External
The Department must protect personal information by reasonable security safeguards against loss, unauthorised access, use, modification or disclosure, and against other misuse. If it is necessary for the record to be given to a person who is providing a service to the Department, the Department must do everything within its power to prevent unauthorised use or disclosure of the information.