15 December 2018

Algorithms and IPND Mining

'Algorithms, Correcting Biases' by Cass Sunstein in Social Research (Forthcoming) comments 
A great deal of theoretical work explores the possibility that algorithms may be biased in one or another respect. But for purposes of law and policy, some of the most important empirical research finds exactly the opposite. In the context of bail decisions, an algorithm designed to predict flight risk does much better than human judges, in large part because the latter place an excessive emphasis on the current offense. Current Offense Bias, as we might call it, is best seen as a cousin of “availability bias,” a well-known source of mistaken probability judgments. The broader lesson is that well-designed algorithms should be able to avoid cognitive biases of many kinds. Existing research on bail decisions also casts a new light on how to think about the risk that algorithms will discriminate on the basis of race (or other factors). Algorithms can easily be designed so as to avoid taking account of race (or other factors). They can also be constrained so as to produce whatever kind of racial balance is sought, and thus to reveal tradeoffs among various social values.
'Predictive Policing – In Defense of ‘True Positives’' by Sabine Gless in Emre Bayamlıoğlu, Irina Baraliuc, Liisa Janssens and Mireille Hildebrandt (eds). Being Profiled: Cogitas Ergo Sum. 10 Years of Profiling the European Citizen (Amsterdam University Press 2018) 76-83 comments 
Predictive policing has triggered a heated debate around the issue of ‘false positives’. Biased machine training can wrongly classify individuals as high risk simply as a result of belonging to a particular ethnic group and many agree such persons should not have to shoulder the burden of over-policing due to an inherent stochastic problem. The paper takes a pragmatic stand and argues that ‘true positives’, i.e. individuals who have been correctly identified as perpetrators, offer the best opportunity to address the issue of biased profiling. 
The first reason is purely pragmatic – they are already party to a criminal investigation and, as such, have a strong incentive to challenge law enforcement methods and scrutinize policing methods on an individual basis. The second reason is more general (and commonly subscribed to) – that discriminatory stops and searches are inherently unfair, threaten social peace, and frustrate targeted groups. 
To create an efficient legal tool against discriminatory law enforcement, defence should be entitled to contest a conviction for biased predictive policing, with a specific exclusionary rule protecting ‘true positives’ against the use of tainted evidence.
Want to mine the Integrated Public Number Directory (IPND), the national landline and mobile phone number database that is managed by Telstra but covers all providers? That includes 'silent' (aka ex-directory) numbers rather than just those published in print and online directories.

The Telecommunications Amendment (Access to Mobile Number Information for Authorised Research) Regulations 2018 made earlier this week strengthen the privileging of political parties and other entities that escape restrictions through provisions under, for example, section 7C of the Privacy Act 1988 (Cth).

The Regulations indicate that research using the IPND is 'permitted' under s 17A of the Regs
 (1) Research is permitted research if one or more of the following apply: (a) the research is relevant to public health, including epidemiological research; (b) the research relates to an electoral matter and is conducted by or for: (i) a registered political party; or (ii) a political representative; or (iii) a candidate in an election for an Australian Parliament or a local government authority; (c) the research will contribute to the development of public policy and is conducted by or for the Commonwealth or a Commonwealth entity. 
(2) Despite subregulation (1), research is not permitted research if: (a) in the case of a research entity conducting research on its own behalf—the research is conducted for a primarily commercial purpose; or (b) in the case of a research entity conducting research for another person or body—the research entity is conducting the research for a primarily commercial purpose of the other person or body.
Politicians will of course state that their research is to foster a vibrant democracy, not for commercial purposes.

New sections state
5.6 Disclosure of information—unlisted mobile number information 
For the purposes of subsection 292(1) of the Act, the following circumstances apply to a disclosure of information or a document: (a) the disclosure is made by Telstra to an authorised research entity; (b) the information is, or the document consists of, authorised unlisted mobile number information. 
