Monitoring Staff Use of Social Networks: The Human Rights Implications

canstockphoto9076695

According to a recent FOI request made by BBC Radio 5 live, last year there was a rise in the number of UK council staff suspended after being accused of breaking social media rules. Many employers, both in the public and the private sector, now monitor staff use of social media within the office environment. The possibilities are endless but care must be taken not to overstep the legal limits.

All employers have to respect their employees’ right to privacy under Article 8 of the European Convention on Human Rights (ECHR).  This means that any surveillance or monitoring must be carried out in a manner that is in accordance with the law and is necessary and proportionate (see Copland v UK (3rd April 2007 ECHR))

A January 2016 judgment of the European Court of Human Rights show that a careful balancing exercise needs to be undertaken when applying the law (Barbulescu v Romania (application 61496/08). In this case, the employer had asked employees such as the applicant to set up Yahoo! messenger accounts for work purposes. Its policies clearly prohibited the use of such work accounts for personal matters. The employer suspected the applicant of misusing his account, so it monitored his messages for a period during July 2007 without his knowledge.

The employer accused the applicant of using his messenger account for personal purposes; he denied this until he was presented with a 45-page printout of his messages with various people, some of which were of an intimate nature. The employer had also accessed his private messenger account (though it did not make use of the contents).

The applicant was sacked for breach of company policy. When he challenged his dismissal before the courts, his employer relied on the print out of his messages as evidence. He argued that, in accessing and using those personal messages, the employer had breached his right to privacy under Article 8 ECHR.

The Court accepted the applicant’s privacy rights were engaged in this case. However the employer’s monitoring was limited in scope and proportionate. It is reasonable for an employer to verify that employees are completing their professional tasks during working hours. Key considerations were:

  • The emails at the centre of the debate had been sent via a Yahoo Messenger account that was created, at the employer’s request, for the specific purpose of responding to client enquiries.
  • The employee’s personal communications came to light only as a result of the employer accessing communications that were expected to contain only business related materials and had therefore been accessed legitimately.
  • The employer operated a clear internal policy prohibiting employees from using the internet for personal and non-business related reasons.
  • The case highlights the need for companies to have a clear internet and electronic communications policy and the importance of such a policy being communicated to employees.

When monitoring employees, the employer will inevitably be gathering personal data about employees and so consideration also has to be given to the provisions of the Data Protection Act 1998 (DPA). The Information Commissioner’s Office’s (ICO) Employment Practices Code, includes a section on surveillance of employees at work. In December 2014, Caerphilly County Borough Council signed an undertaking after an ICO investigation found that the Council’s surveillance of an employee, suspected of fraudulently claiming to be sick, had breached the DPA.

Compliance with the DPA will also help demonstrate that the surveillance is human rights compliant since protection of individuals’ privacy is a cornerstone of the DPA. Of course the data protection angle will bite harder when the new EU Data Protection Regulation comes into force in 2018. Failure to comply could lead to a fine of up to 20 million Euros or 4% of global annual turnover.

Act Now has a range of workshops relating to surveillance and monitoring both within and outside the workplace. Our products include a RIPA polices and procedures toolkit and e-learning modules.

CCTV and the Law

By Steve Morris[ File # csp0356261, License # 1228612 ]
Licensed through http://www.canstockphoto.com in accordance with the End User License Agreement (http://www.canstockphoto.com/legal.php)
(c) Can Stock Photo Inc. / fintastique

The updated version of the Information Commissioner’s CCTV Code of Practice address the rising phenomena of surveillance technologies and methods. No longer are surveillance cameras passive image collectors, providing a resource for immediate use or historical evidence.

CCTV, ANPR, Body Worn Cameras, Aerial Drones, together with the associated analytical tools and software, are all technologies being used within many public and private sector organisations.

These technologies are invaluable for efficient and effective public protection as well as revenue collection and enforcement activities. Just one such example might be lone workers performing a caring function and for their safety, wearing audio and video recording equipment when they leave the safety of their own home. These persons then enter the private dwelling of a vulnerable person in need of assistance. In some instances the video and audio will be running throughout the whole of the attendance – often with a live feed to a control room. The benefits for the safety of the carer are clear, and the immediate response and advice by control room personnel is undoubtedly beneficial for the person requiring assistance. But this equipment is capturing images and conversation of an individual, and perhaps family and friends, within that person’s private home. The images and conversation, being witnessed by others many miles away is likely to be very intimate and private.

Does this vulnerable person or those responsible for them realise this is actually taking place?

Do they consent to it as a part of the provision of the service?

Before a public authority undertakes such activity it must conduct a privacy impact assessment, and perhaps obtain consent for the collection and processing of such information. Without such consideration – and a record of such assessment, then it might easily be argued that the organisation has not shown “Respect for the private life” in accordance with Article 8 of the European Convention on Human Rights, and the activity might be deemed to be unlawful – and indeed might be in breach of the Data Protection Act 1998. The Care Quality Commission has issued guidance on use of cameras in care homes.

