Office of Surveillance Commissioners Skip site navigation

Home

 | 

About Us

 | 

Advice & Guidance

 | 

How We Work

 | 

Useful Links

 | 

Contact Us

 | 

Search

English | Cymraeg
 


Introduction


Our Aim


Overview


Key aspects of the law


Definition of terms
 


Acts & legal documents


Judgments & case law


Using the statutory powers

RIPA Questions and Answers
 

RIPA/RIP(S)A - QUESTIONS AND ANSWERS FOR LOCAL AUTHORITIES

This section is intended to provide general advice to all local authorities in order to assist them to develop and maintain their policies and procedures for the use and conduct of directed surveillance and CHIS in accordance with RIPA.

Who needs to know about RIPA ?

1. First of all, it is essential that the Chief Executive (or Head of Paid Service), together with the Directors and the Heads of Units should all have an awareness of the basic requirements of RIPA and also an understanding of how it might apply to the work of individual council departments. Without this level of knowledge at senior level, it is unlikely that any authority will be able to develop satisfactory systems to deal with the legislation.

2. Those who need to use or conduct directed surveillance or CHIS on a regular basis will require more detailed specialist training.

How do we begin ?

3. A useful starting-point is to determine which departments are likely to use RIPA. The most obvious candidates are trading standards, housing benefit fraud, internal audit and environmental health. However other departments should not be overlooked. Typically, a social services department that has never used RIPA may find that the situation changes if they are required to introduce (as an example), asylum seekers units.

Should authorising officers be nominated ?

4. Yes. Having identified the departments that are likely to require RIPA, a number of senior officers (not so senior that they do not have time to meet all their responsibilities) who have been trained to the appropriate level should be nominated as authorising officers. It will be the responsibility of these officers to consider all RIPA applications and to grant or refuse authorisations, as appropriate. In doing so they must address the possibility of collateral intrusion. How many should be authorised depends on the size of the local authority and other factors. But in order to achieve conformity of practice and regular training, in many cases it is unlikely that more than six will be needed.

5. Wherever knowledge of confidential information is likely to be acquired, a higher level of authorisation is needed. In local authorities such authorisation can only be provided by the Head of Paid Service or (in his absence) a Chief Officer – yet further reason why officers at this level should be aware of RIPA.

6. It should be noted that authorising officers are also responsible for carrying out regular reviews of applications which they have authorised and also for the cancellation of authorisations (RIPA Code of Practice - Covert Surveillance).

What records of authorisation are required ?

7. The RIPA Codes of Practice specify the need for a central record of authorisations in respect of directed surveillance and CHIS. In other words, it is not sufficient for records only to be kept by individual units. Every authority must hold a central record which contains the details that are specified in the Codes.

When we have identified the departments that are likely to use RIPA, appointed authorising officers and established a central record of authorisation, what else do we need to consider ?

8. It is essential for each authority to develop corporate procedures in respect of RIPA. Experience has shown that where this has not been done, the overall standard is poor. Individual departments tend to make their own subjective (and often contradictory) interpretations of what is required. In particular, there is a serious danger that departments may carry out investigations without even realising (through lack of knowledge), that they require RIPA authorisation.

9. The most effective way to ensure a corporate approach is for a senior officer to be appointed by each authority with responsibility for oversight of all RIPA issues including:
• central record of authorisations
• training and updates
• administration
• quality control
• policy

You have mentioned the need for a policy document: what form should this take?

10. Each authority should formulate a corporate policy, which provides clear guidance on how directed surveillance and CHIS should be used by departments within the authority. This should include the forms to be used and details of all authorising officers.

11. The policy document should explain the main provisions of the legislation and the associated Codes of Practice but should not be a re-write of the Act or of the Codes, although it may be decided to reproduce the Codes or part of them as an appendix to the policy document. Rather, it should explain the procedures to be adopted locally whenever individual departments intend to use directed surveillance or CHIS. Authorities which use covert technical equipment will need to include within their policy document procedures for the retention and deployment of all such equipment. Whilst recognising the need to include all relevant details, any policy document should be kept as short and concise as possible and should be easy to read.

If we have little experience of RIPA, who can provide training?

12. Most council departments that use RIPA on a regular basis have their own professional associations which provide training in specialist areas, e.g. LACORS (formerly LACOTS) in respect of trading standards.

13. On a corporate basis however the situation can be more difficult, particularly where ‘in house’ legal service departments have little experience of the legislation.

