 - Effect of investigation by Auditor GeneralDivision 2 - Determinations following investigation of complaints
52 - Determination of the Commissioner53 - Determination must identify the class members who are to be affected by the determination53A - Notice to be given to outsourcing agency53B - Substituting an agency for a contracted service providerDivision 3 - Enforcement
54 - Application of Division55 - Obligations of organisations and small business operators55A - Proceedings in the Federal Court or Federal Circuit Court to enforce a determination55B - Evidentiary certificateDivision 4 - Review and enforcement of determinations involving Commonwealth agencies
57 - Application of Division58 - Obligations of agencies59 - Obligations of principal executive of agency60 - Compensation and expenses62 - Enforcement of determination against an agencyDivision 5 - Miscellaneous
63 - Legal assistance64 - Commissioner etc. not to be sued65 - Failure to attend etc. before Commissioner66 - Failure to give information etc.67 - Protection from civil actions68 - Power to enter premises68A - Identity cards70 - Certain documents and information not required to be disclosed70B - Application of this Part to former organisationsDivision 1 - Public interest determinations
71 - Interpretation72 - Power to make, and effect of, determinations73 - Application by APP entity74 - Publication of application etc.75 - Draft determination76 - Conference77 - Conduct of conference78 - Determination of application79 - Making of determinationDivision 2 - Temporary public interest determinations
80A - Temporary public interest determinations80B - Effect of temporary public interest determination80D - Commissioner may continue to consider applicationDivision 3 - Register of determinations
80E - Register of determinationsDivision 1 - Object and interpretation
80F - Object80G - Interpretation80H - Meaning of permitted purposeDivision 2 - Declaration of emergency
80J - Declaration of emergency—events of national significance80K - Declaration of emergency—events outside Australia80L - Form of declarations80M - When declarations take effect80N - When declarations cease to have effectDivision 3 - Provisions dealing with the use and disclosure of personal information
80P - Authorisation of collection, use and disclosure of personal informationDivision 4 - Other matters
80Q - Disclosure of information—offence80R - Operation of Part80S - Severability—additional effect of Part80T - Compensation for acquisition of property—constitutional safety netDivision 1 - Civil penalties
80U - Civil penalty provisionsDivision 2 - Enforceable undertakings
80V - Enforceable undertakingsDivision 3 - Injunctions
80W - Injunctions95 - Medical research guidelines95A - Guidelines for Australian Privacy Principles about health information95AA - Guidelines for Australian Privacy Principles about genetic information95B - Requirements for Commonwealth contracts95C - Disclosure of certain provisions of Commonwealth contracts96 - Review by the Administrative Appeals Tribunal98A - Treatment of partnerships98B - Treatment of unincorporated associations98C - Treatment of trusts99A - Conduct of directors, employees and agents100 - Regulations
Part 1 - Consideration of personal information privacy
1 - Australian Privacy Principle 1—open and transparent management of personal information2 - Australian Privacy Principle 2—anonymity and pseudonymityPart 2 - Collection of personal information
3 - Australian Privacy Principle 3—collection of solicited personal information4 - Australian Privacy Principle 4—dealing with unsolicited personal information5 - Australian Privacy Principle 5—notification of the collection of personal informationPart 3 - Dealing with personal information
6 - Australian Privacy Principle 6—use or disclosure of personal information7 - Australian Privacy Principle 7—direct marketing8 - Australian Privacy Principle 8—cross border disclosure of personal information9 - Australian Privacy Principle 9—adoption, use or disclosure of government related identifiersPart 4 - Integrity of personal information
10 - Australian Privacy Principle 10—quality of personal information11 - Australian Privacy Principle 11—security of personal informationPart 5 - Access to, and correction of, personal information
12 - Australian Privacy Principle 12—access to personal information13 - Australian Privacy Principle 13—correction of personal information6
Interpretation
(1) In this Act, unless the contrary intention appears:
ACC means the Australian Crime Commission.
access seeker has the meaning given by subsection 6L(1).
