Tag Archives: FOI

Non-compliant FOI compliance?

What does it mean to “comply” with an FOI request? This would appear to be a rather arid question, but when the provisions of section 14(2) of the Freedom of Information Act 2000 (FOIA) come into play, it is not perhaps as unambiguous as one might think.

Section 14(2) provides that

Where a public authority has previously complied with a request for information which was made by any person, it is not obliged to comply with a subsequent identical or substantially similar request from that person unless a reasonable interval has elapsed between compliance with the previous request and the making of the current request [emphasis added]

I confess that, until recently, as both a practitioner and an observer, I had never given this too much thought: surely a public authority complies with a request by complying with its general obligations under FOIA? Namely, confirming whether requested information is held, and, where it is, either communicating it to the requester or providing a refusal notice, while at the same time providing appropriate advice and assistance.

However, it appears (and apologies to anyone who’s known this for ages – I didn’t) that the Information Commissioner’s Office (ICO) take a different view on section 14(2). Their approach, reflected in guidance, is that for the purposes of section 14(2) at least, a public authority has only previously complied with a request when it has either disclosed the information, or confirmed that it is not held:

A public authority may only apply Section 14(2) where it has either;
– previously provided the same requester with the information in response to an earlier FOIA request; or
– previously confirmed the information is not held in response to an earlier FOIA request from the same requester.
If neither of these conditions applies then the public authority must deal with the request in the normal manner.

So, if the authority has previously refused to disclose information, on the valid basis of the application of an exemption or exemptions, it cannot refuse to deal with a subsequent identical request, and it must (one assumes, and unless circumstances have changed) issue a fresh, identical, refusal notice.

This approach is also reflected in a recent decision notice relating to a request to the Department for Work and Pensions (DWP) for the names of charities and companies who have given placements to Mandatory Work Activity or Help to Work participants. DWP had replied to a previous almost identical request, refusing to disclose the information on the basis of the exemptions at section 29(1)(a), 29(1)(b), 36(2)(c) and 43(2) of FOIA. This time, they refused to reply to the request citing section section 14(2). Not on, said ICO:

the DWP can only rely on section 14(2) if, inter alia, it had previously complied with the same or substantially similar request by supplying the requested information to the complainant or confirming it was not held

As the previous request had resulted in the applications of exemptions to refuse disclosure, section 14(2) was not engaged. This was despite the fact that – as DWP pointed out – a previous ICO decision notice had actually said that its position was that

the term ‘previously complied with a request for information’ refers to whether an authority has responded to the previous requests by either providing information or by issuing a refusal notice (emphasis added)

ICO explained this discrepancy by saying first, they were not bound by previous decisions, and second, that the earlier decision was “erroneous” and contrary to their own guidance.

I suspect the ICO are drawing a distinction between the concepts of “complying with a request” (i.e. fulfilling it) and “complying with FOIA obligations”. and I’m not completely sure I’m in disagreement with the ICO’s settled position. But I think I am, if only because, followed to its logical extension, we would be saying that a public authority has not “complied” with any request for information, if it has validly applied exemptions and refused to disclose the information. This lacks logic: it will be interesting to see if DWP appeal.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with..

22 Comments

Filed under Freedom of Information, Information Commissioner

FOI, data protection and rogue landlords 

On 23rd July the Chartered Institute of Environmental Health (CIEH), in conjunction with the Guardian, published a database of landlords who have been convicted of offences under the Housing Act 2004. This showed, for example, that one landlord has been prosecuted seven times for issues relating to disrepair and poor state of properties rented out. It also showed apparent regional discrepancies regarding prosecutions, with some councils carrying out only one prosecution since 2006.

This public interest investigative journalism was, however not achieved without a fight: in September last year the information Commissioners office (ICO) issued a decision notice finding that the journalists request for this information had been correctly refused by the Ministry of Justice on the grounds that the information was sensitive personal data and disclosure under the Freedom of Information Act 2000 (FOIA) would contravene the MoJ’s obligations under the Data Protection Act 1998 (DPA). Section 40(2) of FOIA provides that information is exempt from disclosure under FOIA if disclosure would contravene any of the data protection principles in Schedule One of the DPA (it also provides that it would be exempt if disclosure would contravene section 10 of the DPA, but this is rarely invoked). The key data protection principle is the first, which says that personal data must be processed fairly and lawfully, and in particular that the processing must meet one of the conditions in Schedule Two, and also – for sensitive personal data – one of the conditions in Schedule Three.

The ICO, in its decision notice, after correctly determining that information about identifiable individuals (as opposed to companies) within the scope of the request was sensitive personal data (because it was about offences committed by those individuals) did not accept the requester’s submission that a Schedule Three condition existed which permitted disclosure. The only ones which could potentially apply – condition 1 (explicit consent) or condition 5 (information already made public by the individual) – were not engaged.

However, the ICO did not at the time consider the secondary legislation made under condition 10: the Data Protection (Processing of Sensitive Personal Data) Order 2000 provides further bases for processing of sensitive personal data, and, as the the First-tier Tribunal (Information Rights) (FTT) accepted upon appeal by the applicant, part 3 of the Schedule to that Order permits processing where the processing is “in the substantial public interest”, is in connection with “the commission by any person of any unlawful act” and is for journalistic purposes and is done with a “view to the publication of those data by any person and the data controller reasonably believes that such publication would be in the public interest”. In fairness to the ICO, this further condition was identified by them in their response to the appeal.

