Act Now Training welcomes solicitor and surveillance law expert, Naomi Mathews, to its team of associates. Naomi is a Senior Solicitor and a co-ordinating officer for RIPA at a large local authority in the Midlands. She is also the authority’s Data Protection Officer and Senior Responsible Officer for CCTV.
Naomi has extensive experience in all areas of information compliance and has helped prepare for RIPA inspections both for the Office of Surveillance Commissioners and Investigatory Powers Commissioner’s Office (IPCO). She has worked as a defence solicitor in private practice and as a prosecutor for the local authority in a range of regulatory matters including Trading Standards, Health and Safety and Environmental prosecutions. Naomi has higher rights of audience to present cases in the Crown Court.
Naomi has many years of practical knowledge of RIPA and how to prepare for a successful prosecution/inspection. Her training has been commended by RIPA inspectors and she has also trained nationally. Naomi’s advice has helped Authorising Officers, Senior Responsible Officers and applicants understand the law and practicalities of covert surveillance.
Like our other associates, Susan Wolf and Kate Grimley Evans, Naomi is a fee paid member of the Upper Tribunal assigned to the Administrative Appeals Chamber (Information Rights Jurisdiction and First Tier Tribunal General Regulatory Chamber (Information Rights Jurisdiction).
Ibrahim Hasan, director of Act Now Training, said:
“ I am pleased that Naomi has joined our team. We are impressed with her experience of RIPA and her practical approach to training which focuses on real life scenarios as opposed to just the law and guidance.”
Naomi will be delivering our full range of RIPA workshops as well developing new ones. She is also presenting a series of one hour webinars on RIPA and Social Media. If you would like Naomi to deliver customised in house training for your organisation, please get in touch for a quote.
The updated version of the Information Commissioner’s CCTV Code of Practice address the rising phenomena of surveillance technologies and methods. No longer are surveillance cameras passive image collectors, providing a resource for immediate use or historical evidence.
CCTV, ANPR, Body Worn Cameras, Aerial Drones, together with the associated analytical tools and software, are all technologies being used within many public and private sector organisations.
These technologies are invaluable for efficient and effective public protection as well as revenue collection and enforcement activities. Just one such example might be lone workers performing a caring function and for their safety, wearing audio and video recording equipment when they leave the safety of their own home. These persons then enter the private dwelling of a vulnerable person in need of assistance. In some instances the video and audio will be running throughout the whole of the attendance – often with a live feed to a control room. The benefits for the safety of the carer are clear, and the immediate response and advice by control room personnel is undoubtedly beneficial for the person requiring assistance. But this equipment is capturing images and conversation of an individual, and perhaps family and friends, within that person’s private home. The images and conversation, being witnessed by others many miles away is likely to be very intimate and private.
Does this vulnerable person or those responsible for them realise this is actually taking place?
Do they consent to it as a part of the provision of the service?
Before a public authority undertakes such activity it must conduct a privacy impact assessment, and perhaps obtain consent for the collection and processing of such information. Without such consideration – and a record of such assessment, then it might easily be argued that the organisation has not shown “Respect for the private life” in accordance with Article 8 of the European Convention on Human Rights, and the activity might be deemed to be unlawful – and indeed might be in breach of the Data Protection Act 1998. The Care Quality Commission has issued guidance on use of cameras in care homes.
The Surveillance Camera Commissioner, Tony Porter, pursuing compliance with a Code of Practice issued in accordance with the Protection of Freedoms Act has identified several aspects non-compliance when it comes to CCTV cameras:
Inadequate or non-existent privacy impact assessments
Equipment deployed with no respect or consideration for privacy or consideration for the benefit balanced with intrusion (proportionality)
Equipment in use not fit for purpose
Excessive use of surveillance
Removal of surveillance such as CCTV to reduce costs with little regard for the void left in relation to public safety and security
In a speech to the CCTV User Group, Mr Porter said budget cuts had led councils to decide to spend less on public space CCTV, meaning there was less money for staff training, poorer understanding of legal issues and a reduced service. He said councils could face greater scrutiny of their use of CCTV, including potential inspections and enforcement. Organisations should carry out annual reviews of their CCTV capacity but many failed to do so. He cited a West Midlands local authority which, upon review, reduced the number of ineffective cameras and saved £250,000 in the process.