14. For this reason consideration should be given to using outside agencies, particularly for ‘awareness’ training for senior officers and specialist training for authorising officers. Police forces have now developed a great deal of experience in respect of directed surveillance and CHIS and in a number of cases local authorities have successfully tapped into this knowledge by arranging joint training sessions with local forces.

What happens when we have an OSC inspection?

15. You will usually be given at two weeks’ notice prior to a visit by an Assistant Surveillance Commissioner or by a Surveillance Inspector (or in some cases by both).

16. The inspections will vary according to the authority to be visited and will generally take one day to complete. However all inspections include the following:
• interviews with key personnel from a number of departments
• an examination of RIPA applications and authorisations for directed surveillance and CHIS
• an examination of the central record of authorisations
• an examination of policy document(s)
• an evaluation of processes and procedures
• feedback to the Chief Executive (or nominee)

17. Following the inspection, a report is submitted to the Chief Surveillance Commissioner who then writes to the Chief Officer.

What happens if the authority is criticised?

18. By virtue of the inspection process all reports are liable to be critical. But they are only seen by the local authorities concerned. Our intention is that they should be balanced and informative. Recommendations are made in order to assist local authorities in their implementation of systems to deal with RIPA. In some cases, it may be necessary for a follow-up visit to be made to monitor the implementation of recommendations, and authorities may be asked to submit to OSC copies of new or revised policy documents.

Are there any other issues?

19. First, it is relevant to mention that the duty to keep under review the covert activities conducted by all public authorities, which RIPA confers on the Chief Surveillance Commissioner and those who assist him, is a clear indication of the importance that Parliament attaches to these matters.

20. It is not open to authorities which do not expect to make much use of directed surveillance or CHIS to disregard their statutory powers. So long as they enjoy those powers, they must be prepared to exercise them.

21. For the first time those who conduct covert surveillance on behalf of public authorities in accordance with statutory requirements are protected. The primary role of the OSC is not to thwart such activity but rather to ensure that it is conducted effectively and ethically in accordance with legislation.

22. Finally, more detailed information can be found in the useful links section of this website:

What other sources of information are there?

• Sections 28 and 29 of RIPA and sections 6 and 7 of RIP(S)A refer to directed surveillance and CHIS respectively
• The Codes of Practice address all aspects of Covert Surveillance and CHIS: see in particular paragraph 2 of both Codes for an explanation of the critical concepts of necessity, proportionality and collateral intrusion
• The revised Home Office forms properly reflect the statutory requirements.

Local authority CCTV systems

CCTV systems are normally not within scope of RIPA or RIP(S)A since they are overt and not being used for "a specific operation or investigation" (section 26(2)(a)/1(2)(a), defining directed surveillance). But the protection afforded by RIPA and RIP(S)A is available when they are used for enforcement activities. In such cases directed surveillance authorisations should be obtained, setting out what is authorised, how it will be carried out (e.g. which cameras are to be used), and what activity is to be caught and held on the tape or disk that results. Control room staff should ensure that they understand the terms of the authorisation and authorising officers must notify them of any changes. When used covertly, collateral intrusion is inevitable and must be considered by the authorising officer with the applicant. This is part of the proportionality test and may lead to refusal or a different approach. The authorising officer should examine the product which should not be made public except insofar as it shows the identified target.

Local authorities have a keen interest in ensuring that authorisations are properly implemented even when acting on behalf of others, such as the police, since the product is primarily theirs and it may be they who receive the complaints or claims in the case of misuse. It should be noted that Automatic Number-Plate Recognition is unlikely to constitute directed surveillance unless the program routinely captures the faces of front seat occupants, whereas Automatic Facial Recognition can hardly fail to be directed surveillance.

Codes of Practice

Codes of Practice for Covert Human Intelligence Sources (CHIS) and for covert surveillance:
http://security.homeoffice.gov.uk/ripa/publication-search/ripa-cop/

RIP(S)A Scottish Codes of Practice were approved in March and can be found on www.scotland.gov.uk

Encryption

A separate Code of Practice on Protected Electronic Information (Encryption) (Part III of RIPA) can be found at:

http://security.homeoffice.gov.uk/ripa/publication-search/ripa-cop/electronic-information

RIPA/RIP(S)A Forms

England and Wales

RIPA forms for non law enforcement agencies:
http://security.homeoffice.gov.uk/ripa/publication-search/ripa-forms/

Scotland

http://www.scotland.gov.uk/about/JD/POLICE1/00017206/page1291371233.aspx
 

  Site map | Technical support | Terms & conditions

  

© 2003 Office of Surveillance Commissioners