Preparing a Request

The responsible party must obtain prior authorisation from the Regulator prior to any processing if that responsible party plans to—

  1. process any unique identifiers of data subjects—
    1. for a purpose other than the one for which the identifier was specifically intended at collection; and
    2. with the aim of linking the information together with information processed by other responsible parties;
  2. process information on criminal behaviour or on unlawful or objectionable conduct on behalf of third parties;
  3. process information for the purposes of credit reporting; or
  4. transfer special personal information or the personal information of children to a third party in a foreign country that does not provide an adequate level of protection for the processing of personal information.

IMPORTANT: A responsible party is guilty of an offence if he/she/it does not obtain prior authorisation from the Regulator when it is required.

 Prior to making a request, the responsible must complete a personal information impact assessment. The personal information impact assessment must:

CONTACT US for more information and assistance with obtaining prior authorisation from the Information Regulator.