Category Archives: Freedom of Information

February 22, 2013 · 5:18 pm

Practice makes perfect

Wirral borough council is on the watch list at the moment. I would really like to send in a good practice squad to Wirral borough council, but I do not have the powers do that. I am not picking on Wirral; it is just an example that comes to mind

So said Commissioner Christopher Graham in evidence to the Justice Committee during a recent one-off session on the work of the Information Commissioner’s Office (ICO).

The rather self-contradictory observation that he was not picking on that particular public authority is not the most interesting point about his comments (although it does seem a bit hard on Wirral, when the Department for Education, the Department for Work and Pensions and the Office of the First Minister and Deputy First Minister of Northern Ireland are all also currently subject to formal monitoring for especially poor compliance with the Freedom of Information Act 2000 (FOIA)).

What does strike me, though, is his complaint that he lacks powers to “send in a good practice squad”. Although strictly true, there is an enforcement power which he does have, which equates to the power to send in a “good practice squad”, albeit with the consent of the public authority concerned. To my knowledge, however, this is a power he and his predecessor have never exercised.

Section 47(3) of FOIA says

The Commissioner may, with the consent of any public authority, assess whether that authority is following good practice

In the ICO’s own guidance on his FOIA regulatory action policies, he says

An assessment may be conducted with the consent of a public authority. It is designed to determine whether an authority is following good practice – and specifically, to assess its conformity to the codes of practice [made under sections 45 and 46 of FOIA]

A Standard Operating Procedure document (disclosed, ironically enough, by the ICO in response to a FOIA request) suggests that the ICO sees his policy of monitoring FOIA compliance in specific poorly-performing authorities as constituting a s47(3) assessment. However, my feeling is that this does not restrain him from extending his actions under this section to physically sending in “good practice” teams. Certainly the Scottish Information Commissioner sees his equivalent powers under section 43(3) of the Freedom of Information (Scotland) Act 2002 as a means of conducting such good practice visits, and he does approximately twelve of them a year.

I appreciate that the ICO prefers to take a more informal route towards enforcing FOIA compliance, by means, for example, of monitoring at a distance, or by issuing undertakings (“The culmination of negotiated resolution, [committing] an authority to a particular course of action in order to improve its compliance”). But there is doubt about how seriously some public authorities treat this informal approach. If he really did want to send in “good practice squads” I think he could certainly do so (and if an authority were to refuse consent, it could potentially trigger stronger powers, like practice recommendations and enforcement notices).

2 Comments

Filed under Cabinet Office, enforcement, Freedom of Information, Information Commissioner, practice assessment

January 25, 2013 · 2:41 pm

Public Interest in Empty Buildings

Does the public interest favour publishing lists of vacant properties? No, says the First-tier tribunal. Yes, suggests the launch of the government website “Find Me Some Government Space”.

On 22 January the First-tier tribunal (FTT) handed down judgment in the remitted case of Voyias v IC and Camden Council. Those looking for intelligent insights into the case, and the reasons why it was originally appealed to the Upper Tribunal, and then sent back to the FTT should read the excellent series of posts on the Panopticon blog. I’m here to make a much blunter observation: at the same time a local authority is strongly resisting publishing details of vacant properties, the government appears to be actively promoting similar publication.

At issue in the FTT was whether the Council should disclose, under the Freedom of Information Act 2000 (FOIA), addresses of vacant properties in its area. The information had been withheld on the basis of the FOIA exemption at section 31(1)(a)

disclosure…would, or would be likely to, prejudice…the prevention or detection of crime

The FTT had little difficulty (having been bound by the Upper Tribunal to consider indirect consequences of disclosure on the prevention of crime) in finding the exemption was engaged, holding that

releasing the requested information would increase squatting and that there would be an increase in the instances of various types of criminal activity directly connected to it*

When it came to the balance of public interest factors (section 31 being a qualified FOIA exemption) the only real factor pleaded in favour of disclosure was

The need to ensure that the Council takes appropriate measures to bring empty property back into use

And the FTT, at paragraph 55, afforded it “relatively small weight”.