Mr Porter, who has been in his post since March 2014, has written to council chief executives to remind them of the law and code of practice.
My latest series of one day CCTV law workshops examine the ‘surveillance landscape’ and the regulatory regime of the Information Commissioner, the Office of the Surveillance Commissioner, and the Surveillance Camera Commissioner. Attendees will be able to identify which regime(s) and codes of practice apply to their surveillance activity, and how to manage efficient, effective and lawful surveillance systems.
Increasingly local authorities are turning to the online world, especially social media, when conducting investigations. There is some confusion as to whether the viewing of suspects’ Facebook accounts and other social networks requires an authorisation under Part 2 of the Regulation of Investigatory Powers Act 2000 (RIPA). In his latest annual report the Chief Surveillance Commissioner states (paragraph 5.42):
“Perhaps more than ever, public authorities now make use of the wide availability of details about individuals, groups or locations that are provided on social networking sites and a myriad of other means of open communication between people using the Internet and their mobile communication devices. I repeat my view that just because this material is out in the open, does not render it fair game. The Surveillance Commissioners have provided guidance that certain activities will require authorisation under RIPA or RIP(S)A and this includes repetitive viewing of what are deemed to be “open source” sites for the purpose of intelligence gathering and data collation.”
Careful analysis of the legislation suggests that whilst such activity may be surveillance, within the meaning of RIPA (see S.48(2)), not all of it will require a RIPA authorisation. Of course RIPA geeks will know that RIPA is permissive legislation anyway and so the failure to obtain authorisation does not render surveillance automatically unlawful (see Section 80).
There are two types of surveillance, which may be involved when examining a suspect’s Facebook or other social network pages; namely Directed Surveillance and the deployment of a Covert Human Intelligence Source (CHIS). Section 26 of the Act states that surveillance has to be covert for it to be directed:
“surveillance is covert if, and only if, it is carried out in a manner that is calculated to ensure that persons who are subject to the surveillance are unaware that it is or may be taking place” (my emphasis)
If an investigator decides to browse a suspect’s public blog, website or “open” Facebook page (i.e. where access is not restricted to “friends”, subscribers or followers) how can that be said to be covert? It does not matter how often the site is accessed as long as the investigator is not taking steps to hide his/her activity from the suspect. The fact that the suspect is not told does about the “surveillance” does not make it covert. Note the words in the definition of covert; “unaware that it is or may be taking place.” If a suspect chooses to publish information online they can expect the whole world to read it including law enforcement and council investigators. If he/she wants or expects privacy it is open to them to use the available privacy settings on their blog or social network.
The Commissioner stated in last year’s annual report:
“5.31 In cash-strapped public authorities, it might be tempting to conduct on line investigations from a desktop, as this saves time and money, and often provides far more detail about someone’s personal lifestyle, employment, associates, etc. But just because one can, does not mean one should. The same considerations of privacy, and especially collateral intrusion against innocent parties, must be applied regardless of the technological advances.” (my emphasis)
I agree with the last part of this statement. The gathering and use of online personal information by public authorities will still engage Human Rights particularly the right to privacy under Article 8 of the European Convention on Human Rights. To ensure such rights are respected the Data Protection Act 1998 must be complied with. A case in point is the monitoring last year of Sara Ryan’s blog by Southern Health NHS Trust. Our data protection expert Tim Turner wrote recently about the data protection implications of this kind of monitoring.
Where online surveillance involves employees then the Information Commissioner’s Office’s (ICO) Employment Practices Code (part 3) will apply. This requires an impact assessment to be done before the surveillance is undertaken to consider, amongst other things, necessity, proportionality and collateral intrusion. Whilst the code is not law, it will be taken into account by the ICO and the courts when deciding whether the DPA has been complied with. In December 2014, Caerphilly County Borough Council signed an undertaking after an ICO investigation found that the Council’s surveillance of an employee , suspected of fraudulently claiming to be sick, had breached the DPA.
