21Privacy protection requirements for government

21 Privacy protection requirements for government contracts (1) A public sector agency must not enter into a government contract unless the contract contains appropriate contractual provisions requiring the contracted service provider, and any subcontractor for the contract, to comply with— (a) the TPPs; or (b) a TPP code that binds the agency; or (c) a corresponding privacy law. (2) Also, a public sector agency must not enter into a government contract that authorises the contracted service provider, or any subcontractor for the contract, to do an act, or engage in a practice, that breaches a TPP, TPP Code or corresponding law that applies to the contract under the contractual provisions mentioned in subsection (1). (3) Failure by a public sector agency to comply with this section does not affect any obligation the agency, or the contracted service provider, has under this Act or the government contract in relation to compliance with the TPPs, or a TPP code that binds the agency. (4) In this section: corresponding privacy law means— (a) the Privacy Act 1988 (Cwlth); or (b) a law of a State, external territory or foreign country prescribed by regulation. Territory privacy principles Part 3 Other privacy compliance matters Division 3.3 Section 22 R13 16/12/25 Information Privacy Act 2014 Effective: 16/12/25 page 15 Authorised by the ACT Parliamentary Counsel—also accessible at www.legislation.act.gov.au subcontractor, in relation to a government contract— (a) means a person engaged by the contracted service provider under the government contract to provide the services the subject of the government contract; and (b) includes any other person engaged under a subcontracting arrangement to provide the services the subject of the government contract. Division 3.3 Other privacy compliance matters