Report of the Interception of Communications Commissioner - July 2016
and law enforcement agencies) to implement. It is understandable that a number of
those public authorities took some months to implement the new requirement because
it required significant organisational, policy and IT system changes.
7.58 Unsurprisingly during our inspections in 2015 we identified a number of
compliance issues or concerns in relation to this area of the process. The compliance
issues or concerns broadly fell into four categories:
1
2
3
4
Those public authorities where instances of non-compliance were identified
during inspections or were reported to us (i.e. DPs had considered and
approved applications when they were not independent of the investigations
or operations to which the applications related). 7 public authorities fell into
this category;
Those public authorities where we could not be satisfied that the systems
and procedures were sufficient to ensure compliance with the independence
requirements but we found no individual instances of non-compliance. In
some cases no clear strategy had been implemented by the public authority,
or we questioned the reliance on DPs self-certifying their independence,
particularly where they were considering applications from departments or
areas for which they had strategic accountability. 14 public authorities fell into
this category;
Those public authorities where we were satisfied that the procedures were
sufficient overall, but where recommendations were made to enhance the
safeguards further to ensure that independence was always achieved (e.g.
improved auditing capabilities to check a DP is independent or formalising
arrangements for applications to be considered in the absence of the principal
DP). 8 public authorities fell into this category;
Those public authorities who are not able to call upon the services of a DP
who is independent from the investigation or operation, but who had not
notified us of this fact in accordance with Paragraph 3.13 of the Code of
Practice. 4 “other” public authorities fell into this category and we separately
prompted NAFN to audit the local authorities registered to use their SPoC
services. NAFN reported to us that 49 of the 228 local authorities registered
with them were not able to call upon the services of an independent DP, but
only approximately half of the 49 local authorities used their powers in 2015.
The reasons for being unable to call upon an independent DP were twofold.
First, applications emanated from small specialist criminal investigation
departments within public authorities who are not law enforcement or
intelligence agencies (such as local authorities). Secondly, a number of the
public authorities are restricted in the number of individuals who can act
as a DP because the relevant statutory instrument prescribes a job title or
position which only one individual holds within the organisation and, by the
very nature of that role, they would not be entirely independent. In the case
of local authorities it is important to note that although the DP might not be
independent, local authorities cannot acquire communications data without
the authorisation first being approved by a relevant judicial authority.49
49 See Section 37 of the Protection of Freedoms Act 2012 - “Relevant judicial authority” means—
www.iocco-uk.info
61