5AMeaning of protected information and relevant information

#### 5A Meaning of protected information and relevant information Protected information (1) Protected information is relevant information: (a) the disclosure of which would or could reasonably be expected to prejudice national security or the defence of Australia; or (b) the disclosure of which would or could reasonably be expected to prejudice the social or economic stability of Australia or its people; or (c) that contains, or is, confidential commercial information; or (d) the disclosure of which would or could reasonably be expected to prejudice the availability, integrity, reliability or security of a critical infrastructure asset. (2) A document or information is protected information if it: (a) was a document or information to which subsection (1) applied; and (b) is obtained by a person by way of an authorised disclosure under Division 3 of Part 4 or in accordance with section 46. Relevant information (3) Relevant information is: (a) a document or information that is obtained or generated by a person in the course of exercising powers, or performing duties or functions, under this Act; or (b) a document or information that is obtained, generated or adopted by an entity for the purposes of complying with this Act; including, but not limited to, a document or information that: (c) records or is the fact that an asset is declared under section 51 to be a critical infrastructure asset; or (d) records or is the fact that an asset is declared under section 52B to be a system of national significance; or (e) records or is the fact that the Minister has: (i) given a Ministerial authorisation; or (ii) revoked a Ministerial authorisation; or (f) is, or is included in, a critical infrastructure risk management program that is adopted by an entity in compliance with section 30AC; or (g) is, or is included in, a report that is given under section 30AG or 30AQ; or (h) is, or is included in, a report under section 30BC or 30BD; or (i) is, or is included in, an incident response plan adopted by an entity in compliance with section 30CD; or (j) is, or is included in, an evaluation report prepared under section 30CQ or 30CR; or (k) is, or is included in, a vulnerability assessment report prepared under section 30CZ; or (l) is, or is included in, a report prepared in compliance with: (i) a system information periodic reporting notice; or (ii) a system information event‑based reporting notice; or (la) records or is the fact that the Minister has: (i) given a direction under subsection 30EF(1); or (ii) revoked such a direction; or (m) records or is the fact that the Minister has: (i) given a direction under subsection 32(2); or (ii) revoked such a direction; or (n) records or is the fact that the Secretary has: (i) given a direction under section 35AK; or (ii) revoked such a direction; or (o) records or is the fact that the Secretary has: (i) given a direction under section 35AQ; or (ii) revoked such a direction; or (p) records or is the fact that the Secretary has: (i) given a request under section 35AX; or (ii) revoked such a request.