The Surveillance Camera Commissioner, Tony Porter, pursuing compliance with a Code of Practice issued in accordance with the Protection of Freedoms Act has identified several aspects non-compliance when it comes to CCTV cameras:

  • Inadequate or non-existent privacy impact assessments
  • Equipment deployed with no respect or consideration for privacy or consideration for the benefit balanced with intrusion (proportionality)
  • Equipment in use not fit for purpose
  • Excessive use of surveillance
  • Removal of surveillance such as CCTV to reduce costs with little regard for the void left in relation to public safety and security

In a speech to the CCTV User Group, Mr Porter said budget cuts had led councils to decide to spend less on public space CCTV, meaning there was less money for staff training, poorer understanding of legal issues and a reduced service. He said councils could face greater scrutiny of their use of CCTV, including potential inspections and enforcement. Organisations should carry out annual reviews of their CCTV capacity but many failed to do so. He cited a West Midlands local authority which, upon review, reduced the number of ineffective cameras and saved £250,000 in the process.

Mr Porter, who has been in his post since March 2014, has written to council chief executives to remind them of the law and code of practice.

My latest series of one day CCTV law workshops examine the ‘surveillance landscape’ and the regulatory regime of the Information Commissioner, the Office of the Surveillance Commissioner, and the Surveillance Camera Commissioner. Attendees will be able to identify which regime(s) and codes of practice apply to their surveillance activity, and how to manage efficient, effective and lawful surveillance systems.

Steve Morris is an ex police officer and one of our expert surveillance law trainers. His CCTV law workshops take place in Manchester and London in October.

The New RIPA Surveillance Codes: Key Changes

By Sam Lincoln (Chief Surveillance Inspector 2006 – 2013)

Featured imageRecently Ibrahim Hasan alerted you to the revisions of the two codes of practice underPart 2 of the Regulation of Investigatory Powers Act 2000 (RIPA) published on 10th December 2014. Ibrahim urged you to read them but I suspect that it wasn’t at the top of your ‘to do’ list over Christmas! So I’ve done the donkey work for you.

A cursory examination suggests that the revised codes simply implement the amendments to RIPA resulting from the legislation enacted since the last codes were published namely: the Regulation of Investigatory Powers (Extension of Authorisation Provisions: Legal Consultations) Order 2010; to the Protection of Freedoms Act 2012; and the Regulation of Investigatory Powers (Covert Human Intelligence Sources: Relevant Sources) Order 2013. But there are some interesting and important changes.

I approach the subject by addressing each of the two codes. Before I do, it’s worth saying that I compared the existing 2010 codes with the draft codes obtained from the Home Office website available at the time of writing. It may be worth checking to see if further amendments were made before publication. I ignore the frequent amendment resulting from changes to the names or amalgamation of public authorities (for example the formation of Police Scotland and the creation of the National Crime Agency).

If you are a member of a local authority, please don’t persuade yourself that the CHIS Code doesn’t apply to your authority. I think you’ll find that it does!

Covert Surveillance and Property Interference Code

Let’s begin with the Covert Surveillance and Property Interference Code. It might be worth having a copy (printed or online) handy as I’ll refer to relevant paragraph numbers in square brackets ([]):

[2.18] The first sentence is amended to account for the fact that some legal consultations which might otherwise be Directed Surveillance are now to be authorised as Intrusive Surveillance.

[2.24] Examples 3 and 4 have been amended. I am particularly uncomfortable with the amendment to Example 4 which relegates the requirement for an authorisation from “should be sought” to “should … be considered”. The inference is that planned covert surveillance of an individual suspected of shoplifting depends on the public authority deciding whether the individual has a reasonable expectation of privacy. Assessing what is reasonable and what is assumed by another person is open to challenge. It is because examples can mislead that the Office of Surveillance Commissioners (OSC), during my tenure, advised against the inclusion of examples. For this reason it’s vital that applicants and authorising officers note [1.7].

[2.27] This paragraph has been expanded to include guidance provided by the Surveillance Camera Code of Practice pursuant to the Protection of Freedoms Act. (More on CCTV here)

[2.29] This new paragraph provides important guidance regarding the need to consider whether an authorisation for either Directed Surveillance or a CHIS is required when using the Internet. As usual, it lacks the clarity usually sought by practitioners but it is clear that prior consideration should be given to the need for authorisation; it’s not acceptable to ignore this advice and I urge Senior Responsible Officers to ensure that they alert all public authority staff to its implications.

[2.30] The third bullet point of this paragraph is amended to differentiate between non-verbal and verbal noise.