Facebook Friends – A Friend Indeed
Of course the situation will be different if an investigator needs to become a “friend’ of a person on Facebook in order to communicate with them and get access to their profile and activity pages. For example, local authority trading standards officers often use fake profiles when investigating the sale of counterfeit goods on social networks. In order to see what is on sale they have to have permission from the suspect. This, in my view, does engage RIPA as it involves the deployment of a CHIS defined in section 26(8):
“For the purposes of this Part a person is a covert human intelligence source if—
(a) he establishes or maintains a personal or other relationship with a person for the covert purpose of facilitating the doing of anything falling within paragraph (b) or (c);
(b) he covertly uses such a relationship to obtain information or to provide access to any information to another person; or
(c) he covertly discloses information obtained by the use of such a relationship, or as a consequence of the existence of such a relationship” (my emphasis)
Here we have a situation where a relationship (albeit not personal) is formed using a fake online profile to covertly obtain information for a covert purpose. In the case of a local authority, this CHIS will not only have to be internally authorised but also, since 1st November 2012, approved by a Magistrate.
This is a complex area and staff who do not work with RIPA on a daily basis can be forgiven for failing to see the RIPA implications of their investigations. From the Chief Surveillance Commissioner’s comments (below) in his annual report, it seems advisable for all public authorities to have in place a corporate policy and training programme on the use of social media in investigations:
“5.44 Many local authorities have not kept pace with these developments. My inspections have continued to find instances where social networking sites have been accessed, albeit with the right intentions for an investigative approach, without any corporate direction, oversight or regulation. This is a matter that every Senior Responsible Officer should ensure is addressed, lest activity is being undertaken that ought to be authorised, to ensure that the right to privacy and matters of collateral intrusion have been adequately considered and staff are not placed at risk by their actions and to ensure that ensuing prosecutions are based upon admissible evidence.”
We have a workshop on investigating E – Crime and Social Networking Sites, which considers all the RIPA implications of such activities. It can also be delivered in house.
In conclusion, my view is that RIPA does not apply to the mere viewing of “open” websites and social network profiles. However in all cases the privacy implications have to be considered carefully and compliance with the Data Protection Act is essential.
Regular refresher training for those conducting covert surveillance under Part 2 of the Regulation of Investigatory Powers Act (RIPA) is a common recommendation by the Office of Surveillance Commissioners (OSC) following inspections. Up to now, public authorities have had a choice of sending their staff on external courses or engaging our RIPA experts to deliver customised in house training at their premises. Both these options have cost implications. Some authorities can only afford to train a handful of staff thereby running the risk of non compliance by others who may not know what RIPA is and when it is engaged.
Enter the new Act Now RIPA E Learning Course. From the comfort of their own desk public authority staff can now receive relevant and up to date training on covert surveillance regulated by Part 2 of RIPA (Directed Surveillance, CHIS and Intrusive Surveillance) including the authorisation process. From as little as £49 plus vat, five interactive modules can be accessed which have a stimulating and creative approach that engages and challenges the learner. Real-life scenarios, knowledge checks, case studies and examples are included to add relevance and increase comprehension and retention. A short final course assessment leads to a certificate.
This course is not just for new staff or those with little knowledge of RIPA. It will also help experience staff to refresh and update their knowledge as it takes into account the latest RIPA codes and new authorisation procedures. Those who are really confident can do the final course assessment first, to test and identify any gaps in their knowledge. These can then be filled by doing each module. The unscored quizzes and interactions within each module and the final scored assessment are designed to challenge even RIPA geeks!
Sam Lincoln, a former OSC chief inspector, has designed the course assisted by Ibrahim Hasan. Sam says:
“I was delighted to be commissioned by Ibrahim and his team at Act Now to produce this eLearning course. When I was Chief Inspector at the OSC I was aware that many local authorities, constrained by budget reductions, were attempting to provide their own training in-house. Despite valiant efforts the result was often regurgitation of the codes of practice and ‘death by PowerPoint’ lectures. I wanted to produce something that was more interesting and included interaction, feedback and assessment.”
