RIPA Part I Chapter II consultation

3.12 The single point of contact (SPoC) is either an accredited individual or a group of accredited individuals trained to facilitate lawful acquisition of communications data and effective co-operation between a public authority and CSPs. To become accredited an individual must complete a course of training appropriate for the role of a SPoC and have been issued a SPoC Personal Identification Number (PIN). Details of all accredited individuals are available to CSPs for authentication purposes.

3.13 An accredited SPoC promotes efficiency and good practice in ensuring only practical and lawful requirements for communications data are undertaken This encourages the public authority to regulate itself. The SPoC provides objective judgement and advice to both the applicant and the designated person. In this way the SPoC provides a "guardian and gatekeeper" function ensuring that public authorities act in an informed and lawful manner.

3.14 The SPoC^[36] should be in a position to:

• assess whether the acquisition of specific communications data from a CSP is reasonably practical or whether the specific data required is inextricably linked to other data;^[37]
  
• advise applicants on the most appropriate methodology for acquisition of data where the data sought engages a number of CSPs;
  
• advise applicants and designated persons on the interpretation of the Act, particularly whether an authorisation or notice is appropriate;
  
• provide assurance to designated persons that authorisations and notices are lawful under the Act and free from errors;
  
• provide assurance to CSPs that authorisations and notices are authentic and lawful;
  
• assess whether communications data disclosed by a CSP in response to a notice fulfils the requirement of the notice;
  
• assess whether communications data obtained by means of an authorisation fulfils the requirement of the authorisation;
  
• assess any cost and resource implications to both the public authority and the CSP of data requirements.
  

• ^[36] Advice and consideration given by the SPoC in respect of any application may be recorded in the same document as the application and/or authorisation.

• ^[37] In the event that the required data is inextricably linked to, or inseparable from, other data the designated person must take that into account in their consideration of necessity, proportionality and collateral intrusion.

3.15 Public authorities unable to call upon the services of an accredited SPoC should not undertake the acquisition of communications data. In circumstances where a CSP is approached by a person who cannot be authenticated as an accredited individual and who seeks to obtain data under the provisions of the Act, the CSP may refuse to comply with any apparent requirement for disclosure of data until confirmation of the person’s accreditation and PIN is obtained from the Home Office.

3.16 The SPoC may be an individual who is also a designated person. The SPoC may be an individual who is also an applicant. The same person should never be an applicant, a designated person and a SPoC. Equally the same person should never be both the applicant and the designated person.