Regulation 20 — REGULATIONS_AUDIT
Original Rule Text
20. Confidentiality of information and protection of personal identifiable/sensitive information acquired during audit (1) The documents classified as ‘confidential’ or ‘secret’ or ‘top secret’ shall be made available to Audit and shall be dealt with by Audit in accordance with the standing laws and instructions of the Government for handling and custody of such documents and information.
(2) If certain privileged or confidential information or Personally Identifiable Information (PII) prohibited from general disclosure by law is obtained in course of an audit, Audit should maintain confidentiality of that information and ensure that any audit products do not become a means of compromising such privilege or confidentiality of the information. However, this does not preclude Audit from including the names of departments, organisations, parties concerned in audit reports, as per extant orders of the Comptroller and Auditor General and consistent with applicable laws.
(3) Information about an auditable entity acquired in the course of audit shall not be used for purposes other than the discharge of Comptroller and Auditor General’s audit mandate. However, Audit is not precluded from reporting offences against the law to appropriate prosecuting authorities wherever necessary. Instances of fraud or corruption, as noticed during Audit, shall be reported to concerned authorities by Audit, as per instructions issued by the Comptroller and Auditor General.