Alistair Sloan, Advocate

South Lanarkshire Council v The Scottish Information Commissioner

March 28th, 2012

This decision of the Court of Session (Extra Division, Inner House) delivered on 27 March 2012 by Lord Marnoch is in relation to an appeal by South Lanarkshire Council (“the Council”) against decision 056/2011 of the Scottish Information Commissioner (“the Commissioner”). It concerns a request for information made pursuant to the Freedom of Information (Scotland) Act 2002 (“FOISA”) by Mr Mark Irvine relating to the number of individuals employed by the Council placed at specific points in the pay structure.

The full facts of the case are set out within the Commissioner’s decision. The Council, after initially ruling Mr Irvine’s requests as vexatious, withheld the information sought by Mr Irvine on the grounds that it was personal data and to disclose the information would be a breach of the Data Protection Principles. This exemption is provided for within Section 38 of FOISA, specifically the Council applied Section 38(1)(b) of FOISA to the information sought by Mr Irvine. The Commissioner found that the Council had incorrectly applied Section 38(1)(b) of FOISA and he ordered the Council to disclose the information to Mr Irvine. The Council exercised its right under Section 56 of FOISA and appealed to the Court of Session.

One of the contentions that the Council made to the Court was that the Commissioner had erred in law by failing to identify Mr Irvine’s “legitimate interest” in obtaining the information sought. There is not normally a requirement under FOISA to consider the interests or reasons behind a request for Information under FOISA. However, Schedule 1 to the Data Protection Act 1998 (“DPA”) places an obligation upon the “data controller” (in this case the Council) to ensure that the processing of information is fair and lawful. It goes on to provide that the data should not be processed unless certain conditions are met. It should be noted that in this case processing the data would be its disclosure under FOISA. Relevant in this case is paragraph 6(1) of Schedule 2 to the DPA. It provides that the data can be processed if it is necessary for the purposes of a legitimate interest of the data controller, or any third party to whom the information would be disclosed (in this case Mr Irvine and the world at large). There is an exception to this and that is where the processing would be “unwarranted…by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.” The data subjects in this case would be the employees who fall within the information sought by Mr Irvine.

In essence the Council had to, on this occasion (and unusually in FOISA requests), consider what legitimate interest Mr Irvine had to the information sought. Furthermore the disclosure of the information had to be “necessary” for the pursuance of that legitimate interest. The Council also contended that the Commissioner had failed to separately consider the necessity of the disclosure to Mr Irvine’s pursuance of any legitimate interest identified.

The Court of Session rejected both of these arguments. It found that when viewing the Commissioner’s decision as a whole the Commissioner had identified a legitimate interest and the Court agreed with that legitimate interest. Furthermore the Court also held that “the Commissioner could only have concluded that necessity was made out.” Disappointingly, the Court of Session did not say one way or the other whether the Commissioner’s approach in deciding this was correct. They were satisfied that even had the approach, applying a stricter test, advocated by the Council been followed, necessity would have been made out.

The Court of Session refused the appeal by the Council and upheld the decision of the Information Commissioner. It remains to be seen whether the Council will further appeal to the United Kingdom Supreme Court. Such an appeal would need to be filled within 42 days of the Court of Session’s decision and with the leave of the Court of Session.

POSTSCRIPT: 15/04/2013 – South Lanarkshire Council has appealed to the United Kingdom Supreme Court. The case is due to be heard by that court on 8 July 2013.
In defence of FOI: Part 3

February 23rd, 2012

Freedom of Information is under attack. In my last post I looked at the subject of vexatious requests, a subject that I will undoubtedly return to in a future post as it does appear to be a feature in a number of recommendations made to the Justice Select Committee by a number of public bodies. However, in a series devoted to defending FOI legislation I thought I would look at some of the things we know now that we probably would not have known about had it not been for FOI. An excellent example is the recent decision against NHS Ayrshire and Arran. While not a request made under the specific piece of legislation that is under scrutiny by the Justice Select Committee it demonstrates quite effectively the very real benefits of FOI and just why we should be doing all we can to both protect and enhance FOI rights.

