296.This section describes the safeguards that must be in place for the protection of any material (e.g. a decryption key) handed over in response to the serving of a notice under this Act.
297.Subsection (1) ensures that the safeguard requirements apply to all those who may have responsibility for organisations that will handle material provided in response to a written notice. In the case of the security and intelligence agencies for example, this will mean the Secretary of State.
298.Subsection (2) places an onus on those identified to ensure that:
any material disclosed is used only for a purpose for which it may be required;
the uses to which the material is put are reasonable;
the use and any retention of the material are proportionate;
the requirements of subsection (3) are complied with;
that keys are stored in a secure manner; and
the material is destroyed as soon as it is no longer needed.
299.Subsection (3) specifies that the material is shared with the minimum number of people possible.
300.Subsection (4) imposes a civil liability in instances where seized keys are compromised by a failure of the safeguards arrangements in this section. There are two elements to this. Subsection (4)(a) is in respect of a person who fails to ensure that adequate arrangements are in place for the protection of keys. Subsection (4)(b) applies to where a person does not comply with those arrangements properly and compromises a key.
301.Subsection (5) describes the persons who may bring an action under the terms of this section. These are limited to persons who have made a disclosure in pursuance of a notice under section 49 or those whose protected information or key has been disclosed by some other person in pursuance of a notice.