RIPA Surveillance Oversight and Inspection Regime Changes

canstockphoto19424111

By Steve Morris

On 1st September 2017 Lord Justice Fulford commenced his new role as the Investigatory Powers Commissioner. Assisted by the Investigatory Powers Commissioner’s Office (IPCO), he will undertake the oversight functions of three previous Commissioners under the Regulation of Investigatory Powers Act 2000 namely the Chief Surveillance Commissioner, Interception of Communications Commissioner and the Intelligence Services Commissioner.

This marks a major milestone in establishing a new oversight regime set out in the Investigatory Powers Act, which was given Royal Assent in 2016. The Act, amongst other things, provides new powers for the police to access communications data e.g. telephone records, internet usage information etc. More on the Act in further blog posts.

Not only does the new commissioner take over the inspection and oversight functions carried out by the previous commissioners, he takes on responsibility for the pre-approval of certain police activities authorised under the Police Act 1997.

The Investigatory Powers Commissioner’s Office will consist of around 70 staff. This will be made up of:

  • Around 15 Judicial Commissioners, current and recently retired High Court, Court of Appeal and Supreme Court Judges;
  • A Technical Advisory Panel, of scientific experts; and
  • Almost 50 official staff, including inspectors, lawyers and communications experts.

Over the next 12 months Judicial Commissioners will start to take on their prior approval functions relating to the Investigatory Powers Act 2016, including interception, equipment interference, bulk personal datasets, bulk acquisition of communications data, national security notices, technical capability notices and communications data retention notices. The Judicial Commissioners will be supported in this work by the Technology Advisory Panel.

What impact will this new commissioner have on local authority inspections under Part 2 of RIPA carried out previously by the Office of the Surveillance Commissioners (OSC)? I suspect not a lot. The same issues will be considered as previously. The final OSC annual report once again highlights the recurring issue of investigations using social networks e.g. Facebook.

If you have an inspection coming up read our guide here.

Steve Morris is a former police officer who delivers our RIPA Courses as well as a course on Internet Investigations.

Now is the time to consider refresher training for RIPA investigators and authorisers. Please see our full program of RIPA Courses which have been revised to take account of all the latest developments. We can also deliver these courses at your premises, tailored to the audience. Finally, if you want to avoid re inventing the wheel, our RIPA Policy and Procedures Toolkit gives you a standard policy as well as forms (with detailed notes to assist completion) for authorising RIPA and non-RIPA surveillance. Over 200 different organisations have bought this document (available on CD as well).

Posted in CCTV, OSC, RIPA, Surveillance | 1 Comment

Seasons greetings to all

canstockphoto40392156

Act Now Training would like to wish all of its colleagues a wonderful festive period and a very happy new year.

Posted in Uncategorized | Leave a comment

GDPR: What’s Happening?

bike2

If you want to avoid watching Grandad murdering “Mistletoe and Wine” over the festive season, you could escape to a lesser evil; catching up on your GDPR reading! You may have missed some of the recent GDPR publications.

The Article 29 Working Party (A29WP) started handing out its Christmas presents early. Its Guidelines on Personal Data Breach Notification  was published for consultation a few weeks ago. Once finalised this document will offer valuable assistance to Data Controllers when deciding when to report a data breach to the Information Commissioner’s Office and to Data Subjects under Articles 33 and 34 of GDPR. (See also our previous blog post on this subject.)

23rd January 2018 is the deadline for commenting on the A29WP’s Guidelines on Consent  and Transparency.

There is a lot of misinformation and confusion out there about consent. As the Information Commissioner has pointed out in her myth busting blog post, consent is only one way to justifying processing of personal data under Article 6 (and 9) of GDPR. What is consent? When is it explicit? When is it freely given? These are just some of the questions addressed in the draft guidelines.\

Transparency is a key requirement of the First Data Protection Principle in Article 5 of GDPR. It is also the theme of the Data Subject’s rights in Article 13 and 14; the right to information.Amongst other things, the draft guidelines on this topic address the important issue of privacy notices, their content and timing.

The Data Protection Bill is currently being scrutinised by the House of Lords in the Committee Stage. One important amendment has been agreed which will be good news for public authorities (defined by clause 6 of the Bill as those subject to Freedom of Information laws). “Legitimate interests” is one of the conditions for processing personal data under Article 6. However GDPR states that it is not available to “public authorities in the performance of their tasks.” This caused concern amongst some public authorities who felt that some of their personal data processing, especially when involved in commercial activities, did not always fit the other conditions in Article 6. In particular it was not “a task carried out in the public interest or in the exercise of official authority” as per Article 6(1)(e).

The amendment to the Bill resolves this issue by saying that a Data Controller will only be a public authority “when performing a task carried out in the public interest or in the exercise of official authority” vested in it. Therefore where a Public Authority Data Controller is processing personal data for other reasons it will still be able to rely upon legitimate interests. We will be covering this in our Data Protection Bill webinar in January 2018.

And Finally…

  • We have finalised our 2018 course programme.
  • Our GDPR Practitioner Certificate is proving very popular with those who need to get up to speed with GDPR as well as budding Data Protection Officers. Read about the last set of results 2 out of the first 3 courses in 2018 are fully booked.
  • If you require tailored GDPR training delivered at your premises, please get in touch.
  • We have sold over 350 copies of our GDPR handbook. We are donating £1 from each sale to the DEC Rohingya Crisis Appeal.

image credits: https://londonist.com/category/things-to-do/christmas-in-london

Posted in A29WP, DP Bill, GDPR, Privacy, Uncategorized | Leave a comment

Act Now Launches GDPR Handbook

We all know that the General Data Protection Regulation (GDPR) cannot be read in isolation.

In September, the DCMS published the Data Protection Bill. Amongst other things, it sets out how the UK Government intends to exercise its GDPR “derogations”; where Members states are allowed to make their own rules.

There are also a number of guidance documents from the Information Commissioner’s Office as well as the Article 29 Working Party on different aspects of GDPR. Wouldn’t it be useful to have one version of the GDPR containing clear signposts to the relevant provisions of the Bill and official guidance under each Article/Recital?

Act Now is pleased to announce the launch of its GDPR Handbook. This is a B5 size colour document. It is designed for data protection practitioners who want a single printed resource on the GDPR. It contains the full text of the GDPR together with:

  • Corresponding GDPR Recitals under each Article
  • Notes on the relevant provisions of Data Protection Bill
  • Links to official guidance and useful blog posts
  • Relevant extracts of the Data Protection Bill (in the Appendices).

A lot of the useful explanation of the provisions (Articles) is contained in the Recitals, which are at the front of the official text of the GDPR. Consequently, the reader has to constantly flick back and forth between the two. By placing the corresponding Recitals under each Article, the Act Now GDPR Handbook allows a more natural readying of the GDPR.

The Act Now GDPR Handbook is currently on sale at the special introductory price of £29.99. There is a 33% discount for the public sector and charities.

This will be a very useful document for those acting as Data Protection Officer under GDPR as well as data protection lawyers and advisers.

CHARITY DONATION

In recent weeks, half a million people, mostly Rohingya women and children, have fled violence in Myanmar’s (Burma) Rakhine state. They are seeking refuge in Bangladesh, where they urgently need food, water, shelter and medical care.

For each copy of the GDPR handbook you order, Act Now Training will donate £1 to the Disasters Emergency Committee’s Emergency Appeal.

By popular demand, we have added an extra course in Manchester for our GDPR Practitioner Certificate. Our first workshop on the Data Protection Bill course is fully booked. We have places left in London and Manchester.

Posted in Article 50, Brexit, Data Protection, DP Bill, EU DP Regulation, GDPR, International, Local Authorities | 3 Comments

Scottish Information Commissioner’s Annual Report 2016/17

edinburgh-castle_thumb.jpg

Last month, Margaret Keyse, the Acting Scottish Information Commissioner, published her annual report for 2016/17.  Amongst other laws, Ms Keyse enforces the Freedom of Information (Scotland) Act 2002 (FOISA).

The report reveals that during 2016/17:

  • Public awareness of FOISA remained at its highest ever level, at 85%.
  • The Office of the Scottish Information Commissioner (OSIC) met or exceeded most of its investigation performance targets (10 out of 12).
  • It issued its first ever Enforcement Notices.
  • It carried out 15 level 4 interventions with authorities to address practice concerns.
  • It launched an online appeal service, making it possible for requestors to make appeals online, and receive real-time help and advice, at any time of day.
  • It responded to its 20,000th enquiry since 2005.

