3.14 All of the above mentioned public authorities, with the exception of the Civil
Nuclear Constabulary, Port of Dover Police and the Child Exploitation & Online
Protection Centre have now been inspected at least twice since the Inspectorate was
formed about five years ago. The Port of Dover Police and the Port of Liverpool
Police did not make any use of their powers during the reporting year and the
Civil Nuclear Constabulary has made only 15 requests for communications data.
The vast majority of them were for subscriber information and therefore it has not
been necessary for us to conduct a second inspection.
3.15 The Child Exploitation & Online Protection Centre was formed in 2006 and
it is dedicated to eradicating the sexual abuse of children. It was inspected for the
first time in August last year and clearly communications data plays a key role in
helping the Child Exploitation & Online Protection Centre work in partnership
with local and international forces and Internet Service Providers (ISP) to make
the Internet a safer place for our children and young people to use.
3.16 In 2009 my team of Inspectors commenced the third phase inspections of
police forces and law enforcement agencies. Thirty three inspections of police
forces and law enforcement agencies were conducted during the reporting year.
The areas covered by these inspections are fairly wide ranging and therefore the
Inspectors work in pairs because experience shows this is more efficient and
effective. Later in this section of this report I intend to give more insight into
how the inspections are conducted because I believe this will give the necessary
reassurance that relevant public authorities are held accountable for the way in
which they exercise their powers to acquire communications data.
3.17 Generally the outcomes of the inspections were good and the Inspectors
concluded that communications data is being obtained lawfully and for a
correct statutory purpose. One of the first aims of the inspection is to check
that the recommendations or action points from the previous inspection have
been implemented and this proved to be so in the vast majority of cases. As a
consequence the overwhelming number of police forces and law enforcement
agencies are sustaining a good level of compliance with the Act and Code of
Practice. However, it came to my notice that one or two police forces had been
slow to respond to the findings from the previous inspection reports. They were
revisited a few months later and the necessary improvements had been made.
3.18 I am pleased to report that a considerable number of police forces and law
enforcement agencies have automated systems for the purpose of managing their
requirements for communications data, and they are continually being upgraded
to ensure they work as efficiently and effectively as possible. They help to reduce
the scope for errors as generally the subject telephone number or communications
address only has to be entered once and then it populates itself throughout the
remainder of the process. In one instance, however, minor breaches of the Act
and Code of Practice were occurring because the software had been modified
inappropriately after it had been installed. In effect this meant that some of the
data had not been obtained fully in accordance with the law and relevant staff
in the public authority concerned have been advised that they have a duty under
the Criminal Procedure and Investigations Act 1996 to bring this to the attention
of the prosecutor who will decide whether it could have an adverse effect on
any criminal proceedings which are pending. In my view this is improbable
because the Inspectors were satisfied that it was still necessary and proportionate
to acquire the data and moreover it could easily have been obtained lawfully if
these procedural breaches had not occurred. Where necessary my Inspectors have
liaised with the systems providers to make sure that the automated systems are
capable of operating fully within the law and the Code of Practice.
3.19 Part of the inspection entails checking whether the systems and processes for
acquiring communications data are being maintained efficiently and effectively.
Inherent failings and weaknesses must be identified and quickly remedied in order
to minimise the risk of errors. Generally the police forces and law enforcement
10