The @BCS FOI Certificate Gives You Wings!

Are you a Freedom of Information (FOI) practitioner wanting to give your career a boost? Or perhaps you are new to FOI wanting to quickly get up to speed with FOI law and practice?

_DSC6317 (1)The British Computer Society’s (BCS) Certificate in Freedom of Information (formerly ISEB) is now firmly established as one of the premier qualifications in FOI. Backed by the BCS, it is internationally recognised and increasingly mentioned as a desirable qualification in FOI Officer job vacancies. Sometimes it is even stated as a requirement.

Act Now has been running the BCS FOI course for many years. I am the main FOI trainer although, the increasing popularity of our course means that, Tim Turner and Paul Gibbons also deliver this course from time to time.

Our course is aimed at anyone working in the FOI area, such as information managers, FOI practitioners, information governance officers, data protection officers, press officers and lawyers advising on information law issues. No prior knowledge is assumed although it always helps to have some experience of dealing with FOI requests. Our course runs over several weeks (one day per week) rather than being crammed into a few days. This allows delegates to get to know each other and benefit from their respective experience and knowledge. Often friendships are forged which continue to be of mutual assistance well after the course has ended.

Online Resource Lab

What makes the Act Now BCS FOI course unique is that we have a full online Resource Lab, which compliments the face-to-face teaching and course materials. Delegates can watch over 5 hours of videos on various aspects of the syllabus. Most videos are linked to an online quiz allowing delegates to test their knowledge at the end. There are also many standalone quizzes as well as links to ICO guides and other useful reference documents in the Resource Lab. This means that candidates have a full resource library which they can access at anytime to back up what they learnt on the course or to catch up if they fell asleep in the afternoon after a good lunch! Our courses are at five star (city centre) hotels so the latter is always a possibility.

The Exam!

The course is assessed through a three hour scenario based, closed book written exam which consists of:

– Part A: 10 multiple choice questions (1 mark each)
– Part B: 8 compulsory short narrative questions (5 marks each)
– Part C: 6 questions – a compulsory case study (20 marks each) plus two other essay questions (15 marks each)

The pass mark is 50% (50/100) and the distinction mark is 80% (80/100).

Passing the exam is as much about exam technique as it about knowing the law and how to apply it. Our course (and homework) contains lots of scenario-based exercises which are designed to teach delegates how to answer the key points of a question within the time available in the exam. Each exercise/homework is further discussed in a group setting before a suggested answer is agreed upon.

We also hold a live online revision session, which allows delegates to ask the trainer to go over key areas of the syllabus and/or more sample questions. There is also a test at the end.

How To Pass

Don’t be too worried about the exam. You will be taught by a very experienced trainer who himself has passed the exam with a distinction. But in the end your success will depend on the hard work you are willing to put in. Timely attendance is essential as well as the doing the homework and taking an active part in discussions. We also find that candidates who pass the mock exam pass the real thing. Therefore revision for the mock is essential. Those who learn key facts as they go along rather than cram at the end inevitably tend to do well. (Read our other top tips here.)

A successful FOI candidate and a successful DP candidate have also shared their views on how to get the best out of the course on our blog.

90% Pass Rate

2014 is on course to be our most successful year delivering the BCS FOI course. So far 52 of our delegates have sat the exam. Out of these 47 passed (of which one achieved a distinction). This gives us a pass rate thus far of just over 90%!

Now is the time to think about doing a BCS FOI course. Not only will it give you an in depth knowledge of FOI law and practice, it will allow you to prove your expertise to your colleagues through gaining an internationally recognised qualification. At Act Now we are dedicated to ensuring you get the best training and resources to help you achieve your potential. Don’t just take our word for it though. Read what our: previous delegates have said. If you are feeling brave, have a go at our online BCS FOI test.

Ibrahim Hasan is a solicitor and director of Act Now Training. For Scottish colleagues we run the Act Now FOISA Practitioner Certificate which is endorsed by the Centre for Information Rights based at the University of Dundee.

OSC Annual RIPA Report (2014) – Key Points


The Chief Surveillance Commissioner published his annual report on 4th September 2014. The report covers the period from 1st April 2013 to 31st March 2014 and is essential reading for those public authorities, especially councils, who conduct surveillance under Part 2 of the Regulation of Investigatory Powers Act 2000 (RIPA) (Directed Surveillance, Intrusive Surveillance and the deployment of a Covert Human Intelligence Source (CHIS)). The report details statistics relating to the use of these tactics and information about how the Office of Surveillance Commissioners (OSC) conducts its oversight role.

