NOT PROTECTIVELY MARKED

Communications Data
Standard Operating Procedure

Notice:
This document has been made available through
the Police Service of Scotland Freedom of
Information Publication Scheme. It should not be
utilised as guidance or instruction by any Police
officer or employee as it may have been redacted
due to legal exemptions

Owning Department:

Specialist Crime Division

Version Number:

3.00 (Publication Scheme)

Date Published:

08/01/2015

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

 NOT PROTECTIVELY MARKED

Compliance Record
Equality Impact Assessment: Date Completed / Reviewed:

20/04/15

Information Management Compliant:

Yes

Health and Safety Compliant:

Yes

Publication Scheme Compliant:

Yes

Version Control Table
Version
Number:
V1.00

V2.00

V3.00

History of Amendments:

Date:

Initial authorised version
Amended to reflect changes to current working
practices, advances in technology,
recommendations made during Interception of
Communications Commissioners Office (IOCCO)
annual inspection of Police Scotland in June 2014
and incorporating key points from the revised
Home Office ‘Acquisition and Disclosure of
Communications Data’ Codes of Practice (March
2015)
Change made to Prioritisation Grading’s to reflect
National Code of Practice

06/08/2013

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

16/11/2015

08/01/2016

2

 NOT PROTECTIVELY MARKED

Contents
1.

Purpose

2.

Legal Basis

3.

Definition of Communications Data

4.

Authorisations and Notices

5.

Acquiring Communications Data

6.

National Prioritisation Grading’s

7.

Roles and Responsibilities

8.

Application / Authorisation Process

9.

Life At Immediate Risk Situations

10. Dropped / Silent / 999 or 112 Calls
11. Service Providers – Cost Recovery
12. Information Available From Mobile Phones
13. Radio Frequency Propagation Survey (RFPS)
14. Engagement with Private Companies
15. Communications Data As Evidence
16. Malicious and Nuisance Communications
17. Role of the Interception of Communications Commissioner’s Office (IOCCO)

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

3

 NOT PROTECTIVELY MARKED

Appendices
Appendix ‘A’

List of Associated Legislation

Appendix ‘B’

List of Associated Reference Documents

Appendix ‘C’

List of Associated Forms

Appendix ‘D’

Glossary of Terms

Appendix ‘E’

CIU Contact Details

Appendix ‘F’

CycComms Link

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

4

 NOT PROTECTIVELY MARKED

1.

Purpose

1.1 This Standard Operating Procedure (SOP) establishes procedures that ensures
the Police Service of Scotland (hereinafter ‘Police Scotland’) manages its
acquisition and use of communications data (CD) in accordance with legislation,
and the Home Office ‘Acquisition and Disclosure of Communications Data’
Codes of Practice.
1.2. This SOP also aims to give police officers and police staff guidance on how to
apply for and/or use CD as part of their operational duties whilst also providing
direction to senior officers (Designated Person) who may be required to
authorise the obtaining and/or use of CD.
1.3 The role of the Communications Data Single Point of Contact (SPoC) is a
challenging role balancing the needs of investigators and safety of the public
combined with expertise and knowledge of Communication Service Providers
(CSPs) to assist with the analysis and interpretation of CD. SPoCs have the
responsibility of adhering to the Regulation of Investigatory Powers Act 2000
(RIPA) and the European Convention on Human Rights (ECHR) on behalf of
the Police Service of Scotland, hereinafter referred to as Police Scotland.
1.4 Most applications are straightforward but the SPoC is there to help applicants,
to advise on the best way to proceed, and provide guidance on how CD should
be used. When you are faced with something out of the ordinary they should be
able to offer advice and assistance.

2.

Legal Basis

2.1 The procedures described in this SOP are founded on the provisions of the
Regulation of Investigatory Powers Act 2000, (RIPA) Part 1, Chapter 2 (the Act)
which provides a legal basis for the lawful access to CD by public authorities
including police forces.
2.2 The main purpose of the Act is to ensure that the relevant investigatory powers
are used in accordance with ECHR.
2.3 The Act requires that human rights principles are followed. Officers must ask
themselves the following questions before utilising any of the powers under this
Act:


Is the proposed action lawful?



Is the proposed action necessary (for a legitimate aim)?



Is the proposed action proportionate to the crime or incident being
investigated (not a sledgehammer to crack a nut)?



Is the proposed action non-discriminatory?

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

5

 NOT PROTECTIVELY MARKED
2.4

In 2014, the Data Retention and Investigatory Powers Act 2014 (DRIPA) was
introduced. This was in response to the European Court of Justice (ECJ)
judgment of 8th April 2014 which declared a previous Data Retention Directive
(2006/24/EC) invalid. DRIPA makes clear that anyone providing a
communications service to customers in the UK, regardless of where that
service is provided from, should comply with lawful requests made under the
Act and requires relevant companies to retain certain types of CD for up to 12
months, so this may later be acquired by law enforcement and used in
evidence.

2.5

Human Rights

2.5.1 The access to CD in accordance with the relevant legislation ensures
compliance with the Human Rights Act 1998 and the principles of ECHR. The
legislation provides a basis for accessing CD in relation to a wide variety of
crimes and offences within the general confines of proportionality and
necessity.
2.5.2 It is vital that the management of all access and subsequent use of CD is
subject to the highest possible standards of professional integrity so that due
cognisance is taken of, and protection afforded to, individual human rights.
2.5.3 Moreover, in so doing the entire process is safeguarded and can withstand
independent scrutiny and examination including an extensive annual audit
conducted by the Interception of Communications Commissioners Office
(IOCCO).
2.5.4 Police Scotland is a designated public authority and as such is required to act
in a way and apply legislation so that it is consistent with ECHR. One of the
underlying principles of the Convention is that a public authority can only
infringe certain rights, such as the right to privacy (Article 8), or freedom of
expression (Article 10) if there is a legal framework that allows it to do so.
2.5.5 Article 8 - Right to Respect for Private & Family Life, states the following:


Everyone has the right to respect for his private and family life, his home
and his correspondence.



There shall be no interference by a public authority except as in
accordance with the law and is necessary in a democratic society in the
interests of national security, public safety or the economic well-being of
the country, for the prevention of disorder or crime, for the protection of
health or morals, or for the protection of the rights and freedoms of others.

