15.—(1) Where—
(a)a security compromise occurs in relation to a public electronic communications network or public electronic communications service, and
(b)it appears to the network provider or service provider (“the relevant person”) that the security compromise is one that may cause a connected security compromise in relation to another public electronic communications network or public electronic communications service,
the relevant person must, so far as is appropriate and proportionate, provide information about the security compromise to the network provider or service provider in relation to the other network or service.
(2) Information provided under paragraph (1) which relates to a particular business may not, without the consent of the person carrying on the business—
(a)be used or disclosed by the recipient otherwise than for the purpose of identifying or reducing the risk of security compromises occurring in relation to the recipient’s network or service or preventing or mitigating the adverse effects of security compromises that have occurred in relation to the recipient’s network or service, or
(b)be retained by the recipient any longer than is necessary for that purpose.
(3) A network provider (“provider A”) must, when requested by a service provider or another network provider (“provider B”), give provider B such assistance as is appropriate and proportionate in the taking by provider B of any measure required by these Regulations in relation anything that—
(a)has occurred in relation to provider A’s public electronic communications network,
(b)is a security compromise in relation to that network, and
(c)may cause a connected security compromise in relation to provider B’s public electronic communications network or public electronic communications service.
(4) A service provider (“provider A”) must, when requested by a network provider or another service provider (“provider B”), give provider B such assistance as is appropriate and proportionate in the taking by provider B of any measure required by these Regulations in relation to anything that—
(a)has occurred in relation to provider A’s public electronic communications service,
(b)is a security compromise in relation to that service, and
(c)may cause a connected security compromise in relation to provider B’s public electronic communications network or public electronic communications service.
(5) A network provider or service provider must, where necessary to reduce the risk of security compromises occurring in relation to the provider’s public electronic communications network or public electronic communications service, request another person to give any assistance which paragraph (3) or (4) will require the other person to give.