Author Archives: Jon Baines

September 20, 2011 · 7:54 am

Hiding Information and section 77 FOIA

My twitter timeline was alive this morning with discussion of news that the Information Commissioner (“IC”) is to investigate the Education Secretary Michael Gove and his close advisers at the Department for Education in connection with allegations that they have deliberately been using private email accounts to conduct government business.

E-mail traffic, seen by the FT, shows the education secretary and his advisers have conducted government business using private e-mail addresses. Civil servants were then unable to find these e-mails when asked to retrieve them under the Freedom of Information Act (FOIA).

(It should be stressed that the Department concerned appear to deny that there was any impropriety, and that private email was being used to conduct party political rather than government business.)

The article concludes by referring to section 77 of FOIA

Section 77 of the act states that officials must not conceal or destroy information to prevent its disclosure. Breaches of the law carry a fine of up to £5,000.

This perhaps misses a key point. Section 77 states

Where…a request for information has been made to a public authority, and… the applicant would have been entitled…to communication of any information…any person to whom this subsection applies is guilty of an offence if he alters, defaces, blocks, erases, destroys or conceals any record held by the public authority, with the intention of preventing the disclosure by that authority of all, or any part, of the information to the communication of which the applicant would have been entitled.

This is carefully worded and means, I would submit, that an offence can only be committed if the attempt to conceal occurs in response to a request having been received. If, however, it is merely standard practice to conceal, no offence would be committed. FOIA is predicated largely on what happens or must happen if a request for information is made. It is not, primarily, a records management act.

However section 46 of FOIA does require the Lord Chancellor to issue a code of practice for management of records. Section 9 of that Code deals with the need to keep records in systems that enable records to be stored and retrieved as necessary, and section 10 with the need to know what records are held and where they are.

Under section 47 of FOIA the IC must promote the following of good practice by public authorities and perform his functions so as to promote the observance by authorities of the section 46 Code, as well as the requirements of the Act in general. And under section 48 he may issue a “practice recommendation” if it appears to him that the authority has not conformed with the section 46 Code. In investigating compliance with the Code he has the power (section 51) to issue an “information notice” requiring the authority to furnish him with the information. Failure to comply with an information notice can, ultimately, constitute contempt of court.

None of this is to down-play the potential seriousness of an allegation of a “pre-emptive” attempt to conceal information. It is also not to suggest that it might not constitute a breach of other kinds of code.  However, I would suggest that the biggest weapon at the IC’s disposal is one of publicity, something that Christopher Graham, the current IC, with his journalistic background, is quite good at creating.

[EDITED TO ADD] FoIMan’s and Tim Turner’s takes on this are worth a read. Additionally, I note that the indefatigable Campaign for Freedom of Information took the opportunity to maintain the push for greater sanctions under section 77.

24 Comments

Filed under Freedom of Information

September 17, 2011 · 12:57 pm

DNA = data not available?

On 26 July 2011 The Telegraph reported that “Innocent people’s DNA profiles won’t be deleted after all, minister admits”. It said that

“police will retain DNA profiles in anonymised form, leaving open the possibility of connecting them up with people’s names, ministers have admitted”.

In S and Marper v United Kingdom [2008] ECHR 1581 the European Court of Human Rights held that indefinite retention by the police of fingerprints and DNA samples of two people who had been arrested but not convicted of criminal offences was a breach of their rights under Article 8 of the European Convention on Human Rights (overturning a decision upheld at each instance in the English courts).

The Protection of Freedoms Bill proposes, accordingly, to amend the Police and Criminal Evidence Act 1984 (“PACE”) so that – broadly – a lawfully taken DNA sample (and fingerprints) must be destroyed after three (or in some cases five) years if the suspect has not been convicted of an offence to which the sample relates (Genewatch have a helpful detailed explanation of the proposals).

The Telegraph article said that Home Office minister James Brokenshire “had won agreement from the [Information Commissioner’s Office] that the DNA profiles could be retained by forensic science laboratories”. The Information Commissioner’s Office (ICO) has now, following an FOI request for correspondence between his office and the Home Office about this matter, effectively said that, to quote Ben Goldacre, “I think you’ll find it’s a little bit more complicated than that”.

