APPENDIX B: THE BPD REGIME
1. The regime in respect of Bulk Personal Datasets (“BPD”) which is relevant to
the activities of the Intelligence Services principally derives from the
following statutes:
(a) the Security Services Act 1989 (“the SSA”) and the Intelligence Services
Act 1994 (“the ISA”);
(b) the Counter-Terrorism Act 2008 (“the CTA”);
(c) the Human Rights Act 1998 (“the HRA”);
(d) the Data Protection Act 1998 (“the DPA”); and
(e) the Official Secrets Act 1989 (“the OSA”).
These are addressed below.
2. In addition,
(a) Where BPDs have been obtained by means of RIPA/ISA powers, the
relevant Codes of Practice have been applied (see below); and
(b) GCHQ, MI5 and SIS have a number of internal arrangements in relation
to BPD.
The SSA and ISA
Security Service functions
3. By s.1 (2) to (4) of the Security Service Act 1989 (“SSA”), the functions of
the Security Service are the following:
“the protection of national security and, in particular, its protection against
threats from espionage, terrorism and sabotage, from the activities of agents
of foreign powers and from actions intended to overthrow or undermine
parliamentary democracy by political, industrial or violent means.”
“to safeguard the economic well-being of the United Kingdom against threats
posed by the actions or intentions of persons outside the British Islands.”
“to act in support of the activities of police forces, the National Crime Agency
and other law enforcement agencies in the prevention and detection of serious
crime.”
4. The Security Service’s operations are under the control of a Director-General
who is appointed by the Secretary of State (s.2 (1)). By s.2(2)(a) it is the
Director-General’s
duty to ensure:
54