(1) |
The Centre must ensure that appropriate measures are taken in respect of personal information in its possession or under its control to prevent— |
(a) |
loss of, damage to or unauthorised destruction of the information; and |
(b) |
unlawful access to or processing of personal information, other than in accordance with this Act and the Protection of Personal Information Act, 2013 (Act No. 4 of 2013). |
(2) |
In order to give effect to subsection (1) the Centre must take reasonable measures to— |
(a) |
identify all reasonable and foreseeable internal and external risks to personal information in its possession or under its control; |
(b) |
establish and maintain appropriate safeguards against the risks identified; |
(c) |
regularly verify that the safeguards are effectively implemented; and |
(d) |
ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards. |
(3) |
The Minister may prescribe requirements for the protection of personal information to facilitate the sharing of information between accountable institutions when the sharing of information is necessary for the purposes of carrying out the provisions of section 29, to ensure that adequate safeguards are in place as required by section 6(1)(c) of the Protection of Personal Information Act, 2013. |
[Section 41A(3) inserted by section 38 of the General Laws (Anti-Money Laundering & Combating Terrorism Financing) Amendment Act, 2022 (Act No. 22 of 2022) Notice No. 1532, GG47802, dated 29 December 2022 - effective 31 December 2022 per Proclamation Notice 109 (a), GG47805, dated 31 December 2022]