Chapter 3 I FIC Act
                                              (b) for the purpose of carrying out the provisions of this Act;
(c) with the permission of the Centre;
(d) for the purpose of legal proceedings, including any proceedings before a judge in chambers; or
(e) in terms of an order of court.
41A. Protection of personal information
(1) The Centre must ensure that appropriate measures are taken in respect of personal information in its possession or under its control to prevent–
(a) loss of, damage to or unauthorised destruction of the information;
and
(b) unlawful access to or processing of personal information, other than in accordance with this Act and the Protection of Personal Information Act, 2013 (Act No. 4 of 2013).
(2) In order to give effect to subsection (1) the Centre must take reasonable measures to–
(a) identify all reasonable and foreseeable internal and external risks to personal information in its possession or under its control;
(b) establish and maintain appropriate safeguards against the risks identified;
(c) regularly verify that the safeguards are effectively implemented; and
(d) ensure that the safeguards are continually updated in response to new risks or deficiencies in previously implemented safeguards.
(3) The
personal information to facilitate the sharing of information between accountable institutions when the sharing of information is necessary for the purposes of carrying out the provisions of section 29, to ensure that adequate safeguards are in place as required by section 6(1)(c) of the Protection of Personal Information Act, 2013.
Minister may prescribe requirements for the protection of
57