⌘K
Docs Part VIII - Inspectorate

Part VIII - Inspectorate

55. Appointment of cyber security inspector

  1. The Agency shall appoint a suitably qualified person to be a cyber security inspector for the purposes of ensuring compliance with this Act.
  2. The Agency shall, issue an official identification document to an inspector, which shall be prima facie evidence of an inspector’s appointment.
  3. An inspector shall, in performing any function under this part —
    1. be in possession of the official identification document referred to in subsection (2); and
    2. show the official identification document to a person who requests to see the official identification document.

56. Power to access, search and seize

  1. An inspector may, for the purposes of enforcing the provisions of this Act, at any reasonable time, and with a warrant —
    1. enter the licensee or controller’s premises or access a computer or computer system in the private domain;
    2. monitor a computer or computer system;
    3. search any person on the licensee or controller’s premises, document or record that has a bearing on an investigation, except that a person shall be searched by a person of the same sex;
    4. seize a computer or computer system that has a bearing on an investigation;
    5. take extracts from, or make copies of a book, document or record that is on or in the licensee or controller’s premises or in the computer or computer system that has a bearing on an investigation;
    6. access and inspect the operation of any computer, computer system or equipment forming part of an information system and any associated apparatus or material which the inspector has reasonable cause to believe is, or has been used in, connection with any offence; and
    7. use or cause to be used any computer or computer system or part thereof to search any data contained in or available to such a computer or computer system.
  2. An inspector who removes anything from any premises shall —
    1. issue a receipt for anything removed to the owner or the person in control of the premises; and
    2. return anything removed as soon as practicable after the thing has served the purpose for which it was removed.
  3. Despite subsection (1), an inspector may without a warrant —
    1. conduct an information security audit on critical information, critical information infrastructure or an electronic communications system accessible in the public domain;
    2. require a person in control of, or involved in, the operation of a computer or computer system of a licensee or controller, to provide the inspector with reasonable technical and other assistance as the inspector may require for the purposes of this Part;
    3. demand the production of, and inspect, relevant licences and registration certificates; and
    4. inspect a computer or computer system associated with the computer or computer system of a licensee or controller.
  4. A person commits an offence if that person —
    1. delays or obstructs an inspector in the performance of that inspector’s functions under this Act;
    2. refuses to give an inspector such reasonable assistance as the inspector may require for the purpose of performing the inspector’s functions;
    3. impersonates an inspector or presents oneself to be an inspector; or
    4. willfully gives an inspector false or misleading information in answer to an inquiry made by the inspector.
  5. A person convicted of an offence under subsection (4) is liable, to a fine not exceeding two hundred thousand penalty units or to imprisonment for a term not exceeding two years, or to both.

57. Appointment of cyber security technical expert

  1. The Agency may appoint a person as a cyber security technical expert for a specified period, to assist an inspector in the inspector’s exercise of any powers under this Act.
  2. The Agency shall issue an official identification document to the cyber security technical expert which shall be prima facie evidence of a cyber security technical expert’s appointment.
  3. A cyber security technical expert shall, in performing any function under this part —
    1. be in possession of the official identification document referred to in subsection (2); and
    2. show the official identification document to a person who requests to see the official identification document.
  4. The Agency shall determine the terms and conditions of the appointment of the cyber security technical expert.
Type to search…
↑↓ navigate select esc close