In this case, the information was clearly sought with a view to the future publication in the CIEH’s Magazine, “Environmental Health News” and the requester was the digital editor of the latter. This, the FTT decided, taken with the (objective) substantial public interest in the publication of the information, was sufficient to make disclosure under FOIA fair and lawful. In a passage (paras 28-30) worth quoting in full the FTT said

Unfit housing is a matter of major public concern and has a significant impact on the health of tenants.  The Housing Act is a key mechanism for local authorities to improve housing standards and protect the health of vulnerable tenants.  One mechanism for doing this is by means of prosecution, another is licensing schemes for landlords.  Local authorities place vulnerable families in accommodation outside their areas tenants seek accommodation, The publication of information about convictions under the Housing Act would be of considerable value to local authorities in discharge of their functions and assist prospective tenants and those assisting them in avoiding landlords with a history of breaches of the Housing Act.

The sanctions under the Housing Act are comparatively small and the  opprobrium of a conviction may well not rank with other forms of criminal misbehaviour, however the potential for harm to others from such activity is very great, the potential for financial benefit from the misbehaviour is also substantial.  Breaches of the Housing Act are economically motivated and what is proposed is a method of advancing the policy objective of the Housing Act by increasing the availability of relevant information to key actors in the rented housing market – the local authorities as regulator and purchaser and the tenants themselves.  Any impact on the data subjects will overwhelmingly be on their commercial reputations rather than more personal matters.

The Tribunal is therefore satisfied that not only is the disclosure of this information in the substantial public interest, but also any reasonably informed data controller with  knowledge of the social needs and the impact of such disclosure would so conclude.

It is relatively rare that sensitive personal data will be disclosed, or ordered to be disclosed, under FOIA, but it is well worth remembering the 2000 Order, particularly when it comes to publication or proposed publication of such data under public interest journalism.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with..

Leave a comment

Filed under Data Protection, Freedom of Information, Information Commissioner, Information Tribunal, journalism, Open Justice

Porsches, farts and environmental information

A quick post on what I think is a rather remarkable Information Tribunal ruling.

The First-tier Tribunal (Information Rights) (“FTT”) has recently handed down a judgment on a case relating to a request for information sent to the Driver and Vehicle Standards Agency (DVSA) about a safety evaluation of an apparent throttle malfunction in the Porsche Cayman. The request was refused by DVSA on the grounds that section 44 of the Freedom of Information Act 2000 (FOIA) provided an absolute exemption to disclosure, by way of existing restrictions on disclosure of this kind of information within the Enterprise Act 2002. Upon appeal, the Information Commissioner’s Office (ICO) upheld this refusal (pointing out that in fact the correct public authority was not the DVSA, but rather the Department of Transport, of which DVSA is an executive agency).

However, when the request exercised his right of appeal to the FTT, he introduced an argument that in fact the proper regime under which his request should have been considered was the Environmental Information Regulations 2004 (EIR) rather than FOIA, on the grounds that his request concerned an activity that directly affected the environment, namely an activity to regulate vehicle noise emissions. The ICO resisted this, on the basis that

the disputed information concerned a safety test of a certain vehicle “which is not an activity which affects, or is likely to affect, the elements and factors described in Regulation 2(1)(a) or (b) EIR”

This in itself was an interesting argument, touching on issues regarding the Glawischnig remoteness test. This refers to the judgment of the Court of Justice of the European Union in the 2003 case C-316/01 (Eva Glawischnig and Bundesminister für soziale Sicherheit und Generationen) which, observing that Article 2(a) of Directive 90/313 (to which the EIR give UK domestic effect)

classifies information relating to the environment within the meaning of that directive in three categories: information on the state of water, air, soil, fauna, flora, land and natural sites (‘the first category’), information on activities or measures affecting or likely to affect those environmental factors (‘the second category’), and information on activities or measures designed to protect those factors (‘the third category’)

said that

Directive 90/313 is not intended…to give a general and unlimited right of access to all information held by public authorities which has a connection, however minimal, with one of the environmental factors mentioned in Article 2(a). To be covered by the right of access it establishes, such information must fall within one or more of the three categories set out in that provision. [Emphasis added]

However, the FTT in the instant case decided, contrary to the positions of all the parties that “the safety test in this case is not an activity, which can be said to affect the elements of the environment” (the appellant was arguing essentially that “his request concerned an activity that directly affected the environment, namely an activity to regulate vehicle noise emissions”), the EIR were engaged merely because the safety test first required a car to be started, which by extension meant that started engine would produce emissions:

in order to test the issue complained of (i.e. the vehicle throttle response under specific conditions) the vehicle must be driven, or at the very least the engine must be running.
Consequently, by conducting the safety test:
– the DVSA caused emissions by driving the vehicle (r.2(1)(b));
– at the very least those emissions affected the air (r.2(1)(a));
– they did so through a measure (a safety test) which was likely to affect the elements (air) (r.2(1)(c));

