2012 Annual Report of the Interception of Communications Commissioner
My inspectors found that the DPs were generally discharging their statutory duties responsibly.
The statistics provided to my office this year show that 55 applications were rejected by the
DPs in 2012. The majority were found to be completing their written considerations to a good
standard. However, my inspectors found that in two of the local authorities inspected the DPs
had not actually recorded any written considerations when approving some of the applications
and this constitutes non-compliance with Paragraph 3.7 of the Code of Practice. In these cases
the DPs had mistakenly believed that they did not need to record any considerations however
it was clear they had seen and approved the applications. These local authorities received red
recommendations in this area and have now amended their systems to ensure that they comply
in this respect in future. It is important for DPs to comply with this aspect of the Code of
Practice to provide evidence that each application has been duly considered.
In one local authority two communications data requests (submitted on one application) were not
approved by a person of sufficient seniority to act as a DP. Regrettably this data was not acquired
in accordance with the law. In two other local authorities, the record keeping requirements
outlined in Paragraph 6.1 of the Code of Practice had not been complied with and as a result
there was no record of the DPs approvals, or in one instance, of an application form being
completed. In one of these instances, the SPoC had also acted as the DP (which is permissible)
and therefore it was clear that an approval had been given to acquire the data.
“My inspectors found that the [local authority] DPs were generally
discharging their statutory duties responsibly.”
In two instances the DPs in two different local authorities approved the acquisition of traffic
data under Section 21(4) (a). Local authorities are not permitted to acquire traffic data, but
the applications were processed by the SPoCs and approved by the DPs in both of these local
authorities. Regrettably in both of these instances the traffic data was disclosed by the CSPs and
as a result the local authorities obtained data to which they were not lawfully entitled. In one of
the instances it was not actually necessary to acquire the traffic data (incoming call data) as the
objective was to prove contact between three known individuals. Acquiring outgoing call data
under Section 21(4)(b) in relation to the three individuals would have achieved the objective.The
inspectors were satisfied that these two instances were genuine mistakes, but it does emphasise
the importance of the SPoC being appropriately trained as well as the CSPs role in checking the
requests they receive.
A number of the local authorities inspected were still not aware that it is the statutory duty of
the DP to issue Section 22(4) Notices, despite the fact that I have raised this point in my previous
two annual reports. The SPoCs were completing the Notices after the DPs had approved the
applications. As a result procedural (‘recordable’) errors occurred, but importantly these had no
bearing on the actual justifications for acquiring the data.
Last year I reported that my inspectors identified a large number of reportable errors during
the 2011 local authority inspections that had not been notified to my office. I am very pleased
to report that this was certainly not the case in 2012 as only 7 errors were discovered by my
inspectors. It is important to make the point that the serious compliance issues relate to a very
43