Federal Register of Legislation - Australian Government

Primary content

Regulations as made
These regulations amend the Telecommunications Regulations 2001 to allow for the disclosure of unlisted mobile phone numbers and their associated postcodes as recorded in the Integrated Public Number Database for certain research purposes.
Administered by: Communications and the Arts
Registered 13 Dec 2018
Tabling HistoryDate
Tabled HR12-Feb-2019
Tabled Senate12-Feb-2019
Date of repeal 02 Aug 2019
Repealed by Division 1 of Part 3 of Chapter 3 of the Legislation Act 2003
Table of contents.

Commonwealth Coat of Arms of Australia

 

Telecommunications Amendment (Access to Mobile Number Information for Authorised Research) Regulations 2018

I, General the Honourable Sir Peter Cosgrove AK MC (Ret’d), Governor‑General of the Commonwealth of Australia, acting with the advice of the Federal Executive Council, make the following regulations.

Dated 13 December 2018

Peter Cosgrove

Governor‑General

By His Excellency’s Command

Mitch Fifield

Minister for Communications and the Arts

 

 

 

 

  

  


Contents

1............ Name............................................................................................................................. 1

2............ Commencement............................................................................................................. 1

3............ Authority....................................................................................................................... 1

4............ Schedules...................................................................................................................... 1

Schedule 1—Amendments                                                                                                                          2

Telecommunications Regulations 2001                                                                                            2

 


1  Name

                   This instrument is the Telecommunications Amendment (Access to Mobile Number Information for Authorised Research) Regulations 2018.

2  Commencement

             (1)  Each provision of this instrument specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms.

 

Commencement information

Column 1

Column 2

Column 3

Provisions

Commencement

Date/Details

1.  The whole of this instrument

The day after this instrument is registered.

14 December 2018

Note:          This table relates only to the provisions of this instrument as originally made. It will not be amended to deal with any later amendments of this instrument.

             (2)  Any information in column 3 of the table is not part of this instrument. Information may be inserted in this column, or information in it may be edited, in any published version of this instrument.

3  Authority

                   This instrument is made under the Telecommunications Act 1997.

4  Schedules

                   Each instrument that is specified in a Schedule to this instrument is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this instrument has effect according to its terms.

Schedule 1Amendments

  

Telecommunications Regulations 2001

1  Regulation 1.7

Insert:

Australian Parliament means the Parliament of the Commonwealth, a Parliament of a State or a Legislative Assembly of a Territory.

authorised research, under a research authorisation, means a kind or kinds of permitted research to which the authorisation applies (see paragraph 5.12(2)(b)).

authorised research entity: see paragraph 5.12(2)(a).

authorised unlisted mobile number information, in relation to an authorised research entity, means unlisted mobile number information to which the research authorisation covering the entity applies.

breach:

                     (a)  in relation to an Australian Privacy Principle, has the meaning given by section 6A of the Privacy Act 1988; and

                     (b)  in relation to a registered APP code, has the meaning given by section 6B of that Act.

Commonwealth entity has the same meaning as in the Public Governance, Performance and Accountability Act 2013.

contacted person: see subregulation 5.20(2).

covered by the Privacy Act: the following are covered by the Privacy Act:

                     (a)  an organisation within the meaning of the Privacy Act 1988;

                     (b)  a small business operator (within the meaning of that Act) that has chosen to be treated as an organisation under section 6EA of that Act.

de‑identified: research information in relation to a contacted person is de‑identified if the information:

                     (a)  does not identify, or no longer identifies, the contacted person; and

                     (b)  is not reasonably capable, or is no longer reasonably capable, of being used to identify the contacted person.

electoral matter means a matter which is intended or likely to affect voting in:

                     (a)  an election to an Australian Parliament or to a local government authority; or

                     (b)  a referendum under a law of the Commonwealth or a law of a State or Territory.

former authorised research entity: see paragraph 5.30(2)(a).

integrated public number database means the database maintained by Telstra as mentioned in clause 10 of Part 4 of Schedule 2 to the Act.

