Privacy Amendment (Enhancing Privacy Protection) Bill 2012 passes the Senate with amendments

November 27, 2012 |

Tonight the Privacy Amendment (Enhancing Privacy Protection) Bill 2012 passed the Senate with amendments.

Those amendments are:

The 40 Government amendments:

(1)     Clause 2, page 2 (table item 2), omit “9 months”, substitute “15 months”. [commencement]

(2)     Clause 2, pages 2 to 3 (table items 3 to 9), omit the table items, substitute:

3.  Schedule 5, items 1 to 155 The day after the end of the period of 15 months beginning on the day this Act receives the Royal Assent.  

[commencement]

(3)     Clause 2, page 3 (table item 11), omit “9 months”, substitute “15 months”. [commencement]

(4)     Clause 2, pages 3 to 4 (table items 13 to 15), omit the table items, substitute:

13.  Schedule 5, items 163 to 180 The day after the end of the period of 15 months beginning on the day this Act receives the Royal Assent.  

[commencement]

(5)     Clause 2, page 4 (table item 17), omit “9 months”, substitute “15 months”. [commencement]

(6)     Clause 2, page 4 (table item 19), omit “9 months”, substitute “15 months”. [commencement]

(7)     Schedule 1, item 88, page 23 (lines 4 and 5), omit the item, substitute:

88  Subsection 95(1)

After “privacy”, insert “by agencies”.

[medical research]

(8)     Schedule 1, item 104, page 29 (line 6), at the end of paragraph 2.2(b) of Australian Privacy Principle 2, add “or who have used a pseudonym”. [pseudonymity]

(9)     Schedule 1, item 104, page 30 (after line 24), at the end of Australian Privacy Principle 3.4, add:

Note:          For permitted general situation, see section 16A. For permitted health situation, see section 16B. [minor amendment]

(10)   Schedule 1, item 104, page 34 (after line 4), at the end of Australian Privacy Principle 6.2, add:

Note:          For permitted general situation, see section 16A. For permitted health situation, see section 16B. [minor amendment]

(11)   Schedule 1, item 104, page 35 (line 7), omit the heading to Australian Privacy Principle 7.1, substitute:

Direct marketing [direct marketing]

(12)   Schedule 1, item 104, page 39 (after line 3), at the end of Australian Privacy Principle 8.2, add:

Note:          For permitted general situation, see section 16A. [minor amendment]

(13)   Schedule 1, item 104, page 39 (line 34), omit “Note”, substitute “Note 1”. [minor amendment]

(14)   Schedule 1, item 104, page 39 (after line 35), at the end of Australian Privacy Principle 9.2, add:

Note 2:       For permitted general situation, see section 16A. [minor amendment]

(15)   Schedule 2, item 39, page 52 (lines 24 and 25), omit “an act relating to the collection of”, substitute “the act of collecting”. [managing credit]

(16)   Schedule 2, item 69, page 63 (line 12), at the end of subsection 6L(3), add “or a person prescribed by the regulations”. [access seeker]

(17)   Schedule 2, item 72, page 77 (lines 7 and 8), omit all the words from and including “recipient” to and including “licensee”, substitute:

                   recipient of the information is:

                     (a)  a credit provider who is a licensee or is prescribed by the regulations; or

                     (b)  a mortgage insurer.

[disclosure of credit reporting information]

(18)   Schedule 2, item 72, page 84 (lines 2 and 3), omit “the assessment of the credit worthiness of individuals”, substitute “credit”.[research]

(19)   Schedule 2, item 72, page 84 (line 10), omit “the assessment of the credit worthiness of individuals”, substitute “credit”. [research]

(20)   Schedule 2, item 72, page 84 (lines 15 and 16), omit “the assessment of the credit worthiness of individuals”, substitute “credit”.

[research]

(21)   Schedule 2, item 72, page 100 (line 11), omit “complaint.”, substitute “complaint;”. [content of credit provider’s policy]

(22)   Schedule 2, item 72, page 100 (after line 11), at the end of subsection 21B(4), add:

                      (i)  whether the provider is likely to disclose credit information or credit eligibility information to entities that do not have an Australian link;

                      (j)  if the provider is likely to disclose credit information or credit eligibility information to such entities—the countries in which those entities are likely to be located if it is practicable to specify those countries in the policy.

[content of credit provider’s policy]

(23)   Schedule 2, item 72, page 101 (line 25), omit “complaint.”, substitute “complaint;”.

[notification requirements]

(24)   Schedule 2, item 72, page 101 (after line 25), at the end of subsection 21C(3), add:

                     (e)  whether the provider is likely to disclose credit information or credit eligibility information to entities that do not have an Australian link;

                      (f)  if the provider is likely to disclose credit information or credit eligibility information to such entities—the countries in which those entities are likely to be located if it is practicable to specify those countries in the credit reporting policy.

[notification requirements]

(25)   Schedule 2, item 72, page 102 (line 3), after “scheme”, insert “or is prescribed by the regulations”.

[disclosure by credit providers]

(26)   Schedule 2, item 72, page 102 (line 22), after “licensee”, insert “or is prescribed by the regulations”.

[disclosure of repayment history information]

(27)   Schedule 2, item 72, page 102 (line 35), omit “a reasonable period has”, substitute “at least 14 days have”.

[default information]

(28)   Schedule 2, item 72, page 105 (line 12), omit “and the body corporate has an Australian link”.