But following this argument, the EIR would tend give the public, pace the ruling of the CJEU in Glawischnig, “a general and unlimited right of access to all information held by public authorities which has a connection, however minimal, with [the environment]”? Information, say, held by the DVLA on the number of people who passed their driving test first time would be environmental because by running the driving test the DVLA caused emissions by requiring the tester to drive the car, at the very least those emissions affected the air and they did so through a measure (a driving test) which was likely to affect the elements (air). Or consider DEFRA conducting TB tests on cattle – in order to conduct the test the inspector must travel to a farm, and by doing so DEFRA cause emissions by causing a vehicle to be driven (or a train ride to be taken etc). At the very least those emissions affect the air, and they do so through a measure which is likely to affect the elements (air). Or this: in order to deliver mail, the Royal Mail must drive vehicles which cause emissions. At the very least those emissions affect the air, and they do so through a measure (their policy to use motor vehicles to deliver the mail) which is likely to affect the elements.

What next? Is information on the statement about the benefits of dietary fibre in the human diet environmental information, because by giving it the Department of Health caused more farts (emissions) which affect the air through a measure (the statement) which was likely to affect the (elements) air?

Maybe I’m being silly, but I don’t think I am. Rather, I think the FTT are, and I wonder if the judgment will be appealed.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with..

4 Comments

Filed under Environmental Information Regulations, Freedom of Information, Information Tribunal

Talk on the future of FOI

Mostly because I haven’t posted much on this blog recently, I’m uploading a version of a talk I gave at the recent conference of the National Police Chiefs Council (NPCC). I was asked to talk, alongside FOIKid Bilal Ghafoor, and tribunal judge David Farrer QC, about what the teenage years of the Freedom of Information Act 2000 might look like. After I’d reflected on this, I ended up rather more optimistic than I expected. YMMV, as they say.

Before I talk about the future, and FOI as it enters those awkward teenage years, I wanted to reflect a bit on its early infanthood. Has it achieved what it was hoped it would achieve? Has it worked well?

As is sometimes overlooked, Parliament declined to enact a purpose clause into the 2000 Freedom of Information Act (against the urging of the then Information Commissioner Elizabeth France). So when we talk about whether FOIA has achieved its aims, we are, to an extent, second guessing what Parliament intended. However, in 2012 the Justice Committee conducted post-legislative scrutiny of FOIA, and the Ministry of Justice (drawing on the original White Paper which preceded the Act) identified four objectives for it:

  • openness and transparency;
  • accountability;
  • better decision making;
  • and public involvement in decision making, including increased public trust in decision making by government

And the committee felt that FOIA has achieved the first three but the secondary objective of enhancing public confidence in Government had not been achieved, and was unlikely to be achieved.

And I think this is broadly right: we have seen more openness and transparency – when working well together FOIA feeds into the Transparency Agenda and vice versa. Huge amounts of public sector information have been made available where once it wasn’t. And with openness and transparency come, or should come more accountability and better decision making. But that final objective, involving increasing public trust in decision making, has almost been achieved in the negative – and that is partly to do with how the public hear about FOIA. Many, probably most, major FOIA stories run by the media almost inevitably involve scandal or highlight wasteful practice, and often go hand in hand with litigation aimed at preventing disclosure. The MPs expenses scandal was one of FOIA’s major victories (although, let us not forget, it was a leak to the Telegraph, rather than a final FOIA disclosure, that led to the full details coming out) but while it enhanced FOIA’s status, it’s hard to say it did anything but greatly damage public trust in government, and more widely, politicians.

But the Justice Committee report identified something else, and something very relevant when we start to look to the future of FOIA. It stated that “the right to access public sector information is an important constitutional right” – something which Lady Justice Arden also recognised in her recent Court of Appeal judgment in the Dransfield case. And when something is identified as part of our constitution, it becomes pretty hard to remove it, or amend it to any great extent. The Conservative government appear to be experiencing this at the moment, as their plans to repeal the Human Rights Act have been stalled. The Human Rights Act can also be said to have achieved constitutional status – by incorporating the European Convention on Human Rights into the domestic law of the UK, it represented a major shift in how individual rights are protected under British law. It may well end up being the case that the only way the Act could be repealed would be by replacing it with something essentially the same (or by pulling out of the Convention, and pulling out of Europe) and even then, as Lord Bingham said

“Which of these rights…would we wish to discard? Are any of them trivial, superfluous, unnecessary? Are any them un-British?”

The rights enshrined in the European Convention are fundamental, and they’re not going to go away, and when one considers that one of them – Article 10 – contains not just the right to freedom of expression, but the right to receive and impart information (subject to necessary and lawful conditions) one can begin to perceive that a Freedom of Information Act helps give effect to this fundamental right.

A majority of the Supreme Court, in the Kennedy judgment last year, went even further, and said that a (qualified) right to receive information from a public authority was not just enshrined in the Convention Rights, but existed (and always has existed) under the Common Law.

What I’m saying, by going off on a somewhat legalistic tangent, is that the right to request and receive public sector information is so fundamentally embedded in our legal and constitutional landscape, that I don’t see any realistic challenge to the principle (and I doubt any of you would). But it also means that any tinkering with the right becomes correspondingly difficult. And this is why although I think FOI will have some teenage tantrums, it won’t have a huge teenage meltdown and emerge from its bedroom a completely different individual.

