RIPA Part I Chapter II consultation

MAKING OF CONTRIBUTIONS TOWARDS THE COSTS INCURRED BY COMMUNICATIONS SERVICE PROVIDERS paras 4.1 to 4.4

2006-06-16T13:22:05Z

MAKING OF CONTRIBUTIONS TOWARDS THE COSTS INCURRED BY COMMUNICATIONS SERVICE PROVIDERS

]]> 4.1 The Act^[64] recognises that CSPs incur costs in complying with notices to disclose communications data, and allows for arrangements for making appropriate payments to them. Similar arrangements are appropriate where a CSP incurs costs in making provision for the acquisition of communications data upon the grant of an authorisation under the Act.

^[64] Section 24 of the Act

4.2 The provision of appropriate funding to CSPs ensures that they can provide, outside of their normal business practices, an effective and efficient response to public authorities’ necessary, proportionate and lawful requirements for the disclosure and acquisition of communications data in support of their investigations and operations to protect the public and to bring to justice those who commit crime.

4.3 It is legitimate for a CSP to seek contributions towards its costs which may include an element providing for funding of those overheads required in order to comply with notices or to provide for the acquisition of communications data. This is especially relevant for CSPs which employ staff specifically to manage compliance with the requirements made under the Act, supported by bespoke information systems. Contributions can also be appropriate towards costs incurred by a CSP which needs to update its systems to maintain, or make more efficient, its disclosure process or where the provision of new services will require investment in technology in order to comply with requirements for the disclosure and acquisition of communications data relating to the use made of such services.

4.4 Any CSPs seeking to recover appropriate contributions towards its costs should make available to the Home Office such information or assurance as is required to provide assurance that proposed cost recovery charges represent an appropriate contribution to the costs incurred by the CSP.

SPECIAL RULES ON THE GRANTING OF AUTHORISATIONS AND GIVING OF NOTICES IN SPECIFIC MATTERS OF PUBLIC INTEREST paras 5.1 to 5.3

2006-06-16T13:27:21Z

SPECIAL RULES ON THE GRANTING OF AUTHORISATIONS AND GIVING OF NOTICES IN SPECIFIC MATTERS OF PUBLIC INTEREST

Sudden deaths, serious injuries and vulnerable persons

]]>
5.1 There are circumstances when the police undertake enquiries in relation to specific matters of public interest where the disclosure of communications data may be necessary and proportionate. For example:

locating and notifying next of kin following a sudden or unexpected death;
locating and notifying the next of kin of a seriously injured person;
locating and notifying the next of kin or responsible adult of a child or other vulnerable person where there is a concern for the child’s or the vulnerable person’s welfare.

5.2 Often a telephone, telephone number or other communications details may be the only information available to identify a person or to identify their next of kin or a person responsible for their welfare.

5.3 Under the Act communications data may be obtained and disclosed in serious and urgent welfare cases where it is necessary within the meaning of section 22(2)(g) and the conduct authorised or required is proportionate to what is sought to be achieved by obtaining the data.

Public Emergency Call Service (999/112 Calls) paras 5.4 to 5.9

2006-06-16T13:32:35Z

Public Emergency Call Service (999/112 Calls)

]]> 5.4 Certain CSPs have obligations under the Communications Act 2003^[65] in respect of emergency calls made to 999 and 112 emergency numbers. They must ensure that any service user can access the emergency authorities by using the emergency numbers and, to the extent technically feasible, make caller location information available to the emergency authorities for all 999/112 calls.

^[65] General Conditions of Entitlement set by Ofcom under section 45

5.5 Caller location information, which provides the geographic position of the equipment being used by the person making the emergency call, facilitates a fast response in emergency situations where the caller is unable to give their position (for example because the caller does not know, is panicking or is incapacitated).

5.6 Handling of an emergency call involves four phases:

connection of the caller to the Emergency Operator using the 999/112 number;
selection by the Emergency Operator of the required Emergency
Authority Control Room (Police, Fire, Ambulance or Coastguard)(‘the
emergency service’);
connection of the caller to the Emergency Authority Control Room;
listening by the Emergency Operator to ensure the caller is connected to the correct emergency service and to provide further assistance to the caller or the emergency service when required.^[66]

^[66] This can also include silent emergency calls where the call is connected but the caller, for whatever reason, is unable to speak to the emergency operator or the emergency service.

5.7 Best practice dictates that the emergency operator will disclose location information to the emergency service during the initial call hand-over. In many cases this will be done automatically by the call handling system.