Non-law enforcement agencies (including councils) authorised Directed Surveillance on 4,412 occasions in the reporting period. This continues a downward trend over the last few years. Last year there were 5,827 of such authorisations. 75% of these were completed by the Department for Work and Pensions.

The report also considers the changes, which took effect on 1st November 2012; namely magistrates’ approval for council surveillance and a new six-month threshold test for Directed Surveillance. There were 517 approval requests made to a magistrate in the reporting period of which only 26 were rejected. On the whole the changes are working well but the Chief Surveillance Commissioner has expressed concern about the level of RIPA knowledge amongst magistrates:

“What has become clear is that the knowledge and understanding of RIPA among magistrates and their staff varies widely. Adequate training of magistrates is a matter for others, but I highlight the need. The public is not well served if, through lack of experience or training, magistrates are not equipped effectively to exercise the oversight responsibility, which the legislation requires. I am aware, for example, of one magistrate having granted an approval for activity retrospectively, and another having signed a formal notice despite it having been erroneously completed by the applicant with details of a different case altogether.” (Para 3.10)

The Commissioner notes a continuing steady decline in the use of Directed Surveillance by local councils which may, or may not, have resulted from the introduction of the need to seek a magistrate’s approval. In one borough council there had been 47 directed surveillance authorisations between 2010 and the introduction of The Protection of Freedoms Act 2012 and none in the 16 months thereafter. (It is important to note that, as the Commissioner pointed out at paragraph 5.5 of last year’s report, RIPA is permissive legislation and there may be occasions where surveillance outside the scope of RIPA may be required. He pointed to the IPT decision in BA and others v Cleveland Police (IPT/11/129/CH). This is in keeping with Ibrahim Hasan’s view as explained previously on this blog. )

Where councils have continued to use their RIPA powers, the OSC has identified a lack of a corporate approach to the new process. Some councils have established or used existing relationships with their local magistrates’ court to ensure that both parties were prepared for the impact of the new Act; some have gone so far as to provide a training input to local magistrates and their clerks, so they understand RIPA and the type of case and associated documentation which will be presented to them. (The Home Office guidance document is a good place to start for authorities new to the approval process.)

Social Networks

The Commissioner draws special attention in his report to the use of the Internet for investigations, particularly involving social networking sites:

“5.30. This is now a deeply embedded means of communication between people and one that public authorities can exploit for investigative purposes. I am reasonably satisfied that there is now a heightened awareness of the use of the tactic and the advisable authorisations under RIPA that should be considered. Although there remains a significant debate as to how anything made publicly available in this medium can be considered private, my Commissioners remain of the view that the repeat viewing of individual “open source” sites for the purpose of intelligence gathering and data collation should be considered within the context of the protection that RIPA affords to such activity.”

The Commissioner advises caution when conducting online investigations:

“5.31. In cash-strapped public authorities, it might be tempting to conduct on line investigations from a desktop, as this saves time and money, and often provides far more detail about someone’s personal lifestyle, employment, associates, etc. But just because one can, does not mean one should. The same considerations of privacy, and especially collateral intrusion against innocent parties, must be applied regardless of the technological advances.”

He goes on to suggest that a RIPA authorisation may be required for some online investigations:

“5.32. Access to social networking sites by investigators in all public authorities is something we examine on inspections. Many, particularly the law enforcement agencies, now have national and local guidance available for their officers and staff. However, many local authorities and government departments have still to recognise the potential for inadvertent or inappropriate use of the sites in their investigative and enforcement role. Whilst many have warned their staff of the dangers of using social media from the perspective of personal security and to avoid any corporate damage, the potential need for a RIPA authorisation has not been so readily explained.

5.33. I strongly advise all public authorities empowered to use RIPA to have in place a corporate policy on the use of social media in investigations. Some public authorities have also found it sensible to run an awareness campaign, with an amnesty period for declarations of any unauthorised activity or where, for example, officers have created false personae to disguise their on line activities.”

We have a workshop on investigating E – Crime and Social Networking Sites, which considers all the RIPA implications of such activities.

