28
IPCO Annual Report 2018
Inspection reports
5.5
A report is issued after each inspection. These set out our conclusions and
recommendations and identify any areas of vulnerability or non-compliance. The report is
sent to the head of the agency or authority and, if appropriate, is copied to the relevant
Department of State.
5.6
We use three categories of recommendation:
Colour
Recommendation
Red
Signifies a critical issue where immediate action must be taken
Amber
Relates to an issue where a process may need to be reviewed
Green
Denotes general recommendation where we believe improvements could be
made at an early stage to prevent any issue of non-compliance arising in the
futurem or point to areas where operational efficiencies could me made or
additional information is required to make an assessment
We also identify areas of good practice which may be of interest to other similar
organisations. We also make observations or identify areas of good practice which may be
of interest to other similar organisations.
5.7
We are working to standardise our reports across the different powers we oversee. In 2018,
reports differed substantially in terms of style and content, which reflected the range and
complexity of the areas covered by our inspections and the different approaches taken by
our predecessor organisations. Our intention is to issue reports which enable organisations
to take action on the basis of our recommendations but, in addition, we aspire to enable
them to identify where improvements and efficiencies could eliminate wider compliance
vulnerabilities. This will continue to be a focus of our work for 2019.
5.8
Our reports are drafted for use by the relevant agency and typically contain operational
detail which cannot be disclosed because of the statutory secrecy provisions contained
in the Regulations of Investigatory Powers Act 2000 (RIPA) and the Investigatory Powers
Act 2016 (IPA). The reports may, for example, include a summary of briefings given during
an inspection or details of a new technique or a specific operation of interest. We hope,
however, that through the carefully chosen examples in this and other reports, we can
explain the work of IPCO without breaching those provisions.
A changing approach to inspections
5.9
In 2018, we considered whether bringing together Communications Data (CD) inspections
(formerly conducted by the Interception of Communications Commissioner’s Office)
and surveillance inspections (formerly carried out by the Office of the Surveillance
Commissioner) would establish a more robust oversight model than hitherto, providing
greater insight into the work of each public authority. For some bodies, where these
powers are not used together or by the same department or team, carrying out joint
inspections would bring no obvious benefit and could be burdensome. However, put
generally, our initial experience shows that carrying out a single inspection, covering IPA
and RIPA powers used by Law Enforcement Agencies (LEAs), offers benefits for both IPCO
and the inspected authority. We have also found that best practice recommendations can
have greater impact if they are considered across the piece, rather than by one operational