[3.7] The original examples 2 and 3 are deleted. I suspect that the cause is that neither could be protected by a RIPA authorisation as a result of the 2010 Order. But then again, nor does Example 1!

[3.18] This is a new paragraph and covers the use of third party individuals or organisations (for example private investigators and internet researchers). They are acting as agents of the public authority and the need for relevant authorisation must not be ignored.

[3.22] The deletion of reference to Scottish public authorities suggests that there is no collaboration agreement with any public authorities in Scotland.

[3.30 – 3.33] These new paragraphs cover the changes to local authority authorisations of Directed Surveillance resulting from the Protection of Freedoms Act 2012. (More on the changes here)

[3.35] This paragraph amends the requirement for elected members to consider internal reports submitted on a ‘regular basis’ rather than at least quarterly. I’m personally disappointed that there’s no restriction on the detail of authorisations that elected members are entitled to see to prevent inadvertent compromise.

[4.1] The fourth sentence is amended slightly for grammatical effect it seems. The definition of a Member of Parliament is deleted and placed in the glossary at the back of the code.

[5.18] I recall that the OSC advised that there is no ‘legal’ requirement for any further details to be recorded and would have preferred the code to be more assertive. It’s disappointing that this advice is ignored.

[5.20] It isn’t clear why all of the footnotes relating to this paragraph are deleted.

[6.2] Is amended to include directed surveillance.

[7.8] This paragraph isn’t amended despite, to my knowledge, earlier criticism of the accuracy of its first sentence by the OSC. I am not a lawyer but, if I recall accurately, neither loss nor damage is necessary for there to be property interference. Subsequent analysis of a sample isn’t, of itself, surveillance; it’s the obtaining of the sample itself which may need authorisation.

[8.1] An additional sentence is added directing local authorities to the .gov.uk website for further guidance on the recording of magistrates’ decisions.

[8.2] A final bullet is included requiring local authorities to retain a copy of the Magistrates’ approval order in a centrally retrievable form. (more on the Magistrates’ approval process here)

[8.4] This is a new paragraph advising that it is desirable that relevant records should be retained, if possible, for up to five years.

CHIS Code of Practice

Let me turn now to the revised CHIS Code of Practice.

[2.4] This alerts the reader to the renaming of CHIS previously known as undercover officers to ‘relevant source’. Not a particularly helpful title. Contrary to this paragraph, not all references to undercover officers are amended in this revision of the Code.

[2.12] The final sentence of this paragraph is an important amendment. It alerts public authorities to the fact that the existence of a CHIS is not a choice for a public authority. Whether to authorise the use and conduct of a CHIS is a choice of course, but in my experience too often public authorities wished the problem away. In short, all public authorities must acknowledge that a CHIS may appear at any time and must have procedures in place to manage them in accordance with the law.

[2.14] This new paragraph obliges ‘relevant sources’ to comply with the College of Policing Code of Ethics.

[2.15] This is a new paragraph obliging the authorisation of activity known as ‘legend building’.

[2.16] This seems an unnecessary paragraph considering that types of human sources falling outside the CHIS definition are provided specific attention.

[2.17] This new paragraph introduces the concept of a public volunteer (with examples) in addition to the previously existing concept of a human source with a professional or statutory duty.

[3.12] This paragraph is amended in recognition that the 2013 Order introduced enhanced arrangements.

[3.22] The amendment to this paragraph emphasises that the enhanced arrangement for relevant sources relies on accurate recording of the length of deployment of each relevant source.

[3.26 – 3.27] This new section is specific to the use of CHIS by local authorities and the approval by magistrates. It highlights differences between authorities in England and Wales, Scotland, and Northern Ireland. Similar direction is provided to the need for elected member review but, as I was disappointed with the direction in the other Code, I believe that there is benefit in restricting the detail available to elected members in relation to the use and conduct of a CHIS to prevent compromise.

[4.3] This reminds the reader that ‘relevant sources’ are subject to enhanced arrangements when accessing legally privileged and other confidential information.

[4.31] There is an addition to cover the engagement of a member of a foreign law enforcement agency.

[4.32] The is an important new paragraph covering the considerations necessary to authorise the use and conduct of a CHIS for some online covert activity. It should be read in conjunction with [2.29] of the Covert Surveillance and Property Interference Code of Practice.

[5.10] This new paragraph clarifies the enhanced arrangements for relevant sources.

[5.15] Two sentences are added to this paragraph. The first states that local authorities are no longer able to orally authorise the use of RIPA techniques. The second relates to out of hours arrangements.

[5.16] An amendment to this paragraph introduces additional information to include at review; namely the information obtained from a CHIS and the reasons why executive action is not possible if that is the case (my italics are an addition).

[5.21 and 5.22 – 5.26] These new paragraphs relate to enhanced arrangements for the use and conduct of relevant sources. They provide detail regarding timings and, importantly, the calculation of total or accrued deployment or cumulative authorisation periods.