The Scottish Information Commissioners decision in the application by Mr Rab Wilson against Ayrshire and Arran NHS Board (036/2012) is a lengthy decision notice to read. The main decision runs to almost 30 pages and has some 203 paragraphs. The background to the request is complex and lengthy, but is set out clearly in the Commissioner’s decision in paragraphs 3-22. Leaving aside the severe criticism of the NHS Board’s records management processes (something to which I shall return in a future post) the information that was eventually released as a result of the Commissioner’s decision is of great public importance. Had it not been for FOI legislation with a strong and independent regulator then it is hard to envisage a situation where this information would have ever come to light.

The information released reveals some serious failures by the NHS Board. The application was made by a Staff Nurse employed by the NHS Board who was concerned about the way in which serious incidents which had involved the deaths of around 20 patients had been investigated and the subsequent actions taken by the NHS Board. The saga stretches back some five or six years and reveals sheer incompetence. While I do not intend on focusing on good records management in this post (that will feature in a future post) the poor records management in the case may very well have put the lives of staff and/or patients in danger.

The request centred on Critical Incident Reports and Significant Incident Reports. The request also related to the action plans that followed these reports. These reports and plans are critical as they form part of the review and learning process from serious events within the NHS Board. The request never started out as an FOI request. Initially it appears that Mr Wilson sought the information in his capacity as an employee of the NHS Board. There appeared to have been a practice of making these reports and plans available to staff upon request (although there was a change in policy that put the decision as to who obtained the reports and plans into the hands of a “Relevant Director”). Initially the NHS Board said that it only held one report that fell within the scope of Mr Wilson’s request. This was something that the NHS Board maintained for sometime even after the application to the Commissioner had been made. However, it became apparent that there were serious failings in the NHS Board’s records management policy and procedures. Mr Wilson made his initial application to the Commissioner on 11 March 2011. There appeared to be 32 Critical Incident Reports for which no action plan was held. Had this been the case then this in itself would be a serious matter, by the very nature of these reports then the NHS Board must have undertaken some form of formal exercise to review what had happened and what could be done to ensure that such incidents didn’t happen again in the future. However, on 4 July 2011 (after having maintained since April that no further action plans existed beyond the one already disclosed) the NHS Board located some 56 Critical Incident Report Action Plans. The NHS Boards reason for having not located these earlier was that they were sitting on a drive which they did not, it appears, routinely search as it contained information personal to individual members of staff. The NHS Board stated that it had not anticipated that these reports might be located on this particular server.

The background to this case is not really all that important, but rather what it revealed is important. It revealed serious failings in records management at the NHS Board. It is unlikely that these failings would ever have been discovered had it not been for the existence of the FOI legislation and the public scrutiny that it creates. Those serious failings in records management meant that the NHS Board had absolutely no idea where some critical documents were located. These documents are of the sort that staff and management are likely to require access to after they were initially created and as such were of the sort that you would expect to be located quickly and without difficulty. These are the sorts of documents that might, for example, be required by the NHS Board’s lawyers as evidence to show compliance with Health and Safety legislation. Were the actions set out in these action plans ever performed? There certainly doesn’t seem to be any evidence as to whether they were or not. Had the right people seen these reports at the right time to make the right changes to processes? If not then lives could have been put in danger all because of poor records management.

This FOI request revealed a shockingly poor level of Governance in a public authority charged with the lives of a large number of people. Had these failings not been picked up then it is more than possible that something could have been missed and the consequences of that could have, in the most serious of cases, resulted in deaths.

