Processing under the authority of the data controller or data processor

59.(1) The data processor and any person acting under the authority of the data controller or of the data processor, who has access to personal data, shall not process those data except on instructions from the data controller, unless required to do so by any enactment.

(2) A person who contravenes subsection (1) is guilty of an offence and is liable on summary conviction to a fine of $500 000 or to a term of imprisonment of 3 years or to both.

<-- Contents page