Sir Mark Waller, the Intelligence Services Commissioner, has released the fourth annual report into the operations of UK agencies, and included for the first time mention of bulk personal datasets.
The short version of Waller's report is that the agencies, including the Ministry of Defence and GCHQ, are using their powers proportionately and responsibly.
Intelligence Services Commissioner's report is out! http://t.co/DShqRr9lji— Eric King (@e3i5) June 25, 2015
Waller said that he found that when bulk personal datasets are taken and held it is only with consideration and thought, and then under "strict procedures in relation to handling, retention and deletion".
"The intelligence agencies and the Ministry of Defence have wide-ranging powers to disrupt threats to the United Kingdom and to our interests, including powers to intrude upon our privacy," he said.
"It is important to ensure that they use these powers lawfully and proportionally and it is my role to oversee that. Although there have been a number of human errors and I have made a number of recommendations, I conclude that the agencies, the MoD and the Warranty Units take compliance extremely seriously."
There have been some failings in compliance, according to the report, such as the case of an officer who accessed a bulk collection of data in a new role that did not require access to such information.
Overall 43 errors were uncovered by Waller, although none were listed as being evidence of someone delibrately avoiding the required oversight. However, Waller said he wanted the agencies to be more open about reporting such incidents.
"During 2014 I expressed concern that the agencies did not report errors in a timely way. I raised this issue both during inspections and in writing and asked for an explanation for the delays in reporting.
"The agencies responded that the length of time it took to complete internal reviews and investigations into errors caused the delay.
"As a result I now require the agencies to notify me as soon as they anticipate that an error investigation will take longer than the three month limit for reporting."
Industry body TechUK welcomed the scale of the study and its conclusions, saying that such errors should be used as a guide to improving the balance between privacy and security.
"These cases reinforce the importance of the oversight powers of the commissioner and the need for his recommendations regarding privacy to be upheld," said Talal Rajab, programme manager for cyber, national security and criminal justice at the organisation.
Prime minister David Cameron welcomed the report and its findings, adding that the government would use it to inform its current plans to overhaul communications and surveillance legislation.
"The commissioner makes it clear that those involved in the authorisation of investigatory powers that he oversees take compliance very seriously. It is reassuring [that there] has been proper consideration of the necessity and proportionality of the proposed action, including careful consideration of the intrusion into the target's and other people's privacy," he said.
"I am also grateful to the commissioner for identifying a number of administrative errors and making recommendations on how these can be avoided in future. Whilst it is reassuring that these errors were not deliberative or significant, we cannot be complacent.
"Sir Mark also makes some helpful recommendations in relation to amending the legislation which we will consider as part of the future legislation relating to investigatory powers."
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal