Inspections

We have a statutory obligation to inspect the use of investigatory powers as part of our oversight. At IPCO we therefore have a dedicated Inspectorate to oversee the use of investigatory powers by public authorities.

The Inspectorate is divided into three teams focusing on different areas of oversight:

  • the use of the powers by the UK’s intelligence community, Ministry of Defence and other intercepting agencies such as the National Crime Agency;
  • other public authorities’ use of communications data; and
  • use by other public authorities of surveillance, covert human intelligence sources and property interference powers.

Each team is led by a Chief Inspector. Together they ensure that we are adopting similar practices and applying consistent standards of scrutiny across all our oversight work.

Organisations may be inspected by more than one team at multiple visits each year when looking at the use of different investigatory powers. Each of these visits constitutes one inspection. More information about how we inspect different powers and organisations is detailed below.

An infographic outlining the number of inspections completed Q1 (January-March) 2021
A breakdown of the inspections completed by IPCO in Q1 (January-March) 2021 categorised by organisation type.
A breakdown of the inspections completed by IPCO in 2020 categorised by organisation type.
A breakdown of the inspections completed by IPCO in 2020 categorised by organisation type.

Carrying out an inspection

Inspections are completed by our Inspectors to ensure that when investigatory powers are used:

  • compliant authorisations have been given;
  • legal requirements (such as necessity and proportionality) have been met; and
  • standards of good practice are maintained.

When completing an inspection, Inspectors will visit the authority (either in person or using remote access to the authority’s records), review documentation and interview relevant staff members. This could include, for example, interviewing operational and policy teams. Inspectors scrutinise records of the authority’s use of an investigatory power. This includes:

  • the application for its use;
  • the authorisation approving its use;
  • applications to renew the authorisation and extend its use; and
  • documents cancelling the use of the power.

As well as these fundamental documents, Inspectors will review a variety of supporting documents such as risk assessments for covert human intelligence sources or policy logs. They will examine training modules and governance structures. Inspectors may also review samples of material obtained through the use of covert powers.

They will make sure that the retention and deletion of this material is carried out in accordance with the Codes of Practice available on GOV.UK (these codes provide guidance to public authorities on the appropriate use of investigatory powers).

A significant development in how we perform our inspections has been for Judicial Commissioners to join inspections. This has a dual benefit: first, it enhances the Commissioners’ awareness of the context of operations, which is relevant to their consideration of applications; and secondly, it gives the Commissioners an opportunity to directly challenge aspects of policy and methodology at individual authorities.

One size of inspection does not fit all. We are flexible in our approach to inspection planning to ensure the demands we make on public authorities are proportionate but allow us the access we need. We are keen to build on this learning and continue to work with the authorities we oversee to develop our methodology.

Selecting material for inspection

Our Inspectors will select casework to review ahead of a scheduled inspection. The selection will include a random sample as well as material that is based on specific “priority factors” such as:

  • the likelihood of obtaining sensitive material;
  • areas of concern raised previously at the authority or similar authorities;
  • areas of heightened public interest or concern;
  • issues highlighted through any reported errors; or
  • issues or trends identified by a Judicial Commissioner.

The Inspectors have unrestricted access to all relevant documents.

Some inspections do not require any pre-selection of material as Inspectors are given direct access to internal workflow systems containing all records. In this instance, Inspectors will take a selection from the database or run background searches to identify cases for further examination.

Each inspection gives our Inspectors insight into the processes and activities of individual public authorities. All material reviewed during an inspection is chosen by the Chief Inspector or Inspector, rather than by the authority we are inspecting.

We do not aim to review a fixed statistically representative sample because each inspection should be a process of gaining insight into the methodologies used by, and the activities of, the individual authority. On some occasions an inspection might focus on, for example, the adequacy of staff training. With the exception of some smaller establishments which rarely use their powers, or particular issues of concern such as the use of juvenile covert human intelligence sources, Inspectors do not attempt to view all the authorisations in any particular area.

Inspection reports

After each inspection, our Inspectors complete a report summarising their findings, observations and recommendations. The report identifies any areas of vulnerability or non-compliance, as well as good practice which may be of interest to other similar organisations.

We revised our approach to inspections reports on 5 July 2021. As of this date, inspection reports categorise areas of vulnerability into two groups:

  • Areas of non-compliance: this signifies a vulnerability which requires immediate action
  • Observation: this signifies an action to be taken at the discretion of the relevant Senior

Areas of non-compliance identified during IPCO inspections indicate issues with the relevant law or Code of Practice that require addressing. They are graded to help a public authority prioritise what actions should be addressed most urgently:

Critical: this indicates a significant vulnerability. Immediate action is required.

Priority: this indicated an area where action must be taken to address the issue within a timescale outlined by IPCO.

Action: this indicates that action must be taken to address the deficiency before the next IPCO inspection takes place.

The Investigatory Powers Commissioner reviews all inspection reports before they are sent to the Chief Officer of the public authority. If appropriate, the findings will also be shared with the relevant Department of State.

The Commissioner may choose to conduct a post inspection visit to the head of the public authority or the authority might be inspected again, earlier than planned, to ensure that particular issues of concern have been addressed.

Have a question?

Send us a message and we will get in touch as soon as possible

Get in touch

Follow us on Twitter to keep up to date with IPCO

Check our FAQs for answers to commonly asked questions

Read our FAQs