IPND Scheme authorisation means an authorisation granted under the integrated public number database scheme.

local government authority means a body established for the purposes of local government by or under a law of a State or a Territory.

permitted research: see regulation 1.7A.

personal information has the same meaning as in the Privacy Act 1988.

political representative means:

                     (a)  a member of an Australian Parliament; or

                     (b)  a councillor (however described) of a local government authority.

public number has the same meaning as in section 472 of the Act.

registered APP code has the same meaning as in the Privacy Act 1988.

registered political party has the same meaning as in the Commonwealth Electoral Act 1918.

research authorisation means an authorisation granted under subregulation 5.11(1).

research employee, in relation to an authorised research entity, means an individual employed or engaged by the entity to conduct authorised research.

research entity: see subregulation 5.8(2).

research information, in relation to a contacted person, means any information obtained from the person when the person is contacted by an authorised research entity for the purposes of authorised research.

unlisted mobile number information: information is unlisted mobile number information if:

                     (a)  the information is contained in the integrated public number database; and

                     (b)  the information relates to a person’s mobile number that:

                              (i)  is unlisted; and

                             (ii)  the database indicates is not used for government, business or charitable purposes; and

                     (c)  the information consists only of either or both of the following:

                              (i)  the number;

                             (ii)  the postcode of the person’s address.

2  After regulation 1.7

Insert:

1.7A  Meaning of permitted research

             (1)  Research is permitted research if one or more of the following apply:

                     (a)  the research is relevant to public health, including epidemiological research;

                     (b)  the research relates to an electoral matter and is conducted by or for:

                              (i)  a registered political party; or

                             (ii)  a political representative; or

                            (iii)  a candidate in an election for an Australian Parliament or a local government authority;

                     (c)  the research will contribute to the development of public policy and is conducted by or for the Commonwealth or a Commonwealth entity.

             (2)  Despite subregulation (1), research is not permitted research if:

                     (a)  in the case of a research entity conducting research on its own behalf—the research is conducted for a primarily commercial purpose; or

                     (b)  in the case of a research entity conducting research for another person or body—the research entity is conducting the research for a primarily commercial purpose of the other person or body.

3  Before regulation 5.1A

Insert:

Division 5.1Specified circumstances

4  At the end of Part 5

Add:

5.6  Disclosure of information—unlisted mobile number information

                   For the purposes of subsection 292(1) of the Act, the following circumstances apply to a disclosure of information or a document:

                     (a)  the disclosure is made by Telstra to an authorised research entity;

                     (b)  the information is, or the document consists of, authorised unlisted mobile number information.

Division 5.2Research authorisations

Subdivision 5.2.1Introduction

5.7  Simplified outline of this Division

Telstra can only disclose unlisted mobile number information to an authorised research entity (regulation 5.6).

An authorised research entity is a person covered by a research authorisation granted by the ACMA under this Division. A research authorisation may cover more than one authorised research entity.

Before the research authorisation is granted, the ACMA must be satisfied, among other things, that each research entity sought to be authorised will use the unlisted mobile number information for certain kinds of research. The research authorisation starts on the first day Telstra provides unlisted mobile number information to an authorised research entity and ends at the end of the period specified in the authorisation (which can be no longer than 12 months).

An authorised research entity must comply with the conditions set out in Subdivision 5.2.3 and any further conditions specified by the ACMA. Failure to comply with these conditions may lead to the authorised research entity being removed from the authorisation by the ACMA and will be considered by the ACMA if the entity is specified in an application for another research authorisation. A contravention of a condition is an offence (see regulation 5.36).

After a research authorisation comes to an end, or if a research entity is removed from an authorisation, an authorised research entity must comply with the requirements of regulations 5.30 and 5.31 in relation to the unlisted mobile number information and research information the entity has received. Failure to comply with this regulation will be considered by the ACMA if the entity is specified in an application for another research authorisation. A contravention of regulation 5.30 or 5.31 is an offence (see regulation 5.36).

