may have unrestricted access to the telephone records of a member of the public is
far removed from reality because a process has to be gone through which requires
the necessity and proportionality tests to be met before the necessary approval is
given by a senior official.
3.9 In the same 12-month period a total of 661 errors were reported to my office
by public authorities; approximately three quarters are attributable to public
authorities and the remainder to CSPs and ISPs. This may seem a large number
but it is very small when it is compared to the numbers of requests for data which
are made nationally. I am not convinced that any useful purpose would be served
by providing a more detailed report of these errors. I should add that neither I nor
any of my Inspectors have uncovered any wilful or reckless conduct which has
been the cause of these errors. A considerable proportion of these errors were due
to the incorrect transposition of telephone numbers and of course human error
can never be eliminated completely. I am pleased to say more and more police
forces continue to introduce automated systems to manage their requirements for
communications data and these will reduce the number of keying errors which
occur.
3.10 In October 2007, when the Code of Practice was approved by Parliament
changes were made to the arrangements under which public authorities report
errors because previously they were required to notify me of any error, even
though it did not result in any intrusion upon the privacy of an innocent third party.
For example, if subscriber information was requested erroneously, in relation to
a telephone number which did not even exist, then this would still have to be
reported as an error. Additionally, certain other errors which were effectively
procedural breaches of the Code of Practice, also had to be reported. For example,
the failure by a police force to serve a Notice upon a CSP retrospectively within
one working day of an oral request being made for communications data when
there was an immediate threat to life.
3.11 Accordingly I agreed to a change in the error reporting system whereby
public authorities now only report errors which have resulted in them obtaining
the wrong communications data and where this has resulted in intrusion upon
the privacy of an innocent third party. Other errors are simply recorded. In my
judgement this change was necessary in order to highlight the most serious
errors which have impacted, or potentially impacted upon individuals and to
reduce unnecessary bureaucracy associated with reporting of procedural errors,
particularly in relation to the police forces and law enforcement agencies, and to
bring more perspective and clarity to the error reporting system. My Inspectors
review all errors during the inspections to ascertain why they occurred and how
recurrence can be avoided, and they work closely with the public authorities to
ensure that errors are kept to the absolute minimum. The frequency of ‘recordable’
errors may indicate to an Inspector that the overall level of compliance may not be
quite as good as it should be and this is important.
Communications data and the work of the Inspectorate
during the period covered by this report.
Police Forces and Law Enforcement Agencies
3.12 There are 43 police forces in England & Wales; 8 police forces in Scotland;
and the Police Service of Northern Ireland which are all subject to inspection.
Additionally my Inspectors also inspect the British Transport Police; Port of
Liverpool Police; Port of Dover Police; Royal Military Police; Royal Air Force
Police; Civil Nuclear Constabulary; Ministry of Defence Police; and the Royal
Navy Police.
3.13 Law enforcement agencies comprise Her Majesty’s Revenue and Customs;
the Serious Organised Crime Agency; the Scottish Crime and Drug Enforcement
Agency; United Kingdom Border Agency; and the Child Exploitation & Online
Protection Centre.
9