2023023

Request regarding Obtaining of communications data.

Published: 23 May 2023

Information requested

Since 1 January 2018, on how many occasions has the NHS Counter Fraud Authority obtained the 'communications data' (e.g. Call Data Records, or CDRs) of individuals from mobile telecoms providers, either directly or indirectly through another agency (e.g. Met Police, Home Office, etc.)? Please break this down into:

a) number of separate occasions these were requested

b) number of individual phone numbers for which CDRs were requested

c) the legal basis for the requests (please specify the number of requests per legal basis. For example, “total requests: 3, Investigatory Powers Act – 2, Consumer Protection from Unfair Trading Regulations 2008 -- 1”)

d) the particular legislation used e.g. PACE, RIPA, IP Act (number of instances as a percentage of the total)

e) what percentage of requests for that data that were rejected, and the reasons for the rejection.

For guidance, CDRs are part of 'communications data' from a telecoms company. Please see this document, particularly page 13: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/426248/Acquisition_and_Disclosure_of_Communications_Data_Code_of_Practice_March_2015.pdf 

2. Since 1 January 2018, has the NHS Counter Fraud Authority purchased or otherwise received (including free of charge) any anonymised mobile phone communications data sets (otherwise known as anonymised CDRs), be they of individuals or aggregate data. (For your information, an example of commercial 'big data' for mobile phones can be found here: https://thenextweb.com/uk/2012/10/09/telefonica-launches-big-data-analysis-service-for-business-and-local-authorities/)

NHSCFA response

Since 1 January 2018, on how many occasions has the NHS Counter Fraud Authority obtained the 'communications data' (e.g. Call Data Records, or CDRs) of individuals from mobile telecoms providers, either directly or indirectly through another agency (e.g. Met Police, Home Office, etc.)? Please break this down into:

a) number of separate occasions these were requested

14

b) number of individual phone numbers for which CDRs were requested

18

c) the legal basis for the requests (please specify the number of requests per legal basis. For example, “total requests: 3, Investigatory Powers Act – 2, Consumer Protection from Unfair Trading Regulations 2008 -- 1”)

All requests under Investigatory Powers Act 2016

d) the particular legislation used e.g. PACE, RIPA, IP Act (number of instances as a percentage of the total)

All applications for CDRs via NAFN were made under the Investigatory Powers Act 2016

e) what percentage of requests for that data that were rejected, and the reasons for the rejection.

0

For guidance, CDRs are part of 'communications data' from a telecoms company. Please see this document, particularly page 13: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/426248/Acquisition_and_Disclosure_of_Communications_Data_Code_of_Practice_March_2015.pdf

Please note as set out in the NAFN Membership Agreement, the retention period for CD applications is three years; therefore, we are unable to provide the details requested prior to this period.  

2. Since 1 January 2018, has the NHS Counter Fraud Authority purchased or otherwise received (including free of charge) any anonymised mobile phone communications data sets (otherwise known as anonymised CDRs), be they of individuals or aggregate data. (For your information, an example of commercial 'big data' for mobile phones can be found here: https://thenextweb.com/uk/2012/10/09/telefonica-launches-big-data-analysis-service-for-business-and-local-authorities/)

NHS Counter Fraud Authority has not purchased or received any anonymised mobile phone communication data sets .

Help us improve cfa.nhs.uk

Tell us what's happened so we can fix the problem. Please do not provide any personal, identifiable or sensitive information.

Close

Thanks for the feedback!

Close