But with that important caveat, what might we see?

Well, under Francis Maude in the Cabinet Office and Chris Grayling at the Ministry of Justice (although Lib Dem Simon Hughes had the actual FOI brief) we saw significant strides, and a lot of fine words, about the importance of transparency, with Maude even saying in 2012

“I’d like to make Freedom of Information redundant, by pushing out so much data that people won’t have to ask for it”

But they have all gone on to other things – Maude to the Lords, Grayling to Leader of the Commons and Simon Hughes back to his day job, after losing his seat last month. Will this lead to changes? Well, still very much in post is David Cameron, and he has spoken before about his concerns about FOI “furring up the arteries of government” and of FOI’s “buggeration factor”, which doesn’t bode well for those of us who support the Act. And minister with responsibility for FOI (under Michael Gove as Justice Secretary) is Dominic Raab. Raab is strong on civil liberties and is known to be a frequent user of FOI in his parliamentary and constituency work. One of his targets was the Police Federation – in 2011 he sent requests to all forces asking for figures on the number of police staff working full-time for the Federation. But Gove is reputed not to be so keen on FOI – indeed, in 2011 his then Department of Education was found to have used private email accounts to conduct government business, apparently in the belief that this took them outside FOIA.

It does seem clear that any changes to FOIA are not high on the government’s list of priorities: there was nothing in the Conservatives’ election manifesto, and there have been no obvious pronouncements in the early days.

For a flavour though of what might be on the cards it’s instructive to go back to the government response to the post-legislative scrutiny. On the subject of FOI cost limits there was a suggestion that further factors might be taken into account – so, added to the costs of locating and retrieving information it might become possible to take into account consideration and redaction time. This could have more profound effects that is immediately apparent – as most of you will know, those two activities can take up a large amount of time, and if that change were brought in I think we would see a huge increase in cost refusals.

Another related suggestion was that for costs purposes requests from the same person or group of persons could be aggregated EVEN where there was no similarity between the subject of the requests. It is not hard to see how this would be devastating for some journalists who make use of FOI.

And a further suggestion was the introduction of fees for appealing a case to the Information Tribunal. This would be unlikely to affect public authorities, but requesters could well be dissuaded. No doubt some of those would be the more speculative, persistent or frivolous of requesters, but I would be concerned that some well-intentioned requesters would decide not to exercise their rights if such a change were made.

On the more “pro-FOI” side, we are likely to see further public authorities made subject to FOIA. ACPO of course came in in 2012, Network Rail this year, and Theresa May has made clear that she would like to see the Police Federation covered.

But also discussions need to be had about the extent to which private contractors performing public functions are caught by FOI. The government has previously indicated that it thinks this can be achieved through appropriate contractual provisions, but I’m dubious – without a clear legal obligation, and associated enforcement mechanism, I struggle to see why this would happen.

So, despite my optimism that the fundamental principles of FOI are now constitutionally embedded, I don’t necessarily think there will be no changes. But I continue to think they will be essentially minor, and this is because I think there is a further factor which protects those fundamental principles. As I said, Dominic Raab has traditionally used FOI to gather information to better help him in his job. And thousands and thousands of other people do so. Journalists are the most obvious example (and when it comes to defenders of the right to receive information you couldn’t ask for a more vocal group) but campaign groups, other public authorities, academics and private citizens do so. And for this reason FOI is popular. Unlike the Human Rights Act there are no (or very few – I don’t know of any) journalists campaigning for FOIA’s repeal. Politicians don’t campaign on a platform of opposition to the right to receive public information.

FOI does promote better openness and transparency; better accountability; better decision making, and even if it hasn’t yet, and probably never will, improve the public trust in government decision-making, one thing which would further destroy that trust would be changes to make public authorities less accountable. And the media and campaigners would be lined up to make the point vociferously.

FOI may, in its teenage years, suffer from its own equivalent of angst, anger and acne, but it will have strong friends to support it.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with..

4 Comments

Filed under Freedom of Information, transparency

Is an FOI request from an investigative journalist ever vexatious?

Last week, in the Court of Appeal, the indefatigable, if rather hyperbolic, Mr Dransfield was trying to convince three judges that his request, made long ago, to Devon County Council, for information on Lightning Protection System test results relating to a pedestrian bridge at Exeter Chiefs Rugby Ground, was not vexatious. If he succeeds in overturning what was a thorough, and, I think, pretty unimpeachable ruling in the Upper Tribunal, then we may, at last, have some finality on how to interpret section 14(1) of the Freedom of Information Act 2000 (FOIA):

a public authority [is not obliged] to comply with a request for information if the request is vexatious

But what is certain is that the Court of Appeal will not hand down a ruling which would allow a public authority to feel able merely to state that a request is vexatious, and do nothing more to justify reliance on it. But that is what the Metropolitan Police appear to have done in an extraordinary response to FOIA requests from the Press Gazette. The latter has been engaging in a campaign to expose what it believes to be regular use of surveillance powers to monitor or investigate actions of journalists. This is both a serious subject and a worthy campaign. Investigative journalism, by definition, is likely to involve the making of enquiries, sometimes multiple ones, sometimes speculative, “to discover the truth and to identify lapses from it”. It is inevitable that an investigative journalist will from time to time need to make use of FOIA, and the Information Commissioner’s Office (ICO) advises that

