Understanding Unlawful Disclosure Under the Cybercrime Code Act 2016

In the digital age, protecting confidential and classified information is paramount. The Cybercrime Code Act 2016 (No 35 of 2016) of Papua New Guinea addresses various cyber offences, including content related offences such as unlawful disclosure. Section 25 of this Act provides detailed provisions on the unlawful disclosure of confidential or classified communication and sensitive data using electronic systems or devices.

What Constitutes Unlawful Disclosure?

Section 25 of the Cybercrime Code Act 2016 defines unlawful disclosure as the intentional and unauthorized use of an electronic system or device to disclose any confidential or classified communication, or sensitive data. This can include the content, data, or electronic output of such communication.

Key Actions Constituting Unlawful Disclosure

Unlawful disclosure includes:

1. Disclosing confidential or classified communication: Sharing any sensitive information without authorization.
2. Disclosing sensitive data: Revealing data that is considered sensitive, whether it is personal, corporate, or government related.

Understanding the Legal Consequences

Unlawful disclosure of confidential or classified information using electronic systems is a serious offence under the Cybercrime Code Act 2016. This provision aims to protect sensitive data from unauthorized exposure, which can have severe implications for individuals and organizations. A person commits a crime if they intentionally, without lawful excuse or justification, or recklessly use an electronic system or device to disclose:

1. Confidential or Classified Communication: This includes any content, data, or electronic output.
2. Sensitive Data: Information that is meant to be kept secure and private.

The penalties for unlawful disclosure are significant:

1. For Natural Persons: A fine not exceeding K20,000.00. Imprisonment for a term not exceeding 15 years. Both fine and imprisonment can be imposed together.
2. For Bodies Corporate: A fine not exceeding K100,000.00.

These measures emphasize the importance of maintaining the confidentiality of sensitive information and the severe consequences of failing to do so.

Understanding Unlawful Disclosure by Authorized Personnel: Legal Implications

Unlawful disclosure can occur even when the offender has lawful authority, custody, access, or control over confidential or classified information. The Cybercrime Code Act 2016 addresses such scenarios with stringent penalties. When someone with authorized access to sensitive data commits an offence by disclosing it unlawfully, they are guilty of a crime. This includes individuals who:

1. Have lawful authority: Such as government officials or employees with clearance.
2. Have custody or control: Those responsible for managing or safeguarding the information.
3. Have access: Individuals who are permitted to view or handle the data as part of their role.

The penalties for this crime are severe:

1. For Natural Persons: A fine not exceeding K100,000.00. Imprisonment for a term not exceeding 25 years. Both fine and imprisonment can be imposed together.
2. For Bodies Corporate: A fine not exceeding K500,000.00.

These stringent measures underscore the importance of maintaining the confidentiality and security of sensitive information, even by those entrusted with access.

Examples

Unlawful disclosure involves the unauthorized sharing of confidential or sensitive information. Here are two examples:

Leaking Confidential Business Information: An employee of a tech company shares proprietary information about a new product with a competitor. This information includes trade secrets, upcoming features, and strategic plans that have not been made public. The competitor uses this information to launch a similar product, undermining the original company’s market advantage. Such actions constitute unlawful disclosure, which is punishable under the Cybercrime Code Act 2016.

Publishing Personal Data: A cybercriminal hacks into a medical database and retrieves sensitive personal information, including medical records and contact details. The hacker then publishes this information online, exposing individuals to identity theft, fraud, and privacy violations. This unauthorized release of personal data is a clear example of unlawful disclosure and carries severe penalties under the Cybercrime Code Act 2016.

Defence

Section 25 outlines a specific defence against charges of unlawful disclosure. This defence applies if it can be proven that the disclosure was for the benefit of the public. Whether the disclosure was indeed for the public benefit is determined as a question of fact.

Implications of Unlawful Disclosure

The stringent penalties outlined in Section 25 highlight the seriousness with which Papua New Guinea treats unlawful disclosure. Such activities can lead to significant breaches of privacy, security risks, and potential financial and reputational damage. The legislation aims to deter the unauthorized sharing of confidential and sensitive information by imposing heavy fines and long prison terms for offenders.

Protection

Given the severe penalties and potential impacts of unlawful disclosure, it is crucial to adopt comprehensive measures to protect confidential and classified information. Here are some strategies:

1. Implement strong access controls: Restrict access to sensitive information to authorized personnel only.
2. Use encryption: Protect confidential and classified communication and data with advanced encryption techniques.
3. Regular audits and monitoring: Conduct regular security audits and continuously monitor systems for unauthorized access or disclosure.
4. Employee training: Educate employees on the importance of protecting confidential information and the legal implications of unlawful disclosure.
5. Develop clear policies: Establish and enforce clear policies regarding the handling and disclosure of sensitive information.

Conclusion

Section 25 of the Cybercrime Code Act 2016 underscores the importance of preventing the unlawful disclosure of confidential and classified communication and sensitive data in Papua New Guinea. By understanding the legal implications and implementing robust preventive measures, individuals and organizations can better safeguard their information against unauthorized disclosure.

Read more similar article here.