Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 (83 of 2022)
Schedule 1 Amendments
Privacy Act 1988
18 At the end of Part IIIC
Add:
Division 4 - Commissioner's powers to obtain information or documents relating to eligible data breaches
26WU Power to obtain information and documents relating to eligible data breaches
(1) This section applies if the Commissioner has reason to believe that a person or entity has information or documents, or can answer questions, that are relevant to either or both of the following matters (the relevant matters ):
(a) an actual or suspected eligible data breach of an entity;
(b) an entity's compliance with the requirements in Division 3 of this Part.
(2) Without limiting subsection (1), the relevant matters may relate to one or more of the following:
(a) whether the entity is required to comply with one or more of those requirements;
(b) the conduct or events that led to, or may have led to, the application of one or more of those requirements to the entity;
(c) the actions taken by the entity to comply with one or more of those requirements;
(d) the actual or suspected eligible data breach that has, or may have, happened;
(e) the particular kind or kinds of information involved in the actual or suspected eligible data breach;
(f) the steps taken to notify individuals affected by the actual or suspected eligible data breach.
(3) The Commissioner may give to the person or entity a written notice requiring the person or entity:
(a) to give information of the kind specified in the notice to the Commissioner that relates to the matter; or
(b) to produce documents of the kind specified in the notice to the Commissioner that relate to the matter; or
(c) answer questions of the kind specified in the notice to the Commissioner that relate to the matter.
Note: For a failure to give information etc., see section 66.
(4) A notice given by the Commissioner under subsection (3) must state:
(a) the place at, or manner in which, the information or document is to be given or produced or the questions are to be answered; and
(b) the time at which, or the period within which, the information or document is to be given or produced or the questions are to be answered.
(5) If documents are produced to the Commissioner in accordance with a requirement under subsection (3), the Commissioner:
(a) may take possession of, and may make copies of, or take extracts from, the documents; and
(b) may retain possession of the documents for any period that is necessary for the purposes of assessing an entity's compliance with this Part; and
(c) during that period must permit a person who would be entitled to inspect any one or more of the documents if they were not in the Commissioner's possession to inspect at all reasonable times any of the documents that the person would be so entitled to inspect.
(6) This section is subject to section 70 but it has effect regardless of any other Commonwealth law.
(7) A person or entity is not liable to a penalty under the provisions of any other Commonwealth law because the person or entity gives information, produces a document or answers a question when required to do so under this section.
Copyright notice
© Australian Taxation Office for the Commonwealth of Australia
You are free to copy, adapt, modify, transmit and distribute material on this website as you wish (but not in any way that suggests the ATO or the Commonwealth endorses you or any of your services or products).