It is requests like this one that reveal serious matters of great public importance and interest that justify the existence of FOI laws. Would Mr Wilson have made his requests if there was a fee for making the request? Perhaps not, and the public would have been worse off as a result. While the cost to the taxpayer will have been significant in respect of this request (when one takes into consideration the number of years it happened over and the intense investigation conducted by the Commissioner) may very well save a life and will certainly save public money in the future. Those savings, in particular the former, cannot be quantified and justified against the expenditure by a public authority on handling an FOI request. The damages that could have been awarded in a case against the NHS Board in future actions where it had no evidence to demonstrate the steps it had taken to mitigate such a situation happened could very easily exceed considerably the money spent on handling the fOI request (especially when the cost of defending an action are taken into consideration). A simple request to a public authority can uncover serious failings within the organisation that might otherwise have gone undetected costing the taxpayer a lot more than it cost to handle the request.

The Commissioner’s decision can be read in full here and is very much worth a read if you want to really understand what happened in this case and just why FOI is a good thing that should be encouraged.
I’m sorry, we can’t confirm or deny that (Part 2)

February 23rd, 2012

In November I wrote a short blog post about an application to the Scottish Information Commissioner that had caught my eye. As far as I can determine that application is still being considered by the Office of the Scottish Information Commissioner.

My curiosity got the better of me and I wrote to the Scottish Government requesting the content of: (a) the initial request (b) the Scottish Government’s substantive response (c) the applicant’s request for a review and (d) the content of the Government’s response to that request for review.

What has come back is quite astonishing really. The paper that the initial request was made on is that of what appears to be the office of a Scottish Labour Member of the European Parliament. The request asks simply whether the advice was given to the Scottish Government and, if so, is the advice publically available. No mention of FOISA in the request and does seem to me to be part of the normal communications between elected representatives and the Scottish Government, but such is life.

The Scottish Government then wrote back in August (the request having been received by them in early June) refusing to confirm or deny whether the information exists in accordance with Section 18(1) of FOISA. So, if the Government had considered this a request for information, which they did, there was already a significant technical breach as they had failed to comply with Section 10(1) of FOISA. The Scottish Government used Section 18(1) on the grounds that to confirm or deny that the information exists would be contrary to the public interest and if it did exist, or was held, then it would be exempt from disclosure under sections 29(1)(a) or 30(c) of FOISA.

Unsurprisingly the MEP in question wrote back to the Scottish Government asking them to review this decision. The MEP referred to the decision not to confirm or deny in their request for review as “perverse” in the “determination of where the public interest lies”. A conclusion that I happen to agree with based on the correspondence I have seen.

The Scottish Government responded to the MEP in question upholding their original decision, but appear not to have even considered whether the decision to apply Section 18(1) was correct. In any event, as we know, this has triggered an application to the Scottish Information Commissioner.

Having viewed the correspondence between the MEP and the Scottish Government I find it odd that the Scottish Government would find that it would not be in the public interest to even confirm or deny whether legal advice on the position of an independent Scotland in the EU. I can understand why they would withhold the information if it did exist, but to not even confirm that it exists o not is perplexing in the extreme.

The First Minister and his colleagues on the SNP benches appear to have been quite vocal about the position of an independent Scotland in the EU. I seem to recall that some have even said they have received legal advice on that very topic. Now, that advice might have been sought by and paid for by the SNP as a political party and not the Scottish Government. That would obviously result in the information not being held by the Scottish Government. Although, that still doesn’t explain the use of Section 18(1) of FOISA. There are conflicting messages coming from the Scottish Government and as we are heading towards the most significant decision we have ever had to take we cannot have politicians acting in this way.

I do not have the name of the MEP that made the request. That is because having assumed that it was made by a member of the public excluded information as to the identity of the applicant from the scope of the request. I had not for a moment considered that it might have been an elected representative who had made the request.