5.8 In automated cases, data relating to the emergency call is automatically displayed at the relevant emergency service, the instant a call is routed from the Emergency Operator. This data is available to the emergency service throughout the duration of the emergency call, but disappears once the call has ended unless retained by the emergency service.

5.9 The Privacy and Electronic Communications (EC Directive) Regulations 2003 (‘the Privacy Regulations’)^[67] allows telephone users the choice whether or not their telephone number is displayed or can be accessed by the recipient of a call they make. However when an emergency call using 999 or 112 is made, the option to withhold the number making the call is not available. Instead the calling line identity and location data (fixed or mobile) are automatically disclosed to the emergency services in order to facilitate a rapid response to the emergency call.

^[67] SI 2003/2426. Regulation 10 concerns prevention of calling line identification in relation to outgoing calls. http://www.legislation.hmso.gov.uk/si/si2003/20032426.htm

Dropped 999/112 calls paras 5.10 to 5.19

2006-06-16T15:13:34Z

Dropped 999/112 calls (and circumstances where data may be acquired or disclosed outside the provisions of the Act)

]]> 5.10 To enable the provision of emergency assistance in response to emergency calls, the emergency service can call upon an Emergency Operator or relevant service provider to disclose data about the maker of an emergency call within the emergency period (within one hour of the termination of the emergency call) outside the provisions of the Act.

5.11 This is necessary in situations where the Emergency Operator may become aware of the premature termination of an emergency call. There are a number of reasons for these ‘dropped’ emergency calls, which cannot be reconnected. For example:

there is a fault on the line;
the emergency service requests to be reconnected where the caller was incapacitated or unable to maintain the call and reconnection is tried and fails;
the emergency service considers that safety of the person making the call may be put at risk if the Emergency Operator seeks to reconnect the call, particularly in cases where a crime is in progress, for example domestic violence or a robbery;
the Emergency Operator diagnoses a problem with the call or the strength of a mobile phone signal.

5.12 If an emergency call is disconnected prematurely for any reason, technical or otherwise, and the Emergency Operator is aware or is made aware of this, then the Emergency Operator can elect to represent the data disclosed when the call was put to the emergency service initially. This voluntary disclosure would fall outside the scope of the Act.

5.13 The Emergency Operator can anticipate the needs of the emergency service and represent the information disclosed automatically to the emergency service without prompting.

5.14 The Emergency Operator can choose to represent the data, whether prompted or unprompted, only for the period of time that the data is held specifically as emergency call data. This period is not normally longer than one hour from the termination of the emergency call.

5.15 There are circumstances where the Emergency Operator cannot automatically present the emergency service with communications data about the maker of an emergency call. For example, because the emergency service does not have equipment to receive the data automatically or the data is held by a third party service provider and not readily available to the Emergency Operator. In those circumstances, and in order to provide an effective emergency service, the Emergency Operator may disclose the data it has orally.

5.16 When disclosure of data about the maker of an emergency call is required during the emergency period, the emergency service controller must provide a unique reference number for the emergency call and provide the name of the authorising officer. Where telephone numbers (or other identifiers) are being relayed, the relevant number must be read twice and repeated back by the CSP to confirm the correct details have been taken.

5.17 If the emergency call is clearly a hoax there is no emergency. Where an emergency service concludes that an emergency call is a hoax and the reason for acquiring data in relation to that call is to detect the crime of making a hoax call – and not to provide an emergency service – then the application process under the Act must be undertaken.

5.18 Should an emergency service require communications data relating to the making of any emergency call after the expiry of the emergency period of one hour from the termination of the call, that data must be acquired or obtained under the provisions of the Act.

5.19 Where communications data about a third party (other than the maker of an emergency call) is required to deal effectively with an emergency call, the emergency service may make an urgent oral application for the data.^[68]

^[68] See paragraphs 3.47 – 3.53

Malicious and nuisance communications paras 5.20 to 5.26

2006-06-16T15:30:01Z

Malicious and nuisance communications[69]

[69] The Association of Chief Police Officers has produced guidelines on ‘Dealing with Malicious and Nuisance Communications’. See http://www.acpo.police.uk/policies.asp

]]> 5.20 Many CSPs offer services to their customers to deal with complaints concerning malicious and nuisance communications. Although these services vary all CSPs believe that such calls can be very distressing for their customers and that every effort should be made to resolve such situations as efficiently and effectively as possible.

