Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (33 of 2022)

Schedule 1   Amendments

Security of Critical Infrastructure Act 2018

66   After section 43D

Insert:

43E Authorised disclosure of protected information by the entity to whom the information relates

(1) An entity may disclose protected information if:

(a) the entity is the entity to whom the protected information relates; and

(b) the entity discloses the protected information to:

(i) a Minister of the Commonwealth who has responsibility for the regulation or oversight of the relevant critical infrastructure sector to which the protected information relates;

(ii) a Minister of a State, the Australian Capital Territory, or the Northern Territory, who has responsibility for the regulation or oversight of the relevant critical infrastructure sector to which the protected information relates;

(iii) a person employed as a member of staff of a Minister mentioned in subparagraph (i) or (ii);

(iv) the head of an agency (including a Department) administered by a Minister mentioned in subparagraph (i) or (ii), or an officer or employee of that agency; and

(c) the disclosure to the person mentioned in paragraph (b) is for the purposes of enabling or assisting the person to exercise the person's powers or perform the person's functions or duties.

Note: This subsection is an authorisation for the purposes of other laws, including the Australian Privacy Principles.

(2) An entity may disclose protected information if:

(a) the entity is the entity to whom the protected information relates; and

(b) the protected information is covered by:

(i) any of paragraphs (b) to (bl) of the definition of protected information in section 5; or

(ii) paragraph (c) of that definition so far as that definition relates to any of paragraphs (b) to (bl) of that definition; and

(iii) the Secretary has consented, in writing, to the disclosure; and

(iv) if the Secretary's consent is subject to one or more conditions - those conditions are satisfied.

Note: This subsection is an authorisation for the purposes of other laws, including the Australian Privacy Principles.

(3) An entity may disclose protected information if:

(a) the entity is the entity to whom the protected information relates; and

(b) the protected information is not covered by:

(i) any of paragraphs (b) to (bl) of the definition of protected information in section 5; or

(ii) paragraph (c) of that definition so far as that definition relates to any of paragraphs (b) to (bl) of that definition.

Note: This subsection is an authorisation for the purposes of other laws, including the Australian Privacy Principles.


Copyright notice

© Australian Taxation Office for the Commonwealth of Australia

You are free to copy, adapt, modify, transmit and distribute material on this website as you wish (but not in any way that suggests the ATO or the Commonwealth endorses you or any of your services or products).