Judgment Approved by the court for handing down.
54.
Davis & Ors v SSHD
Regulation 5 sets out the matters that the Secretary of State must take into account
before giving retention notices:
“5.— Matters to be taken into account before giving retention
notices
(1) Before giving a retention notice, the Secretary of State
must, among other matters, take into account—
(a) the likely benefits of the notice,
(b) the likely number of users (if known) of any
telecommunications service to which the notice relates
(c) the technical feasibility of complying with the notice,
(d) the likely cost of complying with the notice, and
(e) any other impact of the notice on the public
telecommunications operator (or description of operators)
to whom it relates.
(2) Before giving such a notice, the Secretary of State must take
reasonable steps to consult any operator to whom it relates.”
55.
Regulation 6 requires the Secretary of State to keep a retention notice under review.
56.
Regulations 7 and 8 impose obligations on public telecommunications operators who
retain communications data, including: to secure its integrity and security; to protect it
from accidental or unlawful destruction, accidental loss or alteration, or unauthorised
or unlawful retention, processing, access or disclosure; to destroy the data so as to
make it impossible to access if the retention of the data ceases to be authorised; and to
put in place adequate security systems. Regulation 9 imposes a duty on the
Information Commissioner to audit compliance with these requirements.
57.
Schedule 1 specifies the types of communications data that may be retained under the
Act, replicating the Schedule to the 2009 Regulations.
58.
Regulation 10 of the Regulations makes provision for the issue of codes of practice.
Retention of Communications Data Code of Practice
59.
The Retention of Communications Data Code of Practice came into force on 25
March 2015. It provides further guidance as to the procedures to be followed when
communications data is retained pursuant to s.1 DRIPA and the Regulations.
Acquisition and Disclosure Code of Practice
60.
The Acquisition and Disclosure of Communications Data Code of Practice issued in
2007 was revised with effect from 25 March 2015, inter alia to reinforce the
independence of the authorising officer from the specific investigation for which the
communications data is required. Paragraph 3.12 of the revised Code provides that