2.5.6 Article 10 - Everyone has the right to freedom of expression, states the
following:


This right shall include freedom to hold opinions and to receive and impart
information and ideas without interference by public authority and
regardless of frontiers.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

6

 NOT PROTECTIVELY MARKED
2.6

Code of Practice (CoP)

2.6.1 The Acquisition and Disclosure of Communications Data Code of Practice
(CoP) was issued by the Home Office and approved by Parliament on 1
October 2007 and subsequently amended on 25 March 2015. The CoP
provides guidance to public authorities on the correct procedures for
accessing CD under the provision of the Act. The CoP is deemed admissible
in evidence in both criminal and civil proceedings.

3.

Definition of Communications Data

3.1

Part 1, Chapter 2 Regulation of Investigatory Powers Act 2000 (RIPA) (the
Act) defines communication data into three separate types. These being:
1. Information held by the CSP on a Person (section 21(4)(c)) – this includes
subscriber details, method of payment details, billing address, other records.
Authorisation rank for data under S21(4)(c) – Inspector or above
2. Use Made of a Communication Service (section 21(4)(b)) - itemised billing of
calls, web sites visited and other similar records.
Authorisation rank for data under S21(4)(b)– Superintendent or above
3. Traffic Data (section 21(4)(a)) – data comprised in or attached to a
communication for the purpose of the postal or communication service –
incoming call data, cell site / location information, call line identity, and other
records.
Authorisation rank for data under S21(4)(a)– Superintendent or above

3.2

The Act provides two different ways of authorising access to CD, referred to
as ‘Authorisation’ and ‘Notice’.

4.

Authorisations and Notices

4.1

Authorisation

4.1.1 This provides for persons (the SPoC) within a public authority to engage in
specific conduct relating to a postal service or Communications Service
Provider (CSP) system, to obtain CD. An authorisation may be appropriate
where:


there is an agreement in place between a public authority and a CSP
relating to appropriate mechanisms for disclosure of CD, or



a Designated Person (DP) considers there is a requirement to identify a
person to whom a service is provided but a CSP has yet to be conclusively
determined as the holder of the CD; or



a CSP is not capable of obtaining or disclosing the CD.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

7

 NOT PROTECTIVELY MARKED
4.2 Notice
4.2.1 This is given to a postal or CSP and requires that service provider to collect or
retrieve the data and provide it to the public authority which served the notice.
4.2.2Authorisations and Notices will only be valid for one month and can be renewed
for a further period if required.
4.2.3The authorisation or notice should be cancelled as soon as it is no longer
necessary or the conduct is no longer proportionate to what is sought to be
achieved.
4.2.4The Communications Investigation Unit (CIU) will manage the authorisation /
notice process on behalf of Police Scotland and provide the necessary guidance
to the DP in this regard.

5.

Acquiring Communications Data (CD)

5.1 The obtaining and use of CD is now an essential investigative tool which can be
utilised, in accordance with certain conditions, for the investigation of all levels
of crime, disorder and public safety.
5.2 CD can take many forms from basic subscriber information required to confirm
the owner of a telephone, telephone call data, postal information, through to
complex internet enquiries where Internet Protocol (IP) addresses are required
along with log in history and other technical data.
5.3 CD includes:


Information relating to the use of a postal service or a CD system but does
not include the content of the communication itself, content of e-mails or
interactions with websites;



Data in relation to a postal item means anything written on the outside of the
item.

5.4 In other words the term ‘communications data’ embraces the ‘who’, ‘when’ and
‘where’ of a communication but not what was said or written (the content).
5.5 It includes the manner in which, and by what method, a person or machine
communicates with another person or machine. It excludes what they say or
what data they pass on within a communication (with the exception of traffic
data to establish another communication such as that created from the use of
calling cards, redirection services, or in the commission of ‘dial through’ fraud
and other crimes where data is passed on to activate communications
equipment in order to fraudulently obtain communications services).

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

8

 NOT PROTECTIVELY MARKED
5.6 Postal services are described as any service which consists of the collection,
sorting, conveyance, distribution and delivery of postal items and is offered or
provided as a service the main purpose of which, or one of the main purposes of
which, is to transmit postal items from place to place (see section 2(1) of the
Act).
5.7 Communication services are described as any service which consists of the
provision of access to, and for making use of, any communications system
(whether or not one provided by the person providing the service) the purpose
of which is to transmit communications using electrical or electro-magnetic
energy. (See section 2(1) of the Act).
5.8 CD may only be sought if a DP believes it is necessary for one or more of the
following statutory purposes:


In the interests of national security (S22(2)a);



For the purpose of preventing or detecting crime or of preventing disorder
(S22(2)b);



In the interests of the economic well-being of the United Kingdom (S22(2)c);



In the interests of public safety (S22(2)d);



For the purpose of protecting public health (S22(2)e);



For the purpose of assessing or collecting any tax, duty, levy or other
imposition, contribution or charge payable to a government department
(S22(2)f);



For the purpose, in an emergency, of preventing death or injury or any
damage to a person’s physical or mental health, or of mitigating any injury or
damage to a person’s physical or mental health (S22(2)g);



To assist investigations into alleged miscarriages of justice (Article 2(a));



For the purpose of assisting in identifying any person who has died
otherwise than as a result of crime or who is unable to identify himself
because of a physical or mental condition, other than one resulting from
crime (Article 2(b)(i));



For the purpose of obtaining information about the next of kin or other
connected persons of such a person or about the reason for his death or
condition (Article 2(b)(ii)).

5.9 Not all statutory purposes can legally be used by law enforcement agencies and
the Communications Investigation Unit (CIU) will be able to provide the proper
advice on the most suitable statutory purpose for an investigation. Where the
enquiry does not relate to a listed statutory purpose CD will be unable to be
obtained.
5.10 Detecting crime includes establishing by whom, for what purpose, by what
means and generally in what circumstances any crime was committed. For the
gathering of evidence for use in any legal proceedings and the apprehension of
the person (or persons) by whom any crime was committed, see section 81(5)
of the Act.
Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

9

 NOT PROTECTIVELY MARKED
5.11 Given the ever changing and rapidly developing world of communications
devices and the internet access capability of many devices, the data which can
be retrieved by law enforcement agencies changes almost weekly. In order to
achieve the best outcome for each communications enquiry, advice and
guidance should be sought from one of the three CIU offices (East, North or
West) for each and every investigation.

6.

National Prioritisation Grading’s

6.1 Due to the volume of enquiries received by the CSPs, a national prioritisation
grading scale has been devised. This is applied by the SPoC to all requests for
CD. This ensures that the CSPs can prioritise each enquiry and respond within
the appropriate time period.
6.2 The grades can be broadly categorised as follows:


Grade 1 – An immediate threat to life;



Grade 2 – An exceptionally urgent operational requirement for the
prevention or detection of serious crime or a credible and immediate threat
to national security;



Grade 3 – matters that are routine but, where appropriate, will include
specific or time critical issues such as bail dates, court dates, or where
persons are in custody or where a specific line of investigation into a serious
crime and early disclosure by the CSP will directly assist in the prevention or
detection of that crime.

