54
BIG BROTHER WATCH AND OTHERS v. THE UNITED KINGDOM JUDGMENT
undertaken by a SPoC and the on‑going nature of a SPoC’s engagement with CSPs, it
is good practice to engage the SPoC to liaise with the CSP on such requests.
The senior responsible officer
3.31. Within every relevant public authority a senior responsible officer must be
responsible for:
the integrity of the process in place within the public authority to acquire
communications data;
compliance with Chapter II of Part I of RIPA and with this code;
oversight of the reporting of errors to IOCCO and the identification of both
the cause(s) of errors and the implementation of processes to minimise
repetition of errors;
engagement with the IOCCO inspectors when they conduct their
inspections; and
where necessary, oversight of the implementation of post‑inspection action
plans approved by the Commissioner.
Authorisations
3.32. An authorisation provides for persons within a public authority to engage in
specific conduct, relating to a postal service or telecommunications system, to obtain
communications data.
3.33. Any designated person in a public authority may only authorise persons
working in the same public authority to engage in specific conduct, such as requesting
the data via secure auditable communications data acquisition systems. This will
normally be the public authority’s SPoC, though local authorities must now use the
National Anti‑Fraud Network (see later in this chapter for more details).
3.34. The decision of a designated person whether to grant an authorisation shall be
based upon information presented to them in an application.
3.35. An authorisation may be appropriate where:
a CSP is not capable of obtaining or disclosing the communications data;
there is an agreement in place between a public authority and a CSP
relating to appropriate mechanisms for disclosure of communications data;
or
a designated person considers there is a requirement to identify a person to
whom a service is provided but a CSP has yet to be conclusively
determined as the holder of the communications data.
3.36. An authorisation is not served upon a CSP, although there may be
circumstances where a CSP may require or may be given an assurance that conduct
being, or to be, undertaken is lawful. That assurance may be given by disclosing
details of the authorisation or the authorisation itself.
3.37. An authorisation – the original or a copy of which must be retained by the
SPoC within the public authority – must:
be granted in writing or, if not, in a manner that produces a record of it
having been granted;