Division 5.2—Research authorisations 
Subdivision 5.2.1—Introduction 
5.7 Simplified outline of this Division 
Telstra can only disclose unlisted mobile number information to an authorised research entity (regulation 5.6). An authorised research entity is a person covered by a research authorisation granted by the ACMA under this Division. A research authorisation may cover more than one authorised research entity. Before the research authorisation is granted, the ACMA must be satisfied, among other things, that each research entity sought to be authorised will use the unlisted mobile number information for certain kinds of research. The research authorisation starts on the first day Telstra provides unlisted mobile number information to an authorised research entity and ends at the end of the period specified in the authorisation (which can be no longer than 12 months). An authorised research entity must comply with the conditions set out in Subdivision 5.2.3 and any further conditions specified by the ACMA. Failure to comply with these conditions may lead to the authorised research entity being removed from the authorisation by the ACMA and will be considered by the ACMA if the entity is specified in an application for another research authorisation. A contravention of a condition is an offence (see regulation 5.36). After a research authorisation comes to an end, or if a research entity is removed from an authorisation, an authorised research entity must comply with the requirements of regulations 5.30 and 5.31 in relation to the unlisted mobile number information and research information the entity has received. Failure to comply with this regulation will be considered by the ACMA if the entity is specified in an application for another research authorisation. A contravention of regulation 5.30 or 5.31 is an offence (see regulation 5.36). 
Subdivision 5.2.2—Application for, and grant of, research authorisations 
5.8 Applying for research authorisations (1) A person may apply to the ACMA for a research authorisation to cover that person and any other persons specified in the application. 
(2) The applicant for the authorisation, and each other person to be covered by the authorisation, is a research entity. 
(3) The application must: (a) be in writing; and (b) be in a form approved, in writing, by the ACMA; and (c) specify: (i) each research entity to be covered by the authorisation; and (ii) the kind or kinds of unlisted mobile number information being sought; and (iii) the kind or kinds of research for which the unlisted mobile number information is sought and the reasons why that information is sought; and (d) be accompanied by: (i) the charge (if any) for the application fixed by a determination under section 60 of the Australian Communications and Media Authority Act 2005; and (ii) a completed privacy impact assessment in the form approved, in writing, by the ACMA. 
5.9 ACMA may request further information 
(1) The ACMA may, in writing, request a research entity specified in an application for a research authorisation to give it further information within 90 days after the request is made. 
(2) The request must state the effect of subregulation (3). 
(3) If the entity does not provide the information within 90 days, the ACMA may treat the application as if it did not specify the entity. 
5.10 ACMA may consult 
Before granting a research authorisation, the ACMA may consult any person or body the ACMA considers appropriate. 
5.11 Research authorisations 
Grant of research authorisation 
(1) On an application for a research authorisation in accordance with regulation 5.8, the ACMA must grant the authorisation if the ACMA is reasonably satisfied that: (a) the kind or kinds of research proposed to be covered by the authorisation is permitted research; and (b) each research entity will comply with the conditions of the authorisation (including any additional conditions specified by the ACMA under subregulation 5.12(4)); and (c) regulations 5.30 and 5.31 will be complied with by each research entity if the authorisation ends or the entity is removed from the authorisation. Note: If the ACMA decides not to grant the authorisation, a research entity, or any other person affected by the decision, may request the ACMA to reconsider its decision (see regulation 5.32). 
Matters to consider in granting research authorisation 
(2) In determining whether a research entity will comply with the conditions of the authorisation, the ACMA must have regard to the following: (a) the practices, procedures, processes and systems the entity has in place, or intends to put in place, to comply with the conditions of the authorisation; (b) if the entity has previously been covered by a research authorisation—the extent to which the entity has complied with, or is complying with, the conditions of that authorisation; (c) if the entity has been granted an IPND Scheme authorisation—the extent to which the entity has complied with, or is complying with, the conditions of that authorisation; (d) the extent to which the entity’s collection, use and disclosure of personal information has complied with, or is consistent with, the Privacy Act 1988 (whether or not that Act applies to the entity). 