5.21 The victim of malicious or nuisance communications may, in the first instance, bring it to the attention of their CSP or report it to the police.

5.22 When contacted directly by a customer the CSP may consider the circumstances of the complaint are such that the customer will be advised to report the matter without delay to the police for investigation.

5.23 Alternatively the CSP can offer practical advice on how to deal with nuisance communications and may, for example, arrange a change of telephone number. The advice given by the CSP may indicate that the circumstances could constitute a criminal offence. The CSP may choose to disclose data to its customer relating to the source of the malicious or nuisance communications, but must ensure that the disclosure complies with the provisions of both the DPA and the Privacy Regulations.^[70]

^[70] SI 2003/2426

5.24 Upon receipt of a complaint a CSP may retrieve and retain relevant specific data that, if appropriate, can be disclosed to the police later. If the complainant wishes the matter to be investigated, it is essential for the CSP and the police^[71] to liaise with one another to ensure the lawful disclosure of data to enable any offence to be effectively investigated.

^[71] Ordinarily this will be overseen and coordinated by the police force’s SPoC.

5.25 Where the complainant reports a matter to the police that has been previously raised with the CSP, any data already collated by the CSP may be disclosed to the police SPoC under the provisions of the DPA or the Privacy Regulations.^[72]

^[72] Regulation 15 concerns tracing of malicious or nuisance calls.

Subsequent police investigation may require the acquisition or disclosure of additional communications data from the complainant’s CSP or other CSPs under the provisions of the Act.

5.26 Whether the initial complaint is reported to the CSP or directly to the police careful consideration should be given to whether the occurrence of malicious or nuisance communications are, or may be, related to other incidents or events. Specifically this could be where the complainant is a victim of another crime or is a witness or a member of a trial jury in ongoing or forthcoming criminal proceedings.

KEEPING OF RECORDS paras 6.1 to 6.6

2006-06-16T15:45:20Z

KEEPING OF RECORDS

]]> 6.1 Applications, authorisations copies of notices, and records of the withdrawal of authorisations and the cancellation of notices, must be retained by the relevant public authority in written or electronic form, and physically attached or crossreferenced where they are associated to each other. The public authority should also keep a record of the date and, when appropriate to do so, the time when each notice or authorisation is given or granted, renewed or cancelled.

6.2 These records must be available for annual inspection by the Interception of Communications Commissioner (‘the Commissioner’) and retained to allow the Investigatory Powers Tribunal, established under Part IV of the Act, to carry out its functions.^[73]

^[73] The Tribunal will consider complaints made up to one year after the conduct to which the complaint relates and, where it is satisfied it is equitable to do so, may consider complaints made more than one year after the conduct to which the complaint relates. See section 67(5) of the Act.

6.3 Where the records contain, or relate to, material obtained directly as a consequence of the execution of an interception warrant those records must be treated in accordance with the safeguards which the Secretary of State has approved in conformity with the duty imposed upon him by the Act.^[74]

^[74] Section 15 of the Act and the statutory Code of Practice on Interception of Communications

6.4 This code does not affect any other statutory obligations placed on public authorities to keep records under any other enactment. For example, where applicable in England and Wales, the relevant test given in the Criminal Procedure and Investigations Act 1996 (‘the CPIA’) as amended and the code of practice under that Act. This requires that material which is obtained in the course of an investigation and which may be relevant to the investigation must be recorded, retained and revealed to the prosecutor.

6.5 Each relevant public authority must also keep a record of the following items:

number of applications submitted to a designated person for a decision to (i) give a notice or (ii) grant an authorisation;
number of notices requiring disclosure of communications data within the meaning of each subsection of section 21(4) of the Act or any combinations of data;
number of authorisations for conduct to acquire communications data within the meaning of each subsection of section 21(4) of the Act or any combinations of data;
number of times an urgent notice is given orally, or an urgent authorisation granted orally, requiring disclosure of communications data within the meaning of each subsection of section 21(4) of the Act or any combinations of data.

6.6 This record must be sent in written or electronic form to the Commissioner annually. Where appropriate, guidance on format or timing may be sought from the Commissioner.

Errors paras 6.7 to 6.18

2006-06-16T15:51:52Z

Errors

]]> 6.7 Proper application of the Act and thorough procedures for operating its provisions, including the careful preparation and checking of applications, notices and authorisations, should reduce the scope for making errors whether by public authorities or by CSPs.

