Category Archives: Uncategorized

March 12, 2014 · 5:36 pm

The FOI ministerial veto – why not?

The Court of Appeal has ordered disclosure of private correspondence between Prince Charles and the government. The judgment is potentially a triumph for transparency, but I have my doubts whether it reflects Parliament’s intentions when passing the FOI Act. And there will be a further appeal…

In September 2012 the Administrative Appeals Chamber of the Upper Tribunal (UT) handed down a judgment which struck me then, as it does now, as a remarkable work of research and scholarship. It was ruling on requests by the Guardian journalist Rob Evans – made as far back as April 2005 – under the Freedom of Information Act 2000 (FOIA) and the Environmental Information Regulations 2004 (EIR) for disclosure of information in private letters sent by the Prince of Wales to government ministers on matters of official policy. The UT’s judgment ran to 65 pages with three annexes, went into detailed analysis of constitutional conventions regarding the heir to the throne, and its decision was that the correspondence should be disclosed (overturning the prior decisions of the Information Commissioner (IC)). Subsequently, the Attorney General issued a certificate under section 53 FOIA – a “ministerial veto” – whose effect was to disapply the UT’s decision. The Attorney General’s certificate, in rather wider-spaced text, ran to ten pages.

Section 53 requires only that the accountable person (a minister)

gives the [Information] Commissioner a certificate signed by him stating that he has on reasonable grounds formed the opinion [that there had not been a failure to comply with the FOIA]

It is, as I’ve argued before , a bludgeon of an executive weapon, but it is, as are all acts of public authorities, potentially amenable to judicial review. So it was that, despite any statutory right of appeal, the Guardian made such an application. However, in July 2013, the High Court effectively decided that, although the ministerial power to override a superior court of record (let alone the statutory decision-maker, in the form of the IC) appeared to be a “constitutional aberration”, the proposition that “the accountable person is not entitled simply to prefer his own view to that of the tribunal” must be rejected. As Davis LJ said (para 111)

why not? It is inherent in the whole operation of s.53 that the accountable person will have formed his own opinion which departs from the previous decision (be it of Information Commissioner, tribunal or court) and may certify without recourse to an appeal. As it seems to me, therefore, disagreement with the prior decision (be it of Information Commissioner, tribunal or court) is precisely what s.53 contemplates, without any explicit or implicit requirement for the existence of fresh evidence or of irrationality etc. in the original decision which the certificate is designed to override

However, Davis LJ refused to accept that the wording of section 53 (“…stating that he has on reasonable grounds formed the opinion…”) permitted of an interpretation that:

the accountable person can, as it were, self-certify as to the availability of reasonable grounds

rather,

In my view, the language chosen clearly is sufficient to connote that an objective test is to be applied

But how to conduct that objective test? For Davis LJ, it must be that the reasonable grounds are “cogent”:

if an accountable person is to interfere, by way of exercise of the power of executive override, with the decision of an independent judicial body then that accountable person must be prepared and able to justify doing so. I am reluctant to talk in terms of burden of proof. But in terms of burden of argument the burden is in practice on the accountable person to show that the grounds for certifying are reasonable

Lord Dyson in the Court of Appeal has taken issue with this, saying (para 38) that

I do not consider that it is reasonable for an accountable person to issue a section 53(2) certificate merely because he disagrees with the decision of the tribunal. Something more is required […]
Examples of “something more” are given as
a material change of circumstances since the tribunal decision or that the decision of the tribunal was demonstrably flawed in fact or in law
Accordingly, as the Attorney General failed to give this “something more” but “simply disagreed with the evaluation made by the UT”, he failed to give reasons amounting to “reasonable grounds”. Thus (putting to one side a crucial other ground on which the appeal succeeded, relating to the EIR and European law, which I will deal with in a later blog post) the certificate had to be quashed.

As Dr Mark Elliot argues Lord Dyson here “adopted a significantly more exacting conception of reasonableness” than had the High Court and I would commend Dr Elliot’s piece to you as an expert analysis I am not competent to give.

However – and it pains me to say it, because I really don’t like section 53 – wasn’t it precisely Parliament’s intention that the accountable person did “merely” have to state that he had formed – on reasonable grounds – a different opinion to the preceding tribunal? If he cannot arrive at a different opinion, in the absence of “something else”, isn’t section 53 fundamentally weakened, even sidestepped? Indeed, Lord Dyson in my view arrives at this point, when he says

On the approach of the Divisional Court to section 53(2), the accountable person can override the decision of an independent and impartial tribunal which (i) is reasonable, (ii) is the product of a detailed examination (fairly conducted) of the issues after an adversarial hearing at which all parties have been represented and (iii) is not challenged on appeal. All that is required is that the accountable person gives sensible and rational reasons for disagreeing with the tribunal’s conclusion. If section 53(2) has that effect, it is a remarkable provision not only because of its constitutional significance (the point emphasised by the Divisional Court), but also because it seriously undermines the efficacy of the rights of appeal accorded by sections 57 and 58 of the FOIA
to which I am tempted to respond, adopting Davis LJ’s rhetorical device, “why not?” – that seems to have been what Parliament intended.

No doubt we shall see this explored more – the Attorney General is reported to have sought, and been given, leave to appeal to the Supreme Court.

1 Comment

Filed under Environmental Information Regulations, Freedom of Information, Information Commissioner, Uncategorized, Upper Tribunal

Tagged as , ,

January 31, 2014 · 2:54 pm

The Windmills of Mr Cameron

The Prime Minister revealed recently that, when it comes to justifying the introduction of disproportionately intrusive surveillance legislation, he draws comfort from fictional depictions of crime detection:

In the most serious crimes [such as] child abduction communications data… is absolutely vital. I love watching, as I probably should stop telling people, crime dramas on the television. There’s hardly a crime drama where a crime is solved without using the data of a mobile communications device

Although this relevation has drawn some criticism, I think such criticism is unfair. Mr Cameron’s policy approach has a precedent. Hansard shows that, more than forty years ago, his predecessor adopted similarly populist bullshit robust research. Harold Wilson, in a debate on proposed changes to laws regarding investigation of serious crimes

image

is recorded as saying

The Prime Minister: In the most serious crimes a spectral assistant is absolutely vital. I love watching, as I probably should stop telling people, crime dramas on the television. There’s hardly a crime drama where a crime is solved without a private detective consulting his dead partner who has returned as ghost whom no one else but he can see. If we don’t modernise the law to permit this sort of practice we will never know how many dead people could still have fulfilled their calling to support their surviving crime-busting partners while wearing dandyish white suits

So, Loz Kaye, Paul Bernal, OnlyOneIssue et al…enough with your cynicism. Get out your history books and recognise that there’s a venerable tradition of people with too much time and money on their hands imagining that fiction is reality.

Leave a comment

Filed under satire, surveillance, Uncategorized

January 23, 2014 · 11:22 am

Staffs Police to drop controversial naming “drink drivers” twitter campaign

ICO confirms hashtag campaign prior to conviction was unlikely to be compliant with the Data Protection Act. Other forces to be advised via ACPO of issues raised by the case

Over the Christmas period Staffordshire Police ran a social media campaign, in which drivers arrested and charged with drink-driving offences were named on twitter with the “hashtag” #drinkdriversnamedontwitter. It seemed to me, and others, that this practice arguably suggested guilt prior to any trial or conviction. As I said at the time

If someone has merely been charged with an offence, it is contrary to the ancient and fundamental presumption of innocence to shame them for that fact. Indeed, I struggle to understand how it doesn’t constitute contempt of court to do so, or to suggest that someone who has not been convicted of drink-driving is a drink driver

and I asked the Information Commissioner’s Office (ICO)

whether the practice is compliant with Staffordshire Police’s obligations under the first data protection principle (Schedule 1 of the Data Protection Act 1998 (DPA)) to process personal data fairly and lawfully

The ICO have now issued a statement. Their spokesman says

The ICO spoke to Staffordshire Police following its #DrinkDriversNamedOnTwitter campaign. Our concern was that naming people who have only been charged alongside the label ‘drink driver’ strongly implies a presumption of guilt for the offence, which we felt wouldn’t fit with the Data Protection Act’s fair and lawful processing principle.

We have received reassurances from Staffordshire Police that the hashtag will no longer be used in this way, and are happy with the procedures they have in place. As a result, we will be taking no further action. We’ve also spoken with ACPO about making other police forces aware of the issues raised by this case.

