2012 Annual Report of the Interception of Communications Commissioner
individual responsible for acquiring the data from the Communication Service Provider (CSP)
and ensuring that the public authority acts in an informed and lawful manner; and the Senior
Responsible Officer (SRO) who is responsible for the overall integrity of the process. Adherence
to the Act and Code of Practice by public authorities is essential if the rights of individuals are to
be respected and all public authorities have a requirement to report any errors which result in
the incorrect data being disclosed.
The primary objectives of the inspections are to:
• Ensure that the systems in place for acquiring communications data are sufficient for the
purposes of the Act and that all relevant records have been kept.
• Ensure that all acquisition of communications data has been carried out lawfully and in
accordance with Part 1 Chapter 2 of RIPA and its associated Code of Practice.
• Provide independent oversight of the process and check that the matter under investigation
was such as to render the acquisition of data necessary and proportionate.
• Examine what use has been made of the communications data acquired, to ascertain whether
it has been used to good effect.
• Ensure that errors are being ‘reported’ or ‘recorded’ and that the systems are reviewed and
adapted where any weaknesses or faults are exposed.
• Ensure that persons engaged in the acquisition of communications data are adequately trained.
At the start of the inspections my inspectors review any action points and recommendations from
the previous inspection to check that they have been implemented. The systems and procedures
in place for acquiring communications data within the public authority are examined to check
they are fit for purpose.
My inspectors carry out an examination of the communications data applications submitted by
the public authority. It is difficult to set a target figure for the number of applications that are
examined in each public authority as the volume will obviously vary significantly depending on the
public authority being inspected. Where the public authority has only submitted a small number
of applications it is likely that they will all be examined. For the larger users, a random sample is
selected which embraces all of the types of communications data the particular public authority
is permitted to acquire. If we talk specifically about the larger users - police forces, LEAs and
intelligence agencies – and suppose that the number of applications is a third of the number of
notices and authorisations, then it is reasonable to suggest that my inspectors randomly examine
approximately 10% of the notices and authorisations that are issued/granted. I am satisfied that
this level of random sampling gives a reliable picture. The inspectors ensure that the applications
they examine cover a range of themes in order to accurately measure the level of compliance.
My inspectors will continue to examine applications until they reach the point that they are
satisfied that what they have examined is an accurate representation in relation to the public
authority’s level of compliance. Compliance is measured against the inspection baselines which
are drawn from the Act and Code of Practice. Where an inspector does not reach this point in
the time allocated for an inspection he will arrange to revisit the public authority to conclude
the inspection. This has happened in the past, but rarely occurs, as the time allocated to each
inspection is based around the overall number of requests.
24