[public] authorities must take care to differentiate between broad requests which rely upon pot luck to reveal something of interest and those where the requester is following a genuine line of enquiry

The ICO doesn’t (and couldn’t) say that a FOIA request from an investigative journalist could never be classed as vexatious, but I think the cases when that would happen would be exceptional. The Upper Tribunal ruling by Wikeley J that Mr Dransfield is seeking to overturn talked of “vexatious” as connoting

a manifestly unjustified, inappropriate or improper use of a formal procedure

and

It may be helpful to consider the question of whether a request is truly vexatious by considering four broad issues or themes – (1) the burden (on the public authority and its staff); (2) the motive (of the requester); (3) the value or serious purpose (of the request) and (4) any harassment or distress (of and to staff)

although it was stressed that these were neither exhaustive, nor a “formulaic checklist”.

It is difficult to imagine that the motive of the Press Gazette journalists can be anything but well-intended, and similarly difficult to claim there is no value or serious purpose to the request, or the other requests which need to be considered for context. Nor has there been, as far as I am aware, any suggestion that the requests have caused Met staff any harassment or distress. So we are (while noting and acknowledging that we are not following a checklist) only likely to be talking about “the burden on the public authority and its staff”. It is true that some requests, although well-intentioned and of serious value, and made in polite terms, have been accepted either by the ICO or the First-tier Tribunal (FTT), as being so burdensome to comply with that (even before considering whether FOIA costs limits are engaged) they merit rejection on vexatiousness grounds. In 2012 the FTT upheld an appeal from the Independent Police Complaints Commission, saying that

A request may be so grossly oppressive in terms of the resources and time demanded by compliance as to be vexatious, regardless of the intentions or bona fides of the requester. If so, it is not prevented from being vexatious just because the authority could have relied instead on s.12 [costs limits]

and last year the FTT similarly allowed a late submission by the Department of Education that a request from the journalist Laura McInerney for information about Free School applications was vexatious because of the burden it would impose:

There is no question here of anything in the tone of the request tending towards vexatiousness; nor does anyone doubt Ms McInerney’s genuine motives…There is value in openness and transparency in respect of departmental decision making. That value would be increased by the academic scrutiny which the disclosed material would receive…In our judgment, however, these important considerations are dwarfed by the burden which implementation of the request places on DFE.

But it does not appear that the request in question from the Press Gazette was likely to go any way towards being grossly oppressive, or to being a burden which would “dwarf” the other considerations.

Moreover, and it does not appear to have been a point argued in the DfE case, there is an argument, explored through a series of cases in the Court of Justice of the European Union, and, domestically, in the Supreme Court, in Kennedy v ICO and Charity Commission, that Article 10 of the European Convention on Human Rights, providing as it does in part a right “to receive and impart information and ideas without interference by public authority” (subject to limitations that are prescribed by law, necessary and proportionate, and pursue a legitimate aim) might sometimes need to read down into FOIA, particularly where a journalist is the requester. Although the Supreme Court, by a majority, and on the facts (specifically in the context of a FOIA absolute exemption), rejected the submission in Kennedy, the argument in the abstract still has some weight – someone engaging in investigative journalism is clearly generally acting as a “social watchdog”, and the likelihood that they are making a FOIA request with bad motives, or without serious purpose, or in a way likely to harass or cause distress is correspondingly low. It seems to me that, absent the sort of “excessive burden” argument explored in the IPCC and DfE cases – and, as I say, the Met don’t seem to have advanced any such argument – to label a request from an investigative journalist as vexatious is to stand at the top of a slippery slope. One hopes that the Met review and reverse this decision.

p.s. In a world in which we are all journalists, this all has the potential to get very complicated.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

149 Comments

Filed under Article 10, Freedom of Information, journalism, police

The ICO and records management

The Tribunal is an unusual position in respect of this Appeal…”

The Freedom of Information Act 2000 (FOIA) requires a public authority, when someone makes a request for information, to say whether or not it holds it, and if it does, to disclose that information to the requester (subject to the application of any exemption). But what if it doesn’t know whether it holds it or not? What if, after it has said it can’t find the information, and after the Information Commissioner’s Office (ICO) has accepted this and issued a decision notice upholding the authority’s approach, it then discovers it held it all along? This is the situation the First-tier Tribunal (FTT) recently found itself faced with.

