Breach of an Australian Privacy Principle
(1) For the purposes of this Act, an act or practice breaches an Australian Privacy Principle if, and only if, it is contrary to, or inconsistent with, that principle.
No breach—contracted service provider
(2) An act or practice does not breach an Australian Privacy Principle if:
(a) the act is done, or the practice is engaged in:
(i) by an organisation that is a contracted service provider for a Commonwealth contract (whether or not the organisation is a party to the contract); and
(ii) for the purposes of meeting (directly or indirectly) an obligation under the contract; and
(b) the act or practice is authorised by a provision of the contract that is inconsistent with the principle.
No breach—disclosure to the National Archives of Australia
(3) An act or practice does not breach an Australian Privacy Principle if the act or practice involves the disclosure by an organisation of personal information in a record (as defined in the Archives Act 1983) solely for the purposes of enabling the National Archives of Australia to decide whether to accept, or to arrange, care (as defined in that Act) of the record.
No breach—act or practice outside Australia
(4) An act or practice does not breach an Australian Privacy Principle if:
(a) the act is done, or the practice is engaged in, outside Australia and the external Territories; and
(b) the act or practice is required by an applicable law of a foreign country.
Effect despite subsection (1)
(5) Subsections (2), (3) and (4) have effect despite subsection (1).