Manual on the Communications (Retention of Data) Act 2011

Similar documents
INVESTIGATION OF ELECTRONIC DATA PROTECTED BY ENCRYPTION ETC DRAFT CODE OF PRACTICE

EUROPEAN UNION. Brussels, 3 February 2006 (OR. en) 2005/0182 (COD) PE-CONS 3677/05 COPEN 200 TELECOM 151 CODEC 1206 OC 981

TekSavvy Solutions Inc.

AIA Australia Limited

Protection of Freedoms Act 2012

Coordinated text from 10 August 2011 Version applicable from 1 September 2011

BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures

The Committee was established primarily to assist the Board in overseeing the:

PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION.

NATIONAL VETTING BUREAU BILL 2011 PRESENTED BY THE MINISTER FOR JUSTICE, EQUALITY AND DEFENCE

APPENDIX. 1. The Equipment Interference Regime which is relevant to the activities of GCHQ principally derives from the following statutes:

Cybercrime Legislation Amendment Bill 2011

REGULATION OF INVESTIGATORY POWERS BILL SECOND READING BRIEFING

INFORMATION SHARING AGREEMENT This document is NOT PROTECTIVELY MARKED

Version No. Date Amendments made Authorised by N/A ACC Hamilton (PSNI)

APPLICATION FOR COMMUNICATIONS DATA (UNDER THE DATA PROTECTION ACT 1998) RESTRICTED

The London Borough of Barnet. The Metropolitan Police Barnet Borough Division

Privacy. Purpose. Scope. Policy. Appendix A

Health Information Privacy Code 1994

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

BERMUDA CRIMINAL JUSTICE (INTERNATIONAL CO-OPERATION) (BERMUDA) ACT : 41

THE SOUTHERN EDUCATION AND LIBRARY BOARD - FRAUD RESPONSE PLAN. Fraud Response Plan

Inquiry into Comprehensive Revision of the Telecommunications (Interception and Access) Act 1979

Number 5 of Vehicle Registration Data (Automated Searching and Exchange) Act 2018

Workplace Surveillance Act 2005

STATUTORY INSTRUMENTS. S.I. No. 110 of 2019

Telecommunications Information Privacy Code 2003

MEMORANDUM OF UNDERSTANDING

Purposes of the Law. Information of Public Importance. Public Authority Body. Legal Presumptions of Justified Interest

Investigatory Powers Bill

Collection Manual. Reviewed July 2017

Application for Membership and Code of Conduct of the Blanco Neighbourhood Watch

INVESCO LTD. AUDIT COMMITTEE CHARTER

Brussels, 16 May 2006 (Case ) 1. Procedure

DATA SHARING AND PROCESSING

CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS

ACT GUIDELINES FOR COUNCIL. Approved 5 June 2008 (last updated 1 December 2014)

INFORMATION SHARING AGREEMENT BETWEEN THE MINISTRY OF JUSTICE AND THE CROWN LAW OFFICE JULY 2017

Terms of Reference of the AstraZeneca Audit Committee

TERMS OF REFERENCE FOR A SUPERVISORY COMMITTEE OF THE BOARD OF THE LONDON GOLD MARKET FIXING LIMITED

An Bille um Chosaint Sonraí, 2018 Data Protection Bill 2018

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

The Police Complaints Authority Act, 2003

Data Protection Act 1998 Policy

STATUTORY INSTRUMENTS. S.I. No. 258 of 2014

SAINT CHRISTOPHER AND NEVIS STATUTORY RULES AND ORDERS. No. 47 of 2011

Merseyside Police and Probation Area. Working together to. Protect the Public of Merseyside MULTI AGENCY PUBLIC PROTECTION ARRANGEMENTS

Purpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2

Privacy Policy. Cabcharge will only collect personal information which is necessary for the operation of its business.

INVESTIGATORY POWERS BILL EXPLANATORY NOTES

INTERPOL s Rules on the Processing of Data

PART 10 ENFORCEMENT 2 OVERVIEW 2 SECTION 127 TERMS ON WHICH INSTRUMENTS NOT DULY STAMPED MAY BE RECEIVED

Enforcement guidelines for regulatory investigations. Guidelines

DETENTION PERIODS. This document is provided as general guidelines only.

and Article I. PURPOSE

Access to Personal Information Procedure

INFORMATION SHARING AGREEMENT WEST YORKSHIRE POLICE. and LEEDS AND YORK PARTNERSHIP NHS FOUNDATION TRUST

SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16

Covert Human Intelligence Sources Code of Practice

SCOTTISH POLICE AUTHORITY CORPORATE GOVERNANCE FRAMEWORK DECEMBER 2017

Number 44 of 2004 ROAD TRAFFIC ACT 2004 ARRANGEMENT OF SECTIONS PART 1. Preliminary and General

Privacy Policy. This Privacy Policy sets out the Law Society's policies in relation to the management of Personal Information.