Against disclosure were the following (not all of them accepted by the FTT, it should be said)

The inherent public interest in the prevention of all crimes…; The cost of securing properties vulnerable to squatting and repairing damage resulting from it, whether that cost falls on the private or public purse; The cost of evicting squatters; The potential detrimental impact on those directly affected by criminal damage; The impact on the community in the vicinity of a squatted property; The problems faced by Council staff having to deal with squatting and its consequences; The impact on police resources; The direct financial cost caused by property stripping.

Fine. FTT found the exemption engaged and that the public interest favoured non-disclosure of empty, unused properties. As John Murray has pointed out to me, this is somewhat surprising given that it also appears that many other local authorities have had little concern about disclosing similar information.

And one wonders why, if such prejudice would or would clearly be likely to arise, the government two days later launched a website called Find Me Some Government Space. Launching it Chloe Smith, Minister for Political and Constitutional Reform, (what a grand title) said

…we will have a number of properties both owned and rented that we need to do more with. Not only will this website help to save government money but we will see new opportunities, jobs and growth in local economies as new life is brought into empty, unused properties. [emphasis added, naturally]

These sentiments were, oddly, not reflected by the then Housing Minister Grant Shapps, when the initial FTT ruling was made.He said it was a “bizarre decision that flies in the face of common sense” and that publishing details of empty properties “in other areas has led to the numbers of squats doubling”.

Now – and I concede they are not residential – within seconds, using “Find Me Some Government Space”, I’d found a list of 30 properties for sale within a 20km radius of Camden Council’s offices. It’s not clear if they’re currently empty and unused, but the words of the Minister imply that those are the sort of buildings which will be on “Find Me Some Government Space”. Moreover, as the government clearly thinks bringing new life into empty, unused properties is connected to the creation of jobs and economic growth, will they be encouraging councils to disclose the very type of information this Council sought so hard to avoid disclosing?

*At the time of the request, squatting in residential properties was not a criminal offence, something that has now changed with the enactment of section 144 of the Legal Aid, Sentencing and Punishment of Offenders Act.

When is a working day not a working day?

If you made an FOI request over the Christmas period, be aware of a strange anomaly regarding time for compliance

Everyone knows that the time for compliance by a public authority with a request made under the Freedom of Information Act 2000 (FOIA) is twenty working days. Section 10 of FOIA says

a public authority must comply with [a request for information made under] section 1(1) promptly and in any event not later than the twentieth working day following the date of receipt

A “working day” means (by s10(6))

any day other than a Saturday, a Sunday, Christmas Day, Good Friday or a day which is a bank holiday under the Banking and Financial Dealings Act 1971 in any part of the United Kingdom. [emphasis added]

This means that, even when a request is made in England, Wales or Northern Ireland, to a English, Welsh or Northern Irish public authority, under FOIA (which in relevant part only applies to England, Wales and Northern Ireland – Scotland has its own Freedom of Information (Scotland) Act 2002), the existence of a Scottish bank holiday during the relevant period effectively extends the time for compliance by one day.

The 2nd of January is a bank holiday in Scotland.

So, think twice before you chase a public authority this month about a request you think is one day overdue.

9 Comments

Filed under Freedom of Information, Uncategorized

Tagged as FOI

November 23, 2012 · 1:35 pm

Tweets and Tw*ts, redux

NOTHING TO SEE HERE, MOVE ALONG.

UPDATE: 13 December 2012

In a tweet to me of 5 December the ICO kindly clarified that there has been no change. The reference to twitter names is now contained in this guidance.

Has there been a subtle change of policy by the ICO on the subject of FOI requests made by twitter?

Last year I blogged about a Freedom of Information Act 2000 (FOIA) request I made to the Information Commissioner’s Office (ICO) via twitter. I referred the ICO to their own guidance (hosted as part of a web page, not as a separate download), which said

The request must state the name of the applicant…A Twitter name may not be the requester’s real name, but the real name may be shown in their linked profile…The request must also state an address ‘for correspondence’. Does this include Twitter names? The length of a tweet makes it difficult for the authority to respond fully, but there are ways of dealing with this. The authority could ask the requester for an email address in order to provide a full response. Alternatively, it could publish the requested information, or a refusal notice, on its website and tweet a link to that.