Subdivision 5.2.2Application for, and grant of, research authorisations

5.8  Applying for research authorisations

             (1)  A person may apply to the ACMA for a research authorisation to cover that person and any other persons specified in the application.

             (2)  The applicant for the authorisation, and each other person to be covered by the authorisation, is a research entity.

             (3)  The application must:

                     (a)  be in writing; and

                     (b)  be in a form approved, in writing, by the ACMA; and

                     (c)  specify:

                              (i)  each research entity to be covered by the authorisation; and

                             (ii)  the kind or kinds of unlisted mobile number information being sought; and

                            (iii)  the kind or kinds of research for which the unlisted mobile number information is sought and the reasons why that information is sought; and

                     (d)  be accompanied by:

                              (i)  the charge (if any) for the application fixed by a determination under section 60 of the Australian Communications and Media Authority Act 2005; and

                             (ii)  a completed privacy impact assessment in the form approved, in writing, by the ACMA.

5.9  ACMA may request further information

             (1)  The ACMA may, in writing, request a research entity specified in an application for a research authorisation to give it further information within 90 days after the request is made.

             (2)  The request must state the effect of subregulation (3).

             (3)  If the entity does not provide the information within 90 days, the ACMA may treat the application as if it did not specify the entity.

5.10  ACMA may consult

                   Before granting a research authorisation, the ACMA may consult any person or body the ACMA considers appropriate.

5.11  Research authorisations

Grant of research authorisation

             (1)  On an application for a research authorisation in accordance with regulation 5.8, the ACMA must grant the authorisation if the ACMA is reasonably satisfied that:

                     (a)  the kind or kinds of research proposed to be covered by the authorisation is permitted research; and

                     (b)  each research entity will comply with the conditions of the authorisation (including any additional conditions specified by the ACMA under subregulation 5.12(4)); and

                     (c)  regulations 5.30 and 5.31 will be complied with by each research entity if the authorisation ends or the entity is removed from the authorisation.

Note:          If the ACMA decides not to grant the authorisation, a research entity, or any other person affected by the decision, may request the ACMA to reconsider its decision (see regulation 5.32).

Matters to consider in granting research authorisation

             (2)  In determining whether a research entity will comply with the conditions of the authorisation, the ACMA must have regard to the following:

                     (a)  the practices, procedures, processes and systems the entity has in place, or intends to put in place, to comply with the conditions of the authorisation;

                     (b)  if the entity has previously been covered by a research authorisation—the extent to which the entity has complied with, or is complying with, the conditions of that authorisation;

                     (c)  if the entity has been granted an IPND Scheme authorisation—the extent to which the entity has complied with, or is complying with, the conditions of that authorisation;

                     (d)  the extent to which the entity’s collection, use and disclosure of personal information has complied with, or is consistent with, the Privacy Act 1988 (whether or not that Act applies to the entity).

             (3)  In determining whether paragraph (1)(c) is satisfied, if the research entity has previously been covered by a research authorisation, the ACMA must have regard to the extent to which the entity complied with regulation 5.30 or 5.31 after that authorisation ended or the entity was removed from that authorisation.

             (4)  Subregulations (2) and (3) do not limit the matters that the ACMA may have regard to.

Deemed refusal to grant research authorisation

             (5)  For the purposes of Subdivision 5.2.6 (review of decisions), if the ACMA does not make a decision on the application under subregulation (1) within the period covered by subregulation (6), the ACMA is taken to have decided not to grant the authorisation.

             (6)  The period covered by this subregulation is the period that ends at the later of:

                     (a)  90 days after receiving the application; or

                     (b)  if the ACMA has, within those 90 days, given any research entity a written request for further information under subregulation 5.9(1)—90 days after the end of the period for compliance with the last request made under that subregulation.

5.12  Content of research authorisations

             (1)  A research authorisation must be granted in writing.

