The Data Retention Regulations 2014

EXPLANATORY NOTE

(This note is not part of the Regulations)

These Regulations are made under the Data Retention and Investigatory Powers Act 2014 (‘the Act’). Section 1 of the Act contains a power for the Secretary of State to give a notice to a telecommunications operator requiring the retention of communications data of the types specified in the Schedule to these Regulations (which replicates the Schedule to the Data Retention (EC Directive) Regulations 2009). These Regulations make further provision in respect of that retention, and revoke the 2009 Regulations.

Regulation 3 introduces the Schedule of communications data types.

Regulation 4 gives further detail in respect of a retention notice.

Regulation 5 sets out the matters the Secretary of State must take into account before giving a notice, and regulation 6 requires that a notice must be kept under review.

Regulations 7 and 8 contain requirements on telecommunications operators in respect of the security and integrity of retained data, and the permanent deletion of data where there is no longer a requirement to retain.

Regulation 9 provides for oversight by the Information Commissioner of the requirements relating to integrity, security and destruction of retained data.

Regulation 10 makes provision for a statutory code of practice on the retention of data.

Regulation 11 provides for the variation or revocation of retention notices.

Regulation 12 imposes a duty to comply with certain requirements of the Regulations, section 1(6) of the Act (which restricts disclosure of retained data), and a retention notice. The duty is enforceable by civil proceedings by the Secretary of State.

Regulation 13 makes provision for the reimbursement by the Secretary of State of expenses incurred by telecommunications providers in complying with section 1 of the Act and Part 2 of the Regulations.

Regulation 14 revokes the 2009 Regulations and provides for transitional arrangements for data retained under those regulations.

Regulation 15 makes equivalent provision on security, access, expenses and enforcement in respect of data retained under the voluntary code of practice provided for in section 102 of the Anti-terrorism, Crime and Security Act 2001.

An impact assessment of the effect that the Act will have on the costs of business is published with the Explanatory Memorandum alongside the Regulations on www.legislation.gov.uk. No separate assessment has been carried out for these Regulations.