Privacy Act 1988
For the purposes of this Act, an act or practice breaches a registered APP code if, and only if, it is contrary to, or inconsistent with, the code.
(a) the act is done, or the practice is engaged in:
(i) by an organisation that is a contracted service provider for a Commonwealth contract (whether or not the organisation is a party to the contract); and
(ii) for the purposes of meeting (directly or indirectly) an obligation under the contract; and
(b) the act or practice is authorised by a provision of the contract that is inconsistent with the code.
Sch 1 of No 155 of 2000, effective 21 December 2001, contains the following application provision:
Under subsection 6A(2) or 6B(2) of the Privacy Act 1988 (as amended by this Schedule), a Commonwealth contract may prevent an act or practice from being a breach of a National Privacy Principle or an approved privacy code (as appropriate) regardless of whether the contract was made before or after the commencement of that subsection.
An act or practice does not breach a registered APP code if the act or practice involves the disclosure by an organisation of personal information in a record (as defined in the Archives Act 1983 ) solely for the purposes of enabling the National Archives of Australia to decide whether to accept, or to arrange, care (as defined in that Act) of the record.
(a) the act is done, or the practice is engaged in, outside Australia and the external Territories; and
(b) the act or practice is required by an applicable law of a foreign country.
Subsections (2), (3) and (4) have effect despite subsection (1).