ACT enactment has the same meaning as enactment has in the Australian Capital Territory (Self Government) Act 1988.
advice related functions has the meaning given by subsection 28B(1).
affected information recipient means:
(a) a mortgage insurer; or
(b) a trade insurer; or
(c) a body corporate referred to in paragraph 21G(3)(b); or
(d) a person referred to in paragraph 21G(3)(c); or
(e) an entity or adviser referred to in paragraph 21N(2)(a).
agency means:
(a) a Minister; or
(b) a Department; or
(c) a body (whether incorporated or not), or a tribunal, established or appointed for a public purpose by or under a Commonwealth enactment, not being:
(i) an incorporated company, society or association; or
(ii) an organisation that is registered under the Fair Work (Registered Organisations) Act 2009 or a branch of such an organisation; or
(d) a body established or appointed by the Governor General, or by a Minister, otherwise than by or under a Commonwealth enactment; or
(e) a person holding or performing the duties of an office established by or under, or an appointment made under, a Commonwealth enactment, other than a person who, by virtue of holding that office, is the Secretary of a Department; or
(f) a person holding or performing the duties of an appointment, being an appointment made by the Governor General, or by a Minister, otherwise than under a Commonwealth enactment; or
(g) a federal court; or
(h) the Australian Federal Police; or
(ha) a Norfolk Island agency; or
(k) an eligible hearing service provider; or
(l) the service operator under the Healthcare Identifiers Act 2010.
amount of credit has the meaning given by subsection 6M(2).
annual turnover of a business has the meaning given by section 6DA.
APP code has the meaning given by section 26C.
APP code developer means:
(a) an APP entity; or
(b) a group of APP entities; or
(c) a body or association representing one or more APP entities.
APP complaint means a complaint about an act or practice that, if established, would be an interference with the privacy of an individual because it breached an Australian Privacy Principle.
APP entity means an agency or organisation.
APP privacy policy has the meaning given by Australian Privacy Principle 1.3.
at risk from an eligible data breach has the meaning given by section 26WE.
Australian law means:
(a) an Act of the Commonwealth or of a State or Territory; or
(b) regulations, or any other instrument, made under such an Act; or
(c) a Norfolk Island enactment; or
(d) a rule of common law or equity.
Australian link has the meaning given by subsections 5B(2) and (3).
Australian Privacy Principle has the meaning given by section 14.
authorised agent of a reporting entity means a person authorised to act on behalf of the reporting entity as mentioned in section 37 of the Anti Money Laundering and Counter Terrorism Financing Act 2006.
bank means:
(a) the Reserve Bank of Australia; or
(b) a body corporate that is an ADI (authorised deposit taking institution) for the purposes of the Banking Act 1959; or
(c) a person who carries on State banking within the meaning of paragraph 51(xiii) of the Constitution.
Bankruptcy Act means the Bankruptcy Act 1966.
ban period has the meaning given by subsection 20K(3).
Board of the ACC means the Board of the Australian Crime Commission established under section 7B of the Australian Crime Commission Act 2002.
breach:
(a) in relation to an Australian Privacy Principle, has the meaning given by section 6A; and
(b) in relation to a registered APP code, has the meaning given by section 6B; and
(c) in relation to the registered CR code, has the meaning given by section 6BA.
civil penalty provision has the same meaning as in the Regulatory Powers Act.
class member, in relation to a representative complaint, means any of the persons on whose behalf the complaint was lodged, but does not include a person who has withdrawn under section 38B.
code complaint means a complaint about an act or practice that, if established, would be an interference with the privacy of an individual because it breached a registered APP code.
Codes Register has the meaning given by subsection 26U(1).
collects: an entity collects personal information only if the entity collects the personal information for inclusion in a record or generally available publication.
commercial credit means credit (other than consumer credit) that is applied for by, or provided to, a person.
commercial credit related purpose of a credit provider in relation to a person means the purpose of:
(a) assessing an application for commercial credit made by the person to the provider; or
(b) collecting payments that are overdue in relation to commercial credit provided by the provider to the person.
Commissioner means the Information Commissioner within the meaning of the Australian Information Commissioner Act 2010.
Commissioner of Police means the Commissioner of Police appointed under the Australian Federal Police Act 1979.
Commission of inquiry means:
(a) the Commission of inquiry within the meaning of the Quarantine Act 1908 (as in force immediately before its repeal); or
(b) a Commission of inquiry within the meaning of the Offshore Petroleum and Greenhouse Gas Storage Act 2006.
committee of management of an unincorporated association means a body (however described) that governs, manages or conducts the affairs of the association.
Commonwealth contract means a contract, to which the Commonwealth or an agency is or was a party, under which services are to be, or were to be, provided to an agency.
Note: See also subsection (9) about provision of services to an agency.
Commonwealth enactment means:
(a) an Act other than:
(i) the Northern Territory (Self Government) Act 1978; or
(ii) an Act providing for the administration or government of an external Territory; or
(iii) the Australian Capital Territory (Self Government) Act 1988;
(b) an Ordinance of the Australian Capital Territory;
(c) an instrument (including rules, regulations or by laws) made under an Act to which paragraph (a) applies or under an Ordinance to which paragraph (b) applies; or
(d) any other legislation that applies as a law of the Commonwealth (other than legislation in so far as it is applied by an Act referred to in subparagraph (a)(i) or (ii)) or as a law of the Australian Capital Territory, to the extent that it operates as such a law.
Commonwealth officer means a person who holds office under, or is employed by, the Commonwealth, and includes:
(a) a person appointed or engaged under the Public Service Act 1999;
(b) a person (other than a person referred to in paragraph (a)) permanently or temporarily employed by, or in the service of, an agency;
(c) a member of the Defence Force; and
(d) a member, staff member or special member of the Australian Federal Police;
but does not include a person permanently or temporarily employed in the Australian Capital Territory Government Service or in the Public Service of the Northern Territory.
Commonwealth record has the same meaning as in the Archives Act 1983.
consent means express consent or implied consent.
consumer credit means credit:
(a) for which an application has been made by an individual to a credit provider, or that has been provided to an individual by a credit provider, in the course of the provider carrying on a business or undertaking as a credit provider; and
(b) that is intended to be used wholly or primarily:
(i) for personal, family or household purposes; or
(ii) to acquire, maintain, renovate or improve residential property for investment purposes; or
(iii) to refinance consumer credit that has been provided wholly or primarily to acquire, maintain, renovate or improve residential property for investment purposes.
consumer credit liability information: if a credit provider provides consumer credit to an individual, the following information about the consumer credit is consumer credit liability information about the individual:
(a) the name of the provider;
(b) whether the provider is a licensee;
(c) the type of consumer credit;
(d) the day on which the consumer credit is entered into;
(e) the terms or conditions of the consumer credit:
(i) that relate to the repayment of the amount of credit; and
(ii) that are prescribed by the regulations;
(f) the maximum amount of credit available under the consumer credit;
(g) the day on which the consumer credit is terminated or otherwise ceases to be in force.
consumer credit related purpose of a credit provider in relation to an individual means the purpose of:
(a) assessing an application for consumer credit made by the individual to the provider; or
(b) collecting payments that are overdue in relation to consumer credit provided by the provider to the individual.
contracted service provider, for a government contract, means:
(a) an organisation that is or was a party to the government contract and that is or was responsible for the provision of services to an agency or a State or Territory authority under the government contract; or
(b) a subcontractor for the government contract.
corporation means a body corporate that:
(a) is a foreign corporation;
(b) is a trading corporation formed within the limits of Australia or is a financial corporation so formed; or
(c) is incorporated in a Territory, other than the Northern Territory.
court proceedings information about an individual means information about a judgement of an Australian court:
(a) that is made, or given, against the individual in proceedings (other than criminal proceedings); and
(b) that relates to any credit that has been provided to, or applied for by, the individual.
court/tribunal order means an order, direction or other instrument made by:
(a) a court; or
(b) a tribunal; or
(c) a judge (including a judge acting in a personal capacity) or a person acting as a judge; or
(d) a magistrate (including a magistrate acting in a personal capacity) or a person acting as a magistrate; or
(e) a member or an officer of a tribunal;
and includes an order, direction or other instrument that is of an interim or interlocutory nature.
CP derived information about an individual means any personal information (other than sensitive information) about the individual:
(a) that is derived from credit reporting information about the individual that was disclosed to a credit provider by a credit reporting body under Division 2 of Part IIIA; and
(b) that has any bearing on the individual’s credit worthiness; and
(c) that is used, has been used or could be used in establishing the individual’s eligibility for consumer credit.
CRB derived information about an individual means any personal information (other than sensitive information) about the individual:
(a) that is derived by a credit reporting body from credit information about the individual that is held by the body; and
(b) that has any bearing on the individual’s credit worthiness; and
(c) that is used, has been used or could be used in establishing the individual’s eligibility for consumer credit.
CR code has the meaning given by section 26N.
