Data assurance refers to the process that ensures appropriate safeguards are in place for all data derived from the use of investigatory powers. Specific data assurance inspections commenced in 2019 after compliance issues were identified in MI5. This is an important area of work and has implications for all authorities we oversee.
Our methodology is flexible and takes a risk-based approach due to the scale of activity we oversee. To assist with our planning, the authorities subject to our oversight were separated into three groups:
Group 1: law enforcement agencies and the intelligence agencies
Group 2: wider public authorities grouped by available powers
Group 3: local authorities and those public authorities with similar powers
Group 1 comprises typically high-volume users of a wide range of powers, including those authorised under the Investigatory Powers Act, so investigating potential non-compliance at these organisations is a priority.
Group 3 are typically low-volume users and in many cases are not currently obtaining any data under their powers. It is right, therefore, that we take a proportionate approach to our investigations.
We will provide an update on this in our 2020 Annual Report, due to be published later this year.