Page:Cybersecurity Act 2018.pdf/39

40 :(b) a person who, in good faith, obtains any information, or discloses any information to a specified person, in compliance with a direction given by the specified person for the purpose of taking any measure under subsection (1) or complying with any requirement under that subsection.

(8) The following persons, namely:
 * (a) a specified person to whom a person has provided information in compliance with a direction given by the specified person for the purpose of taking any measure under subsection (1) or complying with any requirement under that subsection;
 * (b) a person to whom a specified person provides information in compliance with any requirement under subsection (1),

must not use or disclose the information, except—
 * (i) with the written permission of the person from whom the information was obtained or, where the information is the confidential information of a third person, with the written permission of the third person;
 * (ii) for the purpose of preventing, detecting or countering a threat to a computer, computer system or class of computers or computer systems;
 * (iii) to disclose to any police officer or other law enforcement authority any information which discloses the commission of an offence under this Act or any other written law; or
 * (iv) in compliance with a requirement of a court or the provisions of this Act or any other written law.

(9) Any person who contravenes subsection (8) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 12 months or to both.

(10) Where an offence is disclosed in the course of or pursuant to the exercise of any power under this section—
 * (a) no information for that offence may be admitted in evidence in any civil or criminal proceedings; and