PRIVATE EMAILS AND TEXTS SUBJECT TO FOIA

December 15th, 2011 by Robin Hopkins

Following the emergence earlier this year that Department for Education officials had, apparently routinely, used personal email accounts for the conducting of official business, the ICO has considered this issue. It has today issued guidance that many FOI officers and lawyers will find notable, to say the least.

The key points:

  • FOIA applies to official information held in private email accounts when held on behalf of the public authority. So too text messages. This much is obvious from the definition of ‘held’ in s. 3 of FOIA. The question is exactly what this means, and what to do about it.
  • There will be occasions on which, having searched its own systems, the public authority will be expected to ask employees (or contractors etc) to search their personal email accounts/text messages for information described in a FOIA request.
  • The ICO expects such occasions to be ‘rare’. I think this means that the ICO will not expect the public authority to do so simply because a requester asks it to; something more will be required.
  • What is that ‘something more’? The ICO recommends public authorities look out for ‘relevant factors’ which may trigger the duty to ask.
  • These factors include the nature, wording and subject matter of the request.
  • They also include “how the issues to which the request relates have been handled within the public authority”. This may be another way of asking: is the public authority aware that this sort of thing has been going on?
  • Another relevant factor is “by whom and to whom the information was sent and in what capacity, e.g. public servant or political party member”. This is often a blurred line, one imagines. Not sure how this could be scrutinised (other than hacking into private systems, which is not nice, not fashionable and not legal).
  • Public authorities should establish procedures for dealing with such situations.
  • They should keep records of any private email account/text message searches they have requested.
  • Public authorities should remind staff that, where a request for information to which the requester would be entitled has been made, it is a criminal offence to erase or conceal that information with the intention of preventing disclosure (see s. 77 of FOIA).
  • ‘Concealment’ would include denying that anything of an ‘official capacity’ nature is (or, at the time of the request, was) in one’s private email inbox or text message folder.
  • Public authorities should tell their employees not to use private channels for official business in the first place.

Panopticon understands from some of its friends in the media that requests aiming at exactly this sort of information were fired off this morning (or earlier this week, in anticipation of the new ICO line).

Meanwhile, a decision on the complaint against the Department for Education is in the pipeline.

Panopticon will be keeping its Benthamite eye on how these matters unfold.

Robin Hopkins

Tags: , , , ,
Posted in INFORMATION LAW | Comments Off

GASKELL: COMMISSIONER CAN, IN EXCEPTIONAL CIRCUMSTANCES, DECLINE TO ORDER DISCLOSURE

July 22nd, 2011 by Robin Hopkins

In my recent post on Sittampalam v IC and BBC (EA/2010/0141), I explained that the Tribunal took the view that the Commissioner does have a discretion to decline to order disclosure, even where information was incorrectly withheld at the time, due to subsequent developments such as legislative changes, inquiries or court proceedings and so on. In so doing, that Tribunal differed from the decision in Gaskell v IC (EA/2010/0090), where it was held that no such discretion existed.

The Upper Tribunal (UT Judge Wikeley) has this week allowed an appeal against the Gaskell decision, meaning that the Sittampalam position has now been confirmed as correct. The issue is put succinctly at paragraph 10 of UT decision GIA 3016 2010:

“The reasoning in the Commissioner’s Decision Notice can be summarized simply. Section 44(1)(a) of FOIA provides an absolute exemption where disclosure by the public authority holding it “is prohibited by or under any enactment”. Section 18(1) of CRCA [Commissioners for Revenue and Customs Act] 2005 provides that “Revenue and Customs officials may not disclose information which is held by the Revenue and Customs in connection with a function of the Revenue and Customs.” Section 18(1) did not apply to the Rent Service at the time that Mrs Gaskell made her original request. However, by the time of his Decision Notice, Rent Service staff had become HMRC officials. If the Commissioner were to order disclosure, those staff would be contravening section 18 of CRCA 2005.”