The facts of the case are relatively complex, but the issues turned on whether briefing notes, prepared for the Mayor of Doncaster Metropolitan Borough Council (DMBC) in the lead-up to a decision to withdraw funding for DMBC’s United Nations Day, could be found. The ICO had determined, in Decision Notice FS50503811 that

Ultimately the Commissioner had to decide whether a set of briefing notes were held by the Council. His decision, on the balance of probabilities, is that it does not

The requester appealed to the FTT, which, after initially considering the matter on the papers, ordered an oral hearing because of some apparent inconsistencies in DMBC’s evidence (I have to be frank, what exactly these were is not really clear from the FTT’s judgment (at paragraph 27). However, prior to that oral hearing DMBC located the briefing notes in question, so

the focus of the oral hearing was limited simply to establishing whether, at the time of the information request by the Appellant, DMBC knew that it held the information in the light of the searches that it had made in response to the Information Commissioner’s enquiries prior to his issuing the Decision Notice

In determining that it was satisfied that DMBC did not know, at the time of the request, that it held the information, the FTT was swayed by the fact that DMBC “even during the Information Commissioner’s enquiries, DMBC had maintained it had nothing to gain from ‘hiding’ the briefing notes” but also by the fact that DMBC owned up to poor records management practice in the period leading up to the request

In many senses it is more embarrassing for DMBC now to admit the truth that it had, historically, an unreliable and ineffective Records Management system than to continue to maintain that it could not find the requested information

It doesn’t surprise me that the FTT found as it did. What does surprise me, however, is that records management is not given a greater focus by the ICO. Although FOIA is not, primarily, a records management act, it does contain provisions relating to records management. Powers do exist both to help improve practice both generally (through guidance) and specifically (through the use of practice recommendations). As I’ve written before

section 46 of FOIA [requires] the Lord Chancellor to issue a code of practice for management of records. Section 9 of that Code deals with the need to keep records in systems that enable records to be stored and retrieved as necessary, and section 10 with the need to know what records are held and where they are.

Under section 47 of FOIA the [ICO] must promote the following of good practice by public authorities and perform his functions so as to promote the observance by authorities of the section 46 Code, as well as the requirements of the Act in general. And under section 48 he may issue a “practice recommendation” if it appears to him that the authority has not conformed with the section 46 Code. In investigating compliance with the Code he has the power (section 51) to issue an “information notice” requiring the authority to furnish him with the information. Failure to comply with an information notice can, ultimately, constitute contempt of court.

I appreciate that the ICO has a lot on its hands, but good records management is so very integral not just to good FOIA compliance, but also to good compliance with the other major statute the ICO oversees – the Data Protection Act 1998. Greater focus on records management could drive better overall compliance with information rights law.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

1 Comment

Filed under Data Protection, Freedom of Information, Information Commissioner, records management

FOI vs Transparency debate

Yesterday, after attending a fascinating and in-depth briefing from Network Rail on their journey towards being subject to the Freedom of Information Act 2000, I was privileged to appear on a panel debating “In a world of Freedom of Information, does voluntary transparency still matter?” Although rather daunted by the illustrious fellow panel members – the Campaign for Freedom of Information‘s Maurice Frankel, the Guardian’s Jane Dudman and Sir Alex Allan KCB1 – I delivered a short address on the subject (as did those others). Perhaps unsurprisingly, the panel were unanimous in feeling that voluntary transparency does still matter in a world of FOI, but, just as importantly, that voluntary transparency does not and should not make FOI redundant. This is broadly what I said, with added hyperlinks:

A very wise man called Tim Turner once wrote: “The point of FOI is that you get to ask about what YOU want to know, not what The Nice Man Wants To Tell You”. And this I think is the key point which distinguishes the access rights afforded to individuals under Freedom of Information and related legislation, from the transparency agenda which has led to the UK government again this week being pronounced the most open and transparent in the world, by Tim Berners Lee’s World Wide Web Foundation.

At the same time as that first place was announced, cynics amongst us might have pointed to the fact that in the 2013 Global Right to Information Ratings compiled by Access Info and the Canadian Centre for Law and Democracy, the UK was in 29th place, behind countries like Kyrgyzstan and Sierra Leone.

There’s clearly a gap in perception there, and one that is not simply explained away by questions about methodology.

In 2012 Francis Maude said “I’d like to make Freedom of Information redundant, by pushing out so much data that people won’t have to ask for it”. While this is in some ways a laudable aim, it is simply never going to wash: there will always be some information which Mr Maude doesn’t want disclosed, but which I, or, you, or someone else, does (to illustrate this one only has to look at how regularly the Cabinet Office claims FOI exemptions and refuses to disclose).

By the same token Network Rail, who have disclosed an impressive amount of valuable data over recent years, would not, I am sure, pretend that they expect only ever to disclose information in response to FOI requests, when they come under the Act’s coverage in a few months. There will clearly be information which they will not be able to disclose (and for perfectly valid reasons).

The transparency agenda cannot simply sweep away concerns about disclosure of commercially sensitive information, or of personal data, or of information which might prejudice national security. But there will always be people who want this information, and there will always be the need for a legal framework to arbitrate disputes about disclosure, and particularly about whether the public interest favours disclosure or not.

And, as a brief aside, I think there’s an inherent risk in an aggressive, or, rather, enthusiastic, approach to publication under a transparency agenda – sometimes information which shouldn’t be published does get published. I have seen some nasty erroneous, and even deliberate, disclosures of personal data within Open Datasets. The framework of FOI should, in principle at least, provide a means of error-checking before disclosure.