The question I have given emphasis there did not have a specific answer in the guidance, but one inferred that the answer was “yes” from the words that followed.

This morning I made a twitter FOIA request to the Department for Education, to which they replied asking me to provide an email address or fill in an online form. I was going to refer them to the ICO’s guidance, but found that it doesn’t exist anymore. Fair enough: websites change and URLs get broken. However, unless I am mistaken what I have also found is that the ICO no longer seems to imply that a twitter name is an address for correspondence, according to section 8(1)(b) of FOIA. As far as my search skills can ascertain, the ICO now says

Requests can also be made via the web, or even on social networking sites such as Facebook or Twitter if your public authority uses these…[the request must] include an address for correspondence. This need not be the person’s residential or work address – it can be any address at which you can write to them, including a postal address or email address

No reference there to twitter names. More detailed guidance from the ICO says

Where a request has request in line with section 8(1) of FOIA if the requester has provided their name and a valid address. Where possible a response to the requester should be sent for example by providing a web link. If the name or address is not provided it is not a valid request, therefore if information is not being provided a reply should be sent advising the requester of this, and asking for the required information.

Again, no reference to twitter names.

These changes, unless I have indeed missed something, with their absence of reference to the possibility of a twitter name being “an address for correspondence” indicate a retreat by the ICO. It could well be that they’ve had to acknowledge that twitter is perhaps not the most appropriate medium for FOIA requests. If so, it would be helpful if they could – clearly – issue revised guidance. Their announcement that requests could be made by twitter got a lot of coverage, and led to the highest court in the land accepting that it had been wrong to imply it would not consider them valid requests.

I’ve made a FOIA request to the ICO to find out whether their policy has changed. Guess which medium I used?

UPDATE: 13 December 2012

In a tweet to me of 5 December the ICO kindly clarified that there has been no change. The reference to twitter names is now contained in this guidance.

7 Comments

Filed under Freedom of Information, Information Commissioner, transparency, Uncategorized

Tagged as FOI, ICO

September 29, 2012 · 9:04 am

Private emails, FOI and Criminality

Private emails are subject to FOI searches, and it’s a crime intentionally to conceal relevant information.

So, it appears that the Department of Education (DfE) has conceded that business emails sent by private email accounts are subject to the Freedom of Information Act 2000 (FOIA), thus accepting what the right-thinking world, and, indeed, anyone with a glimmer of common sense knew all along.

Plaudits, or brickbats, according to your position on the merits of FOIA, should go to Christopher Cook of the Financial Times, who has pursued the Department of Education (DfE) on this with the enthusiasm of a Jack Russell terrier faced with a scurrying rat. Fellow hacks at the Independent had also joined themselves to the proceedings listed (but now withdrawn) in the First-tier Tribunal (Information Rights). The DfE had had the balls to launch a challenge to a previous decision by the Information Commissioner (ICO) that the information (held in private email accounts) requested by Chris should be released. The decision notice itself was clear, and difficult to argue with, as is the advice on the subject published by the ICO around the same time. One wondered what possible grounds the DfE had to base a successful appeal on, and the withdrawal of the appeal probably answers that point, although it appears the withdrawal was actually prompted by the imminent publication of Cabinet Office guidance.

