P.U.(A) 359/98
DIGITAL SIGNATURE REGULATIONS 1998
PART XI - GENERAL
Regulation 80. Retention and custody of records.
(1) A licensed certification authority, a recognised repository and a recognised date/time stamp service shall, unless the Controller otherwise directs, retain -
(a) the records required under regulation 78;
(b) the books of account required under regulation 79; and
(c) in the case of a licensed certification authority, all its records of the issuance, acceptance and any suspension or revocation of a certificate,
for not less than ten years from the date of the last entry or the date of issue, as the case may be.
(2) All the records referred to in subregulation (1) shall be retained in the custody of the licensed certification authority, recognised repository or recognised date/time stamp service, as the case may be, generating the records unless the licensed certification authority, recognised repository or recognised date/time stamp service, as the case may be, -
(a) contracts with another person for the record retention as required under this regulation; or
(b) surrenders the records to the Controller upon ceasing to act as a certification authority, repository or date/time stamp service, as the case may be.
(3) A licensed certification authority, a recognised repository and a recognised date/time stamp service shall keep its records in a secure place and in a secure manner.
