Information requested
Since 1 January 2018, on how many occasions has the NHS Counter Fraud Authority obtained the 'communications data' (e.g. Call Data Records, or CDRs) of individuals from mobile telecoms providers, either directly or indirectly through another agency (e.g. Met Police, Home Office, etc.)? Please break this down into:
a) number of separate occasions these were requested
b) number of individual phone numbers for which CDRs were requested
c) the legal basis for the requests (please specify the number of requests per legal basis. For example, “total requests: 3, Investigatory Powers Act – 2, Consumer Protection from Unfair Trading Regulations 2008 -- 1”)
d) the particular legislation used e.g. PACE, RIPA, IP Act (number of instances as a percentage of the total)
e) what percentage of requests for that data that were rejected, and the reasons for the rejection.
For guidance, CDRs are part of 'communications data' from a telecoms company. Please see this document, particularly page 13: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/426248/Acquisition_and_Disclosure_of_Communications_Data_Code_of_Practice_March_2015.pdf
2. Since 1 January 2018, has the NHS Counter Fraud Authority purchased or otherwise received (including free of charge) any anonymised mobile phone communications data sets (otherwise known as anonymised CDRs), be they of individuals or aggregate data. (For your information, an example of commercial 'big data' for mobile phones can be found here: https://thenextweb.com/uk/2012/10/09/telefonica-launches-big-data-analysis-service-for-business-and-local-authorities/)
NHSCFA response
Since 1 January 2018, on how many occasions has the NHS Counter Fraud Authority obtained the 'communications data' (e.g. Call Data Records, or CDRs) of individuals from mobile telecoms providers, either directly or indirectly through another agency (e.g. Met Police, Home Office, etc.)? Please break this down into:
a) number of separate occasions these were requested
14
b) number of individual phone numbers for which CDRs were requested
18
c) the legal basis for the requests (please specify the number of requests per legal basis. For example, “total requests: 3, Investigatory Powers Act – 2, Consumer Protection from Unfair Trading Regulations 2008 -- 1”)
All requests under Investigatory Powers Act 2016
d) the particular legislation used e.g. PACE, RIPA, IP Act (number of instances as a percentage of the total)
All applications for CDRs via NAFN were made under the Investigatory Powers Act 2016
e) what percentage of requests for that data that were rejected, and the reasons for the rejection.
0
For guidance, CDRs are part of 'communications data' from a telecoms company. Please see this document, particularly page 13: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/426248/Acquisition_and_Disclosure_of_Communications_Data_Code_of_Practice_March_2015.pdf
Please note as set out in the NAFN Membership Agreement, the retention period for CD applications is three years; therefore, we are unable to provide the details requested prior to this period.
2. Since 1 January 2018, has the NHS Counter Fraud Authority purchased or otherwise received (including free of charge) any anonymised mobile phone communications data sets (otherwise known as anonymised CDRs), be they of individuals or aggregate data. (For your information, an example of commercial 'big data' for mobile phones can be found here: https://thenextweb.com/uk/2012/10/09/telefonica-launches-big-data-analysis-service-for-business-and-local-authorities/)
NHS Counter Fraud Authority has not purchased or received any anonymised mobile phone communication data sets .