The Data Retention Regulations 2014
| Jurisdiction | UK Non-devolved |
| Citation | SI 2014/2042 |
| Year | 2014 |
2014No. 2042
ELECTRONIC COMMUNICATIONS
The Data Retention Regulations 2014
30thJuly2014
The Secretary of State makes these Regulations in exercise of the powers conferred by sections 1(3), (4), (5) and (7) and 2(3) and (4) of the Data Retention and Investigatory Powers Act 2014( 1).
A draft of these Regulations has been laid before, and approved by a resolution of, each House of Parliament in accordance with section 2(5) of the Data Retention and Investigatory Powers Act 2014.
PART 1
GENERAL
Citation and commencement
1. (1) These Regulations may be cited as the Data Retention Regulations 2014.
(2) Subject to paragraph 3, these Regulations come into force on the day after the day on which these Regulations are made.
(3) Regulations 8(1) and 15(2) and (3) come into force on the day on which section 1(6) of the Act comes into force for all purposes.
PART 2
THE RETENTION NOTICE REGIME
Interpretation
Interpretation of Part 2
2. In this Part-
"the Act" means the Data Retention and Investigatory Powers Act 2014;
"cell ID" means the identity or location of the cell from which a mobile telephony call started or in which it finished;
"service use data" means anything falling within paragraph (b) of the definition of "communications data" in section 21(4) of the Regulation of Investigatory Powers Act 2000( 2) so far as that definition applies in relation to telecommunications services and telecommunication systems;
"subscriber data" means anything falling within paragraph (c) of the definition of "communications data" in section 21(4) of the Regulation of Investigatory Powers Act 2000 so far as that definition applies in relation to telecommunications services and telecommunication systems;
"telephone service" means calls (including voice, voicemail and conference and data calls), supplementary services (including call forwarding and call transfer) and messaging and multi-media services (including short message services, enhanced media services and multi-media services);
"traffic data" means anything falling within paragraph (a) of the definition of "communications data" in section 21(4) of the Regulation of Investigatory Powers Act 2000 so far as that definition applies in relation to telecommunications services and telecommunication systems;
"user ID" means a unique identifier allocated to persons when they subscribe to, or register with, an internet access service or internet communications service.
Specified data for purposes of definition of "relevant communications data"
3. The Schedule to these Regulations specifies the communications data that is of the kind mentioned in the Schedule to the 2009 Regulations( 3).
Retention notices
Retention notices
4. (1) A retention notice must specify-
(a) the public telecommunications operator (or description of operators) to whom it relates,(b) the relevant communications data which is to be retained,(c) the period or periods for which the data is to be retained,(d) any other requirements, or any restrictions, in relation to the retention of the data.(2) A retention notice must not require any data to be retained for more than 12 months beginning with-
(a) in the case of traffic data or service use data, the day of the communication concerned, and(b) in the case of subscriber data, the day on which the person concerned leaves the telecommunications service concerned or (if earlier) the day on which the data is changed.(3) A retention notice which relates to data already in existence when the notice comes into force imposes a requirement to retain the data for only so much of a period of retention as occurs on or after the coming into force of the notice.
(4) A retention notice comes into force when the notice is given to the operator (or description of operators) concerned or (if later) at the time or times specified for this purpose in the notice.
(5) A retention notice is given to an operator (or description of operators) by giving or publishing it in such manner as the Secretary of State considers appropriate for bringing it to the attention of the operator (or description of operators) to whom it relates.
Safeguards
Matters to be taken into account before giving retention notices
5. (1) Before giving a retention notice, the Secretary of State must, among other matters, take into account-
(a) the likely benefits of the notice,(b) the likely number of users (if known) of any telecommunications service to which the notice relates,(c) the technical feasibility of complying with the notice,(d) the likely cost of complying with the notice, and(e) any other impact of the notice on the public telecommunications operator (or description of operators) to whom it relates.(2) Before giving such a notice, the Secretary of State must take reasonable steps to consult any operator to whom it relates.
Review of retention notices
6. The Secretary of State must keep a retention notice under review.
Data integrity and security
7. (1) A public telecommunications operator who retains communications data by virtue of section 1 of the Act must-
(a) secure that the data is of the same integrity and subject to at least the same security and protection as the data on any system from which it is derived,(b) secure, by appropriate technical and organisational measures, that the data can be accessed only by specially authorised personnel, and(c) protect, by appropriate technical and organisational measures, the data against accidental or unlawful destruction, accidental loss or alteration, or unauthorised or unlawful retention, processing, access or disclosure.(2) A public telecommunications operator who retains communications data by virtue of section 1 of the Act must destroy the data if the retention of the data ceases to be authorised by virtue of that section and is not otherwise authorised by law.
(3) The requirement in paragraph (2) to destroy the data is a requirement to delete the data in such a way as to make access to the data impossible.
(4) It is sufficient for the operator to make arrangements for the deletion of the data to take place at such monthly or shorter intervals as appear to the operator to be practicable.
Disclosure of retained data
8. (1) A public telecommunications operator must put in place adequate security systems (including technical and organisational measures) governing access to communications data retained by virtue of section 1 of the Act in order to protect against any disclosure of a kind which does not fall within section 1(6)(a) of the Act.
(2) A public telecommunications operator who retains communications data by virtue of section 1 of the Act must retain the data in such a way that it can be transmitted without undue delay in response to requests.
Oversight by the Information Commissioner
9. The Information Commissioner must audit compliance with requirements or restrictions imposed by this Part in relation to the integrity, security or destruction of data retained by virtue of section 1 of the Act.
Code of practice
10. (1) The following provisions of the Regulation of Investigatory Powers Act 2000 have effect as if the following amendments were made to them.
(2) Section 71(2)( 4) (issue and revision of codes of practice: powers and...
To continue reading
Request your trial