56
IPCO Annual Report 2017
Fig. 15 By period of traffic data / service use items requested43
Less than a day
1-7 days
8-14 days
15-30 days
31-90 days
91-120 days
121-240 days
241-365 days
Over 365 days
% 0
8.19
5
10
15
20
25
30
33% of submitted applications were returned to the applicant by the SPoC44 and a very
small proportion (0.83%) were declined by the SPoC. Of those applications submitted
to a Designated Person45 for consideration 1.71% were declined by the DP.
Returns, rejections and declinations of applications during 2017
Percentage of applications returned to the applicant by the SPoC for development
33%
Percentage of applications returned by the DP for development
5%
Percentage of applications declined by the SPoC
0.83%
Percentage of Applications rejected by the DP
1.71%
The authorisation process
8.20
Applications for communications data are typically made by those conducting investigations
or operations for a public authority which has the power to acquire communications data.
The applicant submits the application to a Single Point of Contact (SPoC); the SPoC carefully
checks the application to ensure that it is reasonably practical to obtain the data sought
and that it is lawful under RIPA and free from errors; once satisfied, the SPoC submits the
application to a designated person (DP) who decides whether to authorise the application.
8.21
All applications must include details about the targeted communications data, specifying
any relevant dates or time periods, the identity of the individual with whom the data is
concerned, its relevance to the enquiry, the statutory purpose underpinning the application
and an explanation of the necessity and proportionality of the proposed acquisition.
43 This is not based on a full sample of the 757,977 items acquired.
44 The single point of contact (SPoC) is an accredited individual trained to facilitate lawful acquisition of communications data and effective
co-operation between a public authority and the CSPs. Despite the name, in practice many organisations will have multiple SPoCs, working
together. To become accredited an individual must complete a course of training appropriate for the role of a SPoC and have been
issued the relevant SPoC authentication identifier. SPoCs in public authorities should be security cleared in accordance with their own
organisation’s requirements. Details of all accredited individuals are available to CSPs for authentication purposes – Para 3.19 Acquisition
and Disclosure of Communications Data Code of Practice 2015.
45 The designated person (DP) is a person holding a prescribed office in a relevant public authority. It is the designated person’s
responsibility to consider the application and record their considerations at the time (or as soon as is reasonably practicable) in
writing or electronically. If the designated person believes the acquisition of communications data is necessary and proportionate in
the specific circumstances, an authorisation is granted or a notice given Para 3.7 Acquisition and Disclosure of Communications Data
Code of Practice 2015.