232Restriction on use or disclosure of information

232 Restriction on use or disclosure of information (1) The CEO must not use or disclose data obtained under a data access agreement unless the use or disclosure is permitted under the data access agreement. (2) Despite the terms of any data access agreement, the CEO may disclose data obtained under a data access agreement if the disclosure is required or authorised by law. (3) Despite the terms of a data access agreement, a data provider may refuse to give the CEO data under the agreement if: (a) the data provider reasonably believes that giving the data could: (i) prejudice the investigation of a contravention (or possible contravention) of a law in force in the Territory; or (ii) prejudice a coronial inquest or inquiry; or (iii) prejudice any proceedings in a court or tribunal; or (iv) contravene any legal professional or client legal privilege; or Care and Protection of Children Act 2007 141 (v) enable the existence or identity of a confidential source of information in relation to the enforcement or administration of a law to be ascertained; or (vi) endanger a person's life or physical safety; or (vii) prejudice the effectiveness of a lawful method or procedure for preventing, detecting, investigating or dealing with a contravention or possible contravention of a law in force in the Territory; or (b) a circumstance prescribed by regulation exists in relation to the data. (4) The data provider must give the CEO written reasons for refusing to give data under subsection (3).