5.—(1) Before giving a retention notice, the Secretary of State must, among other matters, take into account—
(a)the likely benefits of the notice,
(b)the likely number of users (if known) of any telecommunications service to which the notice relates,
(c)the technical feasibility of complying with the notice,
(d)the likely cost of complying with the notice, and
(e)any other impact of the notice on the public telecommunications operator (or description of operators) to whom it relates.
(2) Before giving such a notice, the Secretary of State must take reasonable steps to consult any operator to whom it relates.
6. The Secretary of State must keep a retention notice under review.
7.—(1) A public telecommunications operator who retains communications data by virtue of section 1 of the Act must—
(a)secure that the data is of the same integrity and subject to at least the same security and protection as the data on any system from which it is derived,
(b)secure, by appropriate technical and organisational measures, that the data can be accessed only by specially authorised personnel, and
(c)protect, by appropriate technical and organisational measures, the data against accidental or unlawful destruction, accidental loss or alteration, or unauthorised or unlawful retention, processing, access or disclosure.
(2) A public telecommunications operator who retains communications data by virtue of section 1 of the Act must destroy the data if the retention of the data ceases to be authorised by virtue of that section and is not otherwise authorised by law.
(3) The requirement in paragraph (2) to destroy the data is a requirement to delete the data in such a way as to make access to the data impossible.
(4) It is sufficient for the operator to make arrangements for the deletion of the data to take place at such monthly or shorter intervals as appear to the operator to be practicable.
8.—(1) A public telecommunications operator must put in place adequate security systems (including technical and organisational measures) governing access to communications data retained by virtue of section 1 of the Act in order to protect against any disclosure of a kind which does not fall within section 1(6)(a) of the Act.
(2) A public telecommunications operator who retains communications data by virtue of section 1 of the Act must retain the data in such a way that it can be transmitted without undue delay in response to requests.
9. The Information Commissioner must audit compliance with requirements or restrictions imposed by this Part in relation to the integrity, security or destruction of data retained by virtue of section 1 of the Act.
10.—(1) The following provisions of the Regulation of Investigatory Powers Act 2000 have effect as if the following amendments were made to them.
(2) Section 71(2)(1) (issue and revision of codes of practice: powers and duties in respect of which code of practice must be issued) has effect as if—
(a)for “subsection (10)” there were substituted “subsections (10) and (11)”,
(b)the word “and” at the end of paragraph (b) were omitted, and
(c)after paragraph (c) there were inserted—
“(d)section 1(1) to (6) of the Data Retention and Investigatory Powers Act 2014.”
(3) Section 71 has effect as if, after subsection (10), there were inserted—
“(11) The reference in subsection (2) to powers and duties conferred or imposed by or under section 1(1) to (6) of the Data Retention and Investigatory Powers Act 2014 does not include a reference to any such powers and duties which are conferred or imposed on the Secretary of State.”
(4) Section 72(4) (effect of codes of practice: functions of relevant Commissioners) has effect as if, after paragraph (c), there were inserted—
“(ca)the Information Commissioner carrying out any of the Commissioner’s functions under Part 2 of the Data Retention Regulations 2014,”.
2000 c. 23. Section 71 was amended by the Serious Crime Act 2007 (c. 27), section 88, Schedule 12, paragraphs 5 and 25; the Protection of Freedoms Act 2012 (c. 9), section 115(1), Schedule 9, paragraphs 6 and 14, and S.I. 2011/1340 .