Question
The CDR Rules 4.7(1)(c) and CDR Rules 4.7(1)(d) ‘refuse to disclose’ and ‘refuse to ask for an authorisation’ are 2 separate concepts. Is record keeping (CDR Rules 9.3) and reporting (CDR Rules 9.4) relating to the concept of ‘refuse to disclose’?
This is further re-enforced in the reporting form guidance in relation to requests to an API “…the data holder has not disclosed CDR data in response to a request”. Seeking clarification that it is only the ‘refuse to disclose’ concept that is in scope for record keeping and reporting.
Answer
Only refusals to disclose CDR data are required to be reported on under rule 9.4; refusals to ask for authorisation are not required to be reported on under rule 9.4. Similarly, in terms of record keeping requirements, rule 9.3(1)(e) only requires data holders to record instances where CDR data has not been disclosed in reliance on an exemption from the obligation to disclose CDR. This does not include a requirement to record instances of refusing to ask for authorisation.
Comments
0 comments
Please sign in to leave a comment.