(1) Internal auditors shall respect the value and ownership of information they receive and shall not disclose information without authority unless there is a legal or professional obligation to do so.

(2) Internal auditors shall be prudent in the use and protection of information acquired in the course of their duties.

(3) Internal auditors shall not use information for any personal gain or in any manner that would be contrary to this Act or detrimental to the legitimate and ethical objectives of the Agency, MDAs and MMDAs.