Communications data inspections range from three to five days, depending on the size of the force or agency and the volume of communications data they acquire. Our inspections are designed to ensure that public authorities acquire communications data for the correct statutory purpose and in compliance with both the law and the Codes of Practice.
We scrutinise records and methodologies to ensure any unrelated private information that has been unavoidably obtained is appropriately documented and handled. Before an inspection, we require the authority to complete a schedule of information, including any relevant statistics and documentation, and will then select the records for inspection. They key staff involved in the application, authorisation and acquisition of communications data are interviewed.
In some cases, we conduct a “reverse audit” whereby a selection of data is obtained directly from a telecommunications operator and cross checked with the relevant application in the authority. This helps us ensure data has been acquired for the correct statutory purpose.
Certain key themes are pursued on every communications data inspection:
- operational independence of the senior authorising officer;
- applications related to sensitive professions;
- data acquired in support of internal professional standards investigations;
- data acquired under an oral authorisation using the urgency provisions;
- the acquisition of data relating to Internet Protocol Addresses when, due to the format and nature of the data, the risk of an error occurring is higher than usual; and
- errors that have occurred during the reporting period.