             (2)  The authorisation must specify the following:

                     (a)  each research entity (an authorised research entity) covered by the authorisation;

                     (b)  the kind or kinds of permitted research to which the authorisation applies;

                     (c)  the kind or kinds of unlisted mobile number information that may be disclosed to an authorised research entity.

             (3)  The authorisation must specify a period that the authorisation is in effect which:

                     (a)  starts on the day Telstra first discloses authorised unlisted mobile number information to an authorised research entity covered by the authorisation; and

                     (b)  ends no later than 12 months afterwards.

             (4)  The authorisation may specify conditions additional to those specified in Subdivision 5.2.3 to which the authorisation is subject.

Note 1:       If the ACMA specifies an additional condition under this subregulation, an authorised research entity, and any other person affected by the decision, may request the ACMA to reconsider its decision (see regulation 5.32).

Note 2:       Before granting a research authorisation, the ACMA may consult any person or body about any additional conditions to be specified under subregulation (4) (see regulation 5.10).

5.13  Notice relating to research authorisations

             (1)  If the ACMA grants a research authorisation, the ACMA must, as soon as is reasonably practicable, give each authorised research entity, and Telstra, a copy of the authorisation.

             (2)  If:

                     (a)  the ACMA grants a research authorisation; and

                     (b)  the authorisation specifies an additional condition to which the authorisation is subject;

the ACMA must, as soon as is reasonably practicable, give written notice to each authorised research entity stating that the entity, and any other person affected by the decision, may request the ACMA to reconsider the decision under regulation 5.32.

             (3)  As soon as reasonably practicable after the ACMA decides not to grant a research authorisation, the ACMA must give written notice to each research entity specified in the application for the authorisation stating:

                     (a)  that the authorisation has not been granted; and

                     (b)  the reasons for not granting the authorisation; and

                     (c)  that the entity, and any other person affected by the decision, may request the ACMA to reconsider the decision under regulation 5.32.

Note 1:       See also section 27A of the Administrative Appeals Tribunal Act 1975.

Note 2:       A research entity is taken not to be specified in an application if the entity does not provide the ACMA with further information within 90 days after the ACMA requests that information: see regulation 5.9.

5.14  Period of research authorisations

                   A research authorisation has effect during the period specified in the authorisation, subject otherwise to these Regulations.

Subdivision 5.2.3Authorisation conditions

5.15  Authorisation conditions

                   A research authorisation is subject to:

                     (a)  the conditions specified in this Subdivision; and

                     (b)  any additional conditions specified by the ACMA under subregulation 5.12(4) or regulation 5.26.

5.16  Receipt of authorised unlisted mobile number information

             (1)  If an authorised research entity covered by the authorisation receives authorised unlisted mobile number information from Telstra, the entity must give written notice to the following within 10 business days after receiving the information:

                     (a)  the ACMA;

                     (b)  each other authorised research entity covered by the authorisation.

             (2)  Subregulation (1) does not apply if the entity has previously received a notice in relation to that information under that subregulation from another authorised research entity covered by the authorisation.

5.17  Use and disclosure of authorised unlisted mobile number information

             (1)  An authorised research entity must not make a record of, or use, authorised unlisted mobile number information unless it is for the purposes of authorised research under the authorisation.

             (2)  An authorised research entity must not disclose authorised unlisted mobile number information unless authorised, or required to do so, by or under:

                     (a)  subregulation (3) or (4); or

                     (b)  any other law that applies to the entity.

             (3)  The entity may disclose, for the purposes of authorised research under the authorisation, authorised unlisted mobile number information to:

                     (a)  the entity’s research employees; or

                     (b)  any other authorised research entities covered by the authorisation.

             (4)  The entity must disclose authorised unlisted mobile number information to the ACMA if the ACMA requests the information.

5.18  Covered by the Privacy Act

             (1)  An authorised research entity must be covered by the Privacy Act while the authorisation covers the entity.

