of recommendations or an Action Plan which will address all areas that require
remedial action. I have sight of all of those inspection reports in order that I can
properly discharge my oversight functions. The top copy of the report is sent
to the head of the public authority concerned, e.g., the Chief Constable or the
Chief Executive in the case of a local authority and they are required to confirm,
within a prescribed time period, whether the findings are accepted and that the
recommendations or action points will be implemented.
3.6 I strongly believe that it is in the public interest that public authorities should
demonstrate that they make lawful and effective use of regulated investigatory
powers. My annual report should provide the necessary reassurance that the use
which public authorities have made of their powers has met my expectations and
those of my Inspectors, although there is no reason why public authorities cannot
make a further disclosure in compliance with a request under the Freedom of
Information Act if they so wish. There is provision for this in the Code of Practice
although each public authority must seek my prior approval before making any
further disclosure. That is to ensure that the wider public interest is not adversely
affected by a disclosure.
3.7 During the year ended 31 December, 2007, public authorities as a whole,
made 519,260 requests for communications data to Communication Service
Providers (CSP). I do not intend to give a breakdown of these requests because I do
not think that it would serve any useful purpose, but I can say that the intelligence
agencies, police forces and other law enforcement agencies are the principal users
of communications data. Later in my report I will give some indication of the
extent to which local authorities use communications data as I believe that this
should be placed in context. Any suggestion that a low ranking council employee
may have unrestricted access to the telephone records of a member of the public
is far removed from reality because a process has to be gone through first which
requires the necessity and proportionality tests to be fully met before the necessary
approval is given by a senior official.
3.8 In the same 12-month period a total of 1,182 errors were reported to my office
by public authorities: approximately two thirds are attributable to public authorities
and one third to CSPs. This may seem a large number but it is very small when it is
compared to the numbers of requests for data which are made nationally. I am not
convinced that any useful purpose would be served by providing a more detailed
report of these errors. I should add that neither I nor any of my Inspectors have
uncovered any willful or reckless conduct which has been the cause of these errors.
A considerable proportion of these errors were due to the incorrect transposition of
telephone numbers and of course human error can never be eliminated completely.
I am pleased to say that more and more police forces are introducing automated
systems for the management of communications data requests and these will
inevitably reduce the number of keying errors which occur.
3.9 In October 2007, when the Code of Practice was approved by Parliament,
changes were made to the arrangements under which public authorities report
errors because previously they were required to notify me of any error, even
though it did not result in any intrusion upon the privacy of an innocent third party.
For example, if subscriber information was requested erroneously, in relation to
a telephone number which did not even exist, then this would still have to be
reported as an error. Additionally, certain other errors which were effectively
procedural breaches of the Code of Practice, also had to be reported. For example,
the failure by a police force to serve a Notice upon a CSP retrospectively within
one working day of an oral request being made for communications data when
there was an immediate threat to life.
3.10 Accordingly I agreed to a change in the error reporting system whereby
public authorities now only report errors which have resulted in them obtaining
the wrong communications data and where this has resulted in intrusion upon
the privacy of an innocent third party. In my judgment this change was necessary
8