When FOI was in its infancy we were assured that effective and robust publication schemes would ultimately reduce the amount of time spent dealing with FOI requests – “Point them to the publication scheme” we were told…While I am sure that, on some level, this did transpire, no one I have spoken to really feels that proactive publication via a publication scheme has led to a noticeable decrease in FOI requests. And I think the same applies with the Transparency Agenda – as much as Mr Maude would like to think it will make FOI redundant, it has, and will continue to have, only a minor effect on the (necessary) burden that FOI places on public authorities.

I do not think we are going to see either the Transparency Agenda dispense with FOI, nor FOI dispense with the Transparency Agenda: they are, if not two sides of the same coin, at least two different coins in the same purse. And we should always bear in mind that public scrutiny of public authorities is not just about what the Nice Man Wants To Tell You, but is equally about what the Nasty Man Doesn’t Want To Tell You.

1I’m delighted to see from his Wikipedia entry that Sir Alex is a huge Grateful Dead fan, and that further research suggests that this isn’t just Wikipedian inaccuracy

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

1 Comment

Filed under Freedom of Information, transparency

Chris Graham and the cost of FOI tribunals

When Information Commissioner (IC) Christopher Graham speaks, people listen. And so they should: he is the statutory regulator of the Freedom of Information Act 2000 (FOIA) whose role is “to uphold information rights in the public interest”. A speech by Graham is likely be examined carefully, to see if it gives indications of future developments, and this is the reason I am slightly concerned by a particular section of his recent speech at an event in Scotland looking at ten years of the Scottish FOI Act.

The section in question dealt with his envy of his Scottish counterparts. They, he observed, have relatively greater resources, and the Scottish Information Commissioner, unlike him, has a constitutional status that bolsters her independence, but also he envied

the simple and straightforward appeals mechanism in the Scottish legislation. The Scottish Commissioner’s decision is final, subject only to an appeal to the Court of Session on a point of law.

By contrast, in England, Wales and Northern Ireland, under section 57 of FOIA, there is a right of appeal to a tribunal (the First-tier Tribunal (Information Rights)). Under section 58(2) the Tribunal may review any finding of fact by the IC – this means that the Tribunal is able to substitute its own view for that of the commissioner. In Scotland, by contrast, as Graham indicates, the commissioner’s decision is only able to be overturned if it was wrong as a matter of law.

But there is another key difference arising from the different appellate systems: an appeal to the Tribunal is free, whereas in Scotland an application to the Court of Session requires a fee to be paid (currently £202). Moreover, a court is a different creature to a tribunal: the latter aims to “adopt procedures that are less complicated and more informal” and, as Sir Andrew Leggatt noted in his key 2001 report Tribunals for Users: One System, One Service

Tribunals are intended to provide a simple, accessible system of justice where users can represent themselves

It is very much easier for a litigant to represent herself in the Information tribunal, than it would be in a court.

Clearly, the situation as it currently obtains in England, Wales and Northern Ireland – free right of appeal to a Tribunal which can take a merits view of the case – will lead to more appeals, but isn’t that rather the point? There should be a straightforward way of challenging the decisions of a regulator on access to information matters. Graham bemoans that he is “having to spend too much of my very limited resources on Tribunals and lawyers” but I could have more sympathy if it was the case that this was purely wasted expenditure – if the appeals made were futile and changed nothing – but the figures don’t bear this out. Graham says that this year there have been 179 appeals; I don’t know where his figures are from, but from a rough totting-up of the cases listed on the Tribunal’s website I calculated that there have been about 263 decisions promulgated this year, of which 42 were successful. So, very far from showing an appeal to be a futile exercise, these figures suggest that approximately 1 in 5 was successful (at least in the first instance). What is also notable though, is the small but significant number of consent orders – nine this year. A consent order will result where the parties no longer contest the proceedings, and agree on terms to conclude them. It is speculation on my part but I would be very interested to know how many of those nine orders resulted from the IC deciding on the arguments submitted that his position was no longer sustainable.

What I’m getting at is that the IC doesn’t always get things right in the first instance; therefore, a right of appeal to an independent fact-finding tribunal is a valuable one for applicants. I think it is something we should be proud of, and we should feel sorry for FOI applicants in Scotland who are forced into court litigation (and proving an error of law) in order to challenge a decision there.

Ultimately, the clue to Graham’s disapproval of the right of appeal to Tribunal lies in the words “limited resources”. I do sympathise with his position – FOI regulation is massively underfunded by the government, and I rather suspect that, with better resourcing, Graham would take a different view. But I think his speech was particularly concerning because the issue of whether there should be a fee for bringing a case in the Tribunal was previously raised by the government, in its response to post-legislative scrutiny of FOIA. Things have gone rather quiet on this since, but might Graham’s speech herald the revival of such proposals?

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

2 Comments

Filed under access to information, Freedom of Information, Information Commissioner, Information Tribunal

Hidden data in FOI disclosures

The Hackney Gazette reports that details of 15,000 residents have been published on the internet after Hackney Council apparently inadvertently disclosed the data when responding to a Freedom of Information (FOI) request made using the WhatDoTheyKnow site.