The First-Tier Tribunal found that the Commissioner has no discretion to decline to order disclosure in such circumstances (and that if he did have such a discretion, he exercised it incorrectly in this instance). In contrast, however, the UT concluded as follows (paragraph 31; my emphases):

“In conclusion, I agree with both counsel [11KBW’s Karen Steyn and Ben Hooper] that the requirement under section 50(4) that the decision notice should specify the steps which must be taken by the public authority does not amount to a mandatory obligation on the Commissioner to require steps to be taken to comply with the requirements of sections 1(1), 11 or 17 in every case, although that consequence will usually follow, save for exceptional cases such as the present one. As a matter of law the mandatory element of section 50(4) is that, if the Commissioner considers that the public authority ought to take any steps to comply with those statutory requirements, then he must specify them in the decision notice, along with the defined period within which they must be undertaken.”

The UT went on to decide that the Commissioner had exercised his discretion correctly in this case.

UT Judge Wikeley’s judgment also includes both a Jane Austenism and the first citation of the Information Law Reports (or Info LRs), launched by Justis and 11KBW this month: Office of Government Commerce v Information Commissioner [2008] EWHC 737 (Admin); [2010] QB 98; [2011] 1 Info LR 743.

Robin Hopkins

Tags: ,
Posted in INFORMATION LAW | Comments Off

IMPORTANT NEW DECISION ON LATE RELIANCE, COST OF COMPLIANCE AND COMMISSIONER’S DISCRETION

July 10th, 2011 by Robin Hopkins

In Sittampalam v IC and BBC (EA/2010/0141), the Tribunal has considered a number of important questions. Framed generally (i.e. outside the specific factual context of this case), they are as follows. I add the “short answer” to the questions straight away, and then give some detailed analysis of each in turn below:

(1)  Can a public authority rely on the cost ‘exemption’ under section 12 FOIA at a late stage as of right? Answer: no.

(2)  If not, does the Commissioner have a discretion to allow late reliance on section 12? Answer: yes.

(3)  If he does, can he take into account developments after the time at which the request was refused – and in particular, can he decide that, due to those later developments, disclosure should not be ordered, even though the information should have been disclosed at the time when the request was handled? Answer: yes.

(4)  When allowing late reliance on section 12, can the Commissioner require the public authority to answer a disaggregated or narrowed version of the original request, which might bring it within the cost limit? Answer: yes.

Can section 12 be relied on as of right?

First, can a public authority claim late reliance on the cost ‘exemption’ under section 12 FOIA as of right? To put it another way, is the law on late reliance on section 12 the same as the law on late reliance on the exemptions under Part II of FOIA (which may be relied upon late as of right).

The Tribunal’s answer was “no”. This was in light of APPGER (explained in my post here), where the Upper Tribunal explained that section 12 was different from other exemptions. Section 12 is about saving public expenditure; if the requested information has already been retrieved, the expenditure has already been incurred, so there can be no saving and thus no reliance on section 12 from that point onwards.

In this case, the Tribunal concluded that (see paragraph 48):

“The proper time for raising reliance on s12 is the time required by section 17(5), i.e. promptly and in any event not later than the twentieth working day after receipt of the request. Later reliance – at least up to the conclusion of an internal review – is not a matter of right but is to be controlled by reference to the scheme and purposes of the Act.”

Does the Commissioner have a discretion to allow late reliance on section 12?

Subject to the APPGER qualifier – namely that the section 12 cost-saving exemption cannot be claimed when the cost has already been incurred – the Tribunal found that the answer to this question is “yes”.

When might late reliance on section 12 be claimed? One example would be where, because of the nature of the requested information, a public authority is able to rely on a Part II exemption without having to locate or retrieve the requested information. If the Part II exemption falls away (for example, if the Commissioner decides that it is inapplicable), the authority may then need to locate and retrieve the information, and it may be able to raise section 12 for the first time at that stage.

Can the Commissioner take into account developments after the refusal of the request?

The next question considers this scenario. The Commissioner decides that the public authority should have disclosed the requested information at the relevant time. He considers, however, that – because of events subsequent to the time at which the request was refused – disclosure would now be inappropriate. Is this allowed under FOIA?

Another way of looking at this is to ask whether the Commissioner has a discretion to order that “no steps be taken”, notwithstanding a public authority’s wrongful refusal of a request. To understand this issue, one must consider the wording of FOIA itself. Section 50(4) provides that, where a public authority has failed to comply with section 1 (disclosure duties and so on) or sections 11-17 (procedure for refusing a request), then “the decision notice must specify the steps which must be taken by the authority for complying with the requirement and the period within which they must be taken” (my emphasis). Where the Commissioner has found such a failure, this question arises: does section 50(4) mean that he must always direct that steps be taken, or does it simply mean he must stipulate what steps if any are to be taken?

In Gaskell v IC (EA/2010/0090), the Tribunal decided that the Commissioner has no such discretion: the Commissioner must always make a “steps direction”, and he cannot allow events subsequent to the relevant time to determine whether disclosure is ordered or not. The concern of the Tribunal in Gaskell was that such a discretion would give public authorities two bites of the cherry: if their refusal of the request failed (when judged by reference to the time of the handling of the request), they could invite the Commissioner to use his discretion to decline to order disclosure anyway, because of subsequent developments.

In Sittampalam, the Tribunal has taken a different view. It found that the Commissioner does have this discretion to consider subsequent events and, if appropriate, decline to order disclosure. Such cases will, however, be “exceptional” (see paragraph 60). This Tribunal took the view that the Tribunal in Gaskell had not been presented with scenarios illustrating the pitfalls of the “no discretion” position (see paragraphs 58-60). In support of its conclusion about this discretion, the Tribunal said as follows (paragraphs 53-54):

“Stanley Burnton J (as he then was) in Office of Government Commerce v IC [2008] EWHC 774 (Admin); [2010] QB 98; at [98] regarded it as arguable that the Commissioner’s decision as to the steps required to be taken by the authority might take account of subsequent changes of circumstances. In our view, that is not merely arguable but is correct, and flows from the nature of the Commissioner’s jurisdiction and its subject matter, and from the wording of the Act.

The Commissioner, when acting under section 50, is not merely deciding whether an information requester was or was not entitled to information at the time when the request was dealt with. He must also decide what is to be done. The Commissioner has a role both as guardian of the public interest in the appropriate disclosure of information held by public authorities and as a guardian of data protection rights. In our view the statute leaves to him a measure of discretion over what is the appropriate enforcement of information rights in a particular case. It would be perverse, in our view, if he were wholly debarred from taking into account fresh circumstances, not in existence at the date when the request was originally dealt with.”

Can the Commissioner require a public authority to answer a reformulated or narrowed request?

The Tribunal went on to consider whether, when allowing late reliance on section 12, the Commissioner can do so subject to the public authority handling the request in a prescribed way. It considered two possibilities.

First, is the Commissioner is entitled to allow the late reliance on terms as to disaggregation of the request, so as to prevent reliance on section 12 in relation to information that can be provided under the cost limit? The Tribunal concluded, albeit “with some hesitation”, that this is permissible (see paragraph 73):

“If during the Commissioner’s investigation the public authority is to be allowed to change its response to the request with retrospective effect, so as to raise a defence which should have been raised earlier, it does not seem unreasonable or out of line with the statutory scheme to say that the requester might also in a suitable case be allowed to refine or clarify the terms of the request retrospectively. In effect, the Commissioner would say to the public authority: ‘I will permit you to raise section 12 late but, for fairness’ sake, only on terms that you agree to permit the requester to narrow his request and that you agree to treat the narrowed request as validly made.’”

Secondly, is the Commissioner entitled to prescribe the steps to be taken so as to put the requester in the position that he would have been in if the public authority had complied with its duty to advise and assist under section 16. Compliance might enabled the requester to resubmit his request in a narrower form to which section 12 would not have been a defence.

The Tribunal again found that this was permissible, this time “with greater confidence”. It considered the case law on the relationship between sections 12 and 16. It agreed with Roberts v IC (EA/2008/0050) that entitlement to rely on section 12 is not conditional upon compliance with section16. It took the view, however, that “compliance with section 16 may be taken into account where the question is one not of entitlement but of discretion. If this is correct, it should enable the Commissioner to give greater practical effect to s16 than hitherto”. In other words, whenever late reliance on section 12 is claimed, public authorities should pay extra attention to their duties under section 16.

Robin Hopkins

Tags: , , , , ,
Posted in INFORMATION LAW | Comments Off

COOKIE MONSTER

June 5th, 2011 by Rachel Kamm

The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 came into force on 26 May 2011 and amend the Privacy and Electronic Communications (EC Directive) Regulations 2003, which cover direct marketing by electronic means and the use of cookies.  

The amendments give the Information Commissioner new powers to  serve a monetary penalty on an organisation when very serious breaches of the 2003 Regulations occur and to investigate breaches of the 2003 Regulations by obtaining information from certain third party organisations.

They also introduce an additional requirement where a website uses ‘cookies’, which are small files of letters and numbers downloaded on to a device when the user accesses certain websites, which allow the website to recognise the device. Except where a ‘cookie’ is strictly necessary, websites will now have to obtain the consent of the user or subscriber before ‘cookies’ can be placed on machines.  The Information Commissioner has published guidance on the change to the rules. Organisations have 12 months from 26 May 2011 to make sure they comply with the new rules.  

The Information Commissioner has issued this statement about how he intends to approach enforcing the new rules and using the new powers.

Tags: ,
Posted in Uncategorized | Comments Off

PUBLIC LAW REASONABLENESS NOT A MATTER FOR THE COMMISSIONER OR TRIBUNAL

April 17th, 2011 by Robin Hopkins

The absolute exemption at s. 44 FOIA applies where the disclosure of the requested information is prohibited under any enactment. Many statutes contain such prohibitions, often subject to specified exceptions or tests. If a public authority applies that statutory regime incorrectly or in a “Wednesbury unreasonable” way – that is, if it acts unlawfully in a public law sense  – then the precondition for reliance on s. 44 FOIA falls away.

This question arises: does FOIA presume “procedural inclusivity” (i.e. the Commissioner and/or tribunal have jurisdiction to consider such public law questions) or “procedural exclusivity” (i.e. public law is a matter for the courts only; requesters must thus seek judicial review)?

In Morrissey v IC and Ofcom (EA/2009/0067), the first-tier tribunal followed the approach taken in Hoyte v Civil Aviation Authority (EA/2007/0101) in supporting inclusivity. In other words, it considered that the Commissioner and tribunal do have jurisdiction to conduct “reasonableness reviews”.

In Morrissey, the tribunal asked itself whether Ofcom had acted reasonably in withholding information under s. 44 FOIA in reliance on s. 393(2)(a) of the Communications Act 2003. Its answer was ‘yes’. Ofcom nonetheless appealed, on the grounds that “reasonableness reviews” are beyond the statutory powers of the Commissioner and tribunal.

The Upper Tribunal has agreed with Ofcom, and endorsed procedural exclusivity: see GIA/605/2010. (Its decision was not concerned with the ultimate outcome of the case – which concerned a request for information about Ofcom’s approach to equal opportunities – but simply with this point of principle).

Its reasoning was as follows. Disparate caselaw illustrates a presumption that lower courts and tribunals can resolve public law prerequisites to their “core business” – but caselaw does not show any presumption that regulators can do so. Under FOIA, the tribunal’s jurisdiction is parasitic upon that of the regulator, the Commissioner. The Commissioner’s jurisdiction is to decide whether a request “has been dealt with in accordance with the requirements of Part I [of FOIA]” (s. 50(1) FOIA). (The tribunal’s jurisdiction is governed by s. 58 FOIA: this says it must determine whether the decision notice was “in accordance with the law” – rather than “Part I of FOIA”. It does not appear that the Upper Tribunal considered anything to turn on this difference).

As to the construction of the particular provision in question, the Upper Tribunal found that the purpose of s. 393 of the Communications Act 2003 is to reassure commercial broadcasters that Ofcom can only lawfully disclose their information if it considers it right to do so for one of the purposes in s. 393(2).

The Upper Tribunal was clear as to the broader implications of its decision: “it must be for the public authority initially to determine whether the information requested is exempt “by virtue of” s. 44” (paragraph 54).

It concluded, however, that judicial review is not the only alternative in these circumstances: the first-tier tribunal may not have jurisdiction over such public law points, but the Upper Tribunal does – provided it has the blessing of the administrative court in any given case.

Tags: , , ,
Posted in INFORMATION LAW | Comments Off

S. 35 FOIA AND THE DEVELOPMENT OF LEGISLATION – LATEST TRIBUNAL DECISION

March 23rd, 2011 by Robin Hopkins

The Tribunal’s recent decision in Makin v IC (EA/2010/0080 & 81) looks at the application of s. 35 FOIA, the qualified exemption for the formulation and development of government policy, in circumstances where the policy in question was effected through parliamentary legislation.  In particular, the requested information concerned the proposal in what was then the Legal Services Bill to continue the exemption of government lawyers from professional regulation, including the requirement to pay for a practising certificate.