[5.29] An additional sentence requires an authorising officer to satisfy themselves that all welfare issues are addressed at the time of CHIS cancellation.

[5.30 – 5.31] These new paragraphs relate to the refusal of an Ordinary Surveillance Commissioner to approve a long term authorisation. Importantly, it obliges public authorities to plan for the safe extraction of a relevant source if an authorisation is refused.

[6.6] The addition of a final sentence recognises concerns raised by the OSC in relation to traditional police appointments and their responsibilities as defined by RIPA.

[7.3] Similar to [8.4] of the Covert Surveillance and Property Interference Code revision, this new paragraph (and amendment of [7.1] and [7.6]) recommends that relevant RIPA records should be retained for five years if possible.

[7.6] The addition of a bullet point requires that the decision of an Ordinary Surveillance Commissioner should be retained.

There is one other point I would like to make about the CHIS Code; there is no reference to the fact that the Protection of Freedoms Act 2012 did not restrict the use or conduct of a CHIS to the prevention or detection of crimes not attracting a six month sentence as it did for other types of covert surveillance.

What should you do now?

If you’ve got this far without falling asleep, you are obviously a person who takes RIPA seriously! It would be very helpful therefore if you ensure that your Senior Responsible Officer and all authorising officers are alerted to these amendments. I’m sure the OSC will check that policies are amended accordingly and that extant codes of practice are available and understood.

Copy this article by all means but please have the courtesy to accredit it properly!!

Sam Lincoln was formerly Chief Surveillance Inspector with the Office of Surveillance Commissioners for seven years. Please get in touch if you would like Sam to help you prepare for an OSC inspection by delivering customised training at your premises. We also have a full program of RIPA workshops in 2015 where we will examine the new codes in detail: http://www.actnow.org.uk/content/110

STOP PRESS… STOP PRESS… STOP PRESS… STOP PRESS…

ONLINE RIPA TRAINING

Looking for an e-learning solution for your RIPA training needs? http://www.actnow.org.uk/content/185

———————————————————————————————————-

RIPA Policy and Procedures Toolkit – Time Limited Offer

 

capture-20140903-130009

It is almost two years since major changes to the local authority surveillance regime (under the Regulation of Investigatory Powers Act 2000, (RIPA) came into force.

Since 1st November 2012, whenever exercising any powers under RIPA (doing Directed Surveillance, deploying a CHIS or accessing Communications Data) councils have had to obtain Magistrates’ approval. Directed Surveillance has also been made the subject of a new Serious Crime Test (Read about the changes in detail here. On the whole the changes are working well.

A common criticism of local authorities though, by the Office of Surveillance Commissioners (OSC) when carrying out RIPA compliance inspections, is that they need to revise their RIPA polices and procedures in the light of the changes. Act Now has developed a RIPA procedures and guidance toolkit to prevent councils having to re invent the wheel. The toolkit has been drafted by Ibrahim Hasan, an experienced trainer and writer on surveillance law.

The toolkit includes an updated version of our previous RIPA Forms Guidance document, which was bought by over one hundred different organisations. In addition there are detailed guidance notes on deciding when surveillance is caught by RIPA, how to authorise it and what to do about surveillance which is not regulated by RIPA. The toolkit is written in straightforward language (avoiding legal jargon) and includes flowcharts to assist understanding. The full contents list includes:

New – Template covert surveillance policy statement
New – Guide to the changes in force from 1st November 2012
New – Full guide to surveillance under RIPA (e.g. Directed, CHIS etc.)
New – Guidance for Authorising Officers including decision trees

New – Seeking Magistrates’ Approval

  • Step by step guide to the process
  • New judicial application/order form with full notes to assist completion

Updated – Completing the RIPA Forms

  • Procedure for completing the forms
  • Common mistakes
  • All Directed Surveillance forms with full notes to assist completion
  • All CHIS forms with full notes to assist completion

Updated – Undertaking Non RIPA Surveillance

  • When it is appropriate
  • Non – RIPA Surveillance Authorisation Form

More here: http://www.actnow.org.uk/content/117

The normal price of the toolkit is £199 plus vat for a hard copy and £399 plus vat for a CD ROM (plus hard copy). The CD contains an electronic version with a licence to make additional hard copies and to upload the toolkit on to an intranet site (for internal use only).

TIME LIMITED OFFER – Until 30th September 2014, we are offering the hard copy for £99 plus vat and the CD ROM for £199 plus vat. Please quote “Blog/OfferSep14” when ordering. No other discounts apply.

Scottish colleagues can buy the RIP(S)A version of the toolkit here: http://www.actnow.org.uk/content/84

For those of you looking for refresher training in this area, we have a full program of public workshops. We can also bring the training to you for a customised in house training course. Please get in touch for a quote.

1st September 2013: D Day for (FOI) Datasets

MC900438779From 1st September 2013 public authorities will face new obligations when it comes to the release and re use of datasets. Recent publications provide more details about the new provisions and how public authorities should prepare for their implementation.

The Protection of Freedoms Act 2012 amends the Freedom of Information Act 2000 (FOI). The key points of Section 102 of the Act (which amends section 11, 19 and 45 of FOI) are:

  • There will be a new duty on public authorities, when releasing datasets, to adhere to any request to do so in electronic form which allows their re-use where reasonably practicable.
  • Any dataset containing copyright material (where the authority holds the copyright) must be made available for re-use under a specified licence.
  • Publication schemes will, in future, contain a requirement to publish datasets, which have been requested, as well as any updated versions.
  • Such datasets will also have to be published in an electronic form capable of re use and any copyright material must be available for re use in accordance with the terms of a specified licence.
  • Public authorities will be able to charge a fee for allowing re use of any datasets containing copyright material.

It is important to note that the changes do not give new rights of access. They are concerned with format and the ability to re-use datasets, once the public authority has decided that no exemptions or other provisions (e.g. costs, vexatious) in the legislation apply.

New Guidance and Code

There is also a new Code of Practice (datasets), which will sit alongside the existing Section 45 Code of Practice under FOI. This outlines the licencing framework which public authorities must use when making copyright material within datasets available for re-use.

The new code aims to make it clear as to what is meant by the terms set out in the new provisions. For example, what is meant by “an electronic form which is capable of re-use” or a “re-usable format” for the purposes of the Act.

The new code contains three standard licences available to public authorities when allowing re use of copyright material contained in a dataset which is disclosed under FOI. The first two are the Open Government Licence and the Non-Commercial Government Licence. Both allow re use of the information without charge including copying, publishing, distributing and adapting the information as well as combining it with other information. The new code encourages authorities to use the Open Government License wherever possible. The Non-Commercial Government licence is slightly more restrictive because it contains a clause preventing the use of the information “in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation.” It will be interesting to see if public authorities routinely offer this licence (even though it would be against the spirit of the Act and the new code) just to prevent the private sector from profiting from the requested dataset.

Charging

The third type of licence is the Charged Licence. This has been published by The National Archives in beta form . It can be usedby public authorities that have reason to charge for the re-use of the dataset information they hold or produce. As I have said before, this provides an opportunity for public authorities to raise some much needed revenue. The Secretary of State has exercised his power (under new Section 11B of FOI) to make regulations prescribing “the amount of any fee payable or providing for any such amount to be determined in such manner as may be prescribed, provide for a reasonable return on investment. (See The Freedom of Information (Release of Datasets for Re-use) (Fees) Regulations 2013). It will be interesting to see how many complaints are made to the Information Commissioner about public authorities over charging.

What to do now?

According to the ICO, public authorities need to:

  • Start thinking about the definition of a dataset: what information or categories of information do they have that fits the definition?
  • Promote the key principles of open data in their organisation: use an open format and open licences by default and only deviate from this when they have good reasons to do so.
  • Charging for re-use is not encouraged but can be justified in some situations: does the authority have existing powers that allow a charge? Can the cost recovery and return on investment be justified?
  • Be clear who owns the intellectual property rights (IPR) in their datasets.

The ICO also encourages FOI officers to learn a little more about copyright, the licencing framework and the new version 2.0 of the OGL. In some organisations open data is not part of the remit of the FOI officer. It’s crucial to make sure these two functions have an understanding that they need to work together. Looking longer term, the ICO’s advice is to think about open data requirements when procuring new IT systems. Public authorities shouldimplement “transparency by design.”

In preparation for the provisions coming into force on 1st September 2013 the ICO has revised the approved model publication schemes to reflect the new legislative requirements. It has also published new guidance on datasets. Ibrahim Hasan’s detailed article on datasets will also assist. How will datasets be used by the private sector? (Read about Fearsquare.)

This will be discussed in our forthcoming datasets webinar. If you prefer a more detailed face to face discussion and sharing of best practice, please attend one of our one day workshops.  If you want to give your career a boost, why not start by attaining an internationally recognised qualification in FOI?

FOI and Datasets: Draft Code of Practice

The Protection of Freedoms Act will amend the Freedom of Information Act 2000 so that in the future public authorities will have greater obligations in relation to the release and publication of datasets. The key points of Section 102 of the Act (which amend section 11 of FOI) are:

  • There will be a new duty on public authorities, when releasing datasets, to adhere to any request to do so in electronic form which allows their re-use where reasonably practicable.
  • Any dataset containing copyright material (where the authority holds the copyright) must be made available for re-use under a specified licence.
  • Publication schemes will in future contain a requirement to publish datasets, which have been requested, as well as any updated versions.
  • Such datasets will also have to be published in an electronic form capable of re use and any copyright material must be available for re use in accordance with the terms of a specified licence.
  • Public authorities will be able to charge a fee for allowing re use of any datasets containing copyright material.