6.8 An error can only occur after a designated person:

has granted an authorisation and the acquisition of data has been initiated, or
has given notice and the notice has been served on a CSP in writing, electronically or orally.

6.9 Where any error occurs, in the grant of an authorisation, the giving of a notice or as a consequence of any authorised conduct or any conduct undertaken to comply with a notice, a record should be kept and a report made to the Commissioner. Recording and reporting of errors will draw attention to those aspects of the process of acquisition and disclosure of communications data that require further improvement to eliminate errors and the risk of undue interference with any individual’s rights.

6.10 Any failure by a public authority to correctly apply the process of acquiring or obtaining communications data set out in this code will increase the likelihood of an error occurring. This section of the code cannot provide an exhaustive list of possible causes for an error. They can, for example, fall into one of the following categories:

an authorisation or notice made for a purpose, or for a type of data, which the relevant public authority cannot call upon, or seek, under the Act;
human error, such as incorrect transposition of information from an application to an authorisation or notice or the disclosure of communications data by the CSP other than that specified on a notice;
an authorisation granted for a public authority to engage in impractical conduct;
a notice given which is impossible for a CSP to comply with and an attempt to impose the requirement has been undertaken by the public authority;
disclosure or acquisition of data in excess of that required, where a SPoC may have failed to identify that the required data is inextricably linked to or inseparable from other data and it was reasonable for the SPoC to have known that or the CSP failed to identify that compliance with the notice entailed the disclosure of data outside of the scope of the notice;
failure to review information already held, for example seeking the acquisition or disclosure of data already acquired or obtained for the same investigation or operation, or data for which the requirement to acquire or obtain it is known to be no longer valid.

6.11 Communications identifiers can be readily transferred, or ‘ported’, between CSPs. When a correctly completed authorisation or notice results in a CSP indicating to a public authority that, for example, a telephone number has been ‘ported’ to another CSP does not constitute an error – unless the fact of the porting was already known to the public authority.

6.12 When an error has been made the public authority which made the error, or established that the error had been made, must report the error to the authority’s Senior Responsible Officer and then to the Commissioner, in written or electronic form, as soon as is practical. All errors should be reported individually. If the report relates to an error made by a CSP the public authority should also inform the CSP of the report in written or electronic form. This will enable the CSP to investigate the cause or causes of the reported error.

6.13 The report sent to the Commissioner, in relation to any error by a public authority, must include details of the error, explain how the error occurred, indicate whether any unintended collateral intrusion has taken place and provide an indication of what steps have been, or will be, taken to ensure that a similar error does not reoccur. When a public authority reports an error made by a CSP, the report must include details of the error and indicate whether the CSP has been informed or not (in which case the public authority must explain why the CSP has not been informed of the report).

6.14 Where a CSP discloses communications data in error it must report each error to the Commissioner. It is appropriate for a person holding a suitably senior position within a CSP to do so and to provide an indication of what steps have been, or will be, taken to ensure that a similar error does not reoccur. Errors by service providers could include responding to a notice by disclosing incorrect or excessive data or by disclosing the required data or excessive data to the wrong public authority.

6.15 Where authorised conduct by a public authority results in the acquisition of excess data, or a CSP discloses data in excess of that required by a notice, all the data acquired or disclosed should be retained by the public authority and the error reported.

6.16 After the error has been reported, and it is intended to make use of the excess data in the course of the investigation or operation, an applicant must set out the reason(s) for needing to use that material in an addendum to the application upon which the authorisation or notice was originally granted or given. The designated person will then consider the reason(s) and review all the data and consider whether it is necessary and proportionate for the excess data to be used in the investigation or operation.

6.17 Where a public authority is bound by the CPIA and its code of practice, there will be a requirement to record and retain data which is relevant to a criminal investigation, even if that data was disclosed or acquired beyond the scope of a valid notice or authorisation. If a criminal investigation results in proceedings being instituted all material that may be relevant must be retained at least until the accused is acquitted or convicted or the prosecutor decides not to proceed.

6.18 Where material is disclosed by a CSP in error which has no connection or relevance to any investigation or operation undertaken by the public authority receiving it, that material and any copy of it should be destroyed as soon as the report to the Commissioner has been made.

