Page:Cybersecurity Act 2018.pdf/17

18 every day or part of a day during which the offence continues after conviction.

(5) Any person to whom a notice is issued under subsection (2) is not obliged to disclose any information that is subject to any right, privilege or immunity conferred, or obligation or limitation imposed, by or under any law, contract or rules of professional conduct in relation to the disclosure of such information.

Withdrawal of designation of critical information infrastructure

9. The Commissioner may, by written notice, withdraw the designation of any critical information infrastructure at any time if the Commissioner is of the opinion that the computer or computer system no longer fulfils the criteria of a critical information infrastructure.

Furnishing of information relating to critical information infrastructure

10.—(1) The Commissioner may by notice given in the prescribed form and manner, require the owner of a critical information infrastructure to furnish, within a reasonable period specified in the notice, the following:
 * (a) information on the design, configuration and security of the critical information infrastructure;
 * (b) information on the design, configuration and security of any other computer or computer system under the owner’s control that is interconnected with or that communicates with the critical information infrastructure;
 * (c) information relating to the operation of the critical information infrastructure, and of any other computer or computer system under the owner’s control that is interconnected with or that communicates with the critical information infrastructure;
 * (d) such other information as the Commissioner may require in order to ascertain the level of cybersecurity of the critical information infrastructure.