Upon reviewing the course our RIPA expert and trainer, Steve Morris, said:
“I have had an opportunity to review the finished product and have to say it is a great mix of knowledge, animation and assessment, using many different learning delivery methods to keep the learner engaged. Sam provides clear well-paced narration and his choice of words make the modules easy to follow and understand. I would say the modules are ideal for anyone involved with the management and application of RIPA, whatever their position.”
The Act Now RIPA E Learning Course is suitable for staff in all public authorities but particularly those in local authorities working in trading standards, environmental health, planning, licensing and enforcement.
The Chief Surveillance Commissioner, Sir Christopher Rose, published his final annual report on 25th June 2015. A lot of the report is typical of someone in his position who is leaving office, having a few parting moans. Then again, a £56,000 maintenance fee from the Home Office (paragraph 3.3) for a relatively simple website is well worth moaning about)!
The report covers the period from 1st April 2014 to 31st March 2015 and should be read by public authorities, especially councils, who conduct surveillance under Part 2 of the Regulation of Investigatory Powers Act 2000 (RIPA) (Directed Surveillance, Intrusive Surveillance and the deployment of a Covert Human Intelligence Source (CHIS)). It details statistics relating to the use of these tactics and information about how the Office of Surveillance Commissioners (OSC) conducts its oversight role.
Non-law enforcement agencies (including councils) authorised Directed Surveillance on 2207 occasions in the reporting period. The Department for Work and Pensions completed 25% of these. This continues a downward trend over the last few years. Last year there were 4,412 of such authorisations. Much of this downward trend is due to the continued impact of the changes, which took effect on 1st November 2012; namely magistrates’ approval for council surveillance and a new six-month threshold test for Directed Surveillance.
A total of 373 authorisations were presented to a magistrate for approval under The Protection of Freedoms Act 2012 during the reporting period. Just 17 were rejected. The Commissioner continues to be sceptical about the need for the changes saying, “I remain to be convinced of the value of this additional approval procedure which, obviously, promotes delay.”
The Commissioner, just like in his previous report, has expressed concern about the level of RIPA knowledge amongst magistrates:
“I have good reason to believe that training provision for magistrates in relation to RIPA and The Protection of Freedoms Act 2012 has been minimal and several councils have ended up providing this themselves to enable the new procedure to work effectively: this is commendable but not, presumably, what Parliament contemplated.” (Para 5.27)
Social Networks
The Commissioner advises caution when conducting online investigations especially where this involves examining social networking sites. A RIPA authorisation may be required in some cases:
“5.42 Perhaps more than ever, public authorities now make use of the wide availability of details about individuals, groups or locations that are provided on social networking sites and a myriad of other means of open communication between people using the Internet and their mobile communication devices. I repeat my view that just because this material is out in the open, does not render it fair game. The Surveillance Commissioners have provided guidance that certain activities will require authorisation under RIPA or RIP(S)A and this includes repetitive viewing of what are deemed to be “open source” sites for the purpose of intelligence gathering and data collation.”
From the Commissioner’s comments at paragraph 5.44 it seems advisable that councils should have in place a corporate policy and training programme on the use of social media in investigations:
“Many local authorities have not kept pace with these developments. My inspections have continued to find instances where social networking sites have been accessed, albeit with the right intentions for an investigative approach, without any corporate direction, oversight or regulation. This is a matter that every Senior Responsible Officer should ensure is addressed, lest activity is being undertaken that ought to be authorised, to ensure that the right to privacy and matters of collateral intrusion have been adequately considered and staff are not placed at risk by their actions and to ensure that ensuing prosecutions are based upon admissible evidence.”