DATA PROTECTION SAFEGUARDS paras 7.1 to 7.2

2006-06-16T16:03:19Z

DATA PROTECTION SAFEGUARDS

]]> 7.1 Communications data acquired or obtained under the provisions of the Act, and all copies, extracts and summaries of it, must be handled and stored securely. In addition, the requirements of the Data Protection Act 1998 (‘the DPA’)^[75] and its data protection principles must be adhered to.

^[75] Further guidance is available from http://www.dca.gov.uk/foi/datprot.htm or from http://www.informationcommissioner.gov.uk

7.2 Communications data (‘related communications data’) that is obtained directly as a consequence of the execution of an interception warrant must be treated in accordance with the safeguards which the Secretary of State has approved in conformity with the duty imposed upon him by the Act.^[76]

^[76] See footnote 72.

Disclosure of communications data and subject access paras 7.3 to 7.10

2006-06-16T16:10:03Z

Disclosure of communications data and subject access rights

]]> 7.3 This section of the Code provides guidance on the relationship between disclosure of communications data under the Act and the provisions for subject access requests under the DPA, and the balance between CSPs obligations to comply with a notice to disclose data and individuals’ right of access under section 7 of the DPA to personal data held about them.

7.4 There is no provision in the Act preventing CSPs from informing individuals about whom they have been required by notice to disclose communications data in response to a Subject Access Request made under section 7 of the DPA. However a CSP may exercise certain exemptions to the right of subject access under Part IV of the DPA.

7.5 Section 28 provides that data are always exempt from section 7 where such an exemption is required for the purposes of safeguarding national security.

7.6 Section 29 provides that personal data processed for the purposes of the prevention and detection of crime; the apprehension or prosecution of offenders, or the assessment or collection of any tax or duty or other imposition of a similar nature are exempt from section 7 to the extent to which the application of the provisions for rights of data subjects would be likely to prejudice any of those matters.

7.7 The exercise of the exemption to subject access rights possible under section 29 does not automatically apply to notices given under the Act. In the event that a CSP receives a subject access request where the fact of a disclosure under the Act might itself be disclosed the CSP concerned must carefully consider whether in the particular case disclosure of the fact of the notice would be likely to prejudice the prevention or detection of crime.

7.8 Where a CSP is uncertain whether disclosure of the fact of a notice would be likely to prejudice an investigation or operation, it should approach the SPoC of the public authority which gave the notice – and do so in good time to respond to the subject access request. The SPoC can make enquiries within the public authority to determine whether disclosure of the fact of the notice would likely be prejudicial to the matters in section 29.^[77]

^[77] The SPoC must provide a response which will enable the CSP to comply with its obligations to respond to the subject access request within 40 days.

7.9 Where a CSP withholds a piece of information in reliance on the exemption in section 28 or 29 of the DPA, it is not obliged to inform an individual that any information has been withheld. It can simply leave out that piece of information and make no reference to it when responding to the individual who has made the subject access request.

7.10 CSPs should keep a record of the steps they have taken in determining whether disclosure of the fact of a notice would prejudice the apprehension or detection of offenders. This might be useful in the event of the data controller having to respond to enquiries made subsequently by the Information Commissioner, the courts and, in the event of prejudice, the police.

Acquisition of communication data on behalf of overseas authorities paras 7.10 to 7.11

2006-06-16T16:22:35Z

Acquisition of communication data on behalf of overseas authorities

]]> 7.10 Whilst the majority of public authorities which obtain communications data under the Act have no need to disclose that data to any authority outside the United Kingdom, there can be occasions when it is necessary, appropriate and lawful to do so in matters of international co-operation.

7.11 There are two methods by which communications data, whether obtained under the Act or not, can be acquired and disclosed to overseas public authorities:^[78]

Judicial co-operation
Non-judicial co-operation

Neither method compels United Kingdom public authorities to disclose data to overseas authorities. Data can only be disclosed when a United Kingdom public authority is satisfied that it is in the public interest to do so and all relevant conditions imposed by domestic legislation have been fulfilled.

^[78] This includes public authorities within the Crown Dependencies and the British Overseas Territories.

Judicial co-operation paras 7.12 to 7.13

2006-06-16T16:28:23Z

Judicial co-operation

]]> 7.12 If the United Kingdom receives a formal request from an overseas court or other prosecuting authority that appears to have a function of making requests for legal assistance, the Secretary of State (in Scotland the Lord Advocate) will consider the request under the Crime (International Co-operation) Act 2003. In order to assist he must be satisfied that the request is made in connection with criminal proceedings or a criminal investigation being carried on outside the United Kingdom.