I think this is a very satisfactory result. The ICO have, as I said previously, shown that they are increasingly willing to investigate contraventions of the DPA not limited to security breaches. No one would defend drink driving (and it was not the naming itself that was objectionable, but the tweeting of the names in conjunction with the hashtag) but the police should not be free to indicate or imply guilt prior to conviction – that is quite simply contrary to the rule of law.

What I still think is disappointing though, is that after an initial prompt response from the Attorney General’s twitter account (which missed my point), there has been no word from them as to whether the practice was potentially prejudicial to any forthcoming trial. Maybe they’d like to rethink this, in light of the statement from the ICO?

1 Comment

Filed under Data Protection, human rights, Information Commissioner, police, Uncategorized

Tagged as , , ,

January 22, 2014 · 12:19 pm

A Wrong Petition?

Who exactly is a newspaper targeting with its petition, and is it gathering personal data fairly?

The Northumberland Gazette, in a no doubt well-intentioned campaign, is urging its readers to petition the Information Commissioner (IC)

to do more to stop robocalls

“Robocalls” being

unwanted, automated, recorded calls, which are a blight in [sic] people’s lives

There are a couple of problems with this. Firstly, as Tim Turner pointed out, the IC cannot increase his own powers: that is a matter for Parliament, and, indeed, he would, er, be exceeding his powers if the IC increased his own powers. Christopher Graham (or, rather, the role he fills) is a creature of statute, not a superhero. Moreover, the IC has himself been lobbying for Parliament to increase his powers to deal adequately with contraventions of the Privacy and Electronic Communications (EC Directive) Regulations 2003 . If the newspaper wants the IC to have greater powers it should certainly assist the IC in seeking them, but I think it should do so with better information, and by encouraging people to lobby their MP, rather than by submitting their details into a google doc.

In my experience people often end up on spammers’, and “robocallers'”, lists, because they submit their personal details to meaningless and unclear websites. Privacy notices, where given, are a pain to read, but if fine properly, they should tell you who is collecting the data, and for what purposes, and what your rights are.

In fact, failure to provide such information when gathering personal data is likely to constitute a contravention of the first data protection principle in the Data Protection Act 1998 (DPA). It’s notable, and ironic, that the Northumberland Gazette seems to provide no privacy notice whatsoever in connection with its petition. One hopes that those submitting a form don’t end up on more spammers’ lists, and find themselves complaining to the IC about an apparent breach by the newspaper of their rights under the first DPA principle.

Leave a comment

Filed under Uncategorized

December 7, 2013 · 8:00 am

The Kids all have Rights

Chapter 2 of Part 1 of The Protection of Freedom Act 2012 was commenced on 1 September this year, to little publicity. It contains quite radical provisions regarding use of children’s biometric information.

(…One for the no doubt thousands of younger readers of this blog…)

Hey kids – want to annoy your teachers and your parents while at the same time asserting your rights to autonomous decisions about your privacy? Then put down your tamagotchis, or whatever it is you play with these days, and have a look at Chapter 2 of Part 1 of The Protection of Freedoms Act 2012 (POFA). Bear in mind (as I know you will, as you guzzle your ginger beer) that, by virtue of The Protection of Freedoms Act 2012 (Commencement No. 9) Order 2013, sections 26, 27 and 28 of POFA are now in effect.

And note that, if your school processes your biometric information (for instance, if you have to provide your fingerprints in order to register, or to access libraries (to read the latest Enid Blyton, no doubt) or get school meals) then (after September 1 this year) the school has to have informed your parents that it is going to do this (or continue to do this). If your parents object, then the school has to stop (and almost certainly give you an alternative way of registering/accessing the library/getting school meals etc). The school

must ensure that a child’s biometric information is not processed unless—

(a)at least one parent of the child consents to the information being processed, and

(b)no parent of the child has withdrawn his or her consent, or otherwise objected, to the information being processed….

The relevant authority must ensure that reasonable alternative means are available by which the child may do, or be subject to, anything which the child would have been able to do, or be subject to, had the child’s biometric information been processed.

But also note (here’s the totally rad bit) that, even if your parents are OK with it, you have the right to object, and if you do, that trumps what your parents, and your school, think. Cool eh?

if, at any time, the child—

(a)refuses to participate in, or continue to participate in, anything that involves the processing of the child’s biometric information, or

(b)otherwise objects to the processing of that information,

the relevant authority must ensure that the information is not processed, irrespective of any consent given by a parent of the child

Now, kids, you will have your own views, and some of you may approve of administrative systems which rely on the gathering, use and retention of personal information. You may think that the potential time- and costs-saving benefits are the most important factors at play. But some of you might well object, on perfectly reasonable grounds. You might be worried about what might happen if, for instance, this information fell into the wrong hands, or was simply kept too long, and was misused to your detriment. You might even object in principle to this sort of private information being used in this sort of way, when there are less intrusive methods available.

And you might want to consider that, if sufficient of your classmates object, under what is an admirable and rather radical statutory scheme which gives priority to the wishes of children, then the whole purpose of having this sort of system (convenience and cost benefits for the school) might fall away.

12 Comments

Filed under Uncategorized

November 4, 2013 · 12:06 pm

NADPO annual conference

In what little spare time I have I perform the role of Secretary of NADPO – the National Association of Data Protection and Freedom of Information Officers. NADPO holds its annual conference in London on 22 November. The call to members has gone out, and also to members of the Data Protection Forum, with whom we have informal reciprocal arrangements.  Now, for the first time, we have decided to make any spare places publicly available.

The line-up is as impressive as ever (if not more so): we have Jonathan Bamford, from the Information Commissioner’s Office, the BBC’s Martin Rosenbaum , Dr Ian Brown, from the Oxford Internet Institute, David Allen Green, author of the highly regarded Jack of Kent blog, and legal commentator for The Financial Times, S A Mathieson, senior analyst for EHI Intelligence and a freelance journalist and Antonis Patrikios, Director at Field Fisher Waterhouse’s Privacy and Information team. We also have the Law Commission, who will be talking about, and seeking attendees’ views on, their scoping project on Data Sharing between public bodies.

Spare places, if any are available, will be offered to those who express interest on a first-come-first-served basis, at a ridiculous bargain rate of £50.

The conference takes place at Field Fisher Waterhouse’s offices in Vine Street, EC3N.

If you’re interested in attending feel free to contact me using the form on this page.

← Back

Thank you for your response. ✨

Leave a comment

Filed under Uncategorized

September 29, 2013 · 5:56 pm

A million data breaches?

Is it realistic for the ICO to expect all SMEs to encrypt hardware? And if those SMEs don’t, is it realistic to expect the ICO to enforce against what must be mass non-compliance?

Accurate figures for annual thefts and losses of laptops in the UK are not easy to come by – perhaps the most commonly-cited figure is the estimated 1 million from Sony’s Vaio Business Report 2013. On any analysis, though, it’s a relatively common occurrence.

A large proportion of these will be laptops containing personal data of people other than the owner of the device. And in many cases the device, or part of it, will be used for business purposes, often by small and medium-sized enterprises (SMEs). Personal data processed solely for domestic purposes is outwith the obligations of the Data Protection Act 1998 (DPA), but any personal data processed for business purposes is caught by the Act, and the person or business processing that data is likely to be a data controller.

As data controller, they will have an obligation inter alia to take “Appropriate technical and organisational measures …against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data” (Principle 7 of Schedule One, DPA). A serious contravention of this obligation, of a sort likely to cause serious damage or serious distress, can lead to the Information Commissioner’s Office (ICO) serving the data controller with a Monetary Penalty Notice (MPN), under section 55A, to a maximum of £500,000.

And so it was this week that the ICO served Jala Transport Ltd, an oddly-named loans company, with an MPN of £5000 after

a hard drive containing financial details relating to all of the sole proprietor’s approximately 250 customers…[was stolen] from the business owner’s car while it was stationary at a set of traffic lights in London

The hard drive was in a case, with documents and some cash, and has still not been recovered.

Despite one’s possible distaste for the nature of the business involved (it may be difficult to muster much sympathy for a loans company), this case raises some interesting points, specifically for small-to-medium enterprises (SMEs) but also in general.

The MPN itself reveals that the business did not have a backup of the hard drive. This is a ridiculous oversight, when secure storage is simple, and cheap. But

it was taken home at the end of each working day for business continuity purposes and to reduce the risk of damage or theft

However, by not

closing the car window and placing the briefcase in the boot of his car or out of sight

this unsuccessful but probably well-meaning attempt at data security -and a business continuity plan – became an aggravating factor.

However, what really did for the proprietor was, “crucially”, that although the laptop was password-protected, it was not encrypted, and this led the ICO to repeat previous warnings about the need for encryption in these circumstances

We have continued to warn organisations of all sizes that they must encrypt any personal data stored on portable devices, where the loss of the information could cause clear damage and distress to the customers affected…if the hard drive had been encrypted the business owner would not have left all of their customers open to the threat of identity theft and would not be facing a £5,000 penalty following a serious breach of the Data Protection Act

Several questions are raised by this case, and this approach by the ICO. Firstly, encryption, for individual devices, is not necessarily straight-forward, and carries its own risks. This is not to say that attempts should not be made at either full disk encryption or file/folder encryption, but not all SMEs necessarily have the time or expertise to explore this effectively. Secondly, one notes that one of the reasons the MPN was imposed was because the ICO felt that the serious contravention of the DPA was of a sort likely to lead to serious damage in the form of identity theft. It was a very similar argument that the Information Tribunal recently refused to accept as being a likely consequence of another serious contravention, when it upheld Scottish Borders Council’s recent MPN appeal. £5000 is not a huge amount, and the time and expense of pursuing an appeal might be too much, but it will be interesting to see if one is lodged.

Finally – following on from the point that encryption of single standalone devices isn’t necessarily straightforward – one has to wonder how many of those estimated one million lost and stolen laptops were encrypted, and, of those that weren’t, how many contained personal data which required the relevant data controller to observe the security obligations of the DPA. Jala Transport appears to have taken the admirable, but perhaps ill-conceived, decision to report the theft to the ICO itself (and may now be regretting that decision).

If all the data controllers of those thousands and thousands of laptops lost or stolen annually reported the loss to the ICO, how many would have to own up to lack of encryption, and be liable to a similar or possibly larger MPN? And could the ICO possibly cope with the workload?

Leave a comment

Filed under Breach Notification, Data Protection, Information Commissioner, Information Tribunal, monetary penalty notice, Uncategorized

September 24, 2013 · 5:22 pm

Citizens Advice Bureaucracy?

It’s always hard when those you admire let you down (Van Morrison duetting with Cliff Richard*, Godfather 3, Larkin’s letters) and I preface what follows with an assertion that I think Citizens Advice Bureaux (CABs) are a force for good, and one that takes on even more importance as the government butchers the legal aid system. However, when those you admire do let you down, it is important not to shrink from criticism.

Last week reports emerged of what appeared to be a very serious incident of inadvertent exposure of large amounts of potentially highly sensitive data of clients of Newcastle Citizens Advice Bureau. I think the Northern Echo were the first traditional news source to break the story (after @FOIMonkey had announced the unfortunate discovery on twitter). Other outlets soon picked this up, including the BBC. What had apparently happened, said the BBC, was

About 1,300 files containing names, addresses, debt history and criminal records were accidentally made available on the internet.

This is no small matter for an organisation which requires, and indeed prides itself on, total confidentiality between it and its clients.

The Chief Executive of Newcastle CAB had reassuring words:

Shona Alexander, chief executive of the branch, said:

This isolated incident at Newcastle CAB is being thoroughly investigated…I’d like to reassure people that, because we take data protection extremely seriously, they can speak to us in total confidence. All Newcastle CAB staff and volunteers are fully trained in information assurance.

(Although, as Tim Turner pointed out, this bore some resemblance to a platitudinous quote given by Greater Manchester Police when they had contravened the Data Protection Act 1998, and as @FOIMonkey suggested, “isolated incident” is an odd way to describe the apparent long-term inadvertent disclosure of 1300 files in 16gb of client data cached by Google.)

However, it was reassuring to know that this compromised data had been identified, and would be removed, with the assistance of Google. Google are, I understand, generally happy to assist with removal, although each one (and there were hundreds here) normally requires a separate request and takedown is effected normally within twenty-four hours (there is also a process whereby site owners can ask that cached copies of entire directories/sites are removed). @FOIMonkey even had the decency and public-spiritedness to get Google to take many down herself, in what was I am sure a time-consuming task of no direct benefit to her.

But this morning (24 September), when I checked twitter, I noticed that @FOIMonkey had tweeted yesterday

Concerned that 5 days after the Newcastle CAB data breach came to light, the information is still online. Please sort them out @ICOnews

She went on to show that more than 11,000 files had still not been removed, pointing out that “it could all have been removed by now”.

