IPCO Annual Report 2018
11.17
Training is an important foundation for compliance and is often a first step in response
to our recommendations. We would encourage a more proactive approach to training,
including refresher training for staff in key roles.
11.18
As we have mentioned elsewhere in this report, the growth of online activity, particularly
in relation to social media, has been reflected in updates to the Covert Surveillance and
CHIS Codes of Practice. We have been pleased to note that LEAs have introduced a range of
training to allow staff lawfully to exploit this source of information and that this training is
available to staff including researchers, analysts, Cyber Crime Units and relevant sources.
11.19
Naturally, some agencies have been slower than others in establishing a well-structured,
trained, online capability, and in recognising how the use of open source material may
meet the criteria for authorisation as directed surveillance or CHIS. We will continue to
examine whether the appropriate training and authorisations are in place. In this respect
we interview staff involved in online surveillance activity, as well as those in public-facing
roles which might incidentally become involved in surveillance.
11.20
We have previously made recommendations at specific LEAs seeking to improve the
bespoke nature of applications. We are pleased that these have generally been discharged
and that applications scrutinised in 2018 did not rely, as before, on generic templates. We
have also seen examples of good practice in some LEAs with consistently high standards of
record keeping.
11.21
We have seen examples of improvements in the documentation of welfare concerns in
relation to CHIS in LEAs where this had previously been of concern. With one organisation,
where we had previously considered whether the risks to a CHIS from the individuals they
were tasked to interact with were adequately considered and documented, we found
improvements during recent inspections. However, we still believe there could be greater
consistency; this would raise our level of confidence that this matter is considered fully in
all cases by those responsible for the CHIS’ welfare. We have also noted inconsistencies in
other areas, including how contact notes are completed and policy logs used, and we have
identified where improvements could be made.
11.22
Similarly, our inspection at another LEA addressed the issue of risk assessments for CHIS
authorisations. We had previously raised concerns and were impressed by the approach
taken to remedy these shortcomings. The authority has standardised its approach,
introducing a risk-assessment questionnaire to prompt consideration of specific risks in
each case. New methodology for logging and reviewing risks has now been introduced,
supported by new guidance for staff involved in overseeing this process.
11.23
We previously recommended that one authority should review their processes for oral
authorisation of urgent applications. We were concerned that contemporaneous records
did not fully capture the required detail and that these were not retained consistently and
centrally. The organisation has now established a mechanism for centrally recording and
monitoring all urgent authorisations. The records we subsequently reviewed demonstrated
that the necessary considerations, including the scope and nature of the planned activity
and related intrusion considerations, are now well documented.
11.24
We have previously raised some concerns about ‘status drift’ and suggested that CHIS
should be authorised at the earliest opportunity once they have met the statutory criteria.
We note that this is at the discretion of the relevant authority but we would expect to see a
documented rationale for any prolonged recruitment. In 2018, one authority demonstrated
that this question had been thoroughly considered internally and had been the subject of a
specific internal programme of work to ensure that officers working within the organisation
69