2013 Annual Report of the Interception of Communications Commissioner
4.37 Samples. I have previously said (in relation to interception warrants) that it is
important that we scrutinise a sufficient sample of the individual applications. But, in my
view, inspecting and understanding systems is in the end more important than scrutinising
yet more individual applications. That said, it is generally feasible in the smaller public
authorities for our inspectors to examine all of the applications submitted in the period
being examined.
4.38 For the larger users, sampling must be undertaken. A survey conducted by our
office estimated that approximately 10% of the applications submitted in the period
being examined are individually scrutinised during the inspections of the larger users.
If the number of applications submitted by public authorities was one of the statistical
requirements of the Code of Practice, this estimate would be more accurate. In any event,
the inspectors randomly sample thousands of individual applications each year. It is also
worth noting the following points in relation to the random sampling:
•
•
•
it is conducted at both ends of the process – i.e. from the public authority
records and the data obtained from the CSPs;
if the inspectors identify an error or issue during the random sampling which
may impact on other applications, the public authority is required to identify
other applications which may contain the same error or fault. Therefore,
although random sampling may only pick up 1 error, this will lead to all error
instances of that type being investigated and reported;
the inspectors will continue to examine applications until they reach the
point that they are satisfied that what they have examined is an accurate
representation of the public authority’s compliance.
4.39 In addition to the random sampling, where possible the Inspectors also conduct
query based searches across the workflow systems. The query based searches enable
specific areas to be tested for compliance. For example, a DP query based search relating
to a particular DP enables the inspectors to scrutinise the quality of the DPs considerations
in relation to necessity and proportionality, check that the DPs are not rubber stamping
applications and that the DPs are of the appropriate rank or level to act in that capacity.
Another example might be a query based search to identify any requests where data
has been applied for over lengthy time periods or where particularly intrusive data sets
have been acquired. This type of sampling not only enables key themes to be examined,
but also enables identified parts of a larger number of applications to be examined.
Our office has been consulting with the workflow providers to enable the examination
of a wider cross section of applications and they have been very willing to assist in this
respect.
4.40 Inspection Reports. The reports contain a review of compliance against a strict
set of baselines that derive from Part I Chapter II and the Code of Practice. They contain
formal recommendations with a requirement for the public authority to report back
within two months to say that the recommendations have been implemented, or what
progress has been made.
29