Obviously the Commissioner’s office is yet to determine this application, but I cannot see how the use of Section 18(1) can be upheld here. It all seems just a little bit odd. I’m sure we now all await this decision from OSIC with great interest.
In defence of FOI: Part 2

February 19th, 2012

On Wednesday I published the first in a series of blog posts defending FOI. This comes in light of the Justice Select Committee’s post-legislative scrutiny of the Freedom of Information Act 2000 (FOIA). In particular what spurred me on to write these blog posts was the obvious attacks towards FOI advanced by some of the public authorities that responded to the Justice Select Committee’s call for written evidence. The link to the written evidence submitted can be found in Yesterday’s post.

In this post I intend to look at the issue of vexatious requests and what some of the arguments on the subject are and why I disagree with them.

ACPO argues that the provisions relating to vexatious requests should apply to both the request and the requester. ACPO states in its evidence that it can demonstrate examples of where three people have engaged entire FOI teams in a force and that this is to the “detriment of other requesters and the proactive publication of information”. I am of the view that the current provisions are more than adequate to cover such situations and that they are probably not being used as effectively as they could. While an authority cannot consider a requestor vexatious they could, in effect, consider their requests vexatious.

Section 14 covers vexatious or repeated requests. In the Commissioner’s guidance there is a list of things that a public authority should be considering when deciding if a request is vexatious. The commissioner states that to consider a request vexatious the public authority should be able to make strong arguments under more than one. There are four headings which could easily be applicable to requestors who are making a high number of requests to a public authority.

However, I do not think that the issue with regards to “vexatious” requests necessarily turns on those who abuse FOI to harass a public authority over a particular grievance that they hold or those who make a larger number of requests on a wide number of topics. I suspect the requests that most people have an issue with are ones like this, this and this. They do on the face of it appear to be rather a waste of time.

I do not take the view that these requests should be classed as “vexatious” or “a waste of time”. Whether you are of the opinion that Zombies or Aliens are real is rather irrelevant. There are people in this country who do believe in ghosts, zombies and alien life forms and no doubt some of them have a genuine fear of attacks. Every person has ha right to feel safe and secure and if contacting their local public authority or Central Government to obtain information that reassures them then there cannot be anything wrong with it. Granted, some of them really were just nonsense and were made off the back of one being featured in the news. However, I do find it much more difficult to defend the third example above.

The Local Government Association recently compiled a list of unusual FOI requests that had been received by Local Authorities over the preceding year. It appeared to be as part of an attack against FOI (or certainly an argument for tighter restrictions on the ability of the public to use FOI rights). However, when I saw some of the requests on the list I had to disagree with the way in which the LGA appeared to be spinning them. For example, Cornwall Council was asked about holes in the privacy walls between toilet cubicles in public toilets and those on council premises. There is, I would submit, a public interest in such matters. These holes could potentially be used for committing indecent acts and thus a criminal offence. Another example pointed out by the LGA was made to Scarborough Borough Council asking about the number of cheques issued and received by the Council. Given that the Banks have been suggesting getting rid of the cheque as a form of payment I do not see it as unreasonable to be gathering evidence as to how cheques are still being used and how frequently.

So, not every request that appears to be “stupid” or “a waste of time” actually is. Of course, there are some who will abuse their FOI access rights and make hundreds of requests which gather no real information at all or who will make requests instead of looking to see if the information is already available or who will use it as a method to continue a personal vendetta against a public authority. However, the vast majority of decent users of FOI who are after serious information or who want to know more about what a public authority actually does for them should not be punished.

ACPO, for example, suggested in its evidence to the Justice Select Committee that public authorities should be able to take into consideration requests made to other public authorities when deciding if a request is vexatious. This, I suggest, would be a dangerous move. Take the Police as an example. In England, Wales and Northern Ireland (where ACPO draws its members from) there are more than 40 geographical and non-geographical police forces. If an individual is after a national picture of some particular matter that is not routinely published either nationally or by each force individually, then there is no option other than to make a separate request to each and every single police force for the information. That is because each police force can only disclose information that it holds. One cannot, for example, write to the Metropolitan Police and ask for all the information on a particular subject for each police force in the UK. The Met would only hold the information that relates to the geographical area that it polices!