[related bodies corporate]

(29)   Schedule 2, item 72, page 105 (lines 13 to 17), omit paragraph 21G(3)(c), substitute:

                     (c)  the disclosure is to:

                             (i)  a person for the purpose of processing an application for credit made to the credit provider; or

                            (ii)  a person who manages credit provided by the credit provider for use in managing that credit; or

[credit managers etc.]

(30)   Schedule 2, item 72, page 105 (after line 32), at the end of subsection 21G(3), add:

Note:          See section 21NA for additional rules about the disclosure of credit eligibility information under paragraph (3)(b) or (c).

[related bodies corporate; credit managers etc.]

(31)   Schedule 2, item 72, page 106 (lines 7 to 10), omit paragraphs 21G(5)(c) and (d), substitute:

                     (c)  the credit provider discloses the credit eligibility information under paragraph (3)(b), (c), (e) or (f); or

                     (d)  the credit provider discloses the credit eligibility information under paragraph (3)(d) to an enforcement body.

[disclosure of credit eligibility information]

(32)   Schedule 2, item 72, page 111 (line 18), omit paragraph 21M(1)(b).

[debt collectors]

(33)   Schedule 2, item 72, page 111 (lines 19 and 20), omit “for the purpose of the collection of payments”, substitute “to the person or body for the primary purpose of the person or body collecting payments”.

[debt collectors]

(34)   Schedule 2, item 72, page 111 (after line 26), at the end of subsection 21M(1), add:

Note:          See section 21NA for additional rules about the disclosure of credit eligibility information under this subsection.

[debt collectors]

(35)   Schedule 2, item 72, page 113 (after line 9), after section 21N, insert:

21NA  Disclosures to certain persons and bodies that do not have an Australian link

Related bodies corporate and credit managers etc.

            (1)  Before a credit provider discloses credit eligibility information under paragraph 21G(3)(b) or (c) to a related body corporate, or person, that does not have an Australian link, the provider must take such steps as are reasonable in the circumstances to ensure that the body or person does not breach the following provisions (the relevant provisions) in relation to the information:

                     (a)  for a disclosure under paragraph 21G(3)(b)—section 22D;

                     (b)  for a disclosure under paragraph 21G(3)(c)—section 22E;

                     (c)  in both cases—the Australian Privacy Principles (other than Australian Privacy Principles 1, 6, 7, 8 and 9.2).

            (2)  If:

                     (a)  a credit provider discloses credit eligibility information under paragraph 21G(3)(b) or (c) to a related body corporate, or person, that does not have an Australian link; and

                     (b)  the relevant provisions do not apply, under this Act, to an act done, or a practice engaged in, by the body or person in relation to the information; and

                     (c)  the body or person does an act, or engages in a practice, in relation to the information that would be a breach of the relevant provisions if those provisions applied to the act or practice;

the act done, or the practice engaged in, by the body or person is taken, for the purposes of this Act, to have been done, or engaged in, by the provider and to be a breach of those provisions by the provider.

Debt collectors

            (3)  Before a credit provider discloses credit eligibility information under subsection 21M(1) to a person or body that does not have an Australian link, the provider must take such steps as are reasonable in the circumstances to ensure that the person or body does not breach the Australian Privacy Principles (other than Australian Privacy Principle 1) in relation to the information.

            (4)  If:

                     (a)  a credit provider discloses credit eligibility information under subsection 21M(1) to a person or body that does not have an Australian link; and

                     (b)  the Australian Privacy Principles do not apply, under this Act, to an act done, or a practice engaged in, by the person or body in relation to the information; and

                     (c)  the person or body does an act, or engages in a practice, in relation to the information that would be a breach of the Australian Privacy Principles (other than Australian Privacy Principle 1) if those Australian Privacy Principles applied to the act or practice;

the act done, or the practice engaged in, by the person or body is taken, for the purposes of this Act, to have been done, or engaged in, by the provider and to be a breach of those Australian Privacy Principles by the provider.

[related bodies corporate; credit managers etc.; debt collectors]

(36)   Schedule 2, item 72, page 125 (line 20), at the end of the heading to section 22E, add “etc.”.

[credit managers etc.]

(37)   Schedule 2, item 72, page 125 (lines 26 and 27), omit “for use in managing credit provided by the provider”.

[credit managers etc.]

(38)   Schedule 2, item 72, page 126 (lines 3 and 4), omit “in managing credit provided by the credit provider”, substitute “for the purpose for which it was disclosed to the person under paragraph 21G(3)(c)”.

[credit managers etc.]

(39)   Schedule 2, item 72, page 126 (lines 8 to 10), omit all the words from and including “information” to the end of subsection 22E(3), substitute:

                   information if:

                     (a)  the disclosure is to the credit provider; or

                     (b)  the disclosure is required or authorised by or under an Australian law or a court/tribunal order.

[credit managers etc.]

(40)   Schedule 4, item 189, page 193 (after line 18), at the end of section 80Z, add:

Note:          In determining the pecuniary penalty, the court must take into account all relevant matters including the matters mentioned in subsection 80W(6).

One Green amendment was accepted thought the Parliamentary record does not indicate which of the 3 proposed it was.

The Bill will now be returned to the House of Representatives where the amendments are likely to be accepted and the Bill passed.

 

 

 

 

 

Leave a Reply





Verified by MonsterInsights