Disclosure Principle
(1) Subject to section 39, no personal data shall, without the consent of the data subject, be disclosed—
(a) for any purpose other than—
(i) the purpose for which the personal data was to be disclosed at the time of
collection of the personal data; or
(ii) a purpose directly related to the purpose referred to in subparagraph (i); or
(b) to any party other than a third party of the class of third parties as specified in
paragraph 7(1)(e).