2007 No COMPANIES AUDITORS. The Statutory Auditors and Third Country Auditors Regulations 2007

PRIVACY POLICY DOT DM Corporation Commonwealth of Dominica cctld (.dm)

Number 5 of Regulation of Lobbying Act 2015

Anti-Fraud, Bribery and Corruption Response Policy. Telford and Wrekin Clinical Commissioning Group

Aptiv PLC. Audit Committee Charter

Definitions The following terms have these meanings in this Policy: a. Act Personal Information Protection and Electronic Documents Act;

Data Protection. Policy & Procedure. Greater Manchester Police

NATIONAL ARCHIVES ACT, 1986

Memorandum of Understanding. between. HM Land Registry. and. Solicitors Regulation Authority (SRA)

BACKGROUND INFORMATION

Annex - Summary of GDPR derogations in the Data Protection Bill

ADOBE SYSTEMS INCORPORATED. Charter of the Audit Committee of the Board of Directors

Sections 14, 14A, 14B, and 14C - Criminal Assets Bureau Acts 1996 and 2005

Policy Framework for the Regional Biometric Data Exchange Solution

Regulation of Interception of Act 18 Communications Act 2010

Number 12 of Energy Act 2016

Ireland passes Data Protection Act 2018 GDPR. Key provisions and amendments

1.2 The ABC will apply the following criteria in determining proportionate complaint handling:

CCTV POLICY. Document Type Corporate Policy. Unique Identifier HS-103

CCTV CODE OF PRACTICE

1. Title and commencement. 2. Interpretation. 3. General. 4. Member in charge. 5. Duties of member in charge. 6. Custody record.

Name: Address: Phone no: Nature of Business:

Data Protection REFERENCE NUMBER. IMPLEMENTATION DATE June 2014 NEXT REVIEW DATE: September 2020 RISK RATING

Criminal Procedure Act 2009

Act No. 502 of 23 May 2018

SECTION ONE Objective and Scope, Basis and Definitions

Co-operation Agreement between the National Consumer Agency and the Central Bank of Ireland

EUROPEAN PARLIAMENT COMMITTEE ON CIVIL LIBERTIES, JUSTICE AND HOME AFFAIRS

What s New in Proposed Elections Legislation

proposes to add a new system of records in its inventory of record systems subject to the Privacy Act of 1974 (5 U.S.C.

Number 31 of 1996 CRIMINAL ASSETS BUREAU ACT 1996 REVISED. Updated to 30 June 2016

Introduction. The highly anticipated text of the Irish Data Protection Bill 2018 has been published.

REQUESTS FOR MUTUAL LEGAL ASSISTANCE IN CRIMINAL MATTERS. Guidance for Authorities Outside of Kenya

Number 28 of Criminal Justice (Victims of Crime) Act 2017

NIGERIAN COMMUNICATIONS ACT (2003 No. 19)

Communications Data Standard Operating Procedure

Customs Enforcement of Intellectual Property Rights Manual

Transcription:

Manual on the Communications (Retention of Data) Act 2011 Document last updated July 2017

Table of Contents 1. Introduction...3 2. Disclosure Requests: General...4 4. Request Form...5 5. Oversight...8 6. Responsibility of Revenue personnel who hold or receive data under the 2011 Act 8 7. Data Security...8 8. Statistics...9 Appendix 1. Data Protection Code of Practice...10

1. Introduction 1.1 This Manual sets out the procedures for the use of the power conferred on the Revenue Commissioners by the Communications (Retention of Data) Act 2011 ( the 2011 Act ) to make disclosure requests to communications service providers, and for the discharge of Revenue s responsibilities under that Act. 1.2 The 2011 Act requires service providers 1 to retain data 2 for a period of two years in the case of telephone data and one year in the case of internet data and permits specified public authorities, including An Garda Síochána, the Defence Forces and the Revenue Commissioners, to access such data by way of disclosure requests made in accordance with section 6 of the Act. 1.3 The data in respect of which disclosure requests may be made are specified in Schedule 2 of the Act. In the case of fixed network telephony and mobile telephony, subscriber details (that is, the name and address of the subscriber or registered user), and traffic data (such as details of incoming or outgoing calls or text messages), can be requested. For mobile telephones, data can be sought also to identify the location of mobile communication equipment: these are the cell ID at the start of a communication and data identifying the geographical location of cells by reference to their cell ID. In the case of the Internet, requests can be made in respect of subscriber details (such as phone numbers or names and addresses) associated with an IP address, which has to be furnished to the service provider concerned. 1.4 Disclosure requests cannot be made in respect of the content of communications: section 2 of the 2011 Act provides that the Act does not apply to content. 1.5 The circumstances in which Revenue may make a disclosure request are set out in Section 2, and the procedures that have been put in place for the making of such requests are addressed in Section 3. 1.6 A Memorandum of Understanding (MoU) between the relevant representatives of the communications industry and the State agencies concerned was signed on 4 th May 2011. The stated purpose of the MoU is to promote efficiency and effective standards of co-operation between the State agencies and the communications industry in dealing with disclosure requests made under the 2011 Act. A technical working group was established to address issues which might arise relating to data retention and the workings of the MoU. 1 Service provider means a person who is engaged in the provision of a publicly available electronic communications service or a public communications network by means of fixed line or mobile telephones or the Internet. 2 Data means traffic data or location data and the related data necessary to identify the subscriber or user.

