Communications (Retention of Data) Act 2011
4.— (1) A service provider who retains data under section 3 (1) shall take the following security measures in relation to the retained data:
( a) the data shall be of the same quality and subject to the same security and protection as those data relating to the publicly available electronic communications service or to the public communications network, as the case may be;
( b) the data shall be subject to appropriate technical and organisational measures to protect the data against accidental or unlawful destruction, accidental loss or alteration, or unauthorised or unlawful storage, processing, access or disclosure;
( c) the data shall be subject to appropriate technical and organisational measures to ensure that they can be accessed by authorised personnel only;
( d) the data, except those that have been accessed and preserved, shall be destroyed by the service provider after—
(2) The Data Protection Commissioner is hereby designated as the national supervisory authority for the purposes of this Act and Directive No. 2006/24/EC of the European Parliament and of the Council.