(1) A person is not personally liable for any loss, damage or injury suffered by another person by reason only that the person—
S. 117(1)(a) amended by No. 20/2017 s. 106(2).
(a) produces a document, or gives any information or evidence, to the Information Commissioner under this Act; or
S. 117(1)(b) amended by No. 20/2017 s. 106(2).
(b) gives the Information Commissioner access to any public sector data, law enforcement data or crime statistics data or any public sector organisation's data system, law enforcement data system or crime statistics data system under this Act.
(2) A person who lodges a complaint under section 57(1) is not personally liable for any loss, damage or injury suffered by another person by reason only of the lodging of the complaint.
(3) Subsection (4) applies if—
(a) a person has been provided by an organisation with access to personal information; and
(i) the access was required by IPP 6 or an applicable code of practice; or
(ii) the organisation, or an employee or agent of the organisation acting within the scope of the employee's or agent's actual or apparent authority, believed in good faith that the access was required by IPP 6 or an applicable code of practice.
(4) The provision of access to personal information in the circumstances referred to in subsection (3)—
(a) is not to be regarded as making the organisation, or any employee or agent of the organisation, liable for defamation or breach of confidence or guilty of a criminal offence by reason only of the provision of access; or
(b) is not to be regarded as making any person who provided the personal information to the organisation liable for defamation or breach of confidence in respect of any publication involved in, or resulting from, the provision of access by reason only of the provision of access; or
(c) must not be taken for the purpose of the law relating to defamation or breach of confidence to constitute an authorisation or approval of the publication of the information by the person who is provided with access to the information.
(5) An organisation is not in breach of the Information Privacy Principles or an applicable code of practice by reason only of—
(a) collecting, holding, managing, using, disclosing or transferring personal information; or
(b) providing access to personal information; or
(c) correcting personal information—
of an individual in response to a consent or request by an authorised representative whose consent or request is void by virtue of section 28(4).