Report of the Interception of Communications Commissioner - March 2015
my office collected statistics in relation to whether the data that was acquired related to a
suspect, victim, witness or other category of individual, and this more achievable statistic
goes some way to better inform the public about how the powers are being used. I note
that the Home Office has included this statistical requirement in the revised code of
practice.
Inspection Regime
7.32 My office’s communications data inspections are structured to ensure that key
areas derived from Chapter II of Part I of RIPA 2000 and the code of practice are scrutinised.
A typical inspection may include the following:
•
•
•
•
•
•
•
•
•
the supply of a pre-inspection pack (two months prior to our visit) to the head
of the public authority to require information and arrange interviews with
operational teams;
a review of the action points or recommendations from the previous inspection
and their implementation;
an audit of the information supplied by the CSPs detailing the requests
that public authorities have made for disclosure of data. This information
is compared against the applications held by the SPoC to verify that the
necessary approvals were given to acquire the data;
random examination of individual applications for communications data to
assess whether they were necessary in the first instance and then whether the
requests met the necessity and proportionality requirements;
query based examination of applications, via interrogation of the secure
auditable computer systems used by the larger public authorities, to identify
trends, patterns and compliance issues in key parts of the process across large
volumes of applications;
scrutinising at least one investigation or operation from start to end to assess
whether the communications data strategy and the justifications for acquiring
all of the data were proportionate;
examination of the urgent oral approvals to check the process was justified
and used appropriately;
a review of the errors reported or recorded, including checking that the
measures put in place to prevent recurrence are sufficient; and,
the compilation of a detailed inspection report and action plan setting out
the findings, recommendations and overall level of compliance. This is sent
to the head of the relevant public authority, i.e. the Chief Constable or Chief
Executive.
7.33 Number of inspections. In 2014 my office conducted 90 communications data
inspections broken down as follows: 51 police force and law enforcement agency, 3
intelligence agency, 18 local authority and 18 ‘other’ public authority inspections. In 2014
my office moved to conduct annual inspections of the public authorities that acquire
52
@iocco_oversight