Now, in terms of data protection law, I think it is the case that each local CAB functions as a separate data controller, with attendant legal obligations and liabilities, but it seems clear that regional CABs operate under the umbrella of the national organisation, and it seemed to me that this was an issue of general seriousness and importance for the CAB nationally. So I took the time to search out the CAB’s senior press officers, all of whom are on twitter, and asked them for comment, but got no reply.

I then emailed their Press Office, asking for comment, but was merely referred to a statement from last week which (obviously) made no reference to this current issue about apparent failure to remove the data. I pointed this out in reply, and, when I pushed them to say whether they had any further comment, was referred back to the earlier irrelevant statement they had given me earlier.

Meanwhile, I saw that the Assistant Chief Executive of the national CAB was active on twitter, and I asked him for comment. He replied

we take client data protection extremely seriously and working hard with both ICO and Google to resolve this local issue

Which is more like a parroting of the original press release, rather than an answer to the question posed.

It may be that, behind the scenes, frantic efforts are being made and have been made since last Wednesday to remove this data. Maybe Google are being awkward for some reason. I don’t know, but if so, I struggle to understand why we can’t be told this, and why, while we are given bland and unreassuring statements, the only person who publicly seems to be making successful efforts to have the data removed is someone with no obligation to do so, and who alerted the CAB to the problem in the first place.

*Van’s not too bad actually.

3 Comments

Filed under Uncategorized

September 13, 2013 · 7:14 am

Thanks for the memory walk

All human things/ Of dearest value hang on slender strings*

Ten days or so ago I asked for donations for a charity walk a friend and I were about to do. Normally, in a very English way, we don’t ask for donations for this sort of thing, but just make one ourselves and then feel guilty we haven’t raised more. This time I decided to ask, and was blown away by the response. With direct donations to the Alzheimer’s Society and cash donations we raised close to £550.

And in the beautiful grounds of Hall Barn, once home to Edmund Waller*, last Sunday, we barely exerted ourselves for five whole gentle kilometres. What was very, and rather unexpectedly hard, however, was hearing the stories of other walkers. Dementia affects so many lives in such horrible ways, and this was reflected by the fact that many people who had donated said how they had experienced it in their families.

I said I would run part of it, and I did – all of about three strides. So we didn’t get a picture, but if we had it wouldn’t have been pretty. I will post another picture, sadly from a few years ago, of someone who would have recognised and been truly grateful, as we are, for the kind, kind donations and support for such an important charity.

DSC00159

Leave a comment

Filed under Uncategorized

September 3, 2013 · 8:47 am

A Memory Walk

My mother wore a yellow dress;
Gentle, gently, gentleness.
Come back early or never come.1

I agonised over whether to use my blog to seek sponsors for a charity walk I’m doing, but decided in favour because a) I would hope that making clear that it’s a mere 5k does away with any suggestion I’m showing off, b) I won’t make a habit of it, and c) in itself it’s probably selfish to agonise about blogging to raise a small donation to  worthwhile cause. Forgive my self-flagellation: I do it a lot.

On Sunday 8 September my partner and I are doing the 5k Memory Walk in the lovely grounds of Hall Barn, near Beaconsfield. The Memory Walk

is a series of fundraising walking events taking place across England, Wales and Northern Ireland every September, all raising money to provide vital support to people living with dementia and help our research to find a cure for the future.

I won’t go into great detail about my and my partner’s experience of having someone you love ravaged by dementia, but many have already done so, and many will.

I would be truly appreciative though if you were able to donate using my Just Giving page.

UPDATE: 4 September

Firstly, I want to say thank you to all the wonderful people who have donated to the cause. It sounds trite, but I really am so very touched and appreciative. Even though, thanks to the evil machinations of @lexysumner it looks like I’ll have to run part of the WALK (believe me, if I ran all of it this would be the last blog you’d ever see from me).

Secondly, it has been pointed out to me that donating through Just Giving is not the only option – a couple of donations have been made directly to The Alzheimer’s Society, and doing this means that all the money goes directly to the charity (Just Giving take a 5% cut). I apologise for not realising and mentioning this before. All I would ask is that if anyone makes a donation directly they let me know, so I can let the WALK organisers know.

1 Comment

Filed under Uncategorized