Some are now predicting that there will be a deluge of FOI requests specifically targeted at information held in private emails, or text messages, and I think this is probably right. What is not clear is how they will be handled. The ICO’s guidance suggests that, faced with requests for information that could be held in private emails, public authorities should restrict themselves to asking the person to search their account and keeping a record to show that this was asked:

The public authority will then be able to demonstrate, if required, that appropriate searches have been made in relation to a particular request. The Commissioner may need to see this in the event of a…complaint

This suggests that, when investigating a complaint about refusal to disclose information, the ICO will restrict himself merely to satisfying himself that an authority has asked its staff to check emails. Absent any evidence that those staff have not been honest about the contents of those private emails, the ICO will take no further action. The reasons for this are, really, quite obvious: the powers open to a public authority to access private email accounts are limited. Although the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 allow an employer to “intercept” an employee’s private emails (if sent using the employer’s systems) to determine whether they are business-related, those powers must be exercised with due regard to the employee’s privacy rights. The interception of private emails in a private email account (sent using the employer’s systems) must be necessary and proportionate. If an employee has told his or employer that their private emails contain no information caught by an FOI request it is doubtful, absent any evidence to the contrary, that a “trawl” of emails without the employee’s consent would be lawful (I’ve written for PDP journals on this subject – subscription needed).

On one view, then, nothing much has changed with the concession by the DfE, although no doubt many new FOI requests will be made as a result. What has changed, perhaps, is the focus on individuals’ personal responsiblity under FOIA. Currently, section 77 creates an offence if a person alters, defaces, blocks, erases, destroys or conceals a record in response to an FOI request. If a trawl of emails on a public authority’s systems is required this will normally fall to IT, or similar, and employees have little say – or, if you like, given the existence of back-up systems – limited opportunity to commit a section 77 offence. Now, if the same employee is asked whether private emails contain specific information, and he or she untruthfully says “no”, criminality – the mens rea – will be relatively easy to make out.

The question is, how would we find out?

6 Comments

Filed under Freedom of Information, Information Commissioner, Information Tribunal, Privacy, RIPA, Uncategorized

Tagged as FOI, Human Rights, ICO

September 13, 2012 · 4:31 pm

The Public Interest in the Hillsborough Disaster

How could the Cabinet Office have originally decided the public interest favoured non-disclosure of information held about the Hillsborough Disaster?

On 15 December 2009 Alan Johnson, the then Secretary of State for the Home Department, announced that an Independent Panel would be appointed to enable disclosure of information relating to the 1989 Hillsborough disaster, and the events which followed it. The Panel would lead to

maximum possible public disclosure of governmental and other agency documentation on the events that occurred and their aftermath

As we all know, the Panel has now published an extraordinary amount of information, with a devastating covering report. It was not the Panel’s role to apportion blame for the tragedy but the disclosure has finally led to unequivocal public and political acceptance that, in the words of the Prime Minister, and despite previous despicable insinuations or outright pronouncements to the contrary

Today’s report is black and white. The Liverpool fans “were not the cause of the disaster”.

The efforts of bereaved families and those close to them in effecting this outcome can never be overstated. But a small part was attempted to be played using the Freedom of Information Act 2000. On 23 April 2009 a BBC journalist made an FOI request to the Cabinet Office for

Copies of all briefings and other information provided to Margaret Thatcher in April 1989 relating to the Hillsborough disaster [and] Copies of minutes and any other records of meetings attended by Margaret Thatcher during April 1989 at which the Hillsborough disaster was discussed.

The request was turned down. The Cabinet Office, rather than the 20 working days permitted by law, took nine months (they’re traditionally not very good at this FOI compliance thing, you must understand) to state that the information was exempt from disclosure under sections 31(1)(a), 31(1)(b), 31(1)(g) – which deal with prejudice to law enforcement – and sections 35(1)(a), 35(1)(b) and 35(1)(d) – which deal with information relating to the formulation or development of government policy, Ministerial communications and the operation of any Ministerial private office. All of these exemptions, if engaged, required consideration whether the public interest in disclosure outweighed the public interest in maintaining the exemption. In all instances, the decision was against disclosure: the public interest did not – according to those at the Cabinet Office determining this request – favour disclosure.