These provisions are likely to come into force in April 2013.  If you want to know more read Ibrahim Hasan’s detailed article

A recently launched mobile phone application provides a useful insight into what could be possible if public authority datasets are fully exploited. (Read about Fearsquare).

New Draft Code and Licenses

The Government recently began an online consultation about a new set of guidance to accompany the new dataset provisions. This includes a new Code of Practice (datasets), which will sit alongside the existing Section 45 Code of Practice under FOI. The new draft code also outlines the licensing framework which public authorities must use when making copyright material within datasets available for re-use.

The new draft Code of Practice (datasets) aims to make it clear as to what is meant by the terms set out in the new provisions in the FOI Act. For example, what is meant by “an electronic form which is capable of re-use” or a “re-usable format” for the purposes of the Act.

The consultation is the first I have seen where the Government is using a “crowdsourcing” method. Responders can see, in real time, what other peoples’ views on the draft code are as opposed to submitting their views to an email address and then waiting for the summary of responses to be published after the consultation is over. The aim is to enable responders to have a conversation with each other as to whether a particular paragraph, sentence or word in the new code could be improved upon.

The new code contains three standard licences available to public authorities when allowing re use of copyright material contained in a dataset which is disclosed under FOI. The first two are the Open Government Licence and the Non-Commercial Government Licence. Both allow re use of the information without charge including copying, publishing, distributing and adapting the information as well as combining it with other information. The new code encourages authorities to use the Open Government License wherever possible. The Non-Commercial Government licence is slightly more restrictive because it contains a clause preventing the use of the information “in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation.” It will be interesting to see if public authorities routinely offer this licence (even though it would be against the spirit of the Act and the new code) just to prevent the private sector from profiting from the dataset.

The third type of licence is the Charged Licence. This has been published by The National Archives in beta form . It can be used by public authorities that have reason to charge for the re-use of the dataset information they hold or produce. As I have said before, this provides an opportunity for public authorities to raise some much needed revenue. However it will be interesting to see if the Secretary of State exercises his power (under new Section 11B of FOI) to make regulations prescribing “the amount of any fee payable or providing for any such amount to be determined in such manner as may be prescribed, provide for a reasonable return on investment.

The consultation ends on 10th January 2013. Public authorities need to think now what datasets they may receive requests for and what their approach to licensing their re use will be.

FOI Update webinar – This and other FOI developments and cases will be discussed in our forthcoming FOI Update web seminar: http://www.actnow.org.uk/content/93

First Magistrates’ Approval of RIPA Surveillance

Gateshead Council MAY HAVE become the first local authority in the country to successfully obtain Magistrates’ approval for covert surveillance under new laws which came into force on 1st November 2012.

Chapter 2 of Part 2 of the Protection of Freedoms Act 2012 (sections 37 and 38) changes the procedure for the authorisation of local authority surveillance under the Regulation for Investigatory Powers Act 2000 (RIPA). From 1st November, local authorities have been required to obtain the approval of a Magistrate for the use of any one of the three covert investigatory techniques available to them under RIPA namely Directed Surveillance, the deployment of a Covert Human Intelligence Source and accessing communications data.

The Home Office has now published its RIPA Magistrates’ Approval Guidance both for local authorities and the Magistrates’ Court. However until recently, no council had reported a successful application to the Magistrates. We believe, Gateshead Council is the first to do so.

Colin Howey, Senior Trading Standards Officer, explains what they did:

“Like most authorities we were a bit anxious about the new RIPA regime. Whilst we wanted to continue to use covert surveillance techniques in a necessary and proportionate manner, we were concerned about the cost and resource implications of the new Magistrates’ approval process.

Following a full day training workshop we were more confident about what was required. But the new process was still untested.

On 5th November though we obtained what may well be the country’s first judicial approval of a RIPA authorisation. Gateshead Magistrates’ Court approved our use of Directed Surveillance to investigate some serious trading standards offences.

We carefully followed the procedure as set out in the Home Office RIPA Magistrates’ Approval Guidance.  We were also careful to ensure the surveillance was necessary on the amended grounds set out in The Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) (Amendment) Order 2012, SI 2012/1500  which also came into force on 1 November 2012. This makes Directed subject to a new Serious Crime Test.

Once we obtained the internal authorisation in the usual way we contacted the Gateshead Magistrates’ Court to arrange a hearing.  They asked us to e mail through the original RIPA authorisation form as well as the completed judicial application/order form.

