Corporate Policy and Procedures Document on Accessing Communications Data
Records management
Applications submitted to OCDA will only be retained for a limited period of time. The SPoC will hold a central electronic copy of all:
- Applications
- Authorisations
- Copies of notices
- Records of the withdrawal of authorisations
- Records of cancellation of notices
The record of authorisations and notices will also include the time when each authorisation or notice was granted or given, renewed or cancelled.
All of these records are to be retained for five years and must be available for inspection by the Investigatory Powers Commissioner (IPC). The records may also be used by the Investigatory Powers Tribunal who are able to consider complaints made up to one year after the conduct to which the complaint relates to was carried out. The period of one year may be extended where equitable to do so, or where the conduct to which the complaint is alleged is still continuing.
Each service must also keep a record of:
(a) the number of applications which have been submitted to a SPoC seeking the acquisition of Communications Data;
(b) the number of applications submitted seeking the acquisition of Communications Data, which were referred back for amendment or declined by the SPoC, including the reason for doing so;
(c) the number of authorisations of conduct to acquire Communications Data granted;
(d) the number of authorisations to give a notice to acquire communications data granted;
(e) the number of notices given pursuant to an authorisation requiring disclosure of Communications Data;
(f) whether any part of the authorisation relates to a person who is a member of a profession that handles privileged or otherwise confidential information, and if so, which profession e.g. a journalist.
(g) the number of times an authorisation is granted to obtain Communications Data in order to confirm or identify a journalist's source; and
(h) the number of items of Communications Data sought, for which authorisation was granted.
In respect of each item of Communications Data included within a notice or authorisation, each service must also keep a record of:
(i) the unique reference number allocated to the application, authorisation and where relevant the notice;
(j) the statutory purpose for which the item of Communications Data is being sought. For the Council's purposes this will be as set out at section 60A(7)(b), the Applicable Crime Purpose;
(k) whether the item of Communications Data is Events or Entity Data;
(l) a description of the type of each item of Communications Data included in the notice or authorisation;
(m) whether the item of Communications Data relates to a victim, a witness, a complainant, or a suspect, next of kin, vulnerable person or other person relevant to the investigation or operation;
(n) the age of the item of Communications Data by reference to the oldest date on which it was sought;
(o) where an item of data is Event Data retained by the telecommunications operator or postal operator, an indication of the total number of days of data being sought by means of notice or authorisation; and
(p) the telecommunications operator or postal operator from whom the data is being acquired.
Where the advice of a Judicial Commissioner or OCDA has been sought prior to the acquisition of communications data that could be considered novel or contentious, the Senior Responsible Officer must record and maintain a record of any views given.
Retention and Destruction of Material
Each Service must ensure that arrangements are in place for the handling, storage and destruction of material obtained through the use of covert surveillance.
Confidential material must be destroyed as soon as it is no longer necessary. It must not be retained or copied unless it is necessary for a specified purpose.
Where there is doubt, advice must be sought from the Solicitor to the Council or the SRO.