CR code developer means:
(a) an entity that is subject to Part IIIA; or
(b) a group of entities that are subject to Part IIIA; or
(c) a body or association representing one or more entities that are subject to Part IIIA.
credit has the meaning given by subsections 6M(1) and (3).
credit card means any article of a kind commonly known as a credit card, charge card or any similar article intended for use in obtaining cash, goods or services by means of credit, and includes any article of a kind commonly issued by persons carrying on business to customers or prospective customers of those persons for use in obtaining goods or services from those persons by means of credit.
credit eligibility information about an individual means:
(a) credit reporting information about the individual that was disclosed to a credit provider by a credit reporting body under Division 2 of Part IIIA; or
(b) CP derived information about the individual.
credit enhancement, in relation to credit, means:
(a) the process of insuring risk associated with purchasing or funding the credit by means of a securitisation arrangement; or
(b) any other similar process related to purchasing or funding the credit by those means.
credit guarantee purpose of a credit provider in relation to an individual means the purpose of assessing whether to accept the individual as a guarantor in relation to:
(a) credit provided by the provider to a person other than the individual; or
(b) credit for which an application has been made to the provider by a person other than the individual.
credit information has the meaning given by section 6N.
credit provider has the meaning given by sections 6G to 6K, and, for the purposes of sections 7 and 8 and Parts III, IIIB, IV and V, is taken to include a mortgage insurer and a trade insurer.
credit reporting body means:
(a) an organisation; or
(b) an agency prescribed by the regulations;
that carries on a credit reporting business.
credit reporting business has the meaning given by section 6P.
credit reporting complaint means a complaint about an act or practice that, if established, would be an interference with the privacy of an individual because:
(a) it breached the registered CR code; or
(b) it breached a provision of Part IIIA.
credit reporting information about an individual means credit information, or CRB derived information, about the individual.
credit worthiness of an individual means the individual’s:
(a) eligibility to be provided with consumer credit; or
(b) history in relation to consumer credit; or
(c) capacity to repay an amount of credit that relates to consumer credit.
de facto partner of an individual has the meaning given by the Acts Interpretation Act 1901.
default information has the meaning given by section 6Q.
Defence Department means the Department of State that deals with defence and that is administered by the Minister administering section 1 of the Defence Act 1903.
Defence Force includes the Australian Defence Force Cadets.
de identified: personal information is de identified if the information is no longer about an identifiable individual or an individual who is reasonably identifiable.
Department means an Agency within the meaning of the Public Service Act 1999.
eligible data breach has the meaning given by Division 2 of Part IIIC.
eligible hearing service provider means an entity (within the meaning of the Hearing Services Administration Act 1997):
(a) that is, or has at any time been, engaged under Part 3 of the Hearing Services Administration Act 1997 to provide hearing services; and
(b) that is not covered by paragraph (a), (b), (c), (d), (e), (f), (g) or (h) of the definition of agency.
employee record, in relation to an employee, means a record of personal information relating to the employment of the employee. Examples of personal information relating to the employment of the employee are health information about the employee and personal information about all or any of the following:
(a) the engagement, training, disciplining or resignation of the employee;
(b) the termination of the employment of the employee;
(c) the terms and conditions of employment of the employee;
(d) the employee’s personal and emergency contact details;
(e) the employee’s performance or conduct;
(f) the employee’s hours of employment;
(g) the employee’s salary or wages;
(h) the employee’s membership of a professional or trade association;
(i) the employee’s trade union membership;
(j) the employee’s recreation, long service, sick, personal, maternity, paternity or other leave;
(k) the employee’s taxation, banking or superannuation affairs.
enactment includes a Norfolk Island enactment.
enforcement body means:
(a) the Australian Federal Police; or
(aa) the Integrity Commissioner; or
(b) the ACC; or
(ca) the Immigration Department; or
(d) the Australian Prudential Regulation Authority; or
(e) the Australian Securities and Investments Commission; or
(ea) the Office of the Director of Public Prosecutions, or a similar body established under a law of a State or Territory; or
(f) another agency, to the extent that it is responsible for administering, or performing a function under, a law that imposes a penalty or sanction or a prescribed law; or
(g) another agency, to the extent that it is responsible for administering a law relating to the protection of the public revenue; or
(h) a police force or service of a State or a Territory; or
(i) the New South Wales Crime Commission; or
(j) the Independent Commission Against Corruption of New South Wales; or
(k) the Law Enforcement Conduct Commission of New South Wales; or
(ka) the Independent Broad based Anti corruption Commission of Victoria; or
(l) the Crime and Corruption Commission of Queensland; or
(la) the Corruption and Crime Commission of Western Australia; or
(lb) the Independent Commissioner Against Corruption of South Australia; or
(m) another prescribed authority or body that is established under a law of a State or Territory to conduct criminal investigations or inquiries; or
(n) a State or Territory authority, to the extent that it is responsible for administering, or performing a function under, a law that imposes a penalty or sanction or a prescribed law; or
(o) a State or Territory authority, to the extent that it is responsible for administering a law relating to the protection of the public revenue.
enforcement related activity means:
(a) the prevention, detection, investigation, prosecution or punishment of:
(i) criminal offences; or
(ii) breaches of a law imposing a penalty or sanction; or
(b) the conduct of surveillance activities, intelligence gathering activities or monitoring activities; or
(c) the conduct of protective or custodial activities; or
(d) the enforcement of laws relating to the confiscation of the proceeds of crime; or
(e) the protection of the public revenue; or
(f) the prevention, detection, investigation or remedying of misconduct of a serious nature, or other conduct prescribed by the regulations; or
(g) the preparation for, or conduct of, proceedings before any court or tribunal, or the implementation of court/tribunal orders.
entity means:
(a) an agency; or
(b) an organisation; or
(c) a small business operator.
Federal Circuit Court means the Federal Circuit Court of Australia.
Federal Court means the Federal Court of Australia.
file number complaint means a complaint about an act or practice that, if established, would be an interference with the privacy of an individual:
(a) because it breached a rule issued under section 17; or
(b) because it involved an unauthorised requirement or request for disclosure of a tax file number.
financial corporation means a financial corporation within the meaning of paragraph 51(xx) of the Constitution.
foreign corporation means a foreign corporation within the meaning of paragraph 51(xx) of the Constitution.
Freedom of Information Act means the Freedom of Information Act 1982.
generally available publication means a magazine, book, article, newspaper or other publication that is, or will be, generally available to members of the public:
(a) whether or not it is published in print, electronically or in any other form; and
(b) whether or not it is available on the payment of a fee.
genetic relative of an individual (the first individual) means another individual who is related to the first individual by blood, including but not limited to a sibling, a parent or a descendant of the first individual.
government contract means a Commonwealth contract or a State contract.
government related identifier of an individual means an identifier of the individual that has been assigned by:
(a) an agency; or
(b) a State or Territory authority; or
(c) an agent of an agency, or a State or Territory authority, acting in its capacity as agent; or
(d) a contracted service provider for a Commonwealth contract, or a State contract, acting in its capacity as contracted service provider for that contract.
guarantee includes an indemnity given against the default of a person in making a payment in relation to credit that has been applied for by, or provided to, the person.
guidance related functions has the meaning given by subsection 28(1).
healthcare identifier has the meaning given by the Healthcare Identifiers Act 2010.
healthcare identifier offence means:
(a) an offence against section 26 of the Healthcare Identifiers Act 2010; or
(b) an offence against section 6 of the Crimes Act 1914 that relates to an offence mentioned in paragraph (a) of this definition.
Note: For ancillary offences, see section 11.6 of the Criminal Code.
health information has the meaning given by section 6FA.
health service has the meaning given by section 6FB.
hearing services has the same meaning as in the Hearing Services Administration Act 1997.
holds: an entity holds personal information if the entity has possession or control of a record that contains the personal information.
Note: See section 10 for when an agency is taken to hold a record.
identification information about an individual means:
(a) the individual’s full name; or
(b) an alias or previous name of the individual; or
(c) the individual’s date of birth; or
(d) the individual’s sex; or
(e) the individual’s current or last known address, and 2 previous addresses (if any); or
(f) the name of the individual’s current or last known employer; or
(g) if the individual holds a driver’s licence—the individual’s driver’s licence number.
identifier of an individual means a number, letter or symbol, or a combination of any or all of those things, that is used to identify the individual or to verify the identity of the individual, but does not include:
(a) the individual’s name; or
(b) the individual’s ABN (within the meaning of the A New Tax System (Australian Business Number) Act 1999); or
(c) anything else prescribed by the regulations.
Immigration Department means the Department administered by the Minister administering the Migration Act 1958.
individual means a natural person.
information request has the meaning given by section 6R.
Integrity Commissioner has the same meaning as in the Law Enforcement Integrity Commissioner Act 2006.
intelligence agency means:
(a) the Australian Security Intelligence Organisation;
(b) the Australian Secret Intelligence Service; or
(ba) the Australian Signals Directorate; or
(c) the Office of National Intelligence.
interested party has the meaning given by subsections 20T(3) and 21V(3).
interference with the privacy of an individual has the meaning given by sections 13 to 13F.
licensee has the meaning given by the National Consumer Credit Protection Act 2009.
managing credit does not include the act of collecting overdue payments in relation to credit.
media organisation means an organisation whose activities consist of or include the collection, preparation for dissemination or dissemination of the following material for the purpose of making it available to the public:
(a) material having the character of news, current affairs, information or a documentary;
(b) material consisting of commentary or opinion on, or analysis of, news, current affairs, information or a documentary.
