Communication Provider Exemption
If you use personal information as an organisation that acts as a communication provider, there is a partial exemption provided for at section 23 of PIPA.
Section 23, Communication provider exemption, states:
(1) An organisation that acts as a communication provider and its directors, officers or authorised agents are not liable under this Act for any breach committed while acting as a communication provider.
(2) In this section “communication provider” means an internet service provider, telecommunications and such other organisation that acts as a conduit for personal information transmitted by a third party and who does not determine the purpose of using that personal information.
This means that if you are a director, officer, or an authorised agent at the organisation, you are not liable under PIPA for any breach committed while acting as a communication provider.