The emphasis within Grade 1 and 2 is that the urgent provision of the
communications data will have an immediate and positive impact on the
investigation or operation.
Note: Serious Crime – where a person over 21 years old would expect 3 years
in prison even if a first offence.
6.3 The SPoC will determine the grading to be applied to each application in
consultation the DP. A 24/7 provision exists for Grade 1 or 2 urgent oral
applications as per the National Priority Grading and your local CIU office who
should be consulted timeously to discuss this. The CIU West will provide cover
nationally out with the normal working hours of the CIU East and CIU North
offices (See Appendix ‘E’).

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

10

 NOT PROTECTIVELY MARKED

7.

Roles / Responsibilities

7.1

Applicant

7.1.1 The applicant is a person involved in conducting an investigation or operation
for a relevant public authority who makes an application in writing or
electronically for the acquisition of CD.
7.1.2 A Police Scotland applicant will complete an application form, via the
CycComms electronic workflow system, setting out for consideration by the
Designated Person, the necessity and proportionality of a specific requirement
for acquiring CD.
7.1.3 Applications may be made orally in exceptional urgent circumstances but a
record of that application must be made by the SPoC demonstrating the
consideration given to the circumstances and the decisions taken to include
times and DP considerations.
7.1.4 On no account should an applicant make direct contact with the CSPs.
Contact with CSPs can only be carried out by an accredited SPoC.
7.1.5 Consideration should be given by the applicant to carrying out ‘open source’
checks on telephone numbers etc. prior to applying for subscriber information
as the data required may already be available to the general public via the
internet, telephone directories, police systems etc.
7.2

Digital Media Investigator (DMI)

7.2.1 The Digital Media Investigator (DMI) is a role created to assist major
investigation or serious organised crime teams collate and coordinate on all
matters related to CD and other technology media such as CCTV and ANPR.
They will also support local investigation teams on volume crime, missing
person enquiries etc.
7.2.2 The DMI will obtain contributions from SPoCs, Digital Forensics, Open Source
and other technology teams and support the related elements of analysis and
case preparation.
7.2.3 In conjunction with the SIO they will develop an effective technology and data
strategy for the investigation / operation.
7.3

Single Point of Contact

7.3.1 The Single Point of Contact (SPoC) is either an accredited individual or a
group of accredited individuals trained to facilitate lawful acquisition of CD and
effective co-operation between a public authority and a CSP. To become
accredited, an individual must complete a course of training appropriate for the
role and have been issued a SPoC Personal Identification Number (PIN).
Details of all accredited individuals are available to service providers for
authentication purposes.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

11

 NOT PROTECTIVELY MARKED
7.3.2 An accredited SPoC promotes efficiency and good practice in ensuring only
practical and lawful requirements for CD are undertaken. The SPoC is
responsible for providing objective judgement and advice to both the applicant
and the DP. In this way, the SPoC provides a ‘guardian and gatekeeper’
function ensuring that public authorities act in an informed and lawful manner.
7.3.3 The SPoC role will be undertaken by staff of the CIU or staff within the
Confidential Unit.
7.3.4 The SPoC should be in a position to:

7.4



assess whether the acquisition of specific CD from a CSP is reasonably
practical or whether the specific data required is inextricably linked to other
data;



advise applicants on the most appropriate methodology for acquisition of
data where the data sought engages a number of CSPs;



advise applicants and Designated Persons on the interpretation of the Act,
particularly whether an authorisation or notice is appropriate;



provide assurance to Designated Persons that authorisations and notices
are lawful under the Act and free from errors;



provide assurance to service providers that authorisations and notices are
authentic and lawful;



assess whether CD disclosed by a service provider in response to a notice
fulfils the requirement of the notice;



assess whether CD obtained by means of an authorisation fulfils the
requirement of the authorisation;



assess any cost and resource implications to both the public authority and
the CSP of data requirements.

Designated Person (DP)

7.4.1 The DP is a person holding a prescribed office in a relevant public authority.
Within Police Scotland this will be suitably trained Inspectors or
Superintendents dependent on the CD to be acquired.
7.4.2 Inspectors and Superintendents who undertake the role of a DP must have
current working knowledge of human rights principles and legislation,
specifically those of necessity and proportionality, and how they apply to the
acquisition of CD under the Act and the Home Office Code of Practice.
7.4.3 The DP is responsible for considering the application for CD and where they
believe the request is necessary and proportionate in the specific
circumstances, can grant an authorisation or a notice.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

12

 NOT PROTECTIVELY MARKED
7.4.4 The DP must ensure that they grant authorisations or give notices only for
purposes and only in respect of types of CD that a DP of their office, rank or
position in the relevant public authority may grant or give.
7.4.5 The DP must assess the necessity for any conduct to acquire or obtain CD
taking into account any advice provided by the SPoC.
7.4.6 The DP must be independent from operations and investigations when
granting authorisations or giving notices related to those operations, and
confirm this fact within their written considerations.
7.4.7 The only exception would be where it is deemed necessary to act urgently, in
circumstances where it is not possible to call upon the services of another DP
who is independent from the investigation or operation.
7.4.8 Where occasions arise where a DP is not independent from the investigation
or operation their involvement and their justification for undertaking the role of
the DP must be explicit in their recorded considerations.
7.5

Senior Responsible Officer

7.5.1 Every relevant public authority must appoint a Senior Responsible Officer
(SRO) who is responsible for:


the integrity of the process in place within the public authority to acquire
CD;



compliance with Part 1 Chapter 2 of the Act, the Home Office CoP and
with this SOP; and



oversight of the reporting of errors to IOCCO and the identification of both
the cause(s) of errors and the implementation of processes to minimise
repetition of reported errors.

7.5.2 The SRO for Police Scotland is the Detective Superintendent, Specialist Crime
Division, Technical Collections.
7.6

Communications Investigation Unit (CIU)

7.6.1 The focal point for the acquisition and disclosure of CD will be the CIU.
7.6.2 Police Scotland CIU is situated at 3 hubs:


CIU West (Scottish Crime Campus (SCC), Gartcosh);



CIU East (Fettes, Edinburgh);



CIU North (Queen Street, Aberdeen)

(See Appendix ‘E’ for contact details).