medical research includes epidemiological research.
misconduct includes fraud, negligence, default, breach of trust, breach of duty, breach of discipline or any other misconduct in the course of duty.
monitoring related functions has the meaning given by subsections 28A(1) and (2).
mortgage credit means consumer credit:
(a) that is provided in connection with the acquisition, maintenance, renovation or improvement of real property; and
(b) in relation to which the real property is security.
mortgage insurance purpose of a mortgage insurer in relation to an individual is the purpose of assessing:
(a) whether to provide insurance to, or the risk of providing insurance to, a credit provider in relation to mortgage credit:
(i) provided by the provider to the individual; or
(ii) for which an application to the provider has been made by the individual; or
(b) the risk of the individual defaulting on mortgage credit in relation to which the insurer has provided insurance to a credit provider; or
(c) the risk of the individual being unable to meet a liability that might arise under a guarantee provided, or proposed to be provided, in relation to mortgage credit provided by a credit provider to another person.
mortgage insurer means an organisation, or small business operator, that carries on a business or undertaking that involves providing insurance to credit providers in relation to mortgage credit provided by providers to other persons.
National Personal Insolvency Index has the meaning given by the Bankruptcy Act.
new arrangement information has the meaning given by section 6S.
non profit organisation means an organisation:
(a) that is a non profit organisation; and
(b) that engages in activities for cultural, recreational, political, religious, philosophical, professional, trade or trade union purposes.
Norfolk Island agency means:
(a) a Norfolk Island Minister; or
(b) a public sector agency (within the meaning of the Public Sector Management Act 2000 of Norfolk Island); or
(c) a body (whether incorporated or not), or a tribunal, established for a public purpose by or under a Norfolk Island enactment, other than a body established or registered under:
(i) the Companies Act 1985 of Norfolk Island; or
(ii) the Associations Incorporation Act 2005 of Norfolk Island; or
(e) a person holding or performing the duties of:
(i) an office established by or under a Norfolk Island enactment; or
(ii) an appointment made under a Norfolk Island enactment; or
(g) a court of Norfolk Island.
Norfolk Island enactment means:
(a) an enactment (within the meaning of the Norfolk Island Act 1979); or
(b) an instrument (including rules, regulations or by laws) made under such an enactment;
and includes a Norfolk Island enactment as amended by another Norfolk Island enactment.
offence against this Act includes an offence against section 6 of the Crimes Act 1914, or section 11.1, 11.2, 11.2A, 11.4 or 11.5 of the Criminal Code, that relates to an offence against this Act.
Ombudsman means the Commonwealth Ombudsman.
organisation has the meaning given by section 6C.
overseas recipient, in relation to personal information, has the meaning given by Australian Privacy Principle 8.1.
payment information has the meaning given by section 6T.
penalty unit has the meaning given by section 4AA of the Crimes Act 1914.
pending correction request in relation to credit information or CRB derived information means:
(a) a request made under subsection 20T(1) in relation to the information if a notice has not been given under subsection 20U(2) or (3) in relation to the request; or
(b) a request made under subsection 21V(1) in relation to the information if:
(i) the credit reporting body referred to in subsection 20V(3) has been consulted about the request under subsection 21V(3); and
(ii) a notice has not been given under subsection 21W(2) or (3) in relation to the request.
pending dispute in relation to credit information or CRB derived information means:
(a) a complaint made under section 23A that relates to the information if a decision about the complaint has not been made under subsection 23B(4); or
(b) a matter that relates to the information and that is still being dealt with by a recognised external dispute resolution scheme; or
(c) a complaint made to the Commissioner under Part V that relates to the information and that is still being dealt with.
permitted CP disclosure has the meaning given by sections 21J to 21N.
permitted CP use has the meaning given by section 21H.
permitted CRB disclosure has the meaning given by section 20F.
permitted general situation has the meaning given by section 16A.
permitted health situation has the meaning given by section 16B.
personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
Note: Section 187LA of the Telecommunications (Interception and Access) Act 1979 extends the meaning of personal information to cover information kept under Part 5 1A of that Act.
personal insolvency information has the meaning given by section 6U.
pre screening assessment means an assessment made under paragraph 20G(2)(d).
principal executive, of an agency, has a meaning affected by section 37.
purchase, in relation to credit, includes the purchase of rights to receive payments relating to the credit.
recognised external dispute resolution scheme means an external dispute resolution scheme recognised under section 35A.
record includes:
(a) a document; or
(b) an electronic or other device;
but does not include:
(d) a generally available publication; or
(e) anything kept in a library, art gallery or museum for the purposes of reference, study or exhibition; or
(f) Commonwealth records as defined by subsection 3(1) of the Archives Act 1983 that are in the open access period for the purposes of that Act; or
(fa) records (as defined in the Archives Act 1983) in the care (as defined in that Act) of the National Archives of Australia in relation to which the Archives has entered into arrangements with a person other than a Commonwealth institution (as defined in that Act) providing for the extent to which the Archives or other persons are to have access to the records; or
(g) documents placed by or on behalf of a person (other than an agency) in the memorial collection within the meaning of the Australian War Memorial Act 1980; or
(h) letters or other articles in the course of transmission by post.
Note: For document, see section 2B of the Acts Interpretation Act 1901.
registered APP code has the meaning given by section 26B.
registered CR code has the meaning given by section 26M.
registered political party means a political party registered under Part XI of the Commonwealth Electoral Act 1918.
regulated information of an affected information recipient means:
(a) if the recipient is a mortgage insurer or trade insurer—personal information disclosed to the recipient under Division 2 or 3 of Part IIIA; or
(b) if the recipient is a body corporate referred to in paragraph 21G(3)(b)—credit eligibility information disclosed to the recipient under that paragraph; or
(c) if the recipient is a person referred to in paragraph 21G(3)(c)—credit eligibility information disclosed to the recipient under that paragraph; or
(d) if the recipient is an entity or adviser referred to in paragraph 21N(2)(a)—credit eligibility information disclosed to the recipient under subsection 21N(2).
Regulatory Powers Act means the Regulatory Powers (Standard Provisions) Act 2014.
repayment history information has the meaning given by subsection 6V(1).
reporting entity has the same meaning as in the Anti Money Laundering and Counter Terrorism Financing Act 2006.
representative complaint means a complaint where the persons on whose behalf the complaint was made include persons other than the complainant, but does not include a complaint that the Commissioner has determined should no longer be continued as a representative complaint.
residential property has the meaning given by section 204 of the National Credit Code (within the meaning of the National Consumer Credit Protection Act 2009).
respondent for a complaint made under section 23A means the credit reporting body or credit provider to which the complaint is made.
responsible person has the meaning given by section 6AA.
retention period has the meaning given by sections 20W and 20X.
Secretary means an Agency Head within the meaning of the Public Service Act 1999.
securitisation arrangement means an arrangement:
(a) involving the funding, or proposed funding, of:
(i) credit that has been, or is to be, provided by a credit provider; or
(ii) the purchase of credit by a credit provider;
by issuing instruments or entitlements to investors; and
(b) under which payments to investors in respect of such instruments or entitlements are principally derived, directly or indirectly, from such credit.
securitisation related purpose of a credit provider in relation to an individual is the purpose of:
(a) assessing the risk in purchasing, by means of a securitisation arrangement, credit that has been provided to, or applied for by:
(i) the individual; or
(ii) a person for whom the individual is, or is proposing to be, a guarantor; or
(b) assessing the risk in undertaking credit enhancement in relation to credit:
(i) that is, or is proposed to be, purchased or funded by means of a securitisation arrangement; and
(ii) that has been provided to, or applied for by, the individual or a person for whom the individual is, or is proposing to be, a guarantor.
sensitive information means:
(a) information or an opinion about an individual’s:
(i) racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv) religious beliefs or affiliations; or
(v) philosophical beliefs; or
(vi) membership of a professional or trade association; or
(vii) membership of a trade union; or
(viii) sexual orientation or practices; or
(ix) criminal record;
that is also personal information; or
(b) health information about an individual; or
(c) genetic information about an individual that is not otherwise health information; or
(d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(e) biometric templates.
serious credit infringement means:
(a) an act done by an individual that involves fraudulently obtaining consumer credit, or attempting fraudulently to obtain consumer credit; or
(b) an act done by an individual that involves fraudulently evading the individual’s obligations in relation to consumer credit, or attempting fraudulently to evade those obligations; or
(c) an act done by an individual if:
(i) a reasonable person would consider that the act indicates an intention, on the part of the individual, to no longer comply with the individual’s obligations in relation to consumer credit provided by a credit provider; and
(ii) the provider has, after taking such steps as are reasonable in the circumstances, been unable to contact the individual about the act; and
(iii) at least 6 months have passed since the provider last had contact with the individual.
small business has the meaning given by section 6D.
small business operator has the meaning given by section 6D.
solicits: an entity solicits personal information if the entity requests another entity to provide the personal information, or to provide a kind of information in which that personal information is included.
staff of the Ombudsman means the persons appointed or employed for the purposes of section 31 of the Ombudsman Act 1976.
