Commonwealth Numbered Acts Commonwealth Numbered Acts(1) After a review is completed under section 46 by the review panel, the Board must prepare a report (a final review report ) on the review.
Note 1: The Board must redact sensitive review information from a final review report: see section 53.
Note 2: If information is redacted from a final review report, the Board must also prepare a protected review report: see section 54.
(2) In preparing the final review report, the Board must consider any submissions received under section 51 in relation to the draft review report.
(3) Subject to section 53, the final review report must set out:
(a) the findings of the review; and
(b) a summary of the information and material on which those findings are based; and
(c) any recommendations made by the Board; and
(d) if recommendations are made--the reasons for those recommendations; and
(e) if the terms of reference for the review require particular information to be included in the review report--that information; and
(f) information (if any) that is prescribed by the rules; and
(g) such other information that the Board thinks fit to include in the report.
(4) The Board must not in the final review report:
(a) apportion blame in relation to a cyber security incident that was the subject of the review; or
(b) provide the means to determine the liability of any entity in relation to such a cyber security incident; or
(c) identify an individual (unless the individual has consented); or
(d) allow any adverse inference to be drawn from the fact that an entity is the subject of the review.
However, even though blame or liability may be inferred, or an adverse inference may be made, by a person other than the Board, this does not prevent the Board from including information in the final review report.
(5) This section does not otherwise limit what may be included in the final review report.
(6) The Board must publish the final review report (excluding any information required to be redacted under section 53). The report may be published in any way the Board considers appropriate.