valid justification for a search may result in disciplinary action, which in the
most serious cases could lead to dismissal and/or the possibility of
prosecution.”
55. §8.4 notes that all reports on audit investigations are made available to the
Intelligence Services Commissioner for scrutiny.
56. Staff within each Agency are also required to keep their senior leadership
“apprised as appropriate of the relevant Service’s bulk personal data holdings
and operations.” (§8.5)
Oversight
57. The BPD Handling Arrangements also set out provisions in relation to the
oversight of BPD.
58. §9.1 concerns Ministerial oversight. Each of the Intelligence Services must
report as appropriate on its BPD holdings and operations to the relevant
Secretary of State.
59. §§10.1 to 10.4 address oversight by the Intelligence Services Commissioner:
“10.1 The acquisition, use, retention and disclosure of bulk personal datasets
by the Intelligence Services, and the management controls and safeguards
against misuse they put in place, will be overseen by the Intelligence Services
Commissioner on a regular six-monthly basis, or as may be otherwise agreed
between the Commissioner and the relevant Intelligence Service, except where
the oversight of such data already falls within the statutory remit of the
Interception of Communications Commissioner.
Note: The Prime Minister’s section 59A RIPA direction was issued on 11
March 2015. Paragraph 3 of this makes it clear that the Commissioner’s
oversight extends not only to the practical operation of the Arrangements, but
also to the adequacy of the Arrangements themselves.
10.2 The Intelligence Services must ensure that they can demonstrate to the
appropriate Commissioner that proper judgements have been made on the
necessity and proportionality of acquisition, use, disclosure and retention of
bulk personal datasets. In particular, the Intelligence Services should ensure
that they can establish to the satisfaction of the appropriate Commissioner
that their policies and procedures in this area (a) are sound and provide
adequate safeguards against misuse and (b) are strictly complied with,
including through the operation of adequate protective monitoring
arrangements.
10.3 The Intelligence Services Commissioner also has oversight of controls to
prevent and detect misuse of bulk personal data, as outlined in paragraph 8.3
and 8.4 above.
10.4 The Intelligence Services must provide to the appropriate Commissioner
all such documents and information as the latter may require for the purpose
of enabling him to exercise the oversight described in paragraph 10.1 and
10.2 above.”
69