State includes the Australian Capital Territory and the Northern Territory.
State contract means a contract, to which a State or Territory or State or Territory authority is or was a party, under which services are to be, or were to be, provided to a State or Territory authority.
Note: See also subsection (9) about provision of services to a State or Territory authority.
State or Territory authority has the meaning given by section 6C.
subcontractor, for a government contract, means an organisation:
(a) that is or was a party to a contract (the subcontract):
(i) with a contracted service provider for the government contract (within the meaning of paragraph (a) of the definition of contracted service provider); or
(ii) with a subcontractor for the government contract (under a previous application of this definition); and
(b) that is or was responsible under the subcontract for the provision of services to an agency or a State or Territory authority, or to a contracted service provider for the government contract, for the purposes (whether direct or indirect) of the government contract.
tax file number means a tax file number as defined in Part VA of the Income Tax Assessment Act 1936.
tax file number information means information, whether compiled lawfully or unlawfully, and whether recorded in a material form or not, that records the tax file number of a person in a manner connecting it with the person’s identity.
temporary public interest determination means a determination made under section 80A.
trade insurance purpose of a trade insurer in relation to an individual is the purpose of assessing:
(a) whether to provide insurance to, or the risk of providing insurance to, a credit provider in relation to commercial credit provided by the provider to the individual or another person; or
(b) the risk of a person defaulting on commercial credit in relation to which the insurer has provided insurance to a credit provider.
trade insurer means an organisation, or small business operator, that carries on a business or undertaking that involves providing insurance to credit providers in relation to commercial credit provided by providers to other persons.
trading corporation means a trading corporation within the meaning of paragraph 51(xx) of the Constitution.
(1A) In order to avoid doubt, it is declared that an ACT enactment is not a Commonwealth enactment for the purposes of this Act.
(3) For the purposes of this Act, an act or practice breaches a rule issued under section 17 if, and only if, it is contrary to, or inconsistent with, the rule.
(4) The definition of individual in subsection (1) shall not be taken to imply that references to persons do not include persons other than natural persons.
(5) For the purposes of this Act, a person shall not be taken to be an agency merely because the person is the holder of, or performs the duties of:
(a) a prescribed office; or
(b) an office prescribed by regulations made for the purposes of subparagraph 4(3)(b)(i) of the Freedom of Information Act 1982; or
(c) an office established by or under a Commonwealth enactment for the purposes of an agency; or
(ca) an office established by or under a Norfolk Island enactment for the purposes of a Norfolk Island agency; or
(d) a judicial office or of an office of magistrate; or
(e) an office of member of a tribunal that is established by or under a law of the Commonwealth and that is prescribed for the purposes of this paragraph; or
(f) an office of member of a tribunal that is established by or under a Norfolk Island enactment and that is prescribed for the purposes of this paragraph.
(6) For the purposes of this Act, the Defence Department shall be taken to include the Defence Force.
(7) Nothing in this Act prevents a complaint from:
(a) being both a file number complaint and an APP complaint; or
(b) being both a file number complaint and a credit reporting complaint; or
(c) being both a file number complaint and a code complaint; or
(e) being both a code complaint and a credit reporting complaint; or
(f) being both an APP complaint and a credit reporting complaint; or
(g) being both an APP complaint and a code complaint.
(8) For the purposes of this Act, the question whether bodies corporate are related to each other is determined in the manner in which that question is determined under the Corporations Act 2001.
(9) To avoid doubt, for the purposes of this Act, services provided to an agency or a State or Territory authority include services that consist of the provision of services to other persons in connection with the performance of the functions of the agency or State or Territory authority.
(10) For the purposes of this Act, a reference to family in the definition of consumer credit in subsection 6(1), and in sections 6D and 16, in relation to any individual is taken to include the following (without limitation):
(a) a de facto partner of the individual;
(b) someone who is the child of the person, or of whom the person is the child, because of the definition of child in subsection (11);
(c) anyone else who would be a member of the individual’s family if someone mentioned in paragraph (a) or (b) is taken to be a member of the individual’s family.
(10A) For the purposes of this Act, the Supreme Court of Norfolk Island is taken not to be a federal court.
(11) In this section:
child: without limiting who is a child of a person for the purposes of subsection (10), someone is the child of a person if he or she is a child of the person within the meaning of the Family Law Act 1975.