IPCO Annual Report 2018
• The acquisition of data relating to Internet Protocol Addresses when, due to the format
and nature of the data, the risk of an error occurring is higher than usual; and
• The recordable and reportable non-serious errors that have occurred during the reporting
period, to identify any trends or learning that can be passed to other public authorities,
and to ensure any action taken to avoid recurrence is sufficient.24
Protected Information
5.31
During law enforcement inspections we also review any applications requiring the
disclosure of protected information. The investigation of protected electronic information
is carried out under Part 3 of RIPA. Any such applications are managed by the National
Technical Assistance Centre (NTAC).
Other Public authorities
5.32
Depending upon the scale and levels of covert activity for each public authority, inspections
are either annual (as in the case of the Department for Work and Pensions, and the Home
Office’s Immigration Enforcement), or once every two or three years.
5.33
At each inspection, we interview key officials on the use and management of covert
tactics and examine any relevant policies. The provision of, and procedures for, training
are similarly considered. We scrutinise a representative sample of authorisations and
associated paperwork. The methodology for public authorities mirrors that described for
local authorities, set out below.
Local authorities
5.34
Routinely, we simultaneously inspect an authority’s use of both CHIS and surveillance
powers under RIPA Part 2. We aim to inspect local councils across England, Wales and
Scotland every three years. IPCO additionally inspects local authorities via the National
Anti-Fraud Network (NAFN), which processes all CD requests for local authorities. In 2018,
three Inspectors conducted a one-day inspection of NAFN.
5.35
A remote inspection involves sending a questionnaire for the authority to explain their
compliance management processes and to provide details as to how they have used their
powers since the last inspection. These results are analysed before a member of the
authority is interviewed over the telephone. We seek an explanation for any ambiguities
and test the authority’s understanding of the relevant legislation and CoP. The authority
is able to raise any issues and advice is given by the Inspector on best practice. The
opportunity will be taken to inform the authority of successful ways of working adopted
elsewhere. Remote inspections are used if the relevant authority is not using covert powers
and there are no concerns about compliance. We will not do two remote inspections in a
row and will always ensure that an on-site inspection takes place on the next occasion. We
are particularly concerned to ensure that covert powers are not being inadvertently used
outside of the oversight regime and that all authorities are fully prepared to utilise these
investigatory powers in a lawful manner. In the rare event that we are dissatisfied with the
results of a remote inspection, an on-site visit takes place shortly thereafter.
24 See the Errors chapter for more information.
33