Sensitive professions. The Code of Practice (paragraphs 3.72-3.77) requires applicants
and DPs to give special consideration when considering applications for communications
data which relate to persons who are members of professions which handle privileged
or otherwise confidential information, for example lawyers or doctors. Public authorities
must record the number of such applications and report to the Commissioner annually.
In 2016, 47 public authorities advised that they had made a total of 948 applications that
related to persons who were members of sensitive professions.
A significant proportion of these 948 applications were categorised incorrectly (i.e. the
applicant had recorded a sensitive profession when there was not one). This was usually
because the applicant erred on the side of caution, recording a sensitive profession if
there was a possibility of one, rather than because they knew that there was one. This
gives the impression of more requests for communications data relating to members of
sensitive professions than have actually been made. It provides me with a greater level of
assurance that DPs are taking sensitive professions into account when necessary.
Most applications relating to members of sensitive professions were submitted because
the individual had been a victim of crime or was the suspect in a criminal investigation. In
these cases, the profession of the individual was usually not relevant to the investigation,
but public authorities showed proper consideration of the sensitive profession by bringing
it to the attention of the authorising officer.
Inspection Regime
Communications data inspections are structured to ensure that the terms of Chapter 2 of
Part 1 of RIPA and the associated Code of Practice are being properly followed. A typical
inspection may include the following:
A review of recommendations from the previous inspection and progress towards their
implementation.
An audit of the requests that public authorities have made to CSPs for the disclosure of
data. This information is compared against the applications held by the SPoC in order to
verify that approvals were given to acquire the data. This part of the process should also
reveal whether any data disclosed by a CSP was not authorised.
The random examination of applications for communications data to assess whether the
case for necessity and proportionality had been met.
An interrogation of the secure auditable computer systems used by larger public
authorities to identify and analyse trends, patterns and compliance issues across large
volumes of applications. For example, inspectors might use the system to show us every
application which included the word ‘journalist’.
The scrutiny of large-scale or otherwise significant investigations, for example
investigations involving numerous IP address resolutions.
www.iocco-uk.info
13