The Tribunal considered the application of subsections 1(a), (2) and (4) of s. 35.

It had no hesitation in confirming that s. 35(1)(a) was engaged, relying on the well-established breadth of terms such as “relates to”. For the purposes of s. 35(2), the Tribunal found that no “statistical information” (a working definition of which was taken from the Ministry of Justice guidance of May 2008) was involved.

As regards s. 35(4) – the subsection concerning factual information used to inform decision-making – the Tribunal found that this subsection “should apply where it was relatively obvious that what was being provided was factual information for the purpose of informing the decision–taker on the background”. In adopting this approach, it applied the guidance from the leading case of DWP v Information Commission (EA/2006/0040), where the Tribunal held that, on the spectrum between pure advice and pure fact, “where the information is firstly, so inextricably connected to the deliberative material that it is difficult to distinguish and secondly, where the vast weight of material is non-factual information, we consider Parliament did not intend the sub-section to apply”.

An important point from this case is the Tribunal’s finding that whenever s. 35 is under consideration, public authorities and the IC must consider whether s. 35(4) applies and if so what affect it has on the public interest balancing test. This had not been done in this case.

As to the public interest, a crucial issue was (as is usual with s. 35 cases), when the policy formulation had come to an end. Answer in this case: the date of Royal Assent given to the bill embodying the policy, namely 30 March 2007. In this case, one of the internal reviews was only completed well after this date – but the Tribunal held that the latest relevant date for assessing the public interest was the date when the review ought to have been completed, in accordance with the Code of Practice. This was well before Royal Assent, meaning that the public interest factors applied as if the policy were still in the process of formulation.

In the event, apart from two pieces of information, the Tribunal found that the public interest favoured the maintenance of the exemption. In so doing, it “took the view that the efficacy of the Parliamentary legislative process took precedence in this context… Whilst s. 35 was not aimed directly at protecting the role of Parliament, insofar as Government policy in relation to legislation underpins this particular role of Parliament, they were intertwined”.

A final interesting point is that the Tribunal firmly endorsed the IC’s flexibility to decide that, although information should have been disclosed at the time, it nevertheless ought not to be disclosed due to fresh circumstances that have arisen since the decision of the public authority. In so doing, the Tribunal relied on obiter dicta from the High Court’s decision in Office of Government Commerce v Information Commissioner [2009] 3 W.L.R. 67 (at paragraph 98).

Tags: , ,
Posted in INFORMATION LAW | Comments Off

LATE RELIANCE: THE SAGA CONTINUES

March 3rd, 2011 by Robin Hopkins

We have posted a number of times on the contentious issue of late reliance, i.e. whether a public authority is entitled to rely as of right on an exemption or exception (under FOIA or the EIR) raised for the first time before the Tribunal. Last month, the Upper Tribunal answered this question with a firm “yes” in its decision on appeals by the Home Office and Defra, available here. That may not be the last word on this issue: Simon Birkett, founder of Clean Air London and Second Respondent to Defra’s appeal, has applied for permission to appeal that decision to the Court of Appeal. The press releases and grounds of appeal are available here.

Tags: , , , ,
Posted in INFORMATION LAW | Comments Off

LATE RELIANCE AND OTHER DEVELOPMENTS TO LOOK OUT FOR

February 22nd, 2011 by Robin Hopkins

My paper from last week’s 11KBW Information Law Seminar contains a number of updates on important developments – both recent and imminent – at Upper and First-Tier Tribunal levels.

One of the most important concerns the contentious question of late reliance: in particular, is a public authority entitled to rely as of right on an exemption it raises for the first time before the Commissioner or even the Tribunal? The Upper Tribunal has recently answered with a firm “yes”: the decision in the joint appeals from the Tribunal decisions in Home Office v IC, and DEFRA v IC and Birkett (GIA/1694/2010 and GIA/2098/2010) can be downloaded here; see also commentary by FOI Man on his blog here. As I mention in my paper, however, the Upper Tribunal may have more to say on this matter very shortly (in an appeal involving the All Parliamentary Group on Extraordinary Rendition) - so watch this space for updates.

