Tag Archives: FOI

June 7, 2013 · 12:26 pm

Transparency and the ICO

It is axiomatic that, under the Freedom of Information Act 2000 (FOIA), a requester is unlikely to know precisely what the information requested consists of. This means that a requester is at a (natural and fair) disadvantage if he or she wishes to challenge a refusal. How to argue, for instance, that the public interest favours disclosure of information, if you don’t know what the information is?

A requester will often be reliant, therefore, on the Information Commissioner (ICO), as independent regulator, or the judicial system, thoroughly to interrogate a public authority’s basis for non-disclosure.

Last year I made a FOIA request to the ICO’s office itself for copies of all Undertakings (not currently on their website) agreed by the ICO and data controllers following investigation of serious breaches of the Data Protection Act 1998.

The ICO kindly disclosed to me a large number of Undertakings, but withheld three, citing the exemption at section 22 of FOIA. This section provides an exemption to the general FOIA obligation to disclose information, if the information is held, at the time of the request, with a view to its publication at some future date (whether determined or not). Furthermore it must be reasonable in all the circumstances that the information should be withheld from disclosure until that future date. Section 22 is a qualified exemption, and, therefore, subject to the application of a public interest test. I was told by the ICO that the Undertakings

were not published at the time due to a risk of prejudice, in one case to a criminal trial and in the others to commercial interests. In light of your request we have revisited these considerations and find that they are still relevant

I’m a reasonable chap, and accepted that the ICO was well-placed to determine that the public interest did not favour disclosure. However, I thought they might be able to disclose the identities of the data controllers involved. So I made a FOIA request for that information.

This was also refused. I was told that one of the data controllers was News Group Newspapers and the Undertaking was

in connection with a cyber-security attack perpetrated against NGN for which criminal proceedings are ongoing. As we have previously indicated, the Undertaking will be published once the proceedings have been concluded

This was the case relating to a criminal trial, and it has now been published.

I was told though that the names of the other two data controllers were still exempt under section 22, as, even though the ICO accepted my argument

that prejudice is “unlikely to occur simply by disclosing the identity of the data controllers”, having consulted with the organisations involved, I am satisfied that there is a possibility that the release of even the identities could potentially damage the commercial interests of the Data Controllers

Well, after I waited a while, and then made a further FOI request, the names and Undertakings have now been disclosed. And I fail to see what the fuss was about: they related to some issues with residual data on legacy systems. I also fail completely to understand how, in any conceivable way, disclosure of the names of the Councils involved could have caused prejudice to their commercial interests, and I’d invite anyone else to explain to me how it could. If I am right, the argument that it was reasonable in all the circumstances that the information should be withheld from disclosure until a later date, and, indeed, the argument that the public interest favoured maintaining the section 22 exemption falls away.

I could, of course, have appealed at the time, but the point is that I did not know what information was being suppressed, or why. I trusted the ICO to apply the law properly.

It is interesting to consider this matter of “trust” in light of an important recent Upper Tribunal (UT) case. Although that case was concerned with the use of “closed material” and “closed proceedings” in FOIA cases in the First-tier Tribunal (FTT) some points are arguably of general application to public authorities. One strikes me in particular

The other side of the coin concerning the application of the FOIA exemptions is of course that the requester may want to challenge the reasons and evidence which are advanced to establish them and thereby show that the requested information should be provided to him or her pursuant to FOIA…This competing right and interest within the FOIA scheme is founded on the right of access to information held by public authorities that is given by FOIA. So it is one of the starting points for the need for a decision-making process to weigh competing rights and interests [emphasis added]

I would argue (knowing now what I didn’t know then) that as one of the prime reasons for DPA Undertakings is to draw attention to serious breaches of the DPA (see ICO Guidance: Communicating Enforcement Activities) withholding this information under section 22 potentially is seen to undermine the regulatory functions of the ICO. I struggle to understand how the refusal to disclose the Undertakings, let alone the mere identities of the recipients, shows proper weighing of competing rights and interests.

One a final note, the guidance above also says

We will not risk damage to the reputation of the ICO by agreeing with an organisation that we won’t publicise our action or that we will give advance warning

I’m not sure how to square that with what I was told last year that

the Undertakings were signed on the understanding that they would not be publicised in the usual manner

2 Comments

Filed under Breach Notification, Confidentiality, Data Protection, enforcement, Freedom of Information, Information Commissioner, monetary penalty notice, transparency

Tagged as DPA, FOI, ICO

April 16, 2013 · 12:15 pm

Police, poems and FOI

In which I am inspired into literary expression by a rather bizarre ICO decision notice saying that a poem sent by a senior police officer on his mobile device is exempt from disclosure under the “personal data” provisions of the Freedom of Information Act

Mr Plod once sent friends a rhyme
Which was rumoured to be out of line
When a request was lodged
To see what it was
His bosses politely declined

Chris Graham agreed with the force
Saying “It’s personal data because
He’s easy to spot
From the words that we’ve got:
It’s exempt from disclosure, of course!”

A Tribunal may have to decide later
– As the statutory arbitrator –
If it’s rather perverse
To suggest that a verse
Can possibly be personal data.

1 Comment

Filed under Data Protection, Freedom of Information, Information Commissioner, police

Tagged as Christopher Graham, DPA, FOI, ICO

April 5, 2013 · 5:11 pm

A Howitzer of an FOI Exemption

A recent decision by the Information Commissioner shows that the House of Commons is able, under the FOI Act, to apply a blanket provision preventing disclosure of information of potential public interest, from which there is no appeal. If I were a cynical adviser to the House, I’d suggest using it more often.

The Freedom of Information Act 2000 (FOIA) contains a few howitzers with which a relevant public authority can obliterate an otherwise valid request for information. The most familiar of these is at section 53, whereby, in relation to a Information Commissioner (IC) decision notice served on a government department requiring them to disclose information, a Cabinet minister can issue a veto, from which there is no right of appeal.

Less well-known are the certificates which can be served under sections 23 and 24, by ministers, to be conclusive evidence that information requested was supplied by or relates to national security bodies, or is exempt from disclosure for reasons of national security. (These are appealable, either by the IC or by the applicant, under section 60 of FOIA).

Less well-known still is a section which allows the Speaker of the House of Commons (or the Clerk of the Parliaments) to issue a certificate which provides conclusive evidence that disclosure would or would be likely to cause prejudice to the effective conduct of public affairs. This is section 36(7) and, read with section 2(3)(e), it provides an absolute exemption to disclosure, which the IC is duty bound to accept. In effect, it is a means whereby the Houses of Parliament can prevent FOIA disclosure, with no right of appeal.

Thus, in a decision notice published this week about a request for information relating to the tax treatment of residential accommodation provided by the House of Commons, the IC says

Given the nature and provenance of the certificate, the Commissioner is obliged by section 36(7) FOIA to accept the certificate as “conclusive evidence” that the opinion is reasonable in both process and substance and that the alleged inhibition would be likely to occur; therefore, the Commissioner accepts that section 36(2) FOIA is engaged and that the withheld information is exempt

Any appeal of this decision would have the same outcome: if a properly-made certificate states that the exemption applies, then it does, and no regulator or court can say different. So, despite what appears to be a potentially high degree of public interest in the information requested, about, in the applicant’s words

issues of principle… the provision of residential accommodation is a substantial benefit, and its tax treatment is of legitimate interest to the public

we will not get to see it.

There could, I imagine, potentially be an application for judicial review of the decision to issue the certificate, in the same way that the ministerial veto at section 53 is potentially amenable to judicial review, but this would have to be on the classic public law grounds, and would be a very difficult challenge.

One rather wonders why this provision has not been used more often. It has been used in the past to prevent disclosure of information relating to names and salaries of MPs’ staff, and to prevent disclosure of information about the claiming of parliamentary privilege. But when requests were made for disclosure of MPs’ expenses information, the exemption claimed was the one relating to personal data. A section 36(7) certificate would, it seems to me, have rendered those requests dead in the water. Did the House of Commons miss a cynical trick?

Private NHS Providers and FOI

Monitor have recommended that FOI requirements should apply to private providers of NHS services. I’m not sure we should be too optimistic that much will ensue.

Regardless of one’s views of the Health and Social Care Act 2012* it is important that, if “any willing provider” can be commissioned to provide private health services, there should be parity of treatment. And, indeed, the need to ensure a “Fair Playing Field” was, at least ostensibly, what led the Secretary of State for Health to ask Monitor (“the sector regulator of NHS-funded health care services”) to conduct

an independent review of matters that may be affecting the ability of different providers of NHS services to participate fully in improving patient care

That review has now finished, and was laid before Parliament by the Secretary of State yesterday.

My specific interest is in the section regarding transparency. Monitor note that

Historically, public providers have faced higher levels of scrutiny than other providers, including requests for information under the Freedom of Information Act. This degree of scrutiny can improve accountability to patients and promote good practice. Freedom of Information requirements have been extended through the standard NHS contract to private and charitable providers. However, it is not clear that this is operating effectively as yet, and other aspects of transparency do not apply across all types of provider

Accordingly

The Government and commissioners should ensure that transparency, including Freedom of Information requirements, is implemented across all types of provider of NHS services on a consistent basis

This could be read as a recommendation that the Freedom of Information Act 2000 (FOIA) be extended to all (including private) providers.

However, I am not sure we should be too optimistic that the recommendation will be read in this way by the Department of Health. The Justice Committee, in its recent post-legislative scrutiny of FOIA, was unconvinced that FOIA needed to be extended to private providers of public services, feeling that the use of contractual terms to ensure transparency was sufficient:

The evidence we have received suggests that the use of contractual terms to protect the right to access information is currently working relatively well…We believe that contracts provide a more practical basis for applying FOI to outsourced services than [extending FOIA to those private providers]

and rather unsurprisingly the government, in its response to the Justice Committee, agreed

The Government therefore does not intend, at this time, to legislate to extend FOIA obligations to contractors.

Given this, I suspect that, rather than taking up Monitor’s recommendation and extending FOIA to private healthcare providers, the government will merely reiterate the point about the use of contractual terms to promote transparency aims.

However, even if FOIA is not to be explicitly extended to include private contractual providers, there is a potential way forward which would achieve those transparency aims in a clearer and more enforceable way. This is the proposal by the Campaign for Freedom of Information, who observed (in light of the post-legislative scrutiny reports)

We don’t believe that relying on every authority to insert an appropriate clause into every contract one at a time is likely to be effective. The FOI Act itself should state that all such contracts are deemed to include a wide disclosure requirement, automatically bringing information about the contractor’s performance and the way the contractor goes about it within the Act’s scope

This seems eminently sensible. I wish eminently sensible things would happen more often than they do.

*I happen to think it’s an example of an ideologically-driven privatisation of public services which we will look back on in decades to come as a drastic mistake.

3 Comments

Filed under Freedom of Information

Tagged as FOI

March 13, 2013 · 8:25 am

The Right to Unknown Information

It is important to note that there is no requirement in the FOIA that those intending to make requests for information have any prior knowledge of the information they are requesting.

These words of the Information Commissioner (IC) in, Decision Notice FS50465008, are an important statement about the role of the Freedom of Information Act 2000 (FOIA) in investigative journalism and activism. They establish that, at least in the IC’s view, FOIA requests may be made on a speculative basis, without a knowledge of the specific contents of documents.

To many users and practitioners they are probably also an obvious statement about the right to information conferred by FOIA. If someone is asking for information from a public authority, it is self-evident that, at least in the large majority of cases, they do not know what the information specifically consists of – otherwise, why request it? As the IC goes on to say

The idea of a requirement of prior knowledge that the relevant information exists is itself contrary to the very purpose of the legislation, let alone prior knowledge as to what it comprises

The request in question, made – as those who followed the “Govegate” imbroglio might have guessed – by the impressively dogged journalist Christopher Cook (who has given me permission to identify him as the requester), was to the Cabinet Office for

the last email received by the [Prime Minister] personally on government business via a private non-GSI account. I also want the last government email sent by the PM via such an account

It was made in the context of suspicions that attempts might have been made to circumvent FOIA by conducting government business using private email accounts. For obvious reasons Chris was unlikely to be able to identify the specific type of information he sought, and the Cabinet Office knew this, telling the IC that

he has no idea of the nature of the information that may be contained in such emails, if indeed such emails even exist…For a request for a document to be valid, it needs to describe (if it would not otherwise be apparent) the nature of the information recorded in the document. The Cabinet Office does not accept that asking a public authority to undertake a search for emails without any subject matter, or reference to any topic or policy, sent using a particular type of account can satisfy the requirement on the application to ‘describe the information requested’

However, the IC rejected this, splendidly demolishing the Cabinet Office’s position with an argument by analogy

a request for the minutes of the last Cabinet meeting would clearly describe the information requested, even though it does not describe the content by reference to the matters discussed

I think this decision is particularly important because it accepts that, sometimes, a person contemplating requesting information from a public authority might not have a fully-formed view of what it is she wants, or expects to get. Authorities sometime baulk at requests which they see as “fishing expeditions”, but the practice of investigative journalism (in de Burgh‘s classic formulation “…to discover the truth and to identify lapses from it in whatever media may be available…”) will often involve precisely that, and the IC recognises this

Whilst public authorities might find such requests irritating, the FOIA does not legislate against so-called ‘fishing expeditions’

The Cabinet Office must now treat Chris’s request as properly-made under FOIA. That does not mean that they will necessarily disclose emails from the PM’s private email account (in fact I’d be amazed if they did), but no one ever suggested the trade of investigative journalism was easy.

5 Comments

Filed under Cabinet Office, enforcement, Freedom of Information, Information Commissioner, transparency, Uncategorized

Tagged as FOI, ICO, journalism

March 8, 2013 · 1:10 pm

Why bother?

It is a statutory duty to comply with the 20-working-day response time to a request made under the Freedom of Information Act 2000 (FOIA). It is breach of the Code of Practice issued by the Secretary of State to fail to respond promptly to a request for internal review of a FOIA refusal (and the IC recommends 20 working days for this as well). It is a statutory duty, breach of which is potentially a criminal offence, to fail to comply with an Information Notice or a Decision Notice issued by the Information Commissioner (IC).

With all this in mind, and with acknowledgement that this is copied in total from an IC Decision Notice FS50427906, read the following comments by the IC, on how the Cabinet Office (who, er, have poor FOI history) handled a specific request, and weep.

73. At every stage during the handling of these requests and the investigation of this case, the Cabinet Office has been responsible for causing severe delays. As noted above, the complainant did not receive a substantive response to his requests until more than a year had passed following his first request, and over eight months following the second.

74. These responses were only forthcoming after the Cabinet Office was ordered to provide these in the earlier decision notice issued by the Commissioner. Even then, the Cabinet Office did not respond within the time limit specified in the notice. The internal review was also late and again was only provided following the intervention of the ICO.

75. During the Commissioner’s investigation the responses provided to his office were frequently late and incomplete. This necessitated the issuing of an information notice, which the Cabinet Office also failed to comply with within the specified time.

76. Given this background, the Commissioner trusts that the Cabinet Office will view the steps required in this notice as providing an opportunity to demonstrate to the complainant its commitment to its obligations under the FOIA and to providing a better service than the complainant has received thus far.

77. A record of the various issues that have arisen in relation to these requests and during this investigation has been made by the ICO. Issues relating to responding to requests in accordance with the FOIA and about responding promptly to correspondence in section 50 investigations have been raised with the Cabinet Office by the ICO in the past. The Commissioner is concerned that, despite this, issues of such severity have arisen in relation to the requests in this case. It is essential that the Cabinet Office ensures that there is no repetition of these issues in relation to future requests.

3 Comments

Filed under Cabinet Office, Freedom of Information, Information Commissioner, transparency

Tagged as FOI, ICO

January 25, 2013 · 2:41 pm

Public Interest in Empty Buildings

Does the public interest favour publishing lists of vacant properties? No, says the First-tier tribunal. Yes, suggests the launch of the government website “Find Me Some Government Space”.

On 22 January the First-tier tribunal (FTT) handed down judgment in the remitted case of Voyias v IC and Camden Council. Those looking for intelligent insights into the case, and the reasons why it was originally appealed to the Upper Tribunal, and then sent back to the FTT should read the excellent series of posts on the Panopticon blog. I’m here to make a much blunter observation: at the same time a local authority is strongly resisting publishing details of vacant properties, the government appears to be actively promoting similar publication.

At issue in the FTT was whether the Council should disclose, under the Freedom of Information Act 2000 (FOIA), addresses of vacant properties in its area. The information had been withheld on the basis of the FOIA exemption at section 31(1)(a)

disclosure…would, or would be likely to, prejudice…the prevention or detection of crime

The FTT had little difficulty (having been bound by the Upper Tribunal to consider indirect consequences of disclosure on the prevention of crime) in finding the exemption was engaged, holding that

releasing the requested information would increase squatting and that there would be an increase in the instances of various types of criminal activity directly connected to it*

When it came to the balance of public interest factors (section 31 being a qualified FOIA exemption) the only real factor pleaded in favour of disclosure was

The need to ensure that the Council takes appropriate measures to bring empty property back into use

And the FTT, at paragraph 55, afforded it “relatively small weight”.

Against disclosure were the following (not all of them accepted by the FTT, it should be said)

The inherent public interest in the prevention of all crimes…; The cost of securing properties vulnerable to squatting and repairing damage resulting from it, whether that cost falls on the private or public purse; The cost of evicting squatters; The potential detrimental impact on those directly affected by criminal damage; The impact on the community in the vicinity of a squatted property; The problems faced by Council staff having to deal with squatting and its consequences; The impact on police resources; The direct financial cost caused by property stripping.

Fine. FTT found the exemption engaged and that the public interest favoured non-disclosure of empty, unused properties. As John Murray has pointed out to me, this is somewhat surprising given that it also appears that many other local authorities have had little concern about disclosing similar information.

And one wonders why, if such prejudice would or would clearly be likely to arise, the government two days later launched a website called Find Me Some Government Space. Launching it Chloe Smith, Minister for Political and Constitutional Reform, (what a grand title) said

…we will have a number of properties both owned and rented that we need to do more with. Not only will this website help to save government money but we will see new opportunities, jobs and growth in local economies as new life is brought into empty, unused properties. [emphasis added, naturally]

These sentiments were, oddly, not reflected by the then Housing Minister Grant Shapps, when the initial FTT ruling was made.He said it was a “bizarre decision that flies in the face of common sense” and that publishing details of empty properties “in other areas has led to the numbers of squats doubling”.

Now – and I concede they are not residential – within seconds, using “Find Me Some Government Space”, I’d found a list of 30 properties for sale within a 20km radius of Camden Council’s offices. It’s not clear if they’re currently empty and unused, but the words of the Minister imply that those are the sort of buildings which will be on “Find Me Some Government Space”. Moreover, as the government clearly thinks bringing new life into empty, unused properties is connected to the creation of jobs and economic growth, will they be encouraging councils to disclose the very type of information this Council sought so hard to avoid disclosing?