Unless information is going to start to be held centrally for all organisations who provide the same functions then when it is necessary to obtain a national picture the only option is to write to every public authority concerned for the information.

I could write a lot more on the question of vexatious requests, but I will leave this topic here for now. I will write further posts on the subject of FOI generally in the coming days and weeks. It is vitally important that the current FOI rights are maintained and not restricted. It is not an expensive luxury, but rather a necessity in an open and democratic nation and it should be easy and (on the whole) free to obtain information from public authorities
In defence of FOI: Part 1

February 15th, 2012

On Monday 13 February 2012 the Justice Select Committee published the written responses it received to its call for evidence as part of the post-legislative scrutiny of the Freedom of Information Act 2000. Predictably the public authorities that responded were on the whole looking for a tightening up of the rules, particularly around costs and vexatious requests.

The Association of Chief Police Officers (ACPO) provided a response to the Select Committee that I personally disagreed with fundamentally. If ACPO’s suggestions were adopted there would be a significant curtailment of information access rights under the FOIA. The ACPO response can be read at the link above and is numbered FOI 12 in the document and starts on page 39.

The first recommendation of ACPO that I fundamentally disagreed with was their recommendation 3. ACPO are suggesting a flat fee that applies to all FOI applicants. They mention the £10 fee that applies in the case of Subject Access Requests under the Data Protection Act 1998. It is unclear whether they are suggesting a fee of £10 or simply pointing to a situation where access to information costs a small fee. In arguing for the introduction for a fee ACPO points towards the “continued demand on resources” that “has led to excessive and disproportionate effort in responding to FOI requests”. ACPO states that there is “an overwhelming response from forces in seeking support for the introduction of charges in respect of FOI requests”.

There is a financial burden placed upon public authorities in answering FOI requests and it is understandable that in a time of cuts where public authorities are being expected to make huge savings in their budgets that public authorities will look at everything they can to see where costs could be cut. It seems though that FOI is an easy target. Most public authorities still fail to see it as part of their essential frontline duties. Indeed, while all public authorities say that they support the need to be more accountable and transparent, the actions of many public authorities tell a very different story. Pro-active disclosure is, in my view, one of the best indicators as to whether FOI is working. Most organisations publish more information than they did before the FOIA came into force. However, many are not publishing anywhere near as much information as they might to on a pro-active basis. Pro-active publication is one thing that could potentially reduce the cost of FOI to the public authority.

Are public authorities reviewing their FOI requests to identify the kinds of information people are requesting on a regular basis? If so, are public authorities then creating publication schedules to publish that information regularly and on a pro-active basis? If not, why not? If the public authority is aware that information of X, Y and Z nature is requested on a frequent basis then why not pre-empt the requests and publish it on a more frequent basis? This saves both time and money. It saves time in that the information doesn’t need to be sourced, retrieved and then considered for disclosure in response to an FOI request. If information requires to be redacted then authorities do not need to spend time redacting it and then justifying why it has to be redacted in a refusal notice. I would have thought that it would have been much easier to produce a refusal notice citing Section 22 (information intended for future publication) than to carry out the entire FOI process in response to an information request, especially if it is information that is requested on a frequent basis.

I am not persuaded by the argument that because of government cuts that FOI is an expensive luxury. As public authorities make cuts to public services I believe that FOI is essential in making those decisions open and the decision-makers accountable for how they are cutting costs. Local campaign groups have had a lot of success in exposing unfair, disproportionate, illogical and potentially illegal decisions through FOI. If FOI didn’t exist, or it was made much easier for public authorities to refuse requests, or harder for applicants to make requests then this essential scrutiny on public authorities would be severely diminished if not lost altogether.