This is not the first time that such apparently catastrophic inadvertent disclosures have happened through WhatDoTheyKnow, and, indeed, in 2012 MySociety, who run the site, issued a statement following a similar incident with Islington Council. As that made clear

responses sent via WhatDoTheyKnow are automatically published online without any human intervention – this is the key feature that makes this site both valuable and popular

It is clearly the responsibility of the authorities in question to ensure that no hidden or exempt information is included in FOI disclosures via WhatDoTheyKnow, or indeed, in FOI disclosures in general. A failure to have appropriate organisational and technical safeguards in place can lead to enforcement action by the Information Commissioner’s Office for contraventions of the Data Protection Act 1998 (DPA): Islington ended up with a monetary penalty notice of £70,000 for their incident, which involved 2000 people. Although the number of data subjects involved is not the only factor the ICO will take into account when deciding what action to take, it is certainly a relevant one: 15000 affected individuals is a hell of a lot.

What concerns me is this sort of thing keeps happening. We don’t know the details of this incident yet, but with such large numbers of data subjects involved it seems likely that it will have involved some sort of dataset, and I would not be at all surprised if it involved purportedly masked or hidden data, such as in a pivot table [EDIT – I’m given to understand that this incident involved cached data in MS Excel]. Around the time of the Islington incident the ICO’s Head of Policy Steve Wood published a blog post drawing attention to the risks. A warning also takes the form of a small piece on a generic page about request handling, which says

take care when using pivot tables to anonymise data in a spreadsheet. The spreadsheet will usually still contain the detailed source data, even if this is hidden and not immediately visible at first glance. Consider converting the spreadsheet to a plain text format (such as CSV) if necessary.

This is fine, but does it go far enough? Last year I wrote on the Guardian web site, and called for greater efforts to be made to highlight the issue. I think that what I wrote then still holds

The ICO must work with the government to offer advice direct to chief executives and those reponsible for risk at councils and NHS bodies (and perhaps other bodies, but these two sectors are probably the highest risk ones). So far these disclosure errors do not appear to have led to harm to those individuals whose private information was compromised, but, without further action, I fear it is only a matter of time.

Time will tell whether this Hackney incident results in a finding of DPA contravention, and ICO enforcement, but in the interim I wish the word would get spread around about how to avoid disclosing hidden data in spreadsheets.

The views in this post (and indeed all posts on this blog) are my personal ones, and do not represent the views of any organisation I am involved with.

3 Comments

Filed under Data Protection, Freedom of Information, Information Commissioner, monetary penalty notice

The Twelve Days of FOI Christmas

For fans of contrived, awful-punning seasonal blog posts that take 20 times longer to write than you imagined when you started, I present…

On the first day of Xmas FOI revealed to me…cartridges for the army

On the second day of Xmas FOI revealed to me two turtle docs and cartridges for the army

On the third day of Xmas FOI revealed to me 3 pinched hens*, two turtle docs and cartridges for the army

On the fourth day of Xmas FOI revealed to me four NADPO nerds, 3 pinched hens, two turtle docs and cartridges for the army

On the fifth day of Christmas FOI revealed to me FIVE GOLD THINGS, four NADPO nerds, 3 pinched hens, two turtle docs and cartridges for the army

On the sixth day of Christmas FOI revealed to me Six Tree Inspections, FIVE GOLD THINGS, four NADPO nerds, 3 pinched hens, two turtle docs and cartridges for the army

On the seventh day of Christmas FOI revealed to me Seven Dons-a-Sinning, Six Tree Inspections, FIVE GOLD THINGS, four NADPO nerds, 3 pinched hens, two turtle docs and cartridges for the army

On the eighth day of Christmas FOI revealed to me Eight-year-olds Bilking, Seven Dons-a-Sinning, Six Tree Inspections, FIVE GOLD THINGS, four NADPO nerds, 3 pinched hens, two turtle docs and cartridges for the army

On the ninth day of Christmas FOI revealed to me Nine  Babies’ chances, Eight-year-olds Bilking, Seven Dons-a-Sinning, Six Tree Inspections, FIVE GOLD THINGS, four NADPO nerds, 3 pinched hens, two turtle docs and cartridges for the army

On the tenth day of Christmas FOI revealed to me Ten Lords-a-Judging, Nine Babies’ chances, Eight-year-olds Bilking, Seven Dons-a-Sinning, Six Tree Inspections, FIVE GOLD THINGS, four NADPO nerds, 3 pinched hens, two turtle docs and cartridges for the army

On the eleventh day of Christmas FOI revealed to me Eleven-plus deciding,Ten Lords-a-Judging, Nine Babies’ chances, Eight-year-olds Bilking, Seven Dons-a-Sinning, Six Tree Inspections, FIVE GOLD THINGS, four NADPO nerds, 3 pinched hens, two turtle docs and cartridges for the army

On the twelfth day of Christmas FOI revealed to me Twelve-Tonne Containers, Eleven-plus deciding,Ten Lords-a-Judging, Nine Babies’ chances, Eight-year-olds Bilking, Seven Dons-a-Sinning, Six Tree Inspections, FIVE GOLD THINGS, four NADPO nerds, 3 pinched hens, two turtle docs and cartridges for the army

*3 large maram hens, page 9, if you were wondering

Leave a comment

Filed under Freedom of Information, nonsense