Print Options

(1) The Authority shall take the necessary steps to prevent the possibility of misuse of personal information to make a decision about the individual concerned.

(2) The Authority is responsible for the protection of personal information in its custody or under its control including information that has been transferred to a third party for processing.

(3) Where the Authority contracts a third party to perform a function relating to information in its custody it shall take reasonable steps to ensure that the information available to that third party is protected.

(4) The Authority shall determine the degree of protection required, taking into consideration the circumstance, including

(a) the sensitivity of the information,

(b) the volume of the information, and

(c) the format in which the information is stored.

(5) The Authority shall make available to a person the general description of the safeguards that the Authority uses to protect personal information on request, and to comply with subsection (1).