(1)The Secretary of State must secure—
(a)that no authorisation data is obtained or processed under the filtering arrangements except for the purposes of an authorisation,
(b)that data which—
(i)has been obtained or processed under the filtering arrangements, and
(ii)is to be disclosed in pursuance of an authorisation or for the purpose mentioned in section 67(1)(a),
is disclosed only to the person to whom the data is to be disclosed in pursuance of the authorisation or (as the case may be) to the designated senior officer concerned,
(c)that any authorisation data which is obtained under the filtering arrangements in pursuance of an authorisation is immediately destroyed—
(i)when the purposes of the authorisation have been met, or
(ii)if at any time it ceases to be necessary to retain the data for the purposes or purpose concerned.
(2)The Secretary of State must secure that data (other than authorisation data) which is retained under the filtering arrangements is disclosed only—
(a)for the purpose mentioned in section 67(1)(a),
(b)for the purposes of support, maintenance, oversight, operation or administration of the arrangements,
(c)to the Investigatory Powers Commissioner for the purposes of the functions of the Commissioner mentioned in section 67(4) or (5), or
(d)otherwise as authorised by law.
(3)The Secretary of State must secure that—
(a)only the Secretary of State and designated individuals are permitted to read, obtain or otherwise process data for the purposes of support, maintenance, oversight, operation or administration of the filtering arrangements, and
(b)no other persons are permitted to access or use the filtering arrangements except in pursuance of an authorisation or for the purpose mentioned in section 67(1)(a).
(4)In subsection (3)(a) “designated” means designated by the Secretary of State; and the Secretary of State may designate an individual only if the Secretary of State thinks that it is necessary for the individual to be able to act as mentioned in subsection (3)(a).
(5)The Secretary of State must—
(a)put in place and maintain an adequate security system to govern access to, and use of, the filtering arrangements and to protect against any abuse of the power of access, and
(b)impose measures to protect against unauthorised or unlawful data retention, processing, access or disclosure.
(6)The Secretary of State must—
(a)put in place and maintain procedures (including the regular testing of relevant software and hardware) to ensure that the filtering arrangements are functioning properly, and
(b)report, as soon as possible after the end of each calendar year, to the Investigatory Powers Commissioner about the functioning of the filtering arrangements during that year.
(7)A report under subsection (6)(b) must, in particular, contain information about the destruction of authorisation data during the calendar year concerned.
(8)If the Secretary of State believes that significant processing errors have occurred giving rise to a contravention of any of the requirements of this Part which relate to the filtering arrangements, the Secretary of State must report that fact immediately to the Investigatory Powers Commissioner.
(9)In this section “authorisation data”, in relation to an authorisation, means communications data that is, or is to be, obtained in pursuance of the authorisation or any data from which that data is, or may be, derived.