Page:Cybersecurity Act 2018.pdf/64

Rh :(a) is necessary for the performance of any such function or the discharge of any such duty; or
 * (b) is lawfully required by any court, or lawfully required or allowed by or under this Act or any other written law.

(3) This section does not apply to any information provided in compliance with a direction or requirement under section 23.

(4) Any person who fails to comply with subsection (1) or (2) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 12 months or to both.

(5) Any person, when furnishing any information to a specified person, may identify information that the person claims to be confidential information.

(6) Every claim made under subsection (5) must be supported by a written statement giving reasons why the information is confidential.

(7) Despite subsection (1), the Commissioner may disclose any information relating to any matter mentioned in subsection (1) in any of the following circumstances:
 * (a) where the written consent of the person to whom the information relates has been obtained;
 * (b) for the purposes of—
 * (i) a prosecution under this Act;
 * (ii) subject to subsection (8), enabling the Commissioner to give effect to any provision of this Act;
 * (iii) enabling the Commissioner to investigate a suspected offence under this Act or to enforce a provision of this Act;
 * (iv) disclosing to any police officer any information which discloses the commission of an offence under the Computer Misuse Act (Cap. 50A); or
 * (v) complying with such provision of an agreement between Singapore and a country or territory outside Singapore (called in this section a foreign country) as