Section sec.60 - Information Privacy Act 2009 - Exemption—compromise to cybersecurity

sec.60Exemption—compromise to cybersecurity

Start here

Get a plain-English read of sec.60

Turn the raw legal text into a practical explanation grounded in Information Privacy Act 2009.

### sec.60 Exemption—compromise to cybersecurity An agency need not comply with section 53 in relation to an eligible data breach if compliance is likely to— compromise or worsen the agency’s cybersecurity; or lead to further data breaches of the agency. The exemption applies only for the period during which a matter mentioned in subsection (1) (a) or (b) continues to apply for the agency in relation to the eligible data breach. If an agency relies on this section, the agency must give a written notice to the information commissioner stating— the agency is exempt from complying with division 2 under this section; and when the agency expects the exemption will stop applying; and how the agency will review the application of the exemption. The agency must— review the application of the exemption each month for the period during which the exemption is relied on; and give the commissioner a summary of the review as soon as practicable after it is completed. s 60 sub 2023 No. 32 s 33 (sec.60-ssec.1) An agency need not comply with section 53 in relation to an eligible data breach if compliance is likely to— compromise or worsen the agency’s cybersecurity; or lead to further data breaches of the agency. (sec.60-ssec.2) The exemption applies only for the period during which a matter mentioned in subsection (1) (a) or (b) continues to apply for the agency in relation to the eligible data breach. (sec.60-ssec.3) If an agency relies on this section, the agency must give a written notice to the information commissioner stating— the agency is exempt from complying with division 2 under this section; and when the agency expects the exemption will stop applying; and how the agency will review the application of the exemption. (sec.60-ssec.4) The agency must— review the application of the exemption each month for the period during which the exemption is relied on; and give the commissioner a summary of the review as soon as practicable after it is completed. - (a) compromise or worsen the agency’s cybersecurity; or - (b) lead to further data breaches of the agency. - (a) the agency is exempt from complying with division 2 under this section; and - (b) when the agency expects the exemption will stop applying; and - (c) how the agency will review the application of the exemption. - (a) review the application of the exemption each month for the period during which the exemption is relied on; and - (b) give the commissioner a summary of the review as soon as practicable after it is completed.