17.08.2010
72.7 As discussed in Chapter 71, Part 13 does not refer to ‘personal information’. The information protected by Part 13 would, however, include ‘personal information’ as defined in the Privacy Act.
72.8 An organisation that uses or discloses personal information in a way that is authorised under the Telecommunications Act will not be in breach of National Privacy Principle 2 (NPP 2). An act or practice engaged in pursuant to any of the exceptions under Part 13 is an act or practice that is ‘authorised by or under law’ for the purposes of NPP 2.[9] This is confirmed by s 303B of the Telecommunications Act, which provides that a use or disclosure permitted under that Act is a use or disclosure that is ‘authorised by law’ for the purposes of the Privacy Act.[10]
72.9 If a telecommunications service provider engages in an act or practice that does not comply with one of the exceptions under Part 13, the act or practice would not be ‘authorised by or under law’ and so may breach NPP 2. This is supported by s 303C of the Telecommunications Act, which provides that a prosecution for an offence relating to the use or disclosure of protected information under the Telecommunications Act does not prevent civil proceedings or administrative action being taken under the Privacy Act for the same breach.[11]
72.10 It is unclear, however, whether the exceptions under Part 13 provide the only circumstances in which it is lawful to use or disclose information protected under the Part. In particular, it is unclear whether ss 280(1)(b) and 297 of the Telecommunications Act would allow a telecommunications service provider to rely on the exceptions under NPP 2 to disclose information in addition to disclosure permitted under Part 13. This issue is discussed further below.