(ii) the credit reporting body is required to comply with section 20Q in relation to the credit reporting information or (i) a credit reporting body holds credit reporting information relating to one or more individuals and (ii) the APP entity is required under section 15 not to do an act, or engage in a practice, that breaches Australian Privacy Principle 11.1 in relation to the personal information or (i) an APP entity holds personal information relating to one or more individuals and Has been, or is required to be, notified under section 75 of the My Health Records Act 2012, this Part does not apply in relation to the access, disclosure or loss. (b) an unauthorised disclosure of information or (a) an unauthorised access to information or
(d) the credit provider were required to comply with subsection 21S(1) in relation to the credit eligibility information.Ģ6WD Exception-notification under the My Health Records Act 2012 (c) the credit eligibility information were held by the credit provider and (b) the related body corporate, body or person holds the credit eligibility information (ii) a credit provider has disclosed, under subsection 21M(1), credit eligibility information about one or more individuals to a body or person that does not have an Australian link and (i) a credit provider has disclosed, under paragraph 21G(3)(b) or (c), credit eligibility information about one or more individuals to a related body corporate, or person, that does not have an Australian link or (e) the APP entity were required under section 15 not to do an act, or engage in a practice, that breaches Australian Privacy Principle 11.1 in relation to the personal information.īodies or persons with no Australian link (d) the personal information were held by the APP entity and (c) the overseas recipient holds the personal information (b) Australian Privacy Principle 8.1 applied to the disclosure of the personal information and (a) an APP entity has disclosed personal information about one or more individuals to an overseas recipient and (b) it is directed to do so by the Commissioner.įor the purposes of this Part, entity includes a person who is a file number recipient. (a) it has reasonable grounds to believe that an eligible data breach has happened or (b) the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates. (a) there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity and This Part sets up a scheme for notification of eligible data breaches.Part IIIC - Notification of eligible data breaches (4A) If an entity (within the meaning of Part IIIC) contravenes subsection 26WH(2), 26WK(2), 26WL(3) or 26WR(10), the contravention is taken to be an act that is an interference with the privacy of an individual. Notification of eligible data breaches etc. Legislation that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.Īt risk from an eligible data breach has the meaning given by section 26WE.Įligible data breach has the meaning given by Division 2 of Part IIIC. Information may be inserted in this column, or information in it may be edited, in any published version of this Act. (2) Any information in column 3 of the table is not part of this Act. It will not be amended to deal with any later amendments of this Act. Note: This table relates only to the provisions of this Act as originally enacted.
However, if the provisions do not commence within the period of 12 months beginning on the day this Act receives the Royal Assent, they commence on the day after the end of that period. The day this Act receives the Royal Assent.Ī single day to be fixed by Proclamation. Sections 1 to 3 and anything in this Act not elsewhere covered by this table Any other statement in column 2 has effect according to its terms.ġ.
(1) Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. This Act is the Privacy Amendment (Notifiable Data Breaches) Act 2017. An Act to amend the Privacy Act 1988, and for related purposes
0 kommentar(er)