The hearing was attended by the investigating officer and the Council Solicitor. The court was also aware that it was the first RIPA application it had received so a District judge heard the application advised by the Clerk of the Court.  The hearing was in private. The judge considered the RIPA authorisation and the judicial application/order form.  He asked one or two relevant questions to satisfy himself that the surveillance was necessary and proportionate and then signed the judicial order form

The whole thing was relatively straightforward. It only took the judge fifteen minutes to consider and approve the application.

My tips for those who need to make a similar application are:

1. Train your staff – All investigators and authorising officers need to know about the new process.  Those who will be attending court need to be trained in completing the new judicial application/order form.

2. Designate staff who will be attending the Magistrates Court -This is done under section 223 of the Local Government Act 1972.  It is worth giving staff a letter of designation to take to the court when making the application.

3.  Contact your local Magistrates Court now to discuss how they will deal with RIPA applications. Like ours they may want documents e mailed to them beforehand. This will also save time on the day.”

Our thanks to Colin Howey and the Regulatory Services Team at Gateshead Council for this fascinating insight. The training provided to Gateshead Council was conducted by Ibrahim Hasan, of Act Now Training.

Did your council achieve a RIPA approval before Gateshead? Use the comment field to let us know.

Act Now can help you prepare for the new RIPA process. We have an update  course in December in London. If you would like advice on what needs to be done or customised in house training, please get in touch.

Finally all RIPA authorities need to revise their guidance and policy documents. See our RIPA Policy and Procedures Toolkit.

RIPA Policy and Procedure Toolkit (November 2012)

Major changes to the local authority surveillance regime (under RIPA) come into force this today.

  • Local authorities will need to obtain Magistrates’ approval for all surveillance done under RIPA.
  • Directed Surveillance will be subject to a new serious crime test

For detailed discussion on the changes please see our blog:

https://actnowtraining.wordpress.com/2012/10/17/1st-november-d-day-for-council-surveillance/

Now is the time to revise your RIPA polices and procedures and make your staff aware of the new rules. Ibrahim Hasan, one of the UK’s leading writers and trainers on public sector surveillance, has developed a RIPA procedures and guidance toolkit to assist you. Why reinvent the wheel?

The toolkit includes an updated version of our previous RIPA Forms Guidance document, which was bought by over one hundred different organisations. In addition there are detailed guidance notes on deciding when surveillance is caught by RIPA, how to authorise it and what to do about surveillance which is not regulated by RIPA. The toolkit is written in straight forward language (avoiding legal jargon) and includes flowcharts to assist understanding. For more information click on the link below:

http://www.actnow.org.uk/content/116

There is a 20% discount for those who bought the previous RIPA Forms Guidance (now updated and included in this toolkit.)

1st November: D-Day for Council Surveillance

1st of November 2012 will see big changes in the way local authorities carry out surveillance under Regulation fo Investigatory Powers Act 2000 (RIPA):

1. Magistrates’ Approval for all Surveillance

Sections 37 and 38 of the Protection of Freedoms Act 2012 amends RIPA so as to require local authorities to obtain the approval of a Magistrate for the use of any one of the three covert investigatory techniques available to them under RIPA; namely Directed Surveillance, the deployment of a Covert Human Intelligence Source (CHIS) and accessing communications data. Click on the links below for more

Details of the new legal provisions

How to apply for Magistrates’ approval

RIPA Policy and Procedures Toolkit

2. New Serious Crime Test for Directed Surveillance

From 1st November 2012, local authority Authorising Officers may not authorise Directed Surveillance unless it is for the purpose of preventing or detecting a criminal offence which punishable by a maximum term of at least 6 months of imprisonment (subject to exceptions).

Details of the new test

Will councils still be able to do surveillance for “minor offences”?

Read my view here

How Act Now Can Help

1. New procedures and guidance will have to be issued – see our RIPA Policy and Procedures Toolkit

2. Officers will need to be made aware of the new procedures. See our training courses. If you would like customised in house training, please get in touch.

New RIPA Procedure Guidance: Magistrates’ Approval

Chapter 2 of Part 2 of the Protection of Freedoms Act 2012 (sections 37 and 38) comes into force on 1st November 2012. This changes the procedure for the authorisation of local authority surveillance under the Regulation for Investigatory Powers Act 2000 (RIPA).

From 1st November local authorities will be required to obtain the approval of a Justice of the Peace (JP) for the use of any one of the three covert investigatory techniques available to them under RIPA namely Directed Surveillance, the deployment of a Covert Human Intelligence Source (CHIS) and accessing communications data.

An approval is also required if an authorisation to use such techniques is being renewed. In each case, the role of the JP is to ensure that the correct procedures have been followed and the relevant factors have been taken account of. There is no requirement for the JP to consider either cancellations or internal reviews.For a full explanation of the 2012 Act and the new section 37 and 38 of RIPA read my article.