7.13 If such a request is accepted, that request will be passed to a nominated court in the United Kingdom. That court may make an order requiring a CSP to disclose the relevant information to the court for onward transmission to the overseas authority.

Non-judicial co-operation paras 7.14 to 7.15

2006-06-16T16:31:35Z

Non-judicial co-operation

]]> 7.14 Public authorities in the United Kingdom can receive direct requests for assistance from their counterparts in other countries. These can include requests for the acquisition and disclosure of communications data for the purpose of preventing or detecting crime. On receipt of such a request the United Kingdom public authority may consider seeking the acquisition or disclosure of the requested data under the provisions of Chapter II of Part I of the Act.

7.15 The United Kingdom public authority must be satisfied that the request complies with United Kingdom obligations under human rights legislation. The necessity and proportionality of each case must be considered before the authority processes the authorisation or notice.

Disclosure of communications data to overseas authorities paras 7.16 to 7.20

2006-06-16T16:34:08Z

Disclosure of communications data to overseas authorities

]]> 7.16 Where a United Kingdom public authority is considering the acquisition of communications data on behalf of an overseas authority and transferring the data to that authority it must consider whether the data will be adequately protected outside the United Kingdom and what safeguards may be needed to ensure that.^[79] Such safeguards might include attaching conditions to the processing, storage and destruction of the data.

^[79] The eighth data protection principle is: ‘Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.’ (Paragraph 8, Schedule 1, DPA 1998)

7.17 If the proposed transfer of data is to an authority within the European Union that authority will be bound by the European Data Protection Directive (95/46/EC) and its national data protection legislation. Any data disclosed will be protected there without need for additional safeguards.

7.18 If the proposed transfer is to an authority outside of the European Union and the European Economic Area (Norway, Liechtenstein and Iceland) then it must not be disclosed unless the overseas authority can ensure an adequate level of data protection. The European Commission has determined that certain countries, including Canada and Switzerland, have laws providing an adequate level of protection where data can be transferred without need for further safeguards.

7.19 In all other circumstances the United Kingdom public authority must decide in each case, before transferring any data overseas, whether the data will be adequately protected there. If necessary the Information Commissioner can give guidance.

7.20 The DPA recognises that it will not always be possible to ensure adequate data protection in countries outside of the European Union and the European Economic Area, and there are exemptions to the principle, for example if the transfer of data is necessary for reasons of ‘substantial public interest’^[80]. There may be circumstances when it is necessary, for example in the interests of national security, for communications data to be disclosed to a third party country, even though that country does not have adequate safeguards in place to protect the data. That is a decision that can only be taken by the public authority holding the data on a case by case basis.

^[80] Paragraph 4, Schedule 4, DPA 1998

OVERSIGHT paras 8.1 to 8.3

2006-06-16T16:43:18Z

OVERSIGHT

]]>
8.1 The Act provides for an Interception of Communications Commissioner (‘the Commissioner’) whose remit is to provide independent oversight of the exercise and performance of the powers and duties contained under Chapter II of Part I of the Act.

8.2 This code does not cover the exercise of the Commissioner’s functions. It is the duty of any person who uses the powers conferred by Chapter II of Part I of the Act, or on whom duties are conferred, to comply with any request made by the Commissioner to provide any information he requires for the purposes of enabling him to discharge his functions.

8.3 Should the Commissioner establish that an individual has been adversely affected by any wilful or reckless failure by any person within a relevant public authority exercising or complying with the powers and duties under the Act in relation to the acquisition or disclosure of communications data, he shall, subject to safeguarding national security, inform the affected individual of the existence of the Tribunal and its role. The Commissioner should disclose sufficient information to the affected individual to enable him or her to effectively engage the Tribunal.

COMPLAINTS paras 9.1 to 9.2

2006-06-16T16:46:50Z

COMPLAINTS

]]> 9.1 The Act established an independent Tribunal (‘the Investigatory Powers Tribunal’). The Tribunal is made up of senior members of the judiciary and the legal profession and is independent of the Government. The Tribunal has full powers to investigate and decide any case within its jurisdiction which includes the acquisition and disclosure of communications data under the Act
.
9.2 This code does not cover the exercise of the Tribunal’s functions. Details of the relevant complaints procedure can be obtained from the following address:

The Investigatory Powers Tribunal,
PO Box 33220
London
SW 1H 9ZQ
tel: 020 7035 3711

ISBN - 1-84473-915-5
HO_00472_G