Duty to maintain security and integrity of data
14.—(1)  A licensed credit bureau must, in respect of any data that it collects from a data provider —
(a)ensure the integrity of the data that the licensed credit bureau processes (except when erasing or destroying such data); and
(b)protect the data by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks.
(2)  For the purposes of subsection (1)(a), the integrity of the data collected by a licensed credit bureau from a data provider is assumed unless the licensed credit bureau is required to correct the data under section 18(3)(b)(i), 19(1) or 35(3)(a).
(3)  Any person that contravenes subsection (1) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $250,000 and, in the case of a continuing offence, to a further fine not exceeding $25,000 for every day or part of a day during which the offence continues after conviction.