Report of the Interception of Communications Commissioner - July 2016
7.47 Inspection Reports. The reports contain a review of compliance against a strict
set of baselines that derive from Chapter 2 of Part 1 of RIPA and the Code of Practice. They
contain formal recommendations with a requirement for the public authority to report
back within two months to say that the recommendations have been implemented, or
what progress has been made.
Inspection Findings & Recommendations
7.48 The total number of recommendations made during our 72 communications data
inspections in 2015 was 366 (Figure 15). A traffic light system (red, amber, green) is in
place for the recommendations to enable public authorities to prioritise the areas where
remedial action is necessary:
•
•
•
Red recommendations - immediate concern - serious breaches or noncompliance with Chapter 2 of Part 1 of RIPA or the Code of Practice.
Amber recommendations - non-compliance to a lesser extent; however
remedial action must still be taken in these areas as they could potentially
lead to serious breaches.
Green recommendations - represent good practice or areas where the
efficiency and effectiveness of the process could be improved.
7.49 This year of 29 recommendations (8%) were red, 203 (55%) amber and 134 (37%)
green. Comparisons with previous years are difficult because the public authorities being
inspected are not the same and the number of inspections conducted each year differs.
However, whilst the proportion of red, amber and green recommendations has remained
broadly consistent over the past four years, the average number of recommendations per
inspection in 2015 rose from approximately four to five per public authority (Figure 15).
Analysis shows that the increase stems from compliance issues relating to new provisions
in the Code of Practice i.e. those concerning record-keeping (statistical) requirements, DP
independence and applications relating to sensitive professions, which are discussed in
more detail below.48
7.50 At the end of each inspection, the individual public authority is given an overall
rating (good, satisfactory, poor). This rating is reached by considering the total number
of recommendations made, the severity of those recommendations, and whether those
recommendations had to be carried forward because they were not complied with
following the previous inspection. While it is difficult to compare previous years because
the public authorities inspected each year change, it is possible to gauge whether
compliance is improving or not by comparing a public authority’s rating in 2015 to the
rating from its previous inspection. 51 of 72 the public authorities inspected maintained
their overall rating (49 good & 2 satisfactory). 8 public authorities raised their overall
level of compliance rating (6 from satisfactory to good, 1 from poor to satisfactory and
48 Just over one quarter of the 366 recommendations made in 2015 related to new provisions in the Code
of Practice. Without them the average number of recommendations per inspection would be almost
identical to the 2014 average.
58
@iocco_oversight