On appeal the Information Commissioner disagreed. He said

the Commissioner considers it clear that the public interest in disclosure of information relating to the Hillsborough disaster – constituting improved public knowledge and understanding of the causes of and reaction to this event (and in relation to this specific information how the Government of the day reacted) – means that the balance of the public interest favours disclosure

He did not accept the Cabinet Office’s argument that the fact that the Independent Panel had now been set up was relevant to a decision as to whether the application of the exemptions was correct

[the Panel] did not exist at the time of the request, or within 20 working days following the receipt of the request by the public authority. This Notice concerns whether the information should have been disclosed within 20 working days from the receipt of the request, and any factor that did not apply at the time of the request is not relevant

Notwithstanding this, the BBC ultimately agreed to withdraw its request, given the imminence of the outcome of the Panel’s work. And now we know the truth.

The Prime Minister went on to say in his statement

At the time of the Taylor Report [Margaret Thatcher] was briefed by her private secretary that the defensive and – I quote – ‘close to deceitful’ behaviour of senior South Yorkshire officers was ‘depressingly familiar’. And it is clear that the then government thought it right that the Chief Constable of South Yorkshire should resign. But… governments then and since have simply not done enough to challenge publicly the unjust and untrue narrative that sought to blame the fans.

Information Commissioner decisions requiring disclosure of Cabinet minutes, and similar information, have four times been subject to a ministerial veto to maintain secrecy. Was the initial refusal of the BBC’s FOI request for this Hillborough disaster information simply reflective of a government approach which automatically seeks to exempt any Cabinet minutes from disclosure? I rather hope so, because the alternative is that officials, and ministers, thought that the public interest did not favour disclosure of information relating to what some are calling the biggest cover-up in British history.

UPDATE

I’ve been reflecting on this. I think it’s only fair to point out that, arguably, because the Cabinet Office took so long (nine months, remember) to get round to responding to the request, by the time they did so, the Independent Panel was set up. So, by that argument, the person looking at the request never actually determined that the public interest did or did not favour disclosure, until it was clear that it was going to be published in the future. The Information Commissioner did not accept that point

This Notice concerns whether the information should have been disclosed within 20 working days from the receipt of the request, and any factor that did not apply at the time of the request is not relevant. This situation applies regardless of the lengthy delay

and was correct in law not to, but in fairness to the Cabinet Office officials, they might have handled the request differently (by the time they got round to it) if the Independent Panel, with its remit to disclose, had not been set up.

10 Comments

Filed under BBC, Cabinet Office, Freedom of Information, Information Commissioner, police, Uncategorized

August 24, 2012 · 3:14 pm

Why won’t you read my secret guidance?!

The Office of Surveillance Commissioners (OSC) is in charge of reviewing the exercise of powers and duties under the Regulation of Investigatory Powers Act 2000 (RIPA) and the equivalent Scottish Act. It does not regulate RIPA (that is the role of the judiciary) but conducts inspections, provides reports and issues guidance. That guidance is, effectively, secret.

I can understand why details of specific instances of lawful surveillance must not be disclosed publicly. I have never fully understood why guidance from the person appointed to review the exercise and performance of powers and duties conferred or imposed by or under RIPA should not be disclosed publicly

The Office of Surveillance Commissioners’ remit is

keeping under review (except in relation to the interception of communications and the intelligence services) the exercise and performance of powers and duties conferred or imposed by or under Part II (covert surveillance) and Part III (encryption) of RIPA and its Scottish equivalent RIP(S)A

(interestingly that website contains a typo – this remit is contained in section 62 of RIPA, not section 63).

This is an important role (which is in addition to the OSC’s remit under the Police Act 1997 to review authorisations by law enforcement agencies “for operations involving entry on, or interference with, property or wireless telegraphy, without the consent of the owner”). RIPA is much–maligned, although, ironically enough, in key areas it merely provides a regulatory framework for intrusions into private lives which were formerly permissible at common law (i.e. the sort of surveillance RIPA regulates perhaps always used to happen, it’s just that it was not prima facie unlawful).

