15.—(1) This regulation applies in relation to communications data which is retained by telecommunications service providers by virtue of a code of practice under section 102 of the Anti-terrorism, Crime and Security Act 2001(1).

(2) A telecommunications service provider who retains communications data to which this regulation applies must not disclose the data except in accordance with—

(a)Chapter 2 of Part 1 of the Regulation of Investigatory Powers Act 2000 (acquisition and disclosure of communications data), or

(b)a court order or other judicial authorisation or warrant.

(3) A telecommunications service provider must put in place adequate security systems (including technical and organisational measures) governing access to communications data to which this regulation applies in order to protect against any disclosure of a kind which does not fall within paragraph (2).

(4) A telecommunications service provider who retains communications data to which this regulation applies must retain the data in such a way that it can be transmitted without undue delay in response to requests.

(5) Regulation 7 applies in relation to communications data to which this regulation applies which is retained by a telecommunications service provider as it applies in relation to data retained by virtue of section 1 of the Act by a public telecommunications operator but as if the requirement in regulation 7(2) to destroy the data were a requirement to destroy it if the retention of the data ceases to be authorised by law.

(6) The Information Commissioner must audit compliance with requirements or restrictions imposed by this regulation in relation to the integrity, security or destruction of data to which this regulation applies.

(7) The modifications of sections 71 and 72 of the Regulation of Investigatory Powers Act 2000 in regulation 10 are to be read as if—

(a)the references to section 1(1) to (6) of the Data Retention and Investigatory Powers Act 2014 included references to this regulation, and

(b)the reference to Part 2 of these Regulations included a reference to paragraph (6) above.

(8) It is the duty of a telecommunications service provider on whom a requirement or restriction is imposed by this regulation to comply with the requirement or restriction concerned.

(9) That duty is enforceable by civil proceedings by the Secretary of State for an injunction, or for specific performance of a statutory duty under section 45 of the Court of Session Act 1988, or for any other appropriate relief.

(10) The Secretary of State may reimburse any expenses incurred by a telecommunications service provider in complying with this regulation.

(11) Reimbursement may be conditional on either or both of the following—

(a)the expenses having been notified to the Secretary of State and agreed in advance;

(b)the telecommunications service provider having co-operated with any audit that may be reasonably required for the purpose of monitoring the claim for reimbursement.