Privacy Act 1988
(a) a body corporate holds or held credit eligibility information about an individual; and
(b) the information was disclosed to the body by a credit provider under paragraph 21G(3)(b) ;
the body must not use or disclose the information, or any personal information about the individual derived from that information.
Civil penalty: 1,000 penalty units.Permitted use or disclosure 22D(2)
Subsection (1) does not apply to the use or disclosure of the information by the body corporate if the body would be permitted to use or disclose the information under section 21G if the body were the credit provider. 22D(3)
In determining whether the body corporate would be permitted to use or disclose the information under section 21G , assume that the body is whichever of the following is applicable:
(a) the credit provider that has provided the relevant credit to the individual;
(b) the credit provider to which the relevant application for credit was made by the individual. Interaction with the Australian Privacy Principles 22D(4)
If the body corporate is an APP entity, Australian Privacy Principles 6, 7 and 8 do not apply to the body in relation to the information. 22D(5)
(a) the body corporate is an APP entity; and
(b) the information is a government related identifier of the individual;
Australian Privacy Principle 9.2 does not apply to the body in relation to the information.