For reporting on the number of refusals to disclose product data, would this include refusing to disclose due to a Denial of Service (DoS) attack?
We expect data holders to report on refusals to disclose CDR data and the CDR rules or data standards relied on to refuse to disclose that CDR data. Under rule 2.5, a data holder may refuse to disclose required product data in response to a request in circumstances (if any) set out in the data standards. Examples of such circumstances in relation to product data are:
- when the number of requests the data holder is receiving is above their service level thresholds defined in the non-functional requirements section of the data standards
- there is a valid security reason that prevents sharing PRD data temporarily or for requests considered as suspicious. This would include refusing to disclose data as a result of a DoS attack.