Note:          For the meaning of covered by the Privacy Act, see regulation 1.7.

             (2)  Subregulation (1) does not apply if the entity is a registered political party.

5.19  Compliance with the Privacy Act

             (1)  If an authorised research entity collects, uses or discloses personal information about an individual for the purposes of authorised research under the authorisation, the entity must not do an act, or engage in a practice, that breaches:

                     (a)  an Australian Privacy Principle in relation to personal information about the individual; or

                     (b)  a registered APP code that binds the entity in relation to personal information about the individual.

             (2)  Subregulation (1) applies regardless of whether:

                     (a)  the entity is a registered political party; or

                     (b)  the act or practice of the entity is exempt under section 7C of the Privacy Act 1988 (which provides that certain political acts and practices are exempt).

5.20  Contacting persons for authorised research

Making contact

             (1)  An authorised research entity may contact a person, using authorised unlisted mobile number information, only by calling the person.

Example:    The authorised research entity must not contact the person by text message.

             (2)  If an authorised research entity uses authorised unlisted mobile number information to call a person (the contacted person) for the purposes of authorised research under the authorisation, the entity must, during the call:

                     (a)  tell the person:

                              (i)  the entity’s name; and

                             (ii)  the purpose of the research; and

                            (iii)  how the entity obtained the mobile number used to call the person; and

                            (iv)  how the entity proposes to use research information relating to the person; and

                             (v)  that the use of the number by the entity is authorised by the ACMA for the purposes of the research; and

                            (vi)  if asked by the person—how the person can access any personal information about the person held by the entity; and

                     (b)  ask the person whether the person gives consent for the use and disclosure of the research information relating to the person in the research; and

                     (c)  tell the person that the person may withdraw any consent so given at any time during the call; and

                     (d)  give the person any other information that is required by law (for example, under the Privacy Act 1988); and

                     (e)  comply with all applicable laws relating to unsolicited contact with another person.

Note:          For the purposes of paragraph (e), applicable laws relating to unsolicited contact with another person include the following:

(a)    the Privacy Act 1988;

(b)    the Spam Act 2003;

(c)    the Do Not Call Register Act 2006.

Contacted person does not consent to use and disclosure of research information

             (3)  If the contacted person informs the authorised research entity during the call that the person does not consent, or withdraws consent, to the use and disclosure of research information relating to the person, the entity:

                     (a)  must not make a record of, use, or disclose any research information the entity has relating to the person; and

                     (b)  must not use the authorised unlisted mobile number information relating to the person; and

                     (c)  as soon as reasonably practicable:

                              (i)  must take all reasonable steps to destroy any research information the entity has relating to the person within 10 business days after the person informs the entity that the person does not consent, or has withdrawn consent; and

                             (ii)  must give written notice to any other authorised research entity covered by the same authorisation that authorised unlisted mobile number information relating to the contacted person must not be used.

             (4)  If an authorised research entity is notified that authorised unlisted mobile number information in relation to the contacted person must not be used, the entity must not use the authorised unlisted mobile number information.

Internal dispute procedures

             (5)  The entity must have internal dispute resolution procedures enabling it to deal with inquiries or complaints from a contacted person about its use or disclosure of any research information relating to the person.

             (6)  If a contacted person makes a complaint to the entity about the use or disclosure of any research information relating to the person, the entity must:

                     (a)  inform the contacted person that if the person is dissatisfied with the way in which the complaint is handled, the person may make a complaint to the ACMA; and

                     (b)  give the contacted person information about how to contact the ACMA; and

                     (c)  provide reasonable assistance to the ACMA in relation to any such complaint if requested by the ACMA to do so.

5.21  Disclosure of research information

             (1)  An authorised research entity must not disclose research information relating to a contacted person unless authorised, or required to do so, by or under:

                     (a)  subregulation (2) or (3); or

                     (b)  any other law that applies to the entity.

Note:          See regulation 5.31 in relation to the recording, use or disclosure of research information after the authorisation ends or the entity is removed from the authorisation.