(3) In determining whether paragraph (1)(c) is satisfied, if the research entity has previously been covered by a research authorisation, the ACMA must have regard to the extent to which the entity complied with regulation 5.30 or 5.31 after that authorisation ended or the entity was removed from that authorisation. 
(4) Subregulations (2) and (3) do not limit the matters that the ACMA may have regard to. 
Deemed refusal to grant research authorisation 
(5) For the purposes of Subdivision 5.2.6 (review of decisions), if the ACMA does not make a decision on the application under subregulation (1) within the period covered by subregulation (6), the ACMA is taken to have decided not to grant the authorisation. 
(6) The period covered by this subregulation is the period that ends at the later of: (a) 90 days after receiving the application; or (b) if the ACMA has, within those 90 days, given any research entity a written request for further information under subregulation 5.9(1)—90 days after the end of the period for compliance with the last request made under that subregulation. 
5.12 Content of research authorisations 
(1) A research authorisation must be granted in writing. (2) The authorisation must specify the following: (a) each research entity (an authorised research entity) covered by the authorisation; (b) the kind or kinds of permitted research to which the authorisation applies; (c) the kind or kinds of unlisted mobile number information that may be disclosed to an authorised research entity. 
(3) The authorisation must specify a period that the authorisation is in effect which: (a) starts on the day Telstra first discloses authorised unlisted mobile number information to an authorised research entity covered by the authorisation; and (b) ends no later than 12 months afterwards. 
(4) The authorisation may specify conditions additional to those specified in Subdivision 5.2.3 to which the authorisation is subject. Note 1: If the ACMA specifies an additional condition under this subregulation, an authorised research entity, and any other person affected by the decision, may request the ACMA to reconsider its decision (see regulation 5.32). Note 2: Before granting a research authorisation, the ACMA may consult any person or body about any additional conditions to be specified under subregulation (4) (see regulation 5.10). 
5.13 Notice relating to research authorisations 
(1) If the ACMA grants a research authorisation, the ACMA must, as soon as is reasonably practicable, give each authorised research entity, and Telstra, a copy of the authorisation. 
(2) If: (a) the ACMA grants a research authorisation; and (b) the authorisation specifies an additional condition to which the authorisation is subject; the ACMA must, as soon as is reasonably practicable, give written notice to each authorised research entity stating that the entity, and any other person affected by the decision, may request the ACMA to reconsider the decision under regulation 5.32. 
(3) As soon as reasonably practicable after the ACMA decides not to grant a research authorisation, the ACMA must give written notice to each research entity specified in the application for the authorisation stating: (a) that the authorisation has not been granted; and (b) the reasons for not granting the authorisation; and (c) that the entity, and any other person affected by the decision, may request the ACMA to reconsider the decision under regulation 5.32. Note 1: See also section 27A of the Administrative Appeals Tribunal Act 1975. Note 2: A research entity is taken not to be specified in an application if the entity does not provide the ACMA with further information within 90 days after the ACMA requests that information: see regulation 5.9. 
5.14 Period of research authorisations 
A research authorisation has effect during the period specified in the authorisation, subject otherwise to these Regulations. 
Subdivision 5.2.3—Authorisation conditions 
5.15 Authorisation conditions 
A research authorisation is subject to: (a) the conditions specified in this Subdivision; and (b) any additional conditions specified by the ACMA under subregulation 5.12(4) or regulation 5.26. 
5.16 Receipt of authorised unlisted mobile number information 
(1) If an authorised research entity covered by the authorisation receives authorised unlisted mobile number information from Telstra, the entity must give written notice to the following within 10 business days after receiving the information: (a) the ACMA; (b) each other authorised research entity covered by the authorisation. 
(2) Subregulation (1) does not apply if the entity has previously received a notice in relation to that information under that subregulation from another authorised research entity covered by the authorisation. 
