2013 Annual Report of the Interception of Communications Commissioner
data inspections of the other two intelligence agencies happened to fall just outside the
calendar year 2013.
4.34 An additional 130 local authorities were inspected during the National Anti
Fraud Network (NAFN) inspection. NAFN continues to provide a SPoC service for local
authorities and 85% of the local authorities that reported using their powers in 2013
submit their requirements via the NAFN SPoC. Our inspection of NAFN itself showed
very good compliance and we continue to encourage all local authorities to use their
services. There are strong practical reasons for NAFN’s legislative remit to be enlarged to
embrace other public authorities who are infrequent users of RIPA 2000 Part I Chapter II.
This view was shared by the Joint Parliamentary Committee which scrutinised the then
draft Communications Data Bill.
4.35 The length of each inspection depends on the type of public authority being
inspected and their communications data usage. The inspections of the larger users,
such as police forces, are conducted by at least two inspectors and take place over 3 or
4 days. The inspections of the smaller volume users are conducted by one inspector and
generally last 1 day.
4.36 Examination of systems and procedures for acquiring communications data.
Our communications data inspections are structured to ensure that key areas derived
from Part I Chapter II and the Code of Practice are scrutinised. The larger users have
bespoke workflow systems to manage their applications for communications data and
the inspectors have full access to those systems and interrogate them. A typical inspection
may include the following:
•
•
•
•
•
•
28
a review of the action points or recommendations from the previous inspection
to check they have been implemented.
an audit of the information supplied by the CSPs detailing the requests
that public authorities have made for disclosure of data. This information
is compared against the applications held by the SPoC to verify that the
necessary approvals were given to acquire the data.
examination of individual applications for communications data to assess
whether they were necessary in the first instance and then whether the
requests met the necessity and proportionality requirements.
scrutinising at least one investigation or operation from start to end to assess
whether the communications data strategy and the justifications for acquiring
all of the data were proportionate.
examination of the urgent oral approvals to check the process was justified
and used appropriately.
a review of the errors reported or recorded, including checking that the
measures put in place to prevent recurrence are sufficient.