(1) Either regulator may make rules ("control of information rules") about the disclosure and use of information held by an authorised person ("A").
(2) Control of information rules may -
(a) require the withholding of information which A would otherwise be required to disclose to a person ("B") for or with whom A does business in the course of carrying on any regulated or other activity;
(b) specify circumstances in which A may withhold information which A would otherwise be required to disclose to B;
(c) require A not to use for the benefit of B information -
(i) which is held by A, and
(ii) which A would otherwise be required to use for the benefit of B;
(d) specify circumstances in which A may decide not to use for the benefit of B information within paragraph (c).