5.17 Use and disclosure of authorised unlisted mobile number information 
(1) An authorised research entity must not make a record of, or use, authorised unlisted mobile number information unless it is for the purposes of authorised research under the authorisation. 
(2) An authorised research entity must not disclose authorised unlisted mobile number information unless authorised, or required to do so, by or under: (a) subregulation (3) or (4); or (b) any other law that applies to the entity. 
(3) The entity may disclose, for the purposes of authorised research under the authorisation, authorised unlisted mobile number information to: (a) the entity’s research employees; or (b) any other authorised research entities covered by the authorisation. 
(4) The entity must disclose authorised unlisted mobile number information to the ACMA if the ACMA requests the information. 
5.18 Covered by the Privacy Act 
(1) An authorised research entity must be covered by the Privacy Act while the authorisation covers the entity. Note: For the meaning of covered by the Privacy Act, see regulation 1.7. 
(2) Subregulation (1) does not apply if the entity is a registered political party. 
5.19 Compliance with the Privacy Act 
(1) If an authorised research entity collects, uses or discloses personal information about an individual for the purposes of authorised research under the authorisation, the entity must not do an act, or engage in a practice, that breaches: (a) an Australian Privacy Principle in relation to personal information about the individual; or (b) a registered APP code that binds the entity in relation to personal information about the individual. 
(2) Subregulation (1) applies regardless of whether: (a) the entity is a registered political party; or (b) the act or practice of the entity is exempt under section 7C of the Privacy Act 1988 (which provides that certain political acts and practices are exempt). 
5.20 Contacting persons for authorised research 
Making contact 
(1) An authorised research entity may contact a person, using authorised unlisted mobile number information, only by calling the person. Example: The authorised research entity must not contact the person by text message. 
(2) If an authorised research entity uses authorised unlisted mobile number information to call a person (the contacted person) for the purposes of authorised research under the authorisation, the entity must, during the call: (a) tell the person: (i) the entity’s name; and (ii) the purpose of the research; and (iii) how the entity obtained the mobile number used to call the person; and (iv) how the entity proposes to use research information relating to the person; and (v) that the use of the number by the entity is authorised by the ACMA for the purposes of the research; and (vi) if asked by the person—how the person can access any personal information about the person held by the entity; and (b) ask the person whether the person gives consent for the use and disclosure of the research information relating to the person in the research; and (c) tell the person that the person may withdraw any consent so given at any time during the call; and (d) give the person any other information that is required by law (for example, under the Privacy Act 1988); and (e) comply with all applicable laws relating to unsolicited contact with another person. Note: For the purposes of paragraph (e), applicable laws relating to unsolicited contact with another person include the following: (a) the Privacy Act 1988; (b) the Spam Act 2003; (c) the Do Not Call Register Act 2006
Contacted person does not consent to use and disclosure of research information 
(3) If the contacted person informs the authorised research entity during the call that the person does not consent, or withdraws consent, to the use and disclosure of research information relating to the person, the entity: (a) must not make a record of, use, or disclose any research information the entity has relating to the person; and (b) must not use the authorised unlisted mobile number information relating to the person; and (c) as soon as reasonably practicable: (i) must take all reasonable steps to destroy any research information the entity has relating to the person within 10 business days after the person informs the entity that the person does not consent, or has withdrawn consent; and (ii) must give written notice to any other authorised research entity covered by the same authorisation that authorised unlisted mobile number information relating to the contacted person must not be used. 
(4) If an authorised research entity is notified that authorised unlisted mobile number information in relation to the contacted person must not be used, the entity must not use the authorised unlisted mobile number information. Internal dispute procedures 
(5) The entity must have internal dispute resolution procedures enabling it to deal with inquiries or complaints from a contacted person about its use or disclosure of any research information relating to the person. 
