Regulation 5 Sharing of information
(1) Information may be shared by a competent authority, the CSIRT or the single point of contact in accordance with these Regulations.
(2) Information shared in accordance with these Regulations may include personal data.
(3) Where a competent authority, the CSIRT or the single point of contact shares information under these Regulations in relation to an operator of essential services or a digital service provider, the competent authority, CSIRT or single point of contact, as the case may be, shall take all reasonable steps to protect the confidentiality of the information so shared and the network and information security and commercial interests of the operator of essential services or the digital service provider to which the information relates.