Common inspection findings

Over the past year, the OSC has carried out in excess of 140 council inspections in England and Wales. At paragraph 5.37 of the report, the Commissioner lists the main issues that he has commented upon in his inspection reports:

· Unsubstantiated and brief, or, conversely, excessively detailed intelligence cases

· Poor and over-formulaic consideration of potential collateral intrusion and how this will be managed

· Poor proportionality arguments by both applicants and Authorising Officers – the four key considerations (identified by my Commissioners and adopted within the Home Office Codes of Practice) are often not fully addressed

· A surfeit of surveillance tactics and equipment being requested and granted but rarely fully used when reviews and cancellations are examined

· At cancellation, a lack of adequate, meaningful update for the Authorising Officer to assess the activity conducted, any collateral intrusion that has occurred, the value of the surveillance and the resultant product; with, often, a similarly paltry input by Authorising Officers as to the outcome and how product must be managed

· On the CHIS documentation, a failure to authorise a CHIS promptly as soon as they have met the criteria; and in many cases (more typically within the non-law enforcement agencies) a failure to recognise or be alive to the possibility that someone may have met those criteria

· Some risk assessments can be over-generic and not timeously updated to enable the Authorising Officer to identify emergent risks

· Discussions that take place between the Authorising Officer and those charged with the management of the CHIS under Section 29(5) of RIPA are not always captured in an auditable manner for later recall or evidence

· As resources become stretched within police forces, the deputy to the person charged with responsibilities for CHIS under Section 29(5)(b) often undertakes those functions: as with an Authorising Officer, this is a responsibility which cannot be shared or delegated

· Outside pure documentary issues, a lack, in some public authorities, of ongoing refresher training for those that require it; and a need for an improved level of personal engagement in the oversight process by the Senior Responsible Officer.

Now is the time to consider refresher training for RIPA investigators and authorisers. We have a full program of RIPA Courses and can also deliver these at your premises, tailored to the audience. If you want to avoid re inventing the wheel, our RIPA Policy and Procedures Toolkit gives you a standard policy as well as forms (with detailed notes to assist completion) for authorising RIPA and non-RIPA surveillance. There is substantial discount for orders received before 30th September 2014.

Interception of Communications Commissioner’s Annual Report


Local authorities have powers under Part I Chapter 2 of the Regulation of Investigatory Powers Act 2000 (RIPA) (sections 21 to 25). This concerns the acquisition and disclosure of communications data from Communications Service Providers (CSPs). The definition of “communications data” includes information relating to the use of a communications service (e.g. phone, internet, post) but does not include the contents of the communication itself. It is broadly split into 3 categories: “traffic data” i.e. where a communication was made from, to whom and when; “service data” i.e. the use made of the service by any person e.g. itemised telephone records; “subscriber data” i.e. any other information that is held or obtained by a CSP on a person they provide a service to.

Some public authorities have access to all types of communications data e.g. police, ambulance service, HM Revenues and Customs. Local authorities are restricted to subscriber and service use data and even then only where it is required for the purpose of preventing or detecting crime or preventing disorder. For example, a benefit fraud investigator may be able to get access to an alleged fraudster’s mobile telephone bill. As with other RIPA powers, e.g. Directed Surveillance, there are forms to fill out and strict tests of necessity and proportionality to satisfy.

In April, the Interception of Communications Commissioner’s 2013 Annual Report to the Prime Minister was laid before Parliament. (See also the Press Release and Prime Ministerial Statement .) The Prime Minister under Section 57(1) of RIPA 2000 appointed Sir Anthony May in January 2013. His function is to keep under review the interception of communications and the acquisition and disclosure of communications data by intelligence agencies, police forces and other public authorities (including councils). He is required to make an annual report to the Prime Minister with respect to the carrying out of his functions.

The total number of communications data applications approved in 2013 was 514,608. Of these 87.7% were made by police forces and law enforcement agencies. Less than 1% were made by local authorities and ‘other’ public authorities. The latter includes regulatory bodies with statutory functions to investigate criminal offences and smaller bodies with niche functions.