(6) If a contacted person makes a complaint to the entity about the use or disclosure of any research information relating to the person, the entity must: (a) inform the contacted person that if the person is dissatisfied with the way in which the complaint is handled, the person may make a complaint to the ACMA; and (b) give the contacted person information about how to contact the ACMA; and (c) provide reasonable assistance to the ACMA in relation to any such complaint if requested by the ACMA to do so. 
5.21 Disclosure of research information 
(1) An authorised research entity must not disclose research information relating to a contacted person unless authorised, or required to do so, by or under: (a) subregulation (2) or (3); or (b) any other law that applies to the entity. Note: See regulation 5.31 in relation to the recording, use or disclosure of research information after the authorisation ends or the entity is removed from the authorisation. 
(2) The entity may disclose research information relating to a contacted person to the entity’s research employees. 
(3) The entity may disclose research information relating to a contacted person if: (a) the information is de‑identified; and (b) the information does not include the person’s public number. 
(4) This regulation is subject to subregulation 5.20(3). Note: Subregulation 5.20(3) provides that an authorised research entity must not record, use or disclose research information relating to a contacted person if the person does not consent, or withdraws consent, to the use and disclosure of that information. 
5.22 Technical system for receiving authorised unlisted mobile number information 
An authorised research entity must have technical systems to receive authorised unlisted mobile number information in accordance with any technical method specified by Telstra. 
5.23 Compliance with the Act 
An authorised research entity must comply with any requirements imposed on the entity by the Act and any legislative instrument made under the Act. 
5.24 Employees of the authorised research entity 
An authorised research entity must take all reasonable steps to ensure that each research employee of the entity: (a) is made aware of the conditions of the authorisation (including any additional conditions specified by the ACMA under subregulation 5.12(4) or regulation 5.26); and (b) cooperates with the entity in complying with those conditions; and (c) notifies the entity in writing as soon as reasonably practicable after the research employee becomes aware of an act or omission that would result in a contravention of a condition. 
5.25 Contravention of authorisation conditions 
(1) An authorised research entity must give written notice to the ACMA as soon as reasonably practicable after it becomes aware of a contravention of a condition of the authorisation (including any additional condition specified by the ACMA under subregulation 5.12(4) or regulation 5.26) by: (a) the entity; or (b) any other authorised research entity covered by the same authorisation. 
(2) An authorised research entity must, as soon as reasonably practicable after it becomes aware of a contravention of a condition of the authorisation, take reasonable steps to minimise the effects of the contravention. (3) To avoid doubt, this regulation is a condition of the authorisation. 
Subdivision 5.2.4—Changes to authorisations 
5.26 Changes made by the ACMA (1) After a research authorisation is granted, the ACMA may, in writing, with effect from a specified date: (a) specify additional conditions to which the authorisation is subject; or (b) vary or revoke any condition other than a condition specified in Subdivision 5.2.3. 
Consultation 
(2) Before taking an action under subregulation (1), the ACMA may consult any person or body the ACMA considers appropriate. 
Notice to the research entity of changes to authorisation 
(3) As soon as reasonably practicable after the ACMA takes an action under subregulation (1), the ACMA must give written notice to each authorised research entity covered by the authorisation stating: (a) the action taken; and (b) the reasons for taking the action; and (c) that the entity, and any other person affected by the action, may request the ACMA to reconsider the action taken under regulation 5.32 (except if the action is to revoke a condition). Note: See also section 27A of the Administrative Appeals Tribunal Act 1975. 
(4) The notice must be given: (a) as soon as reasonably practicable after the action is taken under subregulation (1); and (b) before the action is expressed to take effect. Notice to Telstra of changes to authorisation (5) The ACMA must, as soon as reasonably practicable, give written notice to Telstra of the action taken under subregulation (1). 
Subdivision 5.2.5—Removal of authorised research entities 
5.27 Effect of removal 
An authorised research entity stops being covered by a research authorisation if the entity is removed from the authorisation under this Subdivision. 
5.28 Removal of authorised research entities—contravention of research authorisation 
(1) The ACMA may, in accordance with this regulation, remove an authorised research entity from a research authorisation if the ACMA is satisfied that a condition of any research authorisation that covers the entity has been contravened. Note: The entity removed, or any person who is affected by this decision, may request the ACMA to reconsider its decision (see regulation 5.32). 
Consultation 
(2) Before removing the entity, the ACMA may consult any person or body the ACMA considers appropriate. 
Notice to entity of removal 
(3) Before removing the entity, the ACMA must: (a) give written notice to the entity: (i) stating that the ACMA proposes to remove the entity from the authorisation; and (ii) inviting the entity to make a submission to the ACMA about the removal within a period specified in the notice; and (b) consider any submission received within the specified period. 
(4) The specified period must not be shorter than 30 days after the notice is given. 
Notice of removal 
(5) As soon as reasonably practicable after the ACMA removes the entity, the ACMA must give written notice to the entity stating: (a) that the entity has been removed from the authorisation; and (b) the reasons for the entity’s removal; and (c) that the entity, and any other person affected by the decision, may request the ACMA to reconsider the decision under regulation 5.32. Note: See also section 27A of the Administrative Appeals Tribunal Act 1975. 
(6) As soon as reasonably practicable after the ACMA removes the entity, the ACMA must give written notice of the removal to: (a) any other authorised research entity covered by the authorisation; and (b) Telstra. Further application for authorisation after removal (7) If the ACMA removes an authorised research entity from a research authorisation, an application for a further research authorisation covering the entity cannot be made until after the end of the first‑mentioned research authorisation. 
5.29 Voluntary removal of authorised research entities 
(1) If an authorised research entity requests the ACMA in writing to remove the entity from a research authorisation, the ACMA may remove the entity from the authorisation. 
(2) Without limiting the matters the ACMA may have regard to in deciding whether to remove the entity, the ACMA may have regard to whether the entity has received a notice under subregulation 5.28(3) while the authorisation has been in effect. 
(3) If the ACMA removes the entity, the ACMA must, as soon as reasonably practicable, give written notice of the removal to the following: (a) the entity; (b) any other authorised research entity covered by the authorisation; (c) Telstra. 
(4) If the ACMA does not remove the entity, the ACMA must, as soon as reasonably practicable, give written notice to the entity stating: (a) that the entity has not been removed from the authorisation; and (b) the reasons for not removing the entity; and (c) that the entity, and any other person affected by the decision, may request the ACMA to reconsider the decision under regulation 5.32. Note: See also section 27A of the Administrative Appeals Tribunal Act 1975. 5.30 No use or disclosure of authorised unlisted mobile number information by former authorised research entities 
Purpose of this regulation 
(1) This regulation is made for the purposes of paragraph 5.11(1)(c). Note: The ACMA must grant a research authorisation if it is satisfied of the matters set out in subregulation 5.11(1). 
Scope of this regulation 
(2) This regulation applies if: (a) an authorised research entity (the former authorised research entity) has received authorised unlisted mobile number information under a research authorisation; and (b) the authorisation ends, or the former authorised research entity is removed from the authorisation. Former authorised research entity must not use information 
(3) The former authorised research entity: (a) must not make a record of, or use, the information; and (b) must not disclose the information unless authorised, or required to do so, by or under: (i) subregulation (4); or (ii) any other law that applies to the former authorised research entity; and (c) must take all reasonable steps to destroy the information within 10 business days after the authorisation ends or the former authorised research entity is removed from the authorisation (as the case requires). Disclosure to the ACMA 
(4) The former authorised research entity must disclose the information to the ACMA if the ACMA requests the information. 
5.31 Use or disclosure of research information after end of research authorisation etc. 
Purpose of this regulation 
(1) This regulation is made for the purposes of paragraph 5.11(1)(c). Note: The ACMA must grant a research authorisation if it is satisfied of the matters set out in subregulation 5.11(1). Research authorisation ends etc. 