However, the Chief Surveillance Commissioner never seems happy with his lot. In his latest report he bewails the limits on his office’s funding

The Home Secretary is required…to provide me with the support necessary to fulfil my responsibilities. The support I receive continues to be, in some respects, inadequate. In particular, information technology for many years has failed to meet the demands of remote, secure and mobile working which is an integral part of the inspection process. Promises of improvement are not fulfilled and there appears little urgency to resolve recurring problems. Similarly, I have to rely on archaic facsimile machines which repeatedly malfunction. (¶3.13)

If true, this is pretty shoddy. I would suggest that if anyone needs to be sure about their information security it’s the Chief Surveillance Commissioner (and why is he still reliant on “facsimile machines”?).

He is also unhappy with some authorities he has inspected

My Inspectors are not lawyers and they address their reports to me. Their reports are subject to my endorsement which I will make clear in my covering letter to the chief officer of the authority inspected. It is therefore important that conversations with them during an inspection are not misquoted or shared with others without prior agreement…There have been a few occasions when correspondence from me to a single public authority has been promulgated by that authority to others as a general interpretation. Usually my guidance relates to specific facts and may not be applicable in circumstances which may appear to be, but which on analysis are not, similar.(¶3.3-3.4)

This reluctance to be open about things he and his inspectors say carries through – in spades – to the guidance he produces. In the most recent report he says

my Commissioners from time to time publish guidance in a single document for use by public authorities. I do not wish to apply a security marking to my guidance but, despite clear instructions, I am dismayed at thoughtless disclosure of a document which provides information which necessarily alludes to covert tactics. The Home Office has not yet provided me with a website capable of balancing the need for transparency to the public with controlled access to specific guidance by a limited audience.

and refers back to the previous year’s report which provided reasoning for not publishing it

my small office does not have the capacity to answer the inevitable influx of requests for clarification this would invite…law enforcement agencies in particular are concerned that tactics might unnecessarily be revealed…it is not a comprehensive document which covers every eventuality and it might be misconstrued or misused; and…it is not my remit to provide free legal advice, though I proffer guidance to public authorities which I have a responsibility to review, in order to raise standards and promote consistency (¶3.4)

although not before regretting it is not always readily available to those who need it

If I continue to find this document is not readily available to those who need it, or is not promoted by national associations, I may make it publicly available on my website

Which seems to me to be a case not of threatening to take your bat home with you, but going home and leaving your bat behind.

All this seems to reveal an attitude rather, shall we say, paternalistic and ante-Freedom of Information Act. Needless to say, someone tried, a couple of years ago, to use FOIA to get a copy (asking the OSC, which is not a public authority for the purposes of FOIA, nonetheless to use the Act’s spirit as a model for discretionary disclosure). Although the OSC refused, the requestor, on the admirable whatdotheyknow.com site*, later found that a local authority had helpfully uploaded a copy as part of a committee report. Perhaps this was one of the naughty authorities lambasted by the OSC. If so, he hasn’t done much about it, because the report is still there, happily providing guidance and – I hope – not actually causing him any trouble whatsoever.

*I’ve not linked to it, out of deference to the OSC – I can tug my forelock with the best of ’em – but a bit of googling will get you there in no time.

1 Comment

Filed under Freedom of Information, RIPA, surveillance, surveillance commissioner

August 2, 2012 · 8:33 am

The Bludgeoning of the Decision Notice

With the latest ministerial veto, is a quaint British tradition emerging?

So, the Attorney General has exercised his powers of veto under section 53 of the Freedom of Information Act 2000 (FOIA) for the third time this year. The only one of his predecessors to use the veto – Jack Straw – only managed to use it twice in one year, so Mr Grieve must now be considered champion at wielding this most blunt of legislative instruments.

Section 53 allows an accountable person (who can be any member of the Cabinet but who, by what appears to be a convention in making, has always thus far been the Attorney General) to issue a certificate to the Information Commissioner (ICO) telling him, in effect, that he got it wrong when ordering disclosure of information under FOIA.

