11
of malware) or 10(1) (in so far as it relates to the acquiring, provision or use of an
access code, password or similar data or devices), which is performed on request of a
person who has the lawful authority to consent to such act in order to perform a security
audit on data, a computer device, a computer network, a database, a critical database,
an electronic communications network or a National Critical Information Infrastructure —
(a)
may not be regarded as unlawful if it falls within the written authority which was
granted by the person who has the lawfully authority to consent to such act; and
(b)
must be regarded as unlawful if it exceeds the written authority which was
granted by the person who has the lawful authority to consent to such act.
Personal information and financial information related offences
3.
(1)
Any person who unlawfully and intentionally—
(a)
acquires by any means;
(b)
possesses; or
(c)
provides to another person,
the personal information of another person for purposes of committing an offence under
this Act is guilty of an offence.
(2)
Any person who unlawfully and intentionally—
(a)
acquires by any means;
(b)
possesses; or
(c)
provides to another person,
the financial information of another person for purposes of committing an offence under
this Act is guilty of an offence.
(3)
Any person who unlawfully and intentionally uses the personal
information or financial information of another person to commit an offence under this
Act is guilty of an offence.