Electronic
Communications
and Transactions
46.
(1)
| N o . 21 of 2 0 0 9
T h e Minister may prescribe minimum standards in
respect of—
259
Management
of critical
databases
(a) the general m a n a g e m e n t of critical databases;
(b) access t o , transfer and control of critical databases;
(c) the infrastructural or procedural requirements for securing
the integrity and authenticity of critical data;
(d) the procedures and technological methods to be used in
the storage or archiving of critical databases;
(e) the disaster recovery plans in the event of loss of critical
databases or parts thereof; and
(f) any other matter necessary for the adequate protection,
m a n a g e m e n t and control of critical databases.
(2)
The regulations referred to in subsection (1) shal 1, in respect
of critical databases administered by public bodies, be made in
consultation with the Public Service Commission.
4 7 . (1) Information contained in a register provided for in
section forty-five shall not be disclosed to any person other than to
officers of a G o v e r n m e n t department, or other body specified by
the Minister, w h o are responsible for the keeping of the register.
Restrictions
on
disclosure
of
information
(2) Subsection (1) does not apply in respect of information which
is disclosed—
(a) to an authority which is investigating a criminal offence,
or for the purposes of any criminal proceedings;
(b) to Government agencies responsible for safety and security
in the Republic, pursuant to an official request;
(c) to a cyber inspector for purposes of section
or
forty-eight;
(d) for the purposes of any civil proceedings which relate to
the critical data or parts thereof.
4 8 . (1) T h e Authority may cause audits to be performed of a
critical database administrator to evaluate compliance with the
provisions of this Part.
Audit of
critical
database
(2) T h e audit referred to in subsection (1) may be performed
by cyber inspectors or an independent auditor.
4 9 . (1) T h e Authority shall, where an audit reveals that a
critical database administrator has contravened any provision o f
this Part, notify the critical database administrator in writing,
stating—
Non
compliance
with Part