(2) If an authorised research entity has research information relating to a contacted person and the authorisation that covers the entity ends, or the entity is removed under regulation 5.29 from the research authorisation covering the entity, the entity must not: (a) make a record of, or use, the information; or (b) disclose the information; unless the information is de‑identified and does not include the person’s public number. Authorised research entity is involuntarily removed from research authorisation 
(3) If an authorised research entity has research information relating to a contacted person and the entity is removed under regulation 5.28 from the research authorisation covering the entity, the entity: (a) must not make a record of, or use, the information; and (b) must not disclose the information unless authorised, or required to do so, by or under any law that applies to the entity; and (c) must take all reasonable steps to destroy the information within 10 business days after the entity is removed from the authorisation. 
Subdivision 5.2.6—Review of decisions 
5.32 Decisions that may be subject to reconsideration by the ACMA 
(1) A person affected by one of the following decisions, who is dissatisfied with the decision, may request the ACMA to reconsider the decision: (a) a decision not to grant a research authorisation (regulation 5.11); (b) a decision to grant a research authorisation subject to additional conditions (subregulation 5.12(4)); (c) a decision to specify an additional condition after a research authorisation has been granted (subregulation 5.26(1)); (d) a decision to vary an additional condition of an authorisation (subregulation 5.26(1)); (e) a decision to remove an authorised research entity from a research authorisation (regulation 5.28); (f) a decision not to remove an authorised research entity from a research authorisation after receiving a request from the entity to be removed (regulation 5.29). 
(2) The request: (a) must be in writing; and (b) must be in a form approved, in writing, by the ACMA; and (c) must set out the reasons for the request. (3) The request must be made within 28 days after the decision, or within such longer period as the ACMA allows. 
5.33 Reconsideration by the ACMA 
(1) Upon receiving a request under regulation 5.32 to reconsider a decision, the ACMA must: (a) reconsider the decision; and (b) affirm, vary or revoke the decision. 
(2) Before making a decision on the reconsideration of the decision, the ACMA may consult any person or body the ACMA considers appropriate. 
(3) The ACMA’s decision on the reconsideration of a decision has effect as if it had been made under the provision under which the original decision was made. 
(4) The ACMA must give written notice to the person making the request of its decision on the reconsideration, including the reasons for the decision. Note: Section 27A of the Administrative Appeals Tribunal Act 1975 requires the person to be notified of the person’s review rights. 
5.34 Deadlines for reconsiderations 
After receiving a request under regulation 5.32 for the reconsideration of a decision, the ACMA is taken to affirm the original decision 90 days after receiving the request if it does not make a decision on the request under subregulation 5.33(1) before then. 
5.35 Review by the Administrative Appeals Tribunal Applications may be made to the Administrative Appeals Tribunal for review of a decision mentioned in subregulation 5.32(1) if the ACMA has affirmed or varied the decision under regulation 5.33. 
Subdivision 5.2.7—Offences 
5.36 Offence of contravening a condition etc. 
(1) An authorised research entity covered by a research authorisation commits an offence of strict liability if: (a) the entity contravenes a condition of the authorisation; and (b) the condition is not regulation 5.19. Penalty: 10 penalty units. 
(2) An authorised research entity commits an offence of strict liability if: (a) the entity does an act, or engages in a practice, that contravenes regulation 5.19; and (b) either: (i) the entity is a registered political party; or (ii) the act or practice is exempt under section 7C of the Privacy Act 1988 (which provides that certain political acts and practices are exempt). Penalty: 10 penalty units. 
(3) A former authorised research entity commits an offence of strict liability if the entity contravenes subregulation 5.30(3) or (4). Penalty: 10 penalty units. 
(4) A person commits an offence of strict liability if the person contravenes subregulation 5.31(2) or (3). Penalty: 10 penalty units.