The report shows that despite media headlines, local authorities are very infrequent users of their RIPA communications data powers. 121 local authorities reported never using their powers. 172 reported they did not use their powers in 2013, but have used their powers in previous years. A big reason for councils’ infrequent use of their powers is that, since 1st November 2012, they have had to obtain Magistrates’ approval for even the simplest communications data applications (e.g. mobile subscriber checks). (Read about the changes in detail here.)

The Commissioner also has the power to conduct inspections of public authorities using these powers. In 2013 his office conducted 75 inspections broken down as follows: 43 police force and law enforcement agency, 1 intelligence agency, 17 local authority and 14 ‘other’ public authority inspections.

A typical inspection may include the following:

  • A review of the action points or recommendations from the previous inspection to check they have been implemented.
  • An audit of the information supplied by the CSPs detailing the requests that public authorities have made for disclosure of data. This information is compared against the applications held by the SPoC (Single Point of Contact) to verify that the necessary approvals were given to acquire the data.
  • Examination of individual applications to assess whether they were necessary in the first instance and then whether the requests met the necessity and proportionality requirements.
  • Scrutinising at least one investigation or operation from start to end to assess whether the communications data strategy and the justifications for acquiring all of the data were proportionate.
  • Examination of the urgent oral approvals to check the process was justified and used appropriately.
  • A review of the errors reported or recorded, including checking that the measures put in place to prevent recurrence are sufficient.

Para 4.3 of the report emphasises the important role of the Single Point of Contact (SPoC) in the communications data application process:

“The  SPoCs  have  an  essential  role  to  play  here  in using their experience to challenge the investigative strategy underlying the applications which they oversee.”

Every SPoC must attend a two-day Home Office approved training course and pass an exam. Act Now is one the few training providers still running this course. Our next course is in Manchester in November. Full details on our website:

RIPA Policy and Procedures Toolkit – Time Limited Offer



It is almost two years since major changes to the local authority surveillance regime (under the Regulation of Investigatory Powers Act 2000, (RIPA) came into force.

Since 1st November 2012, whenever exercising any powers under RIPA (doing Directed Surveillance, deploying a CHIS or accessing Communications Data) councils have had to obtain Magistrates’ approval. Directed Surveillance has also been made the subject of a new Serious Crime Test (Read about the changes in detail here. On the whole the changes are working well.

A common criticism of local authorities though, by the Office of Surveillance Commissioners (OSC) when carrying out RIPA compliance inspections, is that they need to revise their RIPA polices and procedures in the light of the changes. Act Now has developed a RIPA procedures and guidance toolkit to prevent councils having to re invent the wheel. The toolkit has been drafted by Ibrahim Hasan, an experienced trainer and writer on surveillance law.

The toolkit includes an updated version of our previous RIPA Forms Guidance document, which was bought by over one hundred different organisations. In addition there are detailed guidance notes on deciding when surveillance is caught by RIPA, how to authorise it and what to do about surveillance which is not regulated by RIPA. The toolkit is written in straightforward language (avoiding legal jargon) and includes flowcharts to assist understanding. The full contents list includes:

New – Template covert surveillance policy statement
New – Guide to the changes in force from 1st November 2012
New – Full guide to surveillance under RIPA (e.g. Directed, CHIS etc.)
New – Guidance for Authorising Officers including decision trees

New – Seeking Magistrates’ Approval

  • Step by step guide to the process
  • New judicial application/order form with full notes to assist completion

Updated – Completing the RIPA Forms

  • Procedure for completing the forms
  • Common mistakes
  • All Directed Surveillance forms with full notes to assist completion
  • All CHIS forms with full notes to assist completion

Updated – Undertaking Non RIPA Surveillance

  • When it is appropriate
  • Non – RIPA Surveillance Authorisation Form

More here:

The normal price of the toolkit is £199 plus vat for a hard copy and £399 plus vat for a CD ROM (plus hard copy). The CD contains an electronic version with a licence to make additional hard copies and to upload the toolkit on to an intranet site (for internal use only).

TIME LIMITED OFFER – Until 30th September 2014, we are offering the hard copy for £99 plus vat and the CD ROM for £199 plus vat. Please quote “Blog/OfferSep14” when ordering. No other discounts apply.

Scottish colleagues can buy the RIP(S)A version of the toolkit here:

For those of you looking for refresher training in this area, we have a full program of public workshops. We can also bring the training to you for a customised in house training course. Please get in touch for a quote.

%d bloggers like this: