7. Keeping of records
Centrally retrievable record of authorisations
7.1. A centrally retrievable record of all authorisations should be held by each public authority. These records need only contain the name, code name, or unique identifying reference of the CHIS, the date the authorisation was granted, renewed or cancelled and an indication as to whether the activities were self-authorised. These records should be updated whenever an authorisation is granted, renewed or cancelled and should be made available to the IPC or Inspector upon request. These records should be used when calculating the period of deployment for the purposes of the 2014 Order. These records should be retained for a period of at least three years from the ending of the authorisations to which they relate.
7.2. While retaining such records for the time stipulated, public authorities must take into consideration the duty of care to the CHIS, the likelihood of future criminal or civil proceedings relating to information supplied by the CHIS or activities undertaken, and specific rules relating to data retention, review and deletion under data protection law and, where applicable, any relevant codes of practice produced by individual authorities in the handling and storage of material.
7.3. Records must be retained to allow the Investigatory Powers Tribunal ( IPT), established under Part IV of RIPA, to carry out its functions. The IPT will consider complaints made up to one year after the conduct to which the complaint relates and, where it is equitable to do so, may consider complaints made more than one year after the conduct to which the complaint relates (see section 67(5) of RIPA), particularly where continuing conduct is alleged. It is thus desirable, if possible, to retain records for up to five years.
Individual records of authorisation and use of CHIS
7.4. Detailed records must be kept of the authorisation and use made of a CHIS. Section 7(6) of RIP(S)A provides that an authorising officer must not grant an authorisation for the use or conduct of a CHIS unless he believes that there are arrangements in place for ensuring that there is at all times a person with the responsibility for maintaining a record of the use made of the CHIS. The Regulation of Investigatory Powers (Source Records) (Scotland) Regulations 2002; SSI No: 205 details the particulars that must be included in these records.
7.5. Public authorities are encouraged to maintain auditable records for individuals providing intelligence who do not meet the definition of a CHIS. This will assist authorities to monitor the status of an individual and identify whether that person should be duly authorised as a CHIS. This should be updated regularly to explain why authorisation is not considered necessary. Such decisions should rest with those designated as authorising officers within the public authorities.
7.6. In addition, records or copies of the following, as appropriate, should be kept by the relevant authority for at least three years:
- a copy of the authorisation together with any supplementary documentation and notification of the approval given by the authorising officer;
- a copy of any renewal of an authorisation, together with the supporting documentation submitted when the renewal was requested;
- the reason why the person renewing an authorisation considered it necessary to do so;
- any authorisation which was granted or renewed orally (in an urgent case) and the reason why the case was considered urgent;
- any risk assessment made in relation to the CHIS;
- the circumstances in which tasks were given to the CHIS;
- the value of the CHIS to the investigating authority;
- a record of the results of any reviews of the authorisation;
- the reasons, if any, for not renewing an authorisation;
- the reasons for cancelling an authorisation;
- the date and time when any instruction was given by the authorising officer that the conduct or use of a CHIS must cease; and
- a copy of the decision by a Judicial Commissioner on the renewal of an authorisation beyond 12 months.
7.7. The records kept by public authorities should be maintained in such a way as to preserve the confidentiality, or prevent disclosure, of the identity of the CHIS and the information provided by that CHIS.
There is a problem
Thanks for your feedback