“4.9 Once authorised, the completed application must be stored on a central
record by the appropriate Intelligence Service’s information
governance/compliance team, which will include the date of approval. This
record must also contain the date of acquisition of the relevant data, which
should be the date used for the review process (for which see paragraph 7.17.5 below).”
Thus the reasons why the acquisition was authorised, including the key
considerations set out at §4.2, are available to be reviewed or audited in the
future.
Access/Use
44. The BPD Handling Arrangements emphasise the high priority that is put on
data security and protective security standards, on confidentiality of data, and
on preventing/disciplining misuse of such data:
“5.1 Each Intelligence Service attaches the highest priority to maintaining
data security and protective security standards. Moreover, each Intelligence
Service must establish handling procedures so as to ensure that the integrity
and confidentiality of the information in the bulk personal dataset held is fully
protected, and that there are adequate safeguards in place to minimise the risk
of any misuse of such data and, in the event that such misuse occurs, to ensure
that appropriate disciplinary action is taken. In particular, each Intelligence
Service must apply the following protective security measures:
Physical security to protect any premises where the information may be
accessed;
IT security to minimise the risk of unauthorised access to IT systems;
A security vetting regime for personnel which is designed to provide
assurance that those who have access to this material are reliable and
trustworthy.”
45. Specific, detailed measures are also set out which are designed to limit access
to data to what is necessary and proportionate, to ensure that such access is
properly audited, and to ensure that disciplinary measures are in place for
misuse:
“5.2 In relation to information in bulk personal datasets held, each
Intelligence Service is obliged to put in place the following additional
measures:
Access to the information contained within the bulk personal datasets must
be strictly limited to those with an appropriate business requirement to use
these data;
Individuals must only access information within a bulk personal dataset if it
is necessary for the performance of one of the statutory functions of the
relevant Intelligence Service;
If individuals access information within a bulk personal dataset with a view
to subsequent disclosure of that information, they must only access the
relevant information if such disclosure is necessary for the performance of the
statutory functions of the relevant Intelligence Service, or for the additional
limited purposes described in paragraph 3.1.4 above;
65