Privacy (International Money Transfers) Generalising Determination 2014 (No. 1)
I, Timothy Pilgrim, Privacy Commissioner, make the following generalising determination under subsection 80B(3) of the Privacy Act 1988 (Privacy Act).
Dated: 7 March 2014
1 Name of determination
This determination is the Privacy (International Money Transfers) Generalising Determination 2014 (No. 1).
This determination commences on 12 March 2014.
3 Period in force
This determination is in force from 12 March 2014 to 11 March 2015 inclusive unless ceased earlier because of subsection 80D(2) of the Privacy Act.
This determination is made under subsection 80B(3) of the Privacy Act.
Terms defined in the Privacy Act have the same meanings in this determination
6 Giving the temporary public interest determination general effect
(1) Noting that Privacy (International Money Transfers) Temporary Public Interest Determination 2014 (No. 1) (TPID 2014-1), applies to the disclosure of personal information to an overseas recipient where:
(a) Australia and New Zealand Banking Group Limited (Applicant), as an authorised deposit-taking institution within the meaning of the Banking Act 1959 (ADI), is processing an international money transfer (IMT) on behalf of one of its customers, and
(b) in order to process the IMT, the Applicant discloses personal information of the individual who is the beneficiary of the IMT (beneficiary) to another financial institution that is not in Australia or an external Territory (overseas financial institution) for the purpose of remitting the relevant funds to the beneficiary’s financial institution for payment.
(2) No other ADI is taken to breach section 15 of the Privacy Act while TPID 2014-1 is in force if:
(a) the ADI breaches Australian Privacy Principle 8.1 when engaging in the acts and practices described in TPID 2014-1 and set out in subsection 6(1) above, or
(b) an overseas financial institution does an act, or engages in a practice, in relation to the personal information disclosed to it by the ADI in the course of the ADI engaging in the acts and practices described in TPID 2014-1 and set out in subsection 6(1) above, that would be a breach of an APP (other than APP 1) if the APPs applied to that act or practice.