The Office of the Scottish Information Commissioner conducted research recently which looked at a number of things. One issue that it looked at was the introduction of fees for making requests. It found that 64% of people generally would be put off making a request if they had to pay for the information. This figure rose to 70% for those described as “not working” (a group upon which cuts could have a disproportionate impact) and among the 18-24 group (another group vulnerable in the face of government cuts) this figure rose to 80%. The potential effect on such a move, to borrow a phrase used by senior civil servants, could be “chilling”. There would be a severe curtailment of FOI rights simply by adding in a charge for the information requested. Why should access to officially recorded information only be for the rich or companies who can afford to pay a fee for the information?

The reduction in FOI requests might suit the public authorities. A decrease of more than half in the number of requests would represent a significant saving across the public sector as a whole and certainly within each public authority it would represent a welcome saving. However, I do not believe that reducing the number of requests is in the public interest. Certainly, there is an argument to remove some types of requests from the system. However, there are provisions within the Act to do just that. A public authority can deem a request as “vexatious” and by doing so (providing they are right to do so) they are discharged from their duty to respond substantively. Although, it is the request and not the applicant who is deemed vexatious and some authorities would like to see this changed so that an applicant can be deemed vexatious.

Under the cost headings ACPO also argued in its written response for a decrease in the number of hours used to calculate the costs of a request. Currently the limit is set by the Regulations at 18 hours. In essence if the public authority reasonably estimates it to take more than 18 hours to do certain things then the request can be refused on the grounds of cost. ACPO argues that this should be reduced to 10 hours. This would result in more requests being refused on cost grounds, which public authorities might see as a good thing. However, that doesn’t stop a determined person from getting the information. They could make more narrowed and focused requests every 3 months or so, thus avoiding the cost grounds but not really reducing the cost burden on the public authority. Obviously if the reduction in hours from 18 to 10 was brought in alongside a provision for a flat fee or charge for the information then that might have the public authority’s desired effect.

The truth is that nobody really knows how much FOI costs. It’s hard to establish any exact figures and refusal on the grounds of cost is always based on an reasonable estimate. The problem with establishing cost (and indeed the number of hours spent answering a request) is that no single person in an organisation is wholly responsible for FOI (except perhaps in your small parish councils and such like). Public authorities may have FOI officers, but generally people from around the organisation will be engaged in FOI activities. The Finance department would be engaged in requests relating to financial information, legal services in requests about legal matters and so on. Unless every member of staff were to keep a detailed record of exactly how much time they spent each day doing each of their tasks, including research FOI requests, then it’s not possible to get accurate figures. The best figures that we have are estimates and they could very well be over-estimated or under-estimated.

Some activities are not included in the cost calculations. What can be included in those calculations is listed within the Act. Some activities which could potentially be time-consuming and expensive are not included. The time spent reading and redacting information from documents is not included within the cost calculations. In most requests this does not pose any real problem. I would imagine that most requests involve very few documents to be read and considered in terms of whether information needs to be redacted or not. ACPO does give a single example though (and generally I am very wary of single examples). ACPO brings a request made to the City of London Police to the attention of the Committee. It claims that in one request there were “over 1,830 records, totalling some 250,000 pages” to be read through. The information had been easy to locate and extract and so could not be refused on cost grounds, but had the applicant insisted on keep their request as they had originally drafted it then City of London Police would have had no choice but to comply with the request in full. ACPO states the force estimated it would take some 2,976 days worth of time to consider all the information for disclosure. The fact that City of London Police managed to reach a compromise with the applicant suggests that the applicant’s initial request was probably far too wide in the first place. Anything that brings up that volume of recorded information probably is far too wide and rather than looking at cots and fees for information requests perhaps we should be looking at educating the public on how to make an effective request for information.

There is a lot more that I would wish to write on the post-legislative scrutiny of the FOIA, but I feel that this post long enough as it is so future posts will come. Although, I will end by stating that I am not singling out the ACPO response to the Select Committee and in future posts I will be drawing out evidence from other people or authorities which I disagree with.

Finally, I did submit my own response to the Committee and that can be read in the document linked to at the start of the post. My response is FOI