*At the time of the request, squatting in residential properties was not a criminal offence, something that has now changed with the enactment of section 144 of the Legal Aid, Sentencing and Punishment of Offenders Act.

When is a working day not a working day?

If you made an FOI request over the Christmas period, be aware of a strange anomaly regarding time for compliance

Everyone knows that the time for compliance by a public authority with a request made under the Freedom of Information Act 2000 (FOIA) is twenty working days. Section 10 of FOIA says

a public authority must comply with [a request for information made under] section 1(1) promptly and in any event not later than the twentieth working day following the date of receipt

A “working day” means (by s10(6))

any day other than a Saturday, a Sunday, Christmas Day, Good Friday or a day which is a bank holiday under the Banking and Financial Dealings Act 1971 in any part of the United Kingdom. [emphasis added]

This means that, even when a request is made in England, Wales or Northern Ireland, to a English, Welsh or Northern Irish public authority, under FOIA (which in relevant part only applies to England, Wales and Northern Ireland – Scotland has its own Freedom of Information (Scotland) Act 2002), the existence of a Scottish bank holiday during the relevant period effectively extends the time for compliance by one day.

The 2nd of January is a bank holiday in Scotland.

So, think twice before you chase a public authority this month about a request you think is one day overdue.

9 Comments

Filed under Freedom of Information, Uncategorized

Tagged as FOI

November 23, 2012 · 1:35 pm

Tweets and Tw*ts, redux

NOTHING TO SEE HERE, MOVE ALONG.

UPDATE: 13 December 2012

In a tweet to me of 5 December the ICO kindly clarified that there has been no change. The reference to twitter names is now contained in this guidance.

Has there been a subtle change of policy by the ICO on the subject of FOI requests made by twitter?

Last year I blogged about a Freedom of Information Act 2000 (FOIA) request I made to the Information Commissioner’s Office (ICO) via twitter. I referred the ICO to their own guidance (hosted as part of a web page, not as a separate download), which said

The request must state the name of the applicant…A Twitter name may not be the requester’s real name, but the real name may be shown in their linked profile…The request must also state an address ‘for correspondence’. Does this include Twitter names? The length of a tweet makes it difficult for the authority to respond fully, but there are ways of dealing with this. The authority could ask the requester for an email address in order to provide a full response. Alternatively, it could publish the requested information, or a refusal notice, on its website and tweet a link to that.

The question I have given emphasis there did not have a specific answer in the guidance, but one inferred that the answer was “yes” from the words that followed.

This morning I made a twitter FOIA request to the Department for Education, to which they replied asking me to provide an email address or fill in an online form. I was going to refer them to the ICO’s guidance, but found that it doesn’t exist anymore. Fair enough: websites change and URLs get broken. However, unless I am mistaken what I have also found is that the ICO no longer seems to imply that a twitter name is an address for correspondence, according to section 8(1)(b) of FOIA. As far as my search skills can ascertain, the ICO now says

Requests can also be made via the web, or even on social networking sites such as Facebook or Twitter if your public authority uses these…[the request must] include an address for correspondence. This need not be the person’s residential or work address – it can be any address at which you can write to them, including a postal address or email address

No reference there to twitter names. More detailed guidance from the ICO says

Where a request has request in line with section 8(1) of FOIA if the requester has provided their name and a valid address. Where possible a response to the requester should be sent for example by providing a web link. If the name or address is not provided it is not a valid request, therefore if information is not being provided a reply should be sent advising the requester of this, and asking for the required information.

Again, no reference to twitter names.

These changes, unless I have indeed missed something, with their absence of reference to the possibility of a twitter name being “an address for correspondence” indicate a retreat by the ICO. It could well be that they’ve had to acknowledge that twitter is perhaps not the most appropriate medium for FOIA requests. If so, it would be helpful if they could – clearly – issue revised guidance. Their announcement that requests could be made by twitter got a lot of coverage, and led to the highest court in the land accepting that it had been wrong to imply it would not consider them valid requests.

I’ve made a FOIA request to the ICO to find out whether their policy has changed. Guess which medium I used?

UPDATE: 13 December 2012

In a tweet to me of 5 December the ICO kindly clarified that there has been no change. The reference to twitter names is now contained in this guidance.

7 Comments

Filed under Freedom of Information, Information Commissioner, transparency, Uncategorized

Tagged as FOI, ICO

September 29, 2012 · 9:04 am

Private emails, FOI and Criminality

Private emails are subject to FOI searches, and it’s a crime intentionally to conceal relevant information.

So, it appears that the Department of Education (DfE) has conceded that business emails sent by private email accounts are subject to the Freedom of Information Act 2000 (FOIA), thus accepting what the right-thinking world, and, indeed, anyone with a glimmer of common sense knew all along.

Plaudits, or brickbats, according to your position on the merits of FOIA, should go to Christopher Cook of the Financial Times, who has pursued the Department of Education (DfE) on this with the enthusiasm of a Jack Russell terrier faced with a scurrying rat. Fellow hacks at the Independent had also joined themselves to the proceedings listed (but now withdrawn) in the First-tier Tribunal (Information Rights). The DfE had had the balls to launch a challenge to a previous decision by the Information Commissioner (ICO) that the information (held in private email accounts) requested by Chris should be released. The decision notice itself was clear, and difficult to argue with, as is the advice on the subject published by the ICO around the same time. One wondered what possible grounds the DfE had to base a successful appeal on, and the withdrawal of the appeal probably answers that point, although it appears the withdrawal was actually prompted by the imminent publication of Cabinet Office guidance.

Some are now predicting that there will be a deluge of FOI requests specifically targeted at information held in private emails, or text messages, and I think this is probably right. What is not clear is how they will be handled. The ICO’s guidance suggests that, faced with requests for information that could be held in private emails, public authorities should restrict themselves to asking the person to search their account and keeping a record to show that this was asked:

The public authority will then be able to demonstrate, if required, that appropriate searches have been made in relation to a particular request. The Commissioner may need to see this in the event of a…complaint

This suggests that, when investigating a complaint about refusal to disclose information, the ICO will restrict himself merely to satisfying himself that an authority has asked its staff to check emails. Absent any evidence that those staff have not been honest about the contents of those private emails, the ICO will take no further action. The reasons for this are, really, quite obvious: the powers open to a public authority to access private email accounts are limited. Although the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 allow an employer to “intercept” an employee’s private emails (if sent using the employer’s systems) to determine whether they are business-related, those powers must be exercised with due regard to the employee’s privacy rights. The interception of private emails in a private email account (sent using the employer’s systems) must be necessary and proportionate. If an employee has told his or employer that their private emails contain no information caught by an FOI request it is doubtful, absent any evidence to the contrary, that a “trawl” of emails without the employee’s consent would be lawful (I’ve written for PDP journals on this subject – subscription needed).

On one view, then, nothing much has changed with the concession by the DfE, although no doubt many new FOI requests will be made as a result. What has changed, perhaps, is the focus on individuals’ personal responsiblity under FOIA. Currently, section 77 creates an offence if a person alters, defaces, blocks, erases, destroys or conceals a record in response to an FOI request. If a trawl of emails on a public authority’s systems is required this will normally fall to IT, or similar, and employees have little say – or, if you like, given the existence of back-up systems – limited opportunity to commit a section 77 offence. Now, if the same employee is asked whether private emails contain specific information, and he or she untruthfully says “no”, criminality – the mens rea – will be relatively easy to make out.

The question is, how would we find out?

6 Comments

Filed under Freedom of Information, Information Commissioner, Information Tribunal, Privacy, RIPA, Uncategorized

Tagged as FOI, Human Rights, ICO