The target of this week’s veto was, for the second time, an ICO decision that Cabinet minutes from March 2003 relating to the decision to go to war in Iraq, and to the then Attorney General’s legal advice regarding the military action, should be disclosed by the Cabinet Office. This decision notice, issued only on 4 July this year was in very similar terms to one issued by the ICO in February 2008, which was the subject of a Straw veto in February 2009, although only after the decision in favour of disclosure had been upheld by the Information Tribunal.

Much has been written about the potentially illiberal nature of the section 53 power – which seems to be a possibly unique example in statute of an executive override over the judiciary. It is ironic that some former and current government figures have argued so strongly for Cabinet minutes to be totally exempt from FOIA disclosure, when the veto can be wielded so easily and decisively (although they would no doubt counter-argue that it is only being used so often because of the lack of a class exemption applying to such information). Indeed, the Justice Committee, in its recent report as part of the post-legislative scrutiny of FOIA, said

we remind everyone involved in both using and determining that space that the Act was intended to protect high-level policy discussions…We also recognise that the realities of Government mean that the ministerial veto will have to be used from time to time to protect that space

There is no bar on someone requesting the same information again from the Cabinet Office, nor any mechanism to allow the ICO not to keep issuing decision notices in favour of disclosure. Given this (and given the words of the Justice Committee) perhaps we are seeing the beginnings of a quaint British tradition, like The Dragging of the Speaker of the Commons or The Searching of the Cellars. I shall call it The Bludgeoning of the Decision Notice.

5 Comments

Filed under Freedom of Information, Information Commissioner, Information Tribunal

May 21, 2012 · 8:14 am

How to overlook an FOI request

Is it realistic or helpful for the law to be that any written request for information should fall under FOI?

On 23 April I noticed that an appeal to the First Tier Tribunal (Information Rights) had been made by Ryanair regarding a Freedom of Information Act 2000 (FOIA) matter, also involving the Office of Fair Trading (OFT). The Information Commissioner (ICO) Decision Notice in question has the reference number FS50391208. Knowing that Ryanair are sometimes a rather controversial outfit (although one acknowledges a lot of the controversy might actually be self-serving) I was interested to read the Decision Notice in question. The Tribunal’s website is rather basic, and the list of current appeals is uploaded only as a PDF document. This means that to read the Decision Notice in question one has to search for it elsewhere. However FS50391208 was, and is, nowhere to be found (unless my search skills have let me down).

This is a bit odd: a Decision Notice is a public document which the ICO issues when an application is made to him for a decision as to whether “a request for information made by the complainant to a public authority has been dealt with in accordance with the requirements [of FOIA]” (section 50, FOIA). I say “public” but as far as I know the open publication of Decision Notices is at the discretion of the ICO – nonetheless, it is clearly his standard custom to do this. So, any Decision Notice, especially one appealed by a company such as Ryanair, which is not published, might attract interest (bear in mind that Ryanair will have made request in question, and the OFT is the public authority involved). It is, of course, possible that an error has occurred: for instance, the Tribunal might have published the wrong reference number (although a search on the ICO’s site doesn’t throw up any Ryanair Decision Notices), or someone might just have omitted to upload the Notice.

Accordingly, I sent a tweet to the ICO’s twitter account

Hi @ICOnews DN FS50391208 (OFT) which Ryanair are appealing does not appear to be on your website. Can we see it pls?

I didn’t receive any reply, so, a few days later, sent another

Hi @ICOnews – I asked this q the other day https://twitter.com/bainesy1969/status/194375116493291520 Any answer pls? It wd qualify as FOI request after all 🙂

I still haven’t received a reply. Perhaps my little emoticon made the tweet not seem serious? By my calculation the ICO’s twenty working days to respond is up tomorrow, so I thought I’d blog this today, lest the lovely ICO people I met at last week’s PDP conference think I’ve just waited until the time is up before reminding them (again).

