Protection of personal data
24.  An organisation must protect personal data in its possession or under its control by making reasonable security arrangements to prevent —
(a)unauthorised access, collection, use, disclosure, copying, modification or disposal, or similar risks; and
(b)the loss of any storage medium or device on which personal data is stored.
[40/2020]