Act Now has a full programme of FOISA workshops in Scotland. If you are new to FOI in Scotland or want to boost your career through gaining a qualification, our FOISA Practitioner Certificate is ideal. The four day course is endorsed by the Centre for FOI ,based at Dundee University.

The next course starts in Edinburgh in February 2018. If you’re considering enrolling on the course, what can you expect? Read a successful candidate’s observations.

Posted in FOISA, Freedom of Information, Scotland, Scottish Information Commissioner | Leave a comment

GDPR Practitioner Certificate: New Course For Manchester

Manchester_cityscape_photo

By popular demand Act Now Training has added an extra course in Manchester for its GDPR Practitioner Certificate.

Autumn 2017 has seen a massive upsurge in bookings for this course leading to every course being fully booked until the end of January 2018. This new Manchester course, starting on 14th November 2017, will give DP practitioners and advisers a chance to complete their training before the end of the year.

Candidate results and feedback so far has been excellent. Our first set of results came out back in May. Since then we have run many courses. Our latest results saw 10 delegates pass of whom 6 achieved a distinction.

The GDPR Practitioner Certificate is aimed at those undertaking the role of Data Protection Officer under GDPR whether in the public or the private sector.

This course will teach delegates essential GDPR skills and knowledge. The course takes place over four days (one day per week) and involves lectures, assessments and exercises. This is followed by a written assessment. Candidates are then required to complete a practical project (in their own time) to achieve the certificate. Our course now takes account of the provisions of the Data Protection Bill, which was published a few weeks ago.

As the GDPR implementation date gets closer, more organisations are recruiting Data Protection staff. Now is the time to ensure that you are fully up to date with the new law.

 

More information about our GDPR Practitioner Certificate course as well as other GDPR offerings are on our website. If you would like to have this course delivered at your premised, please get in touch.

 

Image credits: www.paulgroganphotography.com

Posted in DP Bill, EU DP Regulation, GDPR | Leave a comment

GDPR Practitioner Certificate: Another Set of Great Results

accomplishment, certificate, degree, successful, diploma, graduates, achievement, celebration

Act Now Training would like to congratulate the 10 delegates who have successfully completed our intensive one-week course leading to the GDPR Practitioner Certificate.

The course was delivered by Tim Turner in London in August 2017. All 10 delegates passed with 6 achieving a distinction.  This is an even better than our first set of results back in May.

The GDPR Practitioner Certificate is aimed at those undertaking the role of Data Protection Officer under GDPR whether in the public or the private sector.

This course will teach delegates essential GDPR skills and knowledge. The course takes place over four days (one day per week) and involves lectures, assessments and exercises. This is followed by a written assessment. Candidates are then required to complete a practical project (in their own time) to achieve the certificate.

The August course delegates represented a diverse range of organisations including councils, universities and government departments from the UK as well as the Isle of Man and the USA(see comment below and at the end of this post). They all enjoyed the course and gave us some very positive feedback about the course and the trainer:

“Thank you very much and this is great news. Close to distinction I was and I am pleased for being the only American in the class. I have a solid foundation on GDPR and look forward to future trainings that will lead to a role as a DPO” Domenic DiLullo, USA

“The course content was comprehensive and the course material have real continuing value back in day-to-day work. The trainer’s expertise and experience was obvious but he also created a really fun, discursive environment to learn in.”  KG, University of London

“I feel well equipped to provide relevant advice and guidance on the GDPR as a result of taking this course. It was well presented with good quality, practical course material and access to a resource lab for articles, webinars and exam practice, all of which proved invaluable.” JD, East Sussex County Council

“Undertaking the Act Now GDPR practitioner course has reinforced my understanding of Data Protection and Privacy.  The training provided by Tim has given me new strategies relating to implementing GDPR and privacy measures, achievable with much more confidence. I can now help my organisation understand, categorise and evidence risks associated with privacy and GDPR in more practical and robust way.” RS, Boston Council

“The course was excellent and well presented. I found Tim approachable and entertaining and he helped to make what could be a dry subject come to life. Pre attendance the admin was excellent and everything went ahead without any glitch at all. Act Now have responded to me really quickly and efficiently every time.” SH, Swansea University

Demand for these courses has been phenomenal as have the testimonials. Due to this demand we have now added some further dates! Book early to avoid disappointment. Course starting on 21st November in Manchester!

Posted in Certificated course, Data Protection, DP Bill, EU DP Regulation, GDPR | 3 Comments