At paragraph 5.47 of the report, the Commissioner lists the main issues that he has commented upon in his inspection reports:
Unsubstantiated and brief, or, conversely, excessively detailed intelligence cases
Over-formulaic consideration of potential collateral intrusion and an explanation of how this will be managed
Limited proportionality arguments by both applicants and Authorising Officers – the four key considerations (identified by my Commissioners and adopted within the Home Office Codes of Practice), if addressed in turn, should provide a suitably reasoned argument
More surveillance tactics and equipment authorised at the outset than appear to have been utilised when reviews and cancellations are examined
A regurgitation of the original application content at reviews, including a “cut and paste” proportionality entry that fails to address why the activity is still justified, in place of a meaningful update to the Authorising Officer about what has taken place in the intervening period
At cancellation, a rarity of meaningful detail for the Authorising Officer about the activity conducted, any collateral intrusion that has occurred, the value of the surveillance and the resultant product; and whether there has been any tangible outcome
Similarly, paltry input by Authorising Officers at cancellation as to the outcome and how product must be managed, and any comment about the use or otherwise of all that had been originally argued for and authorised
In the case of higher level authorisations for property interference and intrusive surveillance, an over-reliance by Senior Authorising Officers on pre-prepared entries that alter little from case to case, or at times, regardless of who is acting as the Authorising Officer
In those same cases, often poorly articulated personal considerations as to the matters of necessity, collateral intrusion and proportionality; no or few entries at reviews; and little meaningful comment at cancellation
On the CHIS documentation, less common, but still encountered, the failure to authorise a CHIS promptly as soon as they have met the criteria; and in many cases (more typically within the non-law enforcement agencies) a failure to recognise or be alive to the possibility that someone may have met those criteria
A huge variation in the standard of risk assessments, whereby some provide an excellent “pen picture” of the individual concerned and the associated risks, whilst others can be over-generic and are not timeously updated to enable the Authorising Officer to identify emergent risks
Discussions that take place between the Authorising Officer and those charged with the management of the CHIS under Section 29(5) of RIPA are not always captured in an auditable manner for later recall or evidence, though this is starting to improve following our advice
As resources become stretched within police forces, the deputy to the person charged with responsibilities for CHIS under Section 29(5)(b) often undertakes those functions: as with an Authorising Officer, this is a responsibility which cannot be shared or delegated
Finally the Commissioner says that during inspections his staff have found that there is “a continuing lack, in many public authorities, of on-going refresher training for officers who may have been trained many years ago, or who have not been eligible for specialised training by dint of career progression or role.”
Those who have an OSC inspection in the Autumn should read Sam Lincoln’s e book which he has written for us entitled “How To Impress An OSC Inspector.” Get in touch if you want a free copy.
Now is the time to consider refresher training for RIPA investigators and authorisers. We have a full program of RIPA Courses and can also deliver these at your premises, tailored to the audience. If you want to avoid re inventing the wheel, our RIPA Policy and Procedures Toolkit gives you a standard policy as well as forms (with detailed notes to assist completion) for authorising RIPA and non-RIPA surveillance.
The key change is the need to ensure the independence of the Designated Person (DP). This is the person within the public authority who has to be satisfied that acquiring the communications data is necessary and proportionate and who signs off the application. Paragraph 3.12 of the new code states that DPs must be independent from operations and investigations when granting authorisations, or giving notices related to those operations.
This policy change was brought about in response to the European Court of Justice (ECJ) Judgment which struck down the Data Retention Directive (2006/24/EC) as the Directive did not include sufficient safeguards as to why and by whom such data may be accessed. The Judgment noted that the Directive contained no safeguards in relation to access to the retained data, including in relation to the independence of the person authorising access to the retained data.
The new code requires public authorities to satisfy the Interception of Communications Commissioner’s Office (IOCCO) that they have sufficient measures in place to ensure the DP’s independence. IOCCO have set out certain guidelines. In a nutshell, a DP must not be directly responsible for the operation or investigation (i.e. they should not have a strategic or tactical influence on the investigation). He/she should be far enough removed from the applicant’s line management chain which will normally mean they are not within the same department or unit. Applicants should not be able to choose who the DP will be on a case by case basis (save for in urgent circumstances). Finally, there should be a defined group of DPs in an organisation i.e. a recognised list defined by role and/or position.
Public authorities will need to ensure that they have a formal procedure setting out the arrangements in place to ensure independence. This will be examined by IOCCO during their inspection. It will also explore how the DPs are selected to consider applications and will audit compliance with the code.