The ICO has said that FOI requests made by twitter are valid requests, and I’ve previously blogged about this. But it does make me wonder how realistic it is for a public authority (especially a large one, which, with all due respect, the ICO is not) to be expected to monitor all information channels in case a request for information is made (which doesn’t even need to mention FOI, of course). The Irish Freedom of Information Act 1997 requires requesters to state that the request is made under the Act. Although that would not really help the ICO in my example here, it would avoid the situation where an FOI request is lost among reams of correspondence on a related matter. I don’t think an amendment of FOIA to this effect has been proposed in the UK, but I’m starting to think it might be a good idea.

This isn’t the most pressing issue facing FOI, and light touch regulation should mean that no one loses too much sleep if a request is inadvertently overlooked, but it is a subject which keeps nagging at me.

I rather suspect I’ve previously advocated against requiring requesters to invoke FOI in a response, and I reserve my right to change my mind again. As Lawrence Serewicz said in his inspiring talk at that PDP Conference, he has very strong opinions, but he holds them very weakly. I like to think I’m the same.

7 Comments

Filed under Freedom of Information, Information Commissioner

April 12, 2012 · 5:18 pm

When ARE emails subject to FOIA?

Information held in private email accounts can be subject to the Freedom of Information Act 2000. Conversely, information held in the email accounts of the public authority can, in some circumstances, not be subject to FOIA. A recent decision by the Information Commissioner (ICO) confirms this.

There has been much recent discussion and argument about the extent to which information contained in “private” email accounts (such as “gmail”, “hotmail” etc) can be said to be “held on behalf of” a public authority under FOIA. The ICO issued guidance in December 2011 that says in unequivocal terms

FOIA applies to official information held in private email accounts (and other media formats) when held on behalf of the public authority.

No one sensible who knows anything about FOIA is likely to disagree with this.

In a Decision Notice against the Department for Education (DfE), issued after this guidance was published, the ICO applied these principles to a request for information made by the Financial Times’ Christopher Cook. Cook, in an interesting twist, already had leaked “private” emails in his possession, and was seeking information corroborating certain details about them. He showed one of these emails to the ICO, whose subsequent Decision Notice said

The Commissioner has reviewed this email and found that whilst it was sent from a private email account it was held on behalf of the DfE for the purposes of the Act. By failing to disclose details of the email the DfE breached section 1 of the Act

(It is understood that the DfE is going to appeal this Decision Notice to the Information Tribunal.)

What has been overlooked, to a certain extent, in all this is the corollary of the proposition that “FOIA applies to official information held in private email accounts (and other media formats) when held on behalf of the public authority” which is, that FOIA does not apply to private information held in public authority email accounts, when it is not held on behalf of that authority.

Thus, for example, an email from a employee, or an elected member, of a public authority asking her partner to feed the cat this evening, is highly unlikely to be considered to be information “held” by the public authority for the purposes of FOIA. This is because section 3(2)(a) of FOIA says

information is held by a public authority if…it is held by the authority, otherwise than on behalf of another person

Private information might physically be stored on the email servers of the public authority, but for the purposes of FOIA it is being “held on behalf of” the employee (for our purposes here we don’t need to consider whether the terms of employment actually allow the employee to use the employer’s systems to engage in private correspondence).

In a Decision Notice published on 27 March the ICO has affirmed this position. A complainant had sought copies of emails received or sent by a councillor at Camden Council, on his “camden.gov.uk” address. The complainant argued

…that use of a camden.gov.uk email address for correspondence explicitly renders any correspondence on that email account part of the business of the council

The ICO rejected this submission:

the Commissioner observes that none of these emails are about council business but instead relate either to correspondence between the councillor and constituents in his role as a ward councillor, or to personal matters of the councillor, or business which is external to his council activities… Because this information is not council business, it cannot be argued to be held by the councillor on behalf of the council. It may instead be considered to be held by the council, on behalf of the councillor as an individual, solely by virtue of being hosted on the council’s email systems.

Those previously concerned about the implications of the ICO’s guidance on private emails might take some reassurance from this statement about the limits of FOIA. However, there may also be a lesson for public authorities themselves: it is not safe always to assume that an email sent from or received by an employee’s work email account is subject to FOIA.

8 Comments

Filed under Freedom of Information, Information Commissioner, Uncategorized