Regulations of Investigatory Powers (RIP) Act 2000
As from October 24 2000, a new law governs the interception of communications (data or telephony) for all UK businesses, including the University.
The Lawful Business Practice Regulations (a statutory instrument of the RIP Act) allow the University to intercept without consent for purposes such as recording evidence of transactions, ensuring regulatory compliance, detecting crime or unauthorised use, and ensuring the operation of their data and telecommunication systems. The University does not need to gain consent before intercepting for these purposes although staff and students need to be informed that interceptions may take place.
It should be noted that this is not a significant change of actual practice; in the course of their normal duties some staff in IT Services, Estates & Buildings, and other central service departments together with departmental computing officers have the authority and indeed duty to carry out certain monitoring activities in order to ensure the correct operation of data and telecommunications systems. This does not imply that all communications are monitored, just that they MAY be for the above purposes.
The RIP Act (2000) may overlap and interact with other legislation such as the Data Protection Act (1998) and the Human Rights Act (1998).
Further government guidance is expected and case law will further develop issues covered by this legislation.
Summary of the Legislation
The HMSO web site has full text of the RIP Act together with explanatory notes.
The powers of the RIP Act are implemented through a number of statutory instruments, the most relevant of which is The Lawful Business Practice Regulations.
The DTI response to consultation web site provides notes on the regulations.
The following is the relevant extract from the notes:
41. In summary, the final regulations will authorise businesses (in the widest sense of the word, which covers charities and other non-commercial bodies and expressly includes public authorities) to monitor or record all communications transmitted over their systems without consent for the following purposes:
- Establishing the existence of facts
- Ascertaining compliance with regulatory or self-regulatory practices or procedures
- Ascertaining or demonstrating standards which are achieved or ought to be achieved by persons using the system
- Preventing or detecting crime
- Investigating or detecting unauthorised use of the business's telecoms system
- Ensuring the effective operation of the system.
42. The Regulations will also authorise businesses to monitor (but not record) communications for the following purposes:
- Checking whether or not communications are relevant to the business
- Monitoring calls to confidential, counselling helplines run free of charge.
43. The Regulations will also authorise public authorities to monitor or record in the interests of national security.
44. In all of these cases, the Regulations require businesses to "make all reasonable efforts" to inform those people who use the organisation's telecoms systems that interceptions may take place.
Back to Top
del.icio.us
digg
reddit
facebook
stumbleupon