Commonwealth Consolidated Acts Commonwealth Consolidated ActsFor the purposes of this Division, in determining whether a reasonable person would conclude that an access to, or a disclosure of, information:
(a) would be likely; or
(b) would not be likely;
to result in serious harm to any of the individuals to whom the information relates, have regard to the following:
(c) the kind or kinds of information;
(d) the sensitivity of the information;
(e) whether the information is protected by one or more security measures;
(f) if the information is protected by one or more security measures--the likelihood that any of those security measures could be overcome;
(g) the persons, or the kinds of persons, who have obtained, or who could obtain, the information;
(h) if a security technology or methodology:
(i) was used in relation to the information; and
(ii) was designed to make the information unintelligible or meaningless to persons who are not authorised to obtain the information;
the likelihood that the persons, or the kinds of persons, who:
(iii) have obtained, or who could obtain, the information; and
(iv) have, or are likely to have, the intention of causing harm to any of the individuals to whom the information relates;
have obtained, or could obtain, information or knowledge required to circumvent the security technology or methodology;
(i) the nature of the harm;
(j) any other relevant matters.
Note: If the security technology or methodology mentioned in paragraph (h) is encryption, an encryption key is an example of information required to circumvent the security technology or methodology.