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

13

 NOT PROTECTIVELY MARKED
7.6.3 The CIU will act as the ‘guardian and gatekeeper’ and ensure that officers and
staff of Police Scotland act in an informed and lawful manner.
7.6.4 Therefore all applications for CD will be directed through the CIU who will
provide any necessary advice on their completion and arrange for approval by
the appropriate level of DP.
7.6.5 Accredited staff within the CIU are the nominated SPoCs in relation to CD and
therefore they are the only persons authorised to engage with CSPs.
7.6.6 The CIU will be responsible for the upkeep of all records in respect of requests
for CD.
7.6.7 Officers must immediately notify the CIU when the requirement for obtaining
CD is complete or no longer required and the authorisation / notice will be duly
cancelled.
7.6.8 Applicants who receive CD in response to an application must check its
accuracy – numbers, date/time periods and any other information that is
authorised and report any errors immediately.

8.

Application / Authorisation Process

8.1

Application Process

8.1.1 When an officer considers that obtaining CD is necessary and believes the
action is justified and proportionate to what it seeks to achieve, the officer
should complete the formal Communications Data Application Form, by using
the ‘CycComms’ electronic workflow system.
8.1.2 CycComms can be found by using a link on the Police Scotland Intranet. (See
Appendix ‘F’.)
8.1.3 Should there be an occasion where no access to the CycComms system is
available, applicants may be required to revert to a manual application form
“Application for Communications Data” (Force Form 033-001) which should be
emailed to the appropriate CIU (see Appendix ‘E’) with an explanation stating
why CycComms has not been utilised.
8.1.4 A DP cannot approve anything that is not specified in the application, even if it
is implied. It is best practice therefore that the application form should contain
detailed information within the body of text contained within each section and
must include a reference to the nature of the investigation, any complainer,
suspect and what type of data is being requested from the service provider.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

14

 NOT PROTECTIVELY MARKED
8.1.5 The following information must be provided in applications for CD:

8.2



the name (or designation) and the office, rank or position held by the
person making the application;



a unique reference number (automatically created by CycComms system);



the operation name (if applicable) to which the application relates;



the purpose for which the data is required, by reference to a statutory
purpose under 22(2) of the Act (see Section 5.8 above);



describe the CD required, specifying, where relevant, any historic or future
date(s) and, where appropriate, time period(s);



when a communications address is provided (i.e. mobile telephone
number), care must be taken to ensure the correct number is described on
the application and this should be confirmed by original documentation;



describe whether the CD relates to a victim, a witness, a complainant, a
suspect, next of kin, vulnerable person or other person relevant to the
investigation or operation;



explain why the acquisition of that CD is considered necessary and
proportionate to what is sought to be achieved by acquiring it;



consider and, where appropriate, describe any meaningful collateral
intrusion – the extent to which the privacy of any individual not under
investigation may be infringed and why that intrusion is justified in the
circumstances; and



identify and explain the time scale within which the data is required.

Necessity

8.2.1 In order to justify the application it is necessary for the applicant to cover three
main points:


crime / offence / circumstances (“the event”) under investigation;



suspect(s) / offender(s) / witness(es) / victim(s) (“the person”) and how the
person(s) is/are linked to the event;



telephone number(s), IP Address(es) etc. (“the communication”) and how
this/these relate or link the person and the event.

8.2.2 Sensitive sources of intelligence or covert investigation techniques should not
be referred to in the application.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

15

 NOT PROTECTIVELY MARKED
8.2.3 In essence, necessity should be a short explanation of the a) event, b) the
person and c) the communication and how these three link together.
Event

Person

Communication

8.2.4 The SPoC officer, in conjunction with the DP, will determine the grading to be
applied to each application.
8.3

Proportionality

8.3.1 Applicants require to outline how obtaining the data will benefit the
investigation or operation. Two basic questions which must be answered are:


“What are you looking for within the data to be acquired?”



“If the data contains what you are looking for, what will be your next course
of action?”

8.3.2 This must apply for each type of data set being applied for within the
application.
8.3.3 The relevance of any time periods requested must be explained outlining how
these periods are proportionate to the event under investigation. Do not apply
for 2 weeks of data when you are only concerned with a 3 day window.
8.3.4 An explanation as to how CD will be used, once acquired, and how it will
benefit the investigation or operation will enable the applicant to set out the
basis of proportionality.
8.3.5 An investigation or operation which is seeking to acquire several sets of traffic
data or service use data should engage with the SPoC to develop strategies
(or collection plans) to obtain the CD and the detail of that strategy may be
included within the application.
8.4

Consequential Subscribers

8.4.1 At the time of giving a notice or granting an authorisation to obtain specific
traffic data or service use data, a DP may also authorise, to the extent
necessary and proportionate at that time, the consequential acquisition of
specific subscriber information relating to the traffic data or service use data to
be obtained. This is relevant where there is a necessary and proportionate
requirement to identify with whom a person has been in communication.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

16

 NOT PROTECTIVELY MARKED
8.4.2 An applicant must outline why it is necessary and proportionate to obtain the
consequential ‘future’ subscribers in their application. They are required to
outline what analytical work they intend to conduct on the service use / traffic
data to identify the relevant numbers. Giving a general statement such as
“when the data has been received the results will be analysed and subscribers
requested to progress the investigation” does not sufficiently describe how the
data will be analysed and what the applicant is looking for in the data.
Applicants should therefore ensure that they outline in detail what they are
attempting to achieve, how the data will be analysed and what they are
looking for in the data to be acquired, i.e. those most recently called, those
called within specified time periods etc.
8.4.3 A system is available within ‘CycComms’ to allow for the acquisition of
consequential subscribers.
8.5

Collateral Intrusion

8.5.1 Collateral Intrusion forms part of the ‘Proportionality’ considerations and
becomes increasingly relevant when applying for traffic data or service use
data.
8.5.2 Applicants should outline specifically what collateral intrusion may occur; how
the time periods requested impact on the collateral intrusion; whether they are
likely to obtain data which is outside the realm of their investigation and outline
their plans for managing it.
8.5.3 For example: during the course of an investigation and to establish certain
facts it may be necessary and proportionate for an investigator (applicant) to
require access to CD that relates to witnesses as well as the associates of a
suspect or target.
8.5.4 The question to be asked is, “Will the data set to be acquired result in
collateral intrusion to persons outside the line of enquiry the data is
being obtained for?” For example, due to the very specific nature of
telephone subscriber check/s, collateral intrusion on a person other than the
subscriber detail/s will be consistently absent whereas itemised billing on the
subject’s family home will be likely to contain calls made by the family
members.
8.6

Amendment / Approval Process

8.6.1 On receipt of the completed application form, the CIU will quality assure the
form and thereafter prepare it for onward transmission to a DP.
8.6.2 Where the application does not meet the requirements of the RIPA legislation
and Home Office CoP to progress to the DP the SPoC will return it to the
applicant with appropriate advice on amending the application accordingly. If
the data is still required the application can be resubmitted once all the points
outlined by the SPoC are addressed.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

17

 NOT PROTECTIVELY MARKED
8.6.3 Once an application contains the relevant level of information it will be
forwarded to the DP who must consider the necessity, proportionality and
justification of the CD being applied for. If the data request is subsequently
approved the SPoC will thereafter apply for the relevant CD on the applicants
behalf.
8.7

Cancellation

8.7.1 Authorisations or notices served on a CSP must be cancelled where the
requirement for the requested CD ceases.
8.7.2 In other words when a service provider is requested to provide CD and the
grounds for obtaining the data are no longer justified, for whatever reason, the
authorisation must be immediately cancelled.
8.7.3 The applicant must timeously notify the CIU (SPoC) that the CD they have
requested is no longer required specifying the reason for the cancellation.
8.7.4 On receipt of the notification that the CD is no longer required the CIU will
timeously notify the CSP of the requirement to cease providing the data
requested. Dependent on the circumstances this can be carried out verbally
but must always be followed by a formal written notification of cancellation.
8.8

Records Retention, Review and Disposal

8.8.1 An application for CD and all corresponding records will be subject to the
appropriate retention, review and disposal in accordance with the Force
Record Retention SOP, especially relating to Crime and Productions (section
6) and Intelligence (section 11).
8.9

Errors

8.9.1 Where CD is acquired or disclosed wrongly, an error occurs and must be
recorded. It is the responsibility of the applicant to promptly inform the CIU
when wrong or excess data is obtained.
8.9.2 An error can only occur after a DP:
 Has granted an authorisation and the acquisition of data has been
initiated; or
 Has given notice and the notice has been served on a CSP.
8.9.3 It is vital for the applicant to take all reasonable steps to ensure the data they
provide on a CD application is accurate. They should electronically copy
communications addresses into applications when the source is in electronic
form (for example forensic reports relating to mobile phones, call data records
etc.). Communications addresses acquired from other sources must be
properly checked to reduce the scope for error. The SPoC must thereafter
confirm the accuracy of the communications address before proceeding.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

18

 NOT PROTECTIVELY MARKED
8.9.4 The CIU must create an error report for each error made. Errors can have
very significant consequences on an affected individual’s rights with details of
their private communications being disclosed and, in extreme circumstances,
being wrongly detained or wrongly accused of a crime as a result of that error.
8.9.5 In cases where an error has occurred without data being acquired or disclosed
wrongly, a ‘recordable’ error will be created. These records must be available
for inspection by IOCCO. The records kept for recordable errors must include
details of the error, explain how the error occurred and provide an indication of
what steps have been, or will be, taken to ensure that a similar error does not
reoccur. The SRO of Police Scotland will undertake a regular review of the
recording of such errors.
8.9.6 In cases where an error has occurred and data has been acquired or
disclosed wrongly, a ‘reportable’ error will be created. When a ‘reportable’
error has been made, the CIU will require establishing the facts and reporting
the error to the SRO, the DP who approved the obtaining of the data and
IOCCO within no more than five (5) working days of the error being
discovered.
8.9.7 In circumstances where a ‘reportable’ error is deemed to be of a serious
nature, IOCCO may investigate the circumstances that led to the error and
assess the impact of the interference on the affected individual’s rights.
IOCCO may inform the affected individual, who may make a complaint to the
Investigatory Powers Tribunal (IPT).
8.9.8 Where wrongly acquired data is obtained has no connection or relevance to
the investigation or operation, that data and any copy of it (including copies
contained in or as attachments in electronic mail) should be destroyed as soon
as the report to IOCCO has been made.
8.9.9 Examples of reportable or recordable errors include:
Reportable errors


An authorisation or notice made for a statutory purpose, or for a type of
data, which we cannot lawfully obtain;



Human error, such as incorrect transposition of information from an
application to an authorisation or notice where CD is acquired or disclosed;



Disclosure of wrong data by a CSP when complying with a notice or
authorisation.

Recordable errors


A notice has been given which is impossible for a CSP to comply with and
attempts to impose the requirement are made;



Failure to review information already held, for example unnecessarily
seeking the acquisition or disclosure of data already acquired or obtained
for the same investigation or operation;

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

19

 NOT PROTECTIVELY MARKED

8.10



Failure to serve written notice (or where appropriate an authorisation) upon
a CSP within one working day of urgent oral notice being given or an
urgent oral authorisation granted; and



Human error, such as incorrect transposition of information from an
application to an authorisation or notice where CD is not acquired or
disclosed.

Excess Data

8.10.1 Where an ‘authorised’ Application for CD results in the acquisition of excess
data, all the data acquired or disclosed should still be retained.
8.10.2 Under ‘disclosure’ principles, there will be a requirement to record and retain
data which is relevant to a criminal investigation, even if that data was
disclosed or acquired beyond the scope of a valid notice or authorisation. If a
criminal investigation results in proceedings being instituted all material that
may be relevant must be retained at least until the accused is acquitted or
convicted or the prosecutor decides not to proceed.
8.10.3 If, having reviewed the excess data, it is intended to make use of it in the
course of the investigation or operation, the applicant must set out in an
addendum to the authorising DP, the reason(s) for requiring to use it. The DP
will then consider the reason(s) and review all the data and consider whether it
is necessary and proportionate for the excess data to be used in the
investigation or operation.
8.11

Communications data involving certain professions

8.11.1 CD is not subject to any form of professional privilege – the fact a
communication took place does not disclose what was discussed, considered
or advised.
8.11.2 However the degree of interference with an individual’s rights and freedoms
may be higher where the CD being sought relates to a person who is a
member of a profession that handles privileged or otherwise confidential
information (including medical doctors, lawyers, journalists, Members of
Parliament, or ministers of religion). It may also be possible to infer an issue of
sensitivity from the fact someone has regular contact with, for example, a
lawyer or journalist.
8.11.3 Such situations do not preclude an application for CD being made. However
applicants must draw attention to such circumstances that might lead to an
unusual degree of intrusion or infringement of rights and freedoms, particularly
regarding privacy and, where it might be engaged, freedom of expression and
give special consideration to the necessity and proportionality sections.
Particular care must be taken by DPs when considering such applications,
including additional consideration of whether there might be unintended
consequences of such applications and whether the public interest is best
served by the application.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

20

 NOT PROTECTIVELY MARKED
8.11.4 Applicants must clearly record if a person within an application is known to be
in a profession that handles privileged or otherwise confidential information,
(including medical doctors, lawyers, journalists, Members of Parliament, or
ministers of religion).
8.11.5 The CD application form (via the CycComms portal) has fields to record the
profession of a subject(s) of such an application.
8.11.6 Issues surrounding the infringement of the right to freedom of expression may
arise where a request is made for the CD of a journalist. There is a strong
public interest in protecting a free press and freedom of expression in a
democratic society, including the willingness of sources to provide information
to journalists anonymously. Where an application is intended to determine the
source of journalistic information, there must therefore be an overriding
requirement in the public interest.
8.11.7 Where the application is for CD of a journalist, or an intermediary, but is not
intended to determine the source of journalistic information (for example,
where the journalist is a victim of crime or is suspected of committing a crime
unrelated to their occupation), there is nevertheless a risk of collateral
intrusion into legitimate journalistic sources. In such a case, particular care
must therefore be taken to ensure that the application considers whether the
intrusion is justified, giving proper consideration to the public interest. The
necessity and proportionality assessment also needs to consider whether
alternative evidence exists, or whether there are alternative means for
obtaining the information being sought.
8.12

Applications to determine the source of journalistic information Judicial Authorisation

8.12.1 CD that may be considered to determine journalistic sources includes data
relating to:


Journalists’ communications addresses;



The communications addresses of those persons suspected to be a
source; and



Communications addresses of persons suspected to be acting as
intermediaries between the journalist and the suspected source.

8.12.2 In the specific case of an application for CD, which is required to be made in
order to identify a journalist’s source, communication MUST be made with the
CIU who will assist in the authorisation procedure which will require judicial
approval (i.e. Court Warrant). Note: The exact process for this is still to be
finalised with the Crown Office and Procurator Fiscal Service (COPFS)
however the CIU will be in a position to advise on the correct process to be
adopted.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

21

 NOT PROTECTIVELY MARKED
8.12.3 The application should draw the DPs attention to relevant matters including
why the police suspect wrong-doing that includes communications with a
journalist. The application must fully consider whether that conduct is criminal
and of a sufficiently serious nature for the subjects’ rights to freedom of
expression to be interfered with where CD is to be acquired for the purpose of
identifying a journalist’s source.
8.12.4 Where there is substantial ground for believing that there is an immediate
threat of loss of human life, such that a person’s life might be endangered by
the delay inherent in the process of judicial authorisation, law enforcement
agencies may continue to use the existing internal authorisation process under
the Act. Such applications must be flagged to IOCCO as soon as reasonably
practicable. If additional CD is later sought as part of the same investigation,
but where a threat to life no longer exists, judicial authorisation must be
sought.
8.12.5 The requirement for judicial oversight does not apply where applications are
made for the CD of those known to be journalists but where the application is
not to determine the source of journalistic information. This includes, for
example, where the journalist is a victim of crime or is suspected of committing
a crime unrelated to their occupation.
8.12.6 All applications that relate to a profession that handles privileged or otherwise
confidential information will be subject to inspection by the IOCCO during their
annual inspection of the Force.

9.

Life at Immediate Risk Situations

9.1

Arrangements are in place for accredited SPoCs to provide the necessary
urgent support in respect of immediate life at risk situations. During normal
office hours your local CIU should be contacted in the first instance, however
the CIU West will provide 24/7 cover outwith the normal working hours of the
CIU East and CIU North offices (see Appendix ‘E’). The conduit for calling a
SPoC for immediate life at risk situations should be via a senior officer;
however the local area control room should be contacted in the first instance.

9.2

In ‘life at immediate risk’ situations (Grade 1), a DP may provide oral authority
to obtain CD from the relevant service provider. This authority MUST be given
to a SPoC. To justify an oral authority the circumstances that may be
appropriate include:


An immediate threat of loss of human life, or for the protection of human
life, such that a person’s life might be endangered if the application
procedure were undertaken in writing from the outset. (This may include
safeguarding the welfare of vulnerable people, including children at
imminent risk of being abused or otherwise harmed);

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

22

 NOT PROTECTIVELY MARKED


An exceptionally urgent operational requirement where, within no more
than 48 hours of the notice being given or the authorisation being granted
orally, the acquisition of CD will directly assist the prevention or detection
of the commission of a serious crime and the making of arrests or the
seizure of illicit material, and where that operational opportunity will be lost
if the application procedure is undertaken in writing from the outset; or



A credible and immediate threat to national security or a time-critical and
unique opportunity to secure, or prevent the loss of, information of vital
importance to national security where that threat might be realised, or that
opportunity lost, if the application procedure were undertaken in writing
from the outset.

9.3

DPs can only give authority for the level of activity in accordance with the
standard authorising processes. The time the authority is agreed, together
with the details of the activity approved should be recorded in writing by the
SPoC to whom the DP spoke.

9.4

The same quality of information as required for a written application will be
given verbally to the DP when making oral application. DPs giving oral
authority will make and keep a suitable record of the authority. Retrospective
forms are not required to be completed by the applicant but a full record of
activity will be recorded by the SPoC through the CycComms system.

9.5

The DP must retrospectively confirm their agreement with the SPoCs
comments provided on the CycComms system and/or provide additional
information about their verbal considerations.

10.

Dropped / Silent / 999 or 112 Calls

10.1

There exists a ‘golden hour’ or ‘emergency period’ which is ‘within one hour of
the termination of an emergency call’. Following the initial receipt of a dropped
or silent 999 / 112 call where concern exists as to the reason for the 999 call
the Contact Centre / Area Control Room (ACR) supervisor can call upon an
Emergency Operator or relevant service provider to disclose data (subscriber
and location information) about the call maker to enable the provision of
emergency assistance.

10.2

The Command and Control incident should be tagged / marked where
subscriber information is obtained within the ‘Golden Hour’. This will allow a
suitable audit to be carried out to ensure compliance with the legislation and
code of practice.

10.3

The CIU Managers should conduct regular spot checks of the local Command
and Control system to ensure that the process is being properly adhered to.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

23

 NOT PROTECTIVELY MARKED
10.4

The Command and Control incident should also contain the following details to
allow a resume of the incident to be maintained for audit purposes:


Command and Control incident number;



Telephone number subject to subscriber check;



Time call received;



Communications Service Provider involved;



Details of the ACR staff member who makes the request to the CSP;



Manner in which the CSP is contacted (automated system / verbal request
etc.);



Time CSP contacted; and



the result.