There are exceptions to the rule of independence of DPs set out in the IOCCO Circular of the 1st June 2015 advising public authorities of the changes. These exceptions mainly relate to urgent authorisations and where very small teams of investigators mean that independence would be difficult. These exceptions will not normally apply to local authorities.
In all circumstances where public authorities use DPs who are not independent from an operation or investigation (save for the exceptions) this must be notified to the IOCCO at the next inspection. The details of the public authorities and the reasons such measures are being undertaken may be published and included in the IOCCO report.
What Should You Do Now?
Prepare for an IOCCO inspection. The Commissioner still inspects councils despite their infrequent use. Read here what a typical inspection involves.
Review your current DP authorisations and procedures. You may need to nominate additional (independent) DPs
Review training for DPs. Paragraph 3.8 of the code says:
“Individuals who undertake the role of a designated person must have current working knowledge of human rights principles and legislation, specifically those of necessity and proportionality, and how they apply to the acquisition of communications data under Chapter II and this code.”
Do all your DP’s have this knowledge to undertake their role?
Act Now is offering live and interactive webinars for DPs tailored to your organisation. The webinars last for one hour which include an online test. All participants receive a certificate of completion. Get in touch for a quote.
Some may presume that their recommendations persuade the Government to replace the Regulation of Investigatory Powers Act (RIPA), its amendments and related legislation, with something entirely new. That presumption may prove accurate.
However, I believe that any replacement is unlikely to substantially adjust the basic tenet of RIPA which is founded on Human Rights legislation. In particular, it is likely to retain the basic principles of necessity and proportionality along with the requirement for public authorities to produce a verifiable and contemporaneous audit of decisions and actions.
Whether or not local authorities in United Kingdom will be enabled by similar discretionary power remains to be seen. But if the effect of the Protection of Freedoms Act is illustrative, taking away the protection of law does not necessarily prevent covert surveillance conducted intentionally or accidentally. It merely removes protection from liability … neither public authorities nor citizens are properly protected.
Unless, as is the case with an interception, forms of covert surveillance are made unlawful without a warrant or authorisation, it is likely that investigatory powers will remain discretionary. Discretion – even if later approved by a designated official external to the relevant investigating authority – attracts misuse by officials if not official misuse.
The demand for better oversight is a key recommendation in both reports and there is an increasing expectation that the public is better informed regarding the potential for or actual abuse of discretionary powers.
Suffice to say that the Office of Surveillance Commissioners, or a body with similar or enhanced responsibility, will remain. Inspection is likely to be a key method to assess compliance and performance.
Impressing an inspector – and thus providing a mechanism to protect reputation and improve trust – should remain a concern to all those who are enabled to conduct surveillance covertly.
In my new E Book “How To Impress An OSC Inspector”,I provide my personal insights regarding how a local authority might best approach an OSC inspection. The information in the book remains relevant regardless of future change to legislation. It is directed at local authorities but is relevant to other public authorities.
Act Now has revised its RIPA Policy and Procedures Toolkit gives you a standard policy as well as forms (with detailed notes to assist completion) for authorising RIPA and non-RIPA surveillance. Now is the time to consider refresher training for RIPA investigators and authorisers. We have a full program of RIPA Coursesand can also deliver these at your premises, tailored to the audience.
Local authorities have powers, under Part I Chapter 2 of the Regulation of Investigatory Powers Act 2000(RIPA), to acquire communications data from Communications Service Providers (CSPs). The definition of “communications data” includes information relating to the use of a communications service (e.g. phone, internet, post) but does not include the contents of the communication itself. It is broadly split into 3 categories: “traffic data” i.e. where a communication was made from, to whom and when; “service data” i.e. the use made of the service by any person e.g. itemised telephone records; “subscriber data” i.e. any other information that is held or obtained by a CSP on a person they provide a service to.
