(1) Subject to section 13 and subsections (3) and (4), a person shall not do any act which he or she knows will cause an unauthorized modification of data held in a computer system for the purpose of—
(a) impairing the operation of the computer system;
(b) preventing or hindering access to any program or data held in any computer system;
(c) impairing the operation of such program or reliability of the data; or
(d) enhancing the operation of a computer system in order to secure unauthorized access to information in another computer system.
(2) A person who contravenes subsection (1), commits an offence and is liable, on summary conviction—
(a) in case of a first offence—
(i) subject to subparagraph (ii), to a fine not exceeding $10,000 or to imprisonment for a term not exceeding 3 months or to both, and
(ii) where the computer system or access to any program or data held in a computer or the operation of any program or the reliability of data is suppressed, modified or otherwise impaired, to a fine not exceeding $20,000 or to imprisonment for a term not exceeding 6 months;
(b) in the case of a second or subsequent offence—
(i) subject to subparagraph (ii), to a fine not exceeding $25,000 or to imprisonment for a term not exceeding one year or to both, and
(ii) where the computer system or access to any program or data held in a computer or the operation of any program or the reliability of data is suppressed, modified or otherwise impaired, to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 18 months.
(3) A person is not liable under this section if that person is acting—
(a) pursuant to measures that can be taken under Part 3; or
(b) in reliance of any other statutory power.
(4) For the purposes of this section, a modification is unauthorized if the person—
(a) whose act causes it, is not the person entitled to determine whether the modification should be made; and
(b) does not have the consent to cause or make the modification from a person who is entitled to give the consent.