11.

Service Providers – Cost Recovery

11.1

It is nationally recognised that CSPs incur costs in complying with notices and
authorisations to disclose CD, and the Act allows for arrangements for making
appropriate payments to them to facilitate the timely disclosure of CD.

11.2

‘Timely disclosure’ means that ordinarily a CSP should disclose data within ten
working days of being required to do so.

11.3

The major CSPs have established Police Liaison Units to accommodate
formal requests for CD. A number have also created on-line systems which
have been made available to accredited SPoCs via the secure PNN system.

11.4

CD requests have cost implications. An approximate cost will be calculated by
the SPoC as part of their assessment section of the application form and the
DP will be informed accordingly to allow them to consider the costs involved
when considering the application.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

24

 NOT PROTECTIVELY MARKED

12. Information available from Mobile Telephones including
Voicemail
12.1

There are two main areas where information can be stored on a mobile
telephone, the actual handset and the Subscriber Identity Module (SIM) card.
Each holds various information and data from both can be retrieved using
specialist software and made available to the Enquiry Officer. These can
include details of:


Short Message Service (SMS) messages - text messages;



Address book;



Call history;



Dialled numbers; and



Pictures/images.

12.2

Only information held on the mobile telephone or SIM card when it was seized
can be retrieved during the course of an examination.

12.3

SMS (text) messages are physically stored on the mobile telephone or SIM
card. Messages that were already on the mobile telephone when it was taken
possession of can, therefore, be retrieved during the forensic examination
process. Similarly, photographs taken using the mobile telephone are
physically stored on the telephone and can, therefore, be retrieved.

12.4

Voicemail messages, however, are stored on the remote server of the relevant
CSP and can only be accessed by dialling a specific voicemail number. They
cannot, therefore, be retrieved as part of the forensic examination process.

12.5

To listen to, download and/or record mobile phone voicemail messages
lawfully the essential point is where the voicemail information is held. In the
case of mobile telephone voicemail, and similarly the British Telecom (BT)
“1571” service, the voicemail is not held on the recipient’s device, but is held
on a platform owned by the service provider.

12.6

There are essentially four ways of obtaining this information lawfully:
1 Interception warrant for intelligence purposes only;
2 Sheriff’s warrant;
3 Written consent from one party of the communication with a directed
surveillance authority governing the lack of consent from the other party;
and
4 Written consent from both parties subject of the communication (caller and
recipient).

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

25

 NOT PROTECTIVELY MARKED
12.7

Option 1 is not generally proportionate and option 4 is unlikely to be
forthcoming if a criminal act has occurred; thus leaving options 2 and 3
available.

12.8

Advice on a case by case basis will be provided by the CIU or Central
Authorities Bureau (CAB).

12.9

Be aware however that the obtaining of Voicemails is generally time critical
with the service providers only holding the voicemail for a very limited time
period – once deleted they cannot be retrieved.

13.

Radio Frequency Propagation Surveys (RFPS)

13.1

Using specialist equipment and training, it is possible to identify and capture
the best serving cell site identifier at a particular location. This is called a
Radio Frequency Propagation Survey (RFPS).

13.2

RFPS data can be used to refute/corroborate existing evidence and or alibi
statements

13.3

When a mobile telephone makes/sends or receives either


a voice call,



a text message (SMS),



Multi Media Message (MMS), or



utilises the internet capabilities of the phone (GPRS data),

it will connect to its mobile telephone network via a telephone mast which is
referred to as a Cell Site. Each Cell Site can be made up of several sectors
and each sector is given a cell identifier known as a Cell ID.
13.4

The equipment used during the RFPS plots, via GPS, it’s location at the time
of replicating a call, this data is then stored and transferred onto a map
showing the area covered by each cell site sector.

13.5

The Police Scotland CIU has the necessary equipment and a number of
SPoCs trained to carry out RFPS. Further advice on the conducting a RFPS
can be obtained by contacting your local CIU.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

26

 NOT PROTECTIVELY MARKED

14.

Engagement with Private Companies

14.1

Communications Data

14.1.1 For the purposes of progressing enquiries where the use of CD has been
obtained and the Senior Investigating Officer (SIO) considers it necessary to
utilise the services of a specialist private company (this may include a Radio
Frequency Propagation Survey (RFPS), the SIO will first contact the CIU to
discuss this and after establishing what services are required, the SIO will
then liaise with the various companies that are able to provide the service
required, obtaining costing and timescales from them. In accordance with Best
Value principles, a minimum of three options should be obtained where
practical.
14.1.2 Where a decision is made by the SIO to obtain the services of an external
company a relevant representative of that company will be notified and a
meeting hosted by the SIO will be arranged. A representative of the CIU
should attend this meeting to give further advice on what CD can be utilised by
that company. It should be noted that only CD which can be evidenced will be
provided for use by such companies.
14.2

Payment for Services

14.2.1 It is the responsibility of the SIO/OIC to seek authorisation from the
appropriate budget holder, not being the CIU budget, prior to obtaining the
services of a private company.

15.

Communications Data as Evidence

15.1
Information has been removed due to its content being exempt in terms
of the Freedom of Information (Scotland) Act 2002, Section 35 Law
Enforcement

16.

Malicious and Nuisance Communications

16.1

Many CSPs offer services to their customers to deal with complaints
concerning malicious and nuisance communications. Although these services
vary between CSPs, they all realise that such calls can be very distressing for
their customers and that every effort should be made to resolve such
situations as efficiently as possible.

16.2

The victim of malicious or nuisance communications may, in the first instance,
bring it to the attention of their CSP rather than report it to the police.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

27

 NOT PROTECTIVELY MARKED
16.3

Although contacted directly by a customer, the CSP may consider the
circumstances of the complaint to be such that the customer will be advised to
report the matter without delay to the police for investigation.

16.4

Additionally, the CSP can offer practical advice and assistance when dealing
with nuisance communications; for example, arrange a change of telephone
number. Indeed many complainers merely wish for the malicious or nuisance
communications to cease and do not wish for a full police investigation to be
undertaken.

16.5

The advice given by the CSP to the complainer may indicate that the
circumstances constitute a criminal offence. The CSP may choose to disclose
data directly to its customer relating to the source of the malicious or nuisance
communications, but must ensure that such disclosure complies with the
provisions of both the Data Protection Act 1998 (DPA) and an individual’s
rights of privacy.

16.6

Upon receipt of a complaint, a CSP may retrieve and retain relevant specific
CD that, if appropriate, can be disclosed to the police at a later date.