Home Office Guidance

The Home Office has now published its RIPA Magistrates’ Approval Guidance both for local authorities and the Magistrates’ Court. This guidance is non-statutory but provides advice on how local authorities can best approach these changes in law and the new arrangements that need to be put in place to implement them effectively.  It is supplementary to the legislation and to the two statutory Codes of Practice.

The New Magistrates’ Approval Process

  1. The first stage will be to apply for an internal authorisation in the usual way. Once it has been granted, the local authority will need to contact the local Magistrates Court to arrange a hearing.
  2. The hearing is a ‘legal proceeding’ and therefore local authority officers need to be formally designated to appear, be sworn in and present evidence or provide information as required by the JP. It is envisaged that the investigating officer will be best suited to fulfill this role. The local authority may consider it appropriate for the SPoC (Single Point of Contact) to attend for applications involving communications data.
  3. The local authority will provide the JP with a copy of the original RIPA authorisation or notice.  This forms the basis of the application to the JP and should contain all information that is relied upon. In addition, the local authority will provide the JP with two copies of a partially completed judicial application/order form (which is included in the Home Office Guidance).
  4. The hearing will be in private and heard by a single JP who will read and consider the RIPA authorisation or notice and the judicial application/order form.  He/she may have questions to clarify points or require additional reassurance on particular matters.  The forms and supporting papers must by themselves make the case.  It is not sufficient for the local authority to provide oral evidence where this is not reflected or supported in the papers provided.
  5.  The JP will consider whether he or she is satisfied that at the time the authorisation was granted or renewed or the notice was given or renewed, there were reasonable grounds for believing that the authorisation or notice was necessary and proportionate.  He/She will also consider whether there continues to be reasonable grounds.  In addition they must be satisfied that the person who granted the authorisation or gave the notice was an appropriate designated person within the local authority and the authorisation was made in accordance with any applicable legal restrictions, for example that the crime threshold for directed surveillance has been met (see below).
  6.  The order section of the above mentioned form will be completed by the JP and will be the official record of the his/her decision.  The local authority will need to retain a copy of the form after it has been signed by the JP.

The JP may decide to –

  • Approve the grant or renewal of an authorisation or notice

The grant or renewal of the RIPA authorisation or notice will then take effect and the local authority may proceed to use the technique in that particular case. The local authority will need to provide a copy of the order to the communications service provider (CSP), via the SPoC (Single Point of Contact), for all CD requests.

  • Refuse to approve the grant or renewal of an authorisation or notice

The RIPA authorisation or notice will not take effect and the local authority may not use the technique in that case.  Where an application has been refused the local authority may wish to consider the reasons for that refusal.  For example, a technical error in the form may be remedied without the local authority going through the internal authorisation process again.  The local authority may then wish to reapply for judicial approval once those steps have been taken.

  • Refuse to approve the grant or renewal and quash the authorisation or notice

This applies where a Magistrates’ court refuses to approve the grant, giving or renewal of an authorisation or notice and decides to quash the original authorisation or notice.The court must not exercise its power to quash that authorisation or notice unless the applicant has had at least two business days from the date of the refusal in which to make representations.

Appeals

A local authority may only appeal a JP’s decision on a point of law bymaking an application for judicial review in the High Court. The Investigatory Powers Tribunal (IPT) will continue to investigate complaints by individuals about the use of RIPA techniques by public bodies, including local authorities.  If, following a complaint to them, the IPT finds fault with a RIPA authorisation or notice it has the power to quash the JP’s order which approved the grant or renewal of the authorisation or notice. It can also award damages if it believes that an individual’s human rights have been violated by the public authority doing the surveillance.

Plan Now

Local authorities should Act Now to ensure they are ready for the new procedure. They should:

  1. Train staff – All investigators and authorising officers need to know about the new process. Those who will be attending court need to be trained in completing the new judicial application/order form.
  2. Designate staff who will be attending the Magistrates Court – The usual procedure would be for local authority Standing Orders to designate certain officers( including SPoCs) for the purpose of presenting RIPA cases to JPs under section 223 of the Local Government Act 1972.  A pool of suitable officers could be designated before 1st November and adjusted as appropriate throughout the year.
  3. Amend the RIPA Policy and Procedures to reflect the new process.

New Serious Crime Test The Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) (Amendment) Order 2012, SI 2012/1500  (“the 2012 Order”), was made on 11 June 2012 and will also come into force on 1 November 2012. Directed Surveillance will be made subject to a new Serious Crime Test. The days of councils authorising surveillance for dog fouling and littering will soon be over. More information here

Act Now can help you prepare for the new RIPA process. We have a new RIPA Policy and Procedures Toolkit as well as courses throughout the UK.

 If you would like advice on what needs to be done or customised in house training, please get in touch.

%d bloggers like this: