Commonwealth Consolidated Regulations Commonwealth Consolidated Regulations(1) If an authorised research entity collects, uses or discloses personal information about an individual for the purposes of authorised research under the authorisation, the entity must not do an act, or engage in a practice, that breaches:
(a) an Australian Privacy Principle in relation to personal information about the individual; or
(b) a registered APP code that binds the entity in relation to personal information about the individual.
(2) Subsection (1) applies regardless of whether:
(a) the entity is a registered political party; or
(b) the act or practice of the entity is exempt under section 7C of the Privacy Act 1988 (which provides that certain political acts and practices are exempt).