2011 Annual Report of the Interception of Communications Commissioner
to act as a DP. In total 52 requests were made by these two local authorities and regrettably this
data was therefore not acquired in accordance with the law. It was also shocking to find that the
same person had acted as the applicant, SPoC and DP in one of these local authorities. Not only
does this represent non-compliance with the Code of Practice, it also means that the requests
had a complete lack of scrutiny in the individual local authority as they were effectively selfauthorised.The RIPA (Communications Data) Order 2010 (No. 480) makes it very clear that the
prescribed officer to act as a DP in a local authority must be a Director, Head of Service, Service
Manager or equivalent. I am pleased to report that these two local authorities were quick to put
measures in place to ensure that they obtain the appropriate level of authority for any future
communications data requests. NAFN has also tightened its DP registration process and the
Head of Legal Services / Monitoring Officer from each individual local authority is now required
to verify that the person intending to register is of the prescribed rank / level.
“In two local authorities the communications data that was acquired had not
been approved by a person of sufficient seniority to act as a DP.”
Second, in two instances the DPs in two different local authorities approved the acquisition of
traffic data under Section 21(4) (a). Local authorities are not permitted to acquire traffic data but
the applications were processed by the SPoCs and approved by the DPs in both of these local
authorities. Regrettably in one of these instances the traffic data was disclosed by the CSP and as
a result the local authority obtained data to which it was not lawfully entitled. Fortunately in the
second instance, the CSP involved refused to comply with the request and did not disclose the
traffic data to the Council. The inspectors were satisfied that these two instances were genuine
mistakes, but it does emphasise the importance of the SPoC providing a robust guardian and
gatekeeper function and the CSPs role in checking the requests they receive.
“In two instances the DPs in two different local authorities approved the
acquisition of traffic data under Section 21(4) (a), [which] local authorities are
not permitted to acquire”
Third, my inspectors found one instance where a local authority had inappropriately used
their powers under Part I, Chapter II of RIPA to acquire communications data in relation to an
investigation that did not meet the necessity criteria. The application related to an allegation
that a parent living outside of the catchment area of a school provided an address within the
catchment area in order to secure a school place. The communications data was requested to
provide evidence of residency and to confirm the genuine address. The application stated that
the Schools Admissions Department would withdraw the place for the child if the allegation was
substantiated, but no criminal offences were specified.
A summary of the case was provided to me by the Council and I was satisfied from this that
the conduct undertaken by the Council did not amount to wilful or reckless use of the powers.
It is clear that the Council went through a considered thought process, that legal advice was
sought prior to submitting the application and that there were ongoing discussions in relation to
whether a prosecution was feasible.
43