Some public authorities have access to all types of communications data e.g. police, ambulance service, HM Revenues and Customs. Local authorities are restricted to subscriber and service use data and even then only where it is required for the purpose of preventing or detecting crime or preventing disorder. For example, a benefit fraud investigator may be able to obtain an alleged fraudster’s mobile phone bill. As with other RIPA powers, e.g. Directed Surveillance, there are forms to fill out and strict tests of necessity and proportionality to satisfy.
The Prime Minister under Section 57(1) of RIPA 2000 appointed Sir Anthony May in January 2013 as the Interception of Communications Commissioner. His function is to keep under review the interception of communications and the acquisition and disclosure of communications data by intelligence agencies, police forces and other public authorities (including councils). He is required to make an annual report to the Prime Minister with respect to the carrying out of his functions.
In March the Commissioner’s Annual Report, covering the period January to December 2014, was laid before Parliament. (Read the useful summary produced by Big Brother Watch here). Key findings in relation to communications data are set out in the extract below:
Despite media headlines, local authorities now make little or no use of these powers. A big reason for this is that, since 1st November 2012, councils have had to obtain Magistrates’ approval for even the simplest communications data applications (e.g. mobile subscriber checks). (Read about the changes in detail here.) Another reason may be that since December last year, the Home Office has required councils to go through the National Anti Fraud Network to access communications data rather than make direct applications to CSPs. This has also made the internal SPoC’s (Single Point of Contact) role redundant.
The Commissioner also has the power to conduct inspections of public authorities using these powers. He still inspects councils despite their infrequent use. A typical inspection may include the following:
A review of the action points or recommendations from the previous inspection to check they have been implemented.
An audit of the information supplied by the CSPs detailing the requests that public authorities have made for disclosure of data. This information is compared against the applications held by the SPoC (Single Point of Contact) to verify that the necessary approvals were given to acquire the data.
Examination of individual applications to assess whether they were necessary in the first instance and then whether the requests met the necessity and proportionality requirements.
Scrutinising at least one investigation or operation from start to end to assess whether the communications data strategy and the justifications for acquiring all of the data were proportionate.
Examination of the urgent oral approvals to check the process was justified and used appropriately.
A review of the errors reported or recorded, including checking that the measures put in place to prevent recurrence are sufficient.
Act Now continues provides in house training on all aspects of covert surveillance under RIPA including accessing communications data. Get in touch for a quote.
The local authority surveillance regime((under the Regulation of Investigatory Powers Act 2000, (RIPA)) has seen a number of developments in the past few years. These include:
Since 1st November 2012, whenever exercising any powers under RIPA (doing Directed Surveillance, deploying a CHIS or accessing Communications Data) councils have had to obtain Magistrates’ approval. Directed Surveillance has also been made the subject of a new Serious Crime Test (Read about the changes in detail here). On the whole the changes are working well.
On 10th December 2014 revised versions of two RIPA codes of practice RIPA codes of practice came into force.
More guidance has been published by the Information Commissioner on what to do when covert surveillance is not regulated by RIPA.
Now is the time to revise your RIPA policies and procedures to take account of these developments.
The revised Act Now RIPA procedures and guidance toolkit includes an updated version of our previous RIPA Forms Guidance document, which was bought by over one hundred different organisations. In addition there are detailed guidance notes on deciding when surveillance is caught by RIPA, how to authorise it and what to do about surveillance which is not regulated by RIPA. The toolkit is written in straightforward language (avoiding legal jargon) and includes flowcharts to assist understanding.
The full contents list includes:
Updated – Completing the RIPA Forms
Procedure for completing the forms
Common mistakes
All Directed Surveillance forms with full notes to assist completion
All CHIS forms with full notes to assist completion
Seeking Magistrates’ Approval
Step by step guide to the process
Judicial application/order form with full notes to assist completion
The normal price of the toolkit is £199 plus vat for a hard copy and £399 plus vat for an electronic version (plus hard copy) with a licence to make additional hard copies and to upload the toolkit on to an intranet site (for internal use only).
DISCOUNT – If you bought the previous the version on the toolkit you qualify for a 20% discount.
For those of you looking for refresher training in this area, we have a full program of public workshops. We can also bring the training to you for a customised in house training course. Please get in touch for a quote.
