Duty to maintain security and integrity of data
34.—(1)  An approved member of a licensed credit bureau must —
(a)ensure the integrity of any data it provides to the licensed credit bureau;
(b)protect any data received from the licensed credit bureau by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks; and
(c)dispose of any data received from the licensed credit bureau if —
(i)the purpose for which that data was provided is no longer being served by retention of the data; and
(ii)retention is no longer necessary for the approved member’s legal or business purposes.
(2)  Any person that contravenes subsection (1) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $250,000 and, in the case of a continuing offence, to a further fine not exceeding $25,000 for every day or part of a day during which the offence continues after conviction.