Surveillance Oversight Database

2012 Annual Report of the Interception of Communications Commissioner

7. 	ACQUISITION AND DISCLOSURE OF
COMMUNICATIONS DATA
(RIPA PART I, CHAPTER 2)
7.1 General Background to Types of Communications Data
There are three types of communications data gathered under RIPA Part I, Chapter 2. These are
fully defined in RIPA but in summary;
• Subscriber Data relates to information held or obtained by a Communication Service Provider
(CSP) in relation to a customer (e.g. name and address of account holder of an email address).
• Service Use Data is information relating to the use made by any person of a communication
service (e.g. itemised telephone call records showing the date/time and duration of calls made
and the numbers dialled).
• Traffic Data is data that is or has been comprised in or attached to a communication for the
purpose of transmitting the communication (e.g. anything written on the outside of a postal
item concerning its postal routing).
Certain public authorities are approved by Parliament to acquire communications data, under
Part I Chapter 2 of RIPA, to assist them in carrying out their investigatory or intelligence function.
They include the intelligence agencies, police forces, the United Kingdom Border Agency (UKBA),
the Serious Organised Crime Agency (SOCA) and other public authorities such as the Gambling
Commission, Financial Services Authority (FSA), Environment Agency and local authorities.
Any access to communications data by public authorities is an intrusion into someone’s privacy.
To be justified, such intrusion must satisfy the principles of necessity and proportionality derived
from the European Convention on Human Rights (ECHR) and embedded in RIPA. All public
authorities permitted to obtain communications data using the provisions of RIPA are required
to adhere to the Code of Practice when exercising their powers and duties under the Act. The
Act and its Code of Practice contain explicit human rights safeguards. These include restrictions,
prescribed by Parliament, on the statutory purposes for which public authorities may acquire
data; on the type of data public authorities may acquire; which senior officials within public
authorities may exercise the power to obtain data; and which individuals within public authorities
undertake the work to acquire the data.

7.2 Inspection Regime
I have been supported by a Chief Inspector and five inspectors who are all highly trained in the
acquisition and disclosure criteria, processes and the extent to which communications data may
assist public authorities in carrying out their functions. My inspection team, supported by two
administrative staff, undertake a revolving programme of inspection visits to public authorities
who are authorised to acquire communications data. The inspections take between 1 and 5
days, depending on the level of access the public authority has been granted under the Act, how
frequently they are using their powers to acquire communications data and their previous level
of compliance.
The acquisition of communications data generally involves four roles within a public authority; the
Applicant who is the person involved in conducting an investigation who submits the application
for communications data; the Designated Person (DP) who objectively and independently
considers and authorises the application; the Single Point of Contact (SPoC) who is an accredited

23