             (2)  The entity may disclose research information relating to a contacted person to the entity’s research employees.

             (3)  The entity may disclose research information relating to a contacted person if:

                     (a)  the information is de‑identified; and

                     (b)  the information does not include the person’s public number.

             (4)  This regulation is subject to subregulation 5.20(3).

Note:          Subregulation 5.20(3) provides that an authorised research entity must not record, use or disclose research information relating to a contacted person if the person does not consent, or withdraws consent, to the use and disclosure of that information.

5.22  Technical system for receiving authorised unlisted mobile number information

                   An authorised research entity must have technical systems to receive authorised unlisted mobile number information in accordance with any technical method specified by Telstra.

5.23  Compliance with the Act

                   An authorised research entity must comply with any requirements imposed on the entity by the Act and any legislative instrument made under the Act.

5.24  Employees of the authorised research entity

                   An authorised research entity must take all reasonable steps to ensure that each research employee of the entity:

                     (a)  is made aware of the conditions of the authorisation (including any additional conditions specified by the ACMA under subregulation 5.12(4) or regulation 5.26); and

                     (b)  cooperates with the entity in complying with those conditions; and

                     (c)  notifies the entity in writing as soon as reasonably practicable after the research employee becomes aware of an act or omission that would result in a contravention of a condition.

5.25  Contravention of authorisation conditions

             (1)  An authorised research entity must give written notice to the ACMA as soon as reasonably practicable after it becomes aware of a contravention of a condition of the authorisation (including any additional condition specified by the ACMA under subregulation 5.12(4) or regulation 5.26) by:

                     (a)  the entity; or

                     (b)  any other authorised research entity covered by the same authorisation.

             (2)  An authorised research entity must, as soon as reasonably practicable after it becomes aware of a contravention of a condition of the authorisation, take reasonable steps to minimise the effects of the contravention.

             (3)  To avoid doubt, this regulation is a condition of the authorisation.

Subdivision 5.2.4Changes to authorisations

5.26  Changes made by the ACMA

             (1)  After a research authorisation is granted, the ACMA may, in writing, with effect from a specified date:

                     (a)  specify additional conditions to which the authorisation is subject; or

                     (b)  vary or revoke any condition other than a condition specified in Subdivision 5.2.3.

Consultation

             (2)  Before taking an action under subregulation (1), the ACMA may consult any person or body the ACMA considers appropriate.

Notice to the research entity of changes to authorisation

             (3)  As soon as reasonably practicable after the ACMA takes an action under subregulation (1), the ACMA must give written notice to each authorised research entity covered by the authorisation stating:

                     (a)  the action taken; and

                     (b)  the reasons for taking the action; and

                     (c)  that the entity, and any other person affected by the action, may request the ACMA to reconsider the action taken under regulation 5.32 (except if the action is to revoke a condition).

Note:          See also section 27A of the Administrative Appeals Tribunal Act 1975.

             (4)  The notice must be given:

                     (a)  as soon as reasonably practicable after the action is taken under subregulation (1); and

                     (b)  before the action is expressed to take effect.

Notice to Telstra of changes to authorisation

             (5)  The ACMA must, as soon as reasonably practicable, give written notice to Telstra of the action taken under subregulation (1).

Subdivision 5.2.5Removal of authorised research entities

5.27  Effect of removal

                   An authorised research entity stops being covered by a research authorisation if the entity is removed from the authorisation under this Subdivision.

5.28  Removal of authorised research entities—contravention of research authorisation

             (1)  The ACMA may, in accordance with this regulation, remove an authorised research entity from a research authorisation if the ACMA is satisfied that a condition of any research authorisation that covers the entity has been contravened.

Note:          The entity removed, or any person who is affected by this decision, may request the ACMA to reconsider its decision (see regulation 5.32).

Consultation

             (2)  Before removing the entity, the ACMA may consult any person or body the ACMA considers appropriate.

