Amendment of the 2003 RegulationsU.K.
4.—(1) In regulation 5, after paragraph (1) insert—
“(1A) The measures referred to in paragraph (1) shall at least—
(a)ensure that personal data can be accessed only by authorised personnel for legally authorised purposes;
(b)protect personal data stored or transmitted against accidental or unlawful destruction, accidental loss or alteration, and unauthorised or unlawful storage, processing, access or disclosure; and
(c)ensure the implementation of a security policy with respect to the processing of personal data.”
(2) After paragraph (5) insert—
“(6) The Information Commissioner may audit the measures taken by a provider of a public electronic communications service to safeguard the security of that service.”.
Commencement Information
I1Reg. 4 in force at 26.5.2011, see reg. 1(1)