70GCivil penalty—using or disclosing protected information

#### 70G Civil penalty—using or disclosing protected information (1) A person contravenes this subsection if: (a) the person is, or has been, an \*entrusted person; and (b) the person obtained or generated \*protected information in the course of, or for the purposes of: (i) performing functions or duties, or exercising powers, under or for the purposes of this Act; or (ii) assisting another person to perform functions or duties, or exercise powers, under or for the purposes of this Act; and (c) the person use or discloses the protected information. Civil penalty: 60 penalty units. Exception—authorised use or disclosure (2) Subsection (1) does not apply if the use or disclosure of the \*protected information is authorised by or under section 70H. > Note: A defendant bears an evidential burden in relation to the matters in this subsection (see section 96 of the Regulatory Powers Act). Meaning of entrusted person (3) Each of the following persons is an entrusted person: (a) the Minister; (b) the Secretary; (c) an APS employee in the Department; (d) an APS employee in Airservices Australia; (e) an officer, employee or other person engaged by the \*Slot Manager; (f) the Chair or another member of the \*Compliance Committee; (g) a contractor engaged to provide services to the Department for the purposes of this Act; (h) an officer or employee of such a contractor. Meaning of protected information (4) Protected information is: (a) \*commercially sensitive information; or (b) \*sensitive personal information. Meaning of commercially sensitive information (5) Commercially sensitive information is information the disclosure of which could reasonably be expected to substantially prejudice the commercial interests of a person. Meaning of sensitive personal information (6) Sensitive personal information is: (a) information about an identified individual, or an individual who is reasonably identifiable, that if communicated (whether alone or in conjunction with other information) would, or could reasonably be expected to: (i) endanger the safety of the individual; or (ii) cause harm to the individual’s physical or mental health; or (iii) have a substantial adverse effect on the individual’s lawful business, professional, commercial or financial affairs; or (iv) expose the individual to a substantial risk of being a victim of identity fraud; or (b) information that if communicated (whether alone or in conjunction with other information) would, or could reasonably be expected to disclose, or enable a person to ascertain, the existence or identity of a confidential source of information in relation to the enforcement or administration of the law.