Notice to entity of removal

             (3)  Before removing the entity, the ACMA must:

                     (a)  give written notice to the entity:

                              (i)  stating that the ACMA proposes to remove the entity from the authorisation; and

                             (ii)  inviting the entity to make a submission to the ACMA about the removal within a period specified in the notice; and

                     (b)  consider any submission received within the specified period.

             (4)  The specified period must not be shorter than 30 days after the notice is given.

Notice of removal

             (5)  As soon as reasonably practicable after the ACMA removes the entity, the ACMA must give written notice to the entity stating:

                     (a)  that the entity has been removed from the authorisation; and

                     (b)  the reasons for the entity’s removal; and

                     (c)  that the entity, and any other person affected by the decision, may request the ACMA to reconsider the decision under regulation 5.32.

Note:          See also section 27A of the Administrative Appeals Tribunal Act 1975.

             (6)  As soon as reasonably practicable after the ACMA removes the entity, the ACMA must give written notice of the removal to:

                     (a)  any other authorised research entity covered by the authorisation; and

                     (b)  Telstra.

Further application for authorisation after removal

             (7)  If the ACMA removes an authorised research entity from a research authorisation, an application for a further research authorisation covering the entity cannot be made until after the end of the first‑mentioned research authorisation.

5.29  Voluntary removal of authorised research entities

             (1)  If an authorised research entity requests the ACMA in writing to remove the entity from a research authorisation, the ACMA may remove the entity from the authorisation.

             (2)  Without limiting the matters the ACMA may have regard to in deciding whether to remove the entity, the ACMA may have regard to whether the entity has received a notice under subregulation 5.28(3) while the authorisation has been in effect.

             (3)  If the ACMA removes the entity, the ACMA must, as soon as reasonably practicable, give written notice of the removal to the following:

                     (a)  the entity;

                     (b)  any other authorised research entity covered by the authorisation;

                     (c)  Telstra.

             (4)  If the ACMA does not remove the entity, the ACMA must, as soon as reasonably practicable, give written notice to the entity stating:

                     (a)  that the entity has not been removed from the authorisation; and

                     (b)  the reasons for not removing the entity; and

                     (c)  that the entity, and any other person affected by the decision, may request the ACMA to reconsider the decision under regulation 5.32.

Note:          See also section 27A of the Administrative Appeals Tribunal Act 1975.

5.30  No use or disclosure of authorised unlisted mobile number information by former authorised research entities

Purpose of this regulation

             (1)  This regulation is made for the purposes of paragraph 5.11(1)(c).

Note:          The ACMA must grant a research authorisation if it is satisfied of the matters set out in subregulation 5.11(1).

Scope of this regulation

             (2)  This regulation applies if:

                     (a)  an authorised research entity (the former authorised research entity) has received authorised unlisted mobile number information under a research authorisation; and

                     (b)  the authorisation ends, or the former authorised research entity is removed from the authorisation.

Former authorised research entity must not use information

             (3)  The former authorised research entity:

                     (a)  must not make a record of, or use, the information; and

                     (b)  must not disclose the information unless authorised, or required to do so, by or under:

                              (i)  subregulation (4); or

                             (ii)  any other law that applies to the former authorised research entity; and

                     (c)  must take all reasonable steps to destroy the information within 10 business days after the authorisation ends or the former authorised research entity is removed from the authorisation (as the case requires).

Disclosure to the ACMA

             (4)  The former authorised research entity must disclose the information to the ACMA if the ACMA requests the information.

5.31  Use or disclosure of research information after end of research authorisation etc.

Purpose of this regulation

             (1)  This regulation is made for the purposes of paragraph 5.11(1)(c).

Note:          The ACMA must grant a research authorisation if it is satisfied of the matters set out in subregulation 5.11(1).

Research authorisation ends etc.