1.7 Service providers endeavour to respond relatively quickly to subscriber detail requests. However, officers should be mindful of possible delays when requesting traffic data as this information is usually held on live operating systems. 2. Disclosure Requests: General 2.1 Section 6(3) of the 2011 Act provides that an officer of the Revenue Commissioners not below the rank of principal officer may make a disclosure request to a service provider. However, Revenue s internal governance procedures require any such request to be made through one of the two nominated Principal Officers in Investigations and Prosecutions Division: see Section 3. 2.2 A disclosure request may be made only for the purposes of the prevention, detection, investigation or prosecution of a revenue offence, which is defined by the 2011 Act as an offence under any of the following provisions that is a serious offence: (a) section 186 of the Customs Consolidation Act 1876;* (b) section 1078 of the Taxes Consolidation Act 1997; (c) section 102 of the Finance Act 1999; (d) section 119 of the Finance Act 2001; (e) section 79 of the Finance Act 2003 (inserted by s 62 of the Finance Act 2005); (f) section 78 of the Finance Act 2005. [* Now section 14 of the Customs Act 2015.] A serious offence is defined by the Act as an offence that is punishable by imprisonment for a term of five years or more. 2.3 The Act is, therefore, designed for use in the case of offences the seriousness of which means that they would fall to be prosecuted on indictment. The types of offences or illegal activities in respect of which Revenue envisages its use include drug smuggling, smuggling of illicit tobacco products, oil smuggling and fraud, serious tax evasion and other serious offences falling within the scope of section 1078 of the Taxes Consolidation Act 1997. 2.4 Revenue is conscious of the need to ensure that the power conferred by the 2011 Act is exercised with due regard for the rights, under the Constitution and the European Convention on Human Rights Act 2003, of any person concerned. Accordingly it will make data requests only where: (a) the data to be sought are relevant and necessary for the prevention, detection, investigation or prosecution of a serious revenue offence, (b) the application is proportionate having regard to all of the circumstances (including the likely impact on the rights of any person), and (c) there is no less intrusive means by which the data in question could be obtained.

The following material is either exempt from or not required to be published under the Freedom of Information Act 2014. [ ] 4. Request Form Communications (Retention of Data) Act 2011 Application for Request for Data under Section 6 of the Act (for disclosure of data for the prevention, detection, investigation or prosecution of serious Revenue offences) To: Principal Officer, Investigations & Prosecutions Division Request for Data Type: Telephone/ IP Subscriber Details Telephone/ IP Traffic Data Telephone Number / IP address under enquiry Specific Information requested: These data are required for the prevention, detection, investigation or prosecution of a serious Revenue offence under the following section(s): Section 186 of the Customs Consolidation Act 1876 * Section 1078 of the Taxes Consolidation Act 1997 Section 102 of the Finance Act 1999 Section 119 of the Finance Act 2001 Section 79 of the Finance Act 2003 (inserted by s62 of the Finance Act 2005) Section 78 of the Finance Act 2005 [* Now section 14 of the Customs Act 2015] Description of investigation and relevance of/requirement for data information:

Applicant: I declare that the information in this request is true and accurate, and that the data requested will be used solely for the purpose of conducting an investigation as specified above. Name of Requesting Officer: Grade: Telephone/VPN: Signature: Date: Principal Officer Approval: I am satisfied that these data are required for the prevention, detection, investigation or prosecution of a serious revenue offence and that this request is necessary and proportionate. Signed: (Principal Officer) (Region/Division) Date: Nominated Principal Officer Approval:

I am an officer of the Revenue Commissioners not below the rank of Principal Officer and, on examining this application, I am satisfied that these data are required for the prevention, detection, investigation or prosecution of a revenue offence as defined under the Communications (Retention of Data) Act 2011 and that the request is proportionate. Signed: Date:

5. Oversight 5.1 A Judge of the High Court designated by the Government oversees the operation of the Act. The designated Judge has access to all official documents or records associated with disclosure requests. The Judge ascertains whether the Revenue Commissioners and other agencies are complying with the provisions of the Act and reports annually to the Taoiseach on any matters that are considered appropriate. 5.2 In addition to judicial oversight there are several other safeguards contained in the Act. These include a Complaints Referee, the preparation and submission of an annual report to the Minister for Finance and the designation of the Data Protection Commissioner as the national supervisory authority. 5.3 Revenue s head of Internal Audit will from time to time review Revenue operation of the 2011 Act to ensure compliance with the provisions of the Act. 5.4 The Assistant Secretary of Investigations & Prosecutions Division will maintain in secure custody the records of approvals issued and a copy of the data received from service providers. 5.5 The Assistant Secretary of Investigations & Prosecutions Division will also act as Revenue s liaison for the Judge designated under the 2011 Act and will provide, as requested, access to all relevant premises, reports and documents concerning any data requests initiated by Revenue. 6. Responsibility of Revenue personnel who hold or receive data under the 2011 Act The designated Judge appointed to oversee the operation of the Act and the Data Protection Commissioner can request any person concerned in, or who has information in relation to, the preparation or making of a disclosure request, or the receipt and handling of data obtained as a result of making such a request, to provide access to all information relating to the request. In this regard, all relevant Revenue Regions/Divisions must put appropriate procedures in place to accommodate this requirement. All such documentation (case files, records, etc.) must be stored securely and held in such a manner that a complete audit can be carried out at any time. The data obtained as a result of a disclosure request should be treated as highly sensitive data and should only be used for the specific purpose for which it was requested. 7. Data Security Information obtained under the 2011 Act that is held by Revenue is subject to the rules of data security and confidentiality including legal obligations under the Data Protection Acts and the Finance Act 2011 (see the Data Protection Code of Practice at Appendix 1).

8. Statistics The Revenue Commissioners are obliged to submit an annual report each year to the Minister for Finance in respect of data received under the 2011 Act. The Minister for Finance, having reviewed the report, forwards the report to the Minister of Justice, who in turn consolidates all reports received from relevant agencies and prepares a State report which is forwarded to the European Commission.

Appendix 1. Data Protection Code of Practice Use of information Communications (Retention of Data) Act, 2011 Data Protection Code of Practice Section 6(3) of the Communications (Retention of Data) Act, 2011 (the 2011 Act) permits Revenue to request the disclosure of data retained by a service provider in accordance with Section 3 of the Act. Information supplied to Revenue on foot of the 2011 Act shall only be used for the prevention, detection, investigation or prosecution of a revenue offence. Authorisation The information obtained under the 2011 Act shall be under the control of the nominated Principal Officers in Investigations & Prosecutions Division. The data should be subject to controls on the basis that the relevant officer(s) will use the data only in the exercise and performance of his/her statutory powers and functions. Retention of information Information should be retained for no longer than twelve months and then subject to destruction. However, information may be retained if it is required for the purposes of on-going investigation, prosecution or court proceedings or if the data is required by Revenue s head of Internal Audit or Data Control. Security and Confidentiality Information obtained under the 2011 Act must be secured in accordance with Section 2 of the Data Protection Acts Collection, processing, keeping, use and disclosure of personal data. Unauthorised access to such information is not permitted. Information obtained under the 2011 Act is subject to the Data Protection Acts 1988 and 2003 and in addition, authorised officers are bound by the Revenue Code of Practice for the Protection of Personal Data and confidentiality provisions. In order to assure the security of information provided to Revenue under the Act, officers who receive information must make an annual return to the nominated Principal Officer of Investigation & Policy Branch & Divisional Office branch in Investigations & Prosecutions Division confirming that: The information is secured, Access is strictly restricted, Approval has been sought where it is necessary to retain information past the requisite period.

Third Party review A Judge may be appointed to oversee the operation of the 2011 Act. The designated Judge will have access to all official documents or records associated with disclosure requests and may determine whether the Revenue Commissioners and other agencies are complying with the provisions of the Act. The Data Protection Commissioner is designated as a national supervisory authority for the 2011 Act and information obtained under the Act may be subject to audit by the Commissioner. A person who believes that data relating to him/her has been subject to a disclosure request may apply to the Complaints Referee to investigate the matter. The Referee will investigate the matter and if s/he believes there has been a contravention of Section 6 of the 2011 Act may take a number of actions outlined in Section 10 of the Act.

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback