(2) A certification service provider shall keep all information relating to a
subscriber confidential.
(3) A certification service provider shall not disclose any information relating to a
subscriber unless the disclosure is authorized by the subscriber:
Provided that a certification service provider may, pursuant to an order of the
court, disclose information relating to a subscriber without the consent of the
subscriber.
(4) The obligation to maintain confidentiality shall not apply to information
relating to a subscriber which —
(a) Is contained in the certificate and is available to the public for inspection;
(b) Is otherwise provided by the subscriber to the licensed certification service
provider for disclosure to the public; or
(c) Relates to the revocation or suspension of a certificate.
(5) Where a certification service provider has permitted a subscriber to use a
pseudonym, the certification service provider shall, at the request of law
enforcement authorities, disclose data relating to the subscriber that is required to
prosecute offences or to protect against threats to public safety or public order.
19. Winding up of operations of a certification service provider.
(1) A certification service provider may, where the certification service provider
intends to discontinue its operations(a) Arrange for its subscribers to re-subscribe to another licensed certification
service provider;
(b) Make arrangements for its records and certificates to be archived in a secure
manner; and
(c) Transfer its records to another licensed certification service provider in a secure
manner.