             (2)  If an authorised research entity has research information relating to a contacted person and the authorisation that covers the entity ends, or the entity is removed under regulation 5.29 from the research authorisation covering the entity, the entity must not:

                     (a)  make a record of, or use, the information; or

                     (b)  disclose the information;

unless the information is de‑identified and does not include the person’s public number.

Authorised research entity is involuntarily removed from research authorisation

             (3)  If an authorised research entity has research information relating to a contacted person and the entity is removed under regulation 5.28 from the research authorisation covering the entity, the entity:

                     (a)  must not make a record of, or use, the information; and

                     (b)  must not disclose the information unless authorised, or required to do so, by or under any law that applies to the entity; and

                     (c)  must take all reasonable steps to destroy the information within 10 business days after the entity is removed from the authorisation.

Subdivision 5.2.6Review of decisions

5.32  Decisions that may be subject to reconsideration by the ACMA

             (1)  A person affected by one of the following decisions, who is dissatisfied with the decision, may request the ACMA to reconsider the decision:

                     (a)  a decision not to grant a research authorisation (regulation 5.11);

                     (b)  a decision to grant a research authorisation subject to additional conditions (subregulation 5.12(4));

                     (c)  a decision to specify an additional condition after a research authorisation has been granted (subregulation 5.26(1));

                     (d)  a decision to vary an additional condition of an authorisation (subregulation 5.26(1));

                     (e)  a decision to remove an authorised research entity from a research authorisation (regulation 5.28);

                      (f)  a decision not to remove an authorised research entity from a research authorisation after receiving a request from the entity to be removed (regulation 5.29).

             (2)  The request:

                     (a)  must be in writing; and

                     (b)  must be in a form approved, in writing, by the ACMA; and

                     (c)  must set out the reasons for the request.

             (3)  The request must be made within 28 days after the decision, or within such longer period as the ACMA allows.

5.33  Reconsideration by the ACMA

             (1)  Upon receiving a request under regulation 5.32 to reconsider a decision, the ACMA must:

                     (a)  reconsider the decision; and

                     (b)  affirm, vary or revoke the decision.

             (2)  Before making a decision on the reconsideration of the decision, the ACMA may consult any person or body the ACMA considers appropriate.

             (3)  The ACMA’s decision on the reconsideration of a decision has effect as if it had been made under the provision under which the original decision was made.

             (4)  The ACMA must give written notice to the person making the request of its decision on the reconsideration, including the reasons for the decision.

Note:          Section 27A of the Administrative Appeals Tribunal Act 1975 requires the person to be notified of the person’s review rights.

5.34  Deadlines for reconsiderations

                   After receiving a request under regulation 5.32 for the reconsideration of a decision, the ACMA is taken to affirm the original decision 90 days after receiving the request if it does not make a decision on the request under subregulation 5.33(1) before then.

5.35  Review by the Administrative Appeals Tribunal

                   Applications may be made to the Administrative Appeals Tribunal for review of a decision mentioned in subregulation 5.32(1) if the ACMA has affirmed or varied the decision under regulation 5.33.

Subdivision 5.2.7Offences

5.36  Offence of contravening a condition etc.

             (1)  An authorised research entity covered by a research authorisation commits an offence of strict liability if:

                     (a)  the entity contravenes a condition of the authorisation; and

                     (b)  the condition is not regulation 5.19.

Penalty:  10 penalty units.

             (2)  An authorised research entity commits an offence of strict liability if:

                     (a)  the entity does an act, or engages in a practice, that contravenes regulation 5.19; and

                     (b)  either:

                              (i)  the entity is a registered political party; or

                             (ii)  the act or practice is exempt under section 7C of the Privacy Act 1988 (which provides that certain political acts and practices are exempt).

Penalty:  10 penalty units.

             (3)  A former authorised research entity commits an offence of strict liability if the entity contravenes subregulation 5.30(3) or (4).

Penalty:  10 penalty units.

             (4)  A person commits an offence of strict liability if the person contravenes subregulation 5.31(2) or (3).

Penalty:  10 penalty units.