16.7

If the complainer wishes the matter to be investigated, it is essential that the
CSP and the police (via the SPoC) liaise with one another to ensure the lawful
disclosure of CD for investigative purposes.

16.8

Where the complainer subsequently reports the matter to the police, having
previously been in contact with their CSP, any CD already collated by the CSP
may be disclosed to the police SPoC under the provisions of the DPA.
Subsequent police investigation may require the acquisition or disclosure of
additional CD from the complainer’s CSP (or another CSP) under the
provisions of the Act. In this instance, an application for CD should be
submitted. Where a crime has been identified, it is essential that the police
record it in accordance with the Scottish Crime Recording Standards (SCRS).

16.9

Where the initial complaint is either reported to the CSP or directly to the
police, careful consideration should be given to whether the occurrence of
malicious or nuisance communications are, or may be, related to other
incidents or events. For example, this could be where the complainer is a
victim of another crime or is a witness or jury member in either an ongoing or
forthcoming criminal trial.

16.10 Where any offence appears to have been committed, but the victim does not
wish the police to investigate, the victim should be referred to their CSP for
advice as to alternative options available to them. The victim must understand
the risk of losing time and evidence if they later change their mind. If it is a
customer service matter, it is important that the police realise that there are a
number of different CSPs, each with differing procedures. The police should
advise the victim to contact the customer service department of their CSP to
identify the options available to them in each case.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

28

 NOT PROTECTIVELY MARKED
16.11 Some Internet and e-mail companies have no personal or telephone contact.
Where this is the case, the victim should be advised to contact their CSP
using e-mail or Internet.
16.12 Where a crime appears to have been committed but the victim has not made
the decision to pursue a police investigation, the police must still record that
crime in accordance with SCRS.
16.13 The significant impact silent calls can have on victims must be recognised,
even where there is no evidence of human malice and no obvious connection
to other incidents involving the victim.
16.14 In such circumstances, the victim should always be referred to the CSP for
initial investigation. The CSP will, where possible, eliminate the possibility of a
system fault or an erroneously programmed auto-dialler before the matter is
taken further. It is recognised that some CSPs are unable to determine the
use of auto-diallers.
16.15 Silent calls of the type described above may now be dealt with by the Office of
Communications (OFCOM) as “Persistent Misuse of an Electronic
Communications Network or Electronic Communications Service” under
sections 128-131 of the Communications Act 2003.
16.16 The above legislation allows for fines of up to £5000, plus compensation, to be
imposed by OFCOM. OFCOM has been advised that persistent misuse does
not, however, constitute an offence and a case is only likely to end up in the
courts where they have to pursue for payment of any fine imposed.

17. Role of the Interception Of Communications Commissioner’s
Office (IOCCO)
17.1

Independent oversight of CD is provided by IOCCO under the direction of the
Interception of Communications Commissioner who reports directly to the
Prime Minister.

17.2

An Inspectorate has been formed within IOCCO to assist the commissioner in
the discharge of their review responsibilities under RIPA.

17.3

Inspections take the form of comprehensive examination of the processing of
requests for communication data applications and authorisations.

17.4

Police Scotland will provide IOCCO with all assistance required during any
inspection, which will be facilitated by the SRO. The National CIU Manager
(Detective Inspector) will be the main conduit for the SRO in any contact with
IOCCO.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

29

 NOT PROTECTIVELY MARKED

Appendix ‘A’
List of Associated Legislation


Communications Act 2003;



Data Protection Act 1998 (DPA);



Data Retention and Investigatory Powers Act 2014 (DRIPA);



European Convention of Human Rights (ECHR);



Human Rights Act 1998; and



Regulation of Investigatory Powers Act 2000 (RIPA).

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

30

 NOT PROTECTIVELY MARKED

Appendix ‘B’
List of Associated Reference Documents


Bomb Threats and Suspicious Packages SOP;



Crime Investigation SOP;



Digitally Stored Evidence SOP;



Home Office – Acquisition and Disclosure of Communications Data ‘Code
of Practice’;



Internet, Research and Investigations SOP;



Record Retention SOP;



Surveillance (Operations and Log Keeping) SOP; and



Threats to Life Warnings SOP.

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

31

 NOT PROTECTIVELY MARKED

Appendix ‘C’
List of Associated Forms


Application for Communications Data (Force Form 033-001)

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

32

 NOT PROTECTIVELY MARKED

Appendix ‘D’
Glossary of Terms
Term
ACR

Full Meaning
Area Control Room

BT

British Telecom

CAB

Central Authorities Bureau

CD

Communications Data

CIU

Communication Investigation Unit

CoP

Code of Practice

CSP

Communication Service Provider

CTIS

Counter Terrorism Intelligence Section

COPFS

Crown Office and Procurator Fiscal Service

DMI

Digital Media Investigator

DP

Designated Person

DPA

Data Protection Act

DRIPA

Data Retention and Investigatory Powers Act 2014

ECHR

European Convention on Human Rights

ECJ

European Court of Justice

IMEI

International Mobile Equipment Identity

IOCCO

Interception of Communications Commissioner’s Office

IP

Internet Protocol

IPT

Investigatory Powers Tribunal

MMS

Multi Media Message

OFCOM

Office of Communications

OIC

Officer in Charge

PIN

Personal Identification Number

PNN

Police National Network

PSoS

Police Service of Scotland

PSU

Professional Standards Unit

RFPS

Radio Frequency Propagation Survey

RIPA

Regulation of Investigatory Powers Act 2000

SB

Special Branch

SCC

Scottish Crime Campus

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

33

 NOT PROTECTIVELY MARKED
Term
SCRS

Full Meaning
Scottish Crime Recording Standards

SIM

Subscriber Identity Module

SIO

Senior Investigating Officer

SMS

Short Message Service

SOP

Standard Operating Procedure

SPoC

Single Point of Contact

SRO

Senior Responsible Officer

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

34

 NOT PROTECTIVELY MARKED

Appendix ‘E’

Information has been removed due to its content being exempt in terms
of the Freedom of Information (Scotland) Act 2002, Section 30 - Prejudice
to effective conduct of public affairs

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

35

 NOT PROTECTIVELY MARKED

Appendix ‘F’
CycComms Link
CycComms can be found by using the following link to the Police Scotland Intranet.


CycComms Link

or via main page of the Police Scotland Intranet > Tools & Applications > CycComms
> CycComms application.

On the rare occasion when the CycComms workflow system cannot be accessed
applicants may require to revert to a manual application form “Application for
Communications Data” (Form Ref. No. 033-001).

Version 3.00
(Publication Scheme)

NOT PROTECTIVELY MARKED

36