Page:Cybersecurity Act 2018.pdf/37

38 ::(i) information relating to the design, configuration or operation of any computer, computer program or computer system; and
 * (ii) information relating to the cybersecurity of any computer, computer program or computer system;
 * (c) providing to the Minister or the Commissioner any information (including real‑time information) obtained from any computer controlled or operated by the specified person, or obtained by the specified person from another person pursuant to a measure or requirement under paragraph (b), that is necessary to identify, detect or counter any such threat, including—
 * (i) information relating to the design, configuration or operation of any computer, computer program or computer system; and
 * (ii) information relating to the cybersecurity of any computer, computer program or computer system; and
 * (d) providing to the Minister or the Commissioner a report of a breach or an attempted breach of cybersecurity of a description specified in the certificate under subsection (1), relating to any computer controlled or operated by the specified person.

(3) Any measure or requirement mentioned in subsection (1), and any direction given by a specified person for the purpose of taking any such measure or complying with any such requirement—
 * (a) does not confer any right to the production of, or of access to, information subject to legal privilege; and
 * (b) subject to paragraph (a), has effect despite any obligation or limitation imposed or right, privilege or immunity conferred by or under any law, contract or rules of professional conduct, including any restriction on the disclosure of information imposed by law, contract or rules of professional conduct.