Preparing a Request
The responsible party must obtain prior authorisation from the Regulator prior to any processing if that responsible party plans to—
- process any unique identifiers of data subjects—
- for a purpose other than the one for which the identifier was specifically intended at collection; and
- with the aim of linking the information together with information processed by other responsible parties;
- process information on criminal behaviour or on unlawful or objectionable conduct on behalf of third parties;
- process information for the purposes of credit reporting; or
- transfer special personal information or the personal information of children to a third party in a foreign country that does not provide an adequate level of protection for the processing of personal information.
IMPORTANT: A responsible party is guilty of an offence if he/she/it does not obtain prior authorisation from the Regulator when it is required.
Prior to making a request, the responsible must complete a personal information impact assessment. The personal information impact assessment must:
- describe the nature, scope, context and purposes of the processing;
- assess necessity, proportionality and compliance measures;
- identify and assess risks to data subjects; and
- identify any additional measures to mitigate those risks.
CONTACT US for more information and assistance with obtaining prior authorisation from the Information Regulator.