Another imminent Upper Tribunal decision to look out for is the case of Gaskell. concerns an appeal against a Decision Notice involving the Valuation Office Agency. In that Decision Notice, the Commissioner found that – notwithstanding the public authority’s unlawful withholding of the requested information – he would not be ordering disclosure because of events (in this case, the coming into force of new legislation) arising after the time at which the request was handled. The appeal invites the Upper Tribunal to find that the Commissioner has no discretion to make such a decision based on events subsequent to the relevant time for his assessment.

The High Court has recently confirmed that the “costs of compliance” for FOIA purposes does not include the costs of redaction: see Chief Constable of South Yorkshire v IC ([2011] EWHC 44 (Admin)).

Two notable EIR decisions are expected shortly, one at first instance in the GM Freeze case (which is expected to provide much-needed guidance on how widely the concept of “emissions” should be construed), the other by the Upper Tribunal in the Kirklees case (which is expected to clarify the question of imposing charges following a request to inspect information).

The latter case also saw this argument raised before the Upper Tribunal: a “purposive request” (i.e. one that takes the form “please provide me with the information I would need to answer the following questions”) is not a valid request for EIR and FOIA purposes.

Finally, the First-Tier Tribunal has recently heard an appeal by Channel 4, in which the appellant argued that contracts should be treated as whole, rather than severable documents, meaning that if part of the contract can be withheld, then the whole contract can also be withheld. The implications of this position would be substantial, so again – watch this space.

Tags: ,
Posted in INFORMATION LAW | Comments Off

PARTIES MAY APPEAL AGAINST DECISION NOTICES IN THEIR FAVOUR

December 2nd, 2010 by Robin Hopkins

Shepard v IC and West Sussex County Council (GIA/1681/2010) involved the Commissioner upholding the appellant’s complaint against the local authority, and issuing a decision notice in his favour. That notice required the authority to search for specified information and to provide it to the Claimant if found. The authority informed the appellant that its search had been fruitless. Apparently therefore, it had complied with the decision notice, but the appellant received no information.

At first instance, his appeal failed, partly on the grounds of the well-established principle that a successful party should not be permitted to bring an appeal. The Upper Tribunal disagreed, and granted permission to appeal, observing that the aforementioned principle “surely relates to judicial decisions by courts and tribunals; it does not necessarily apply to decisions by administrative first-instance decision-makers or independent office-holders”.

Nor was the wording of FOIA itself a barrier to such appeals: section 57(1) expressly confers a right of appeal on both parties, and not simply “the losing party”. Furthermore, both the steps prescribed in a decision notice and the timing of such steps are matters of discretion for the Commissioner. Unlike the enforcement of a decision notice, such questions of discretion are within the Tribunal’s jurisdiction.

It is not clear, however, whether a challenge to a first-instance Tribunal’s refusal to entertain an appeal lies by way of an appeal to the Upper Tribunal or by way of judicial review. A test case (combined references of CH/1758/2009 and JR/2204/2009) will determine this question shortly. In the present case, the Upper Tribunal therefore granted permission to apply for judicial review as a precaution.

Tags: , , , , ,
Posted in INFORMATION LAW | Comments Off

COMMISSIONER HANDS DOWN FIRST MONETARY PENALTIES FOR DPA BREACHES

November 24th, 2010 by Robin Hopkins

Up to now, the Commissioner has not exercised his powers under sections 55A-E of the Data Protection Act 1998 to impose monetary penalties on data controllers for breaches of the Act. Today, he imposed his first two financial penalties.

Hertfordshire County Council has been handed a penalty of £100,000 for twice sending faxes containing sensitive personal data to members of the public in error. The first fax, which is the subject of an injunction preventing further details being disclosed, was intended for a barrister but sent to a member of the public. The second fax, which concerned child protection matters, was intended for a County Court. The errors both occurred in June 2010, and were both reported to the Commissioner by the Council itself.

Secondly, the employment services company A4e has been fined £60,000 after an unencrypted laptop containing personal details of 24,000 users of community law centres was stolen from an employee’s home. This too was reported to the Commissioner by A4e itself.

Tags: ,
Posted in INFORMATION LAW | Comments Off

« Older Entries