The complicating factor is that a DNA profile is different to a DNA sample, which in turn is different to the raw data derived from the sample. Christopher Graham, the Commissioner, in his evidence to the Public Bill Committee on the Protection of Freedoms Bill said

“Clause 13 [of the Bill] refers to the destruction of DNA profiles and that no copy must be retained by the police except in a form which does not include information which identifies the person to whom the DNA profile relates. It is assumed that this is aimed at addressing issues relating to the raw data, the electro-phoretogram, from which the DNA profile is created”.

Some existing DNA profiling systems process DNA samples in batches of up to 82 (or possibly 96 – I’m unclear which is the correct figure). In these processes it is not possible to isolate and destroy the raw data relating to a single sample without also destroying the whole batch data (which, of course, might contain raw data relating to samples of now-convicted-persons, which need to be retained).

Graham went on to say

“This provision [Clause 13 of the Bill] should be expressed in a way so it cannot be used to perpetuate such batch processing practices in any new systems used to generate DNA profiles and to require deletion of all the DNA profile information as the norm”.

One hopes this proposal is accepted. Even if it is, however, there will still remain a considerable number of batches of raw data derived from the samples of innocent people, and which it will not be possible to destroy. The question then arises as to what measures can be, and are being, taken to ensure that this remaining raw data cannot be linked to identifiable individuals. In response to my enquiries the IC’s office has said

“the Commissioner has stipulated that forensic science providers remove all the names and identifications from their systems to prevent them being able to link an individual with the ‘raw data’.”

But what confidence can we have that this will be sufficient? The IC’s office continues:

“The Commissioner is satisfied that the deletion of the associated records will remove the link between the identity of the individual and the ‘raw data’ which will be retained in the batch. This will effectively put the retained ‘raw data’ beyond practical use as it should be no longer possible to re-link the individual to the ‘raw data’ retained”.

There remains a lingering concern, however:

“given that the ‘raw data’ is used to create a DNA profile, and a DNA profile is unique to an individual, we are relying on the assurances we have been given and cannot say categorically that there is no possibility of the retained ‘raw data’ ever being linked to an individual.”

These assurances have to be balanced against the contents of a letter from James Brokenshire MP (the Home Office minister quoted in the original Telegraph article) to the joint chairs of the Protection of Freedoms Bill Committee . I’m not sure if this letter has been published yet, but was disclosed in response to my request. Brokenshire says

“Members of the Committee will be aware that most existing DNA records…will include the original barcode, which is used by the police and the FSS [Forensic Science Service] to track the sample and resulting profile through the system. It is therefore theoretically possible that a laboratory could identify an individual’s profile from the barcode, but only in conjunction with the force which took the original sample, by giving details of the barcode to the force and asking for the individual’s name”

This doesn’t strike me as a purely theoretical risk, and one might bear in mind that the FSS’s raison d’etre is to work with the police to detect crime by piecing together and analysing evidence.

Brokenshire explains, however

“Such conduct [i.e. trying to re-identify someone in these circumstances from residual DNA evidence], in clear breach of the requirements set out in the [Protection of Freedoms] Bill, would be likely to constitute offences of misconduct in public office and under the Data Protection Act. In addition, new section 63S of PACE (as inserted by clause 16 of the Bill) specifically excludes the use of such material in evidence or as any part of a criminal investigation.”

Given that both misconduct in public office and offences under the Data Protection Act 1998 can be countered in effect by defences of acting in the public interest, it seems to me that clause 16 might be the best assurance we have against any attempts to use any residual information from innocent people’s DNA samples.

Leave a comment

Filed under Privacy

September 17, 2011 · 9:10 am

Whip your information, and beat the messenger

To supplement my random firings on twitter (@bainesy1969) and the occasional guest post on other blogs and sites, I’ve started this blog.

“Information Rights” covers a number of areas, but primarily I’m interested in the Freedom of Information Act 2000, the Environmental Information Regulations 2004 and the Data Protection Act 1998.

Like a million bloggers before me, I intend to post regularly on these and related subjects. I hope that, unlike most of those million bloggers before me, I actually manage to do that.

Title of this post is Shakespeare, by the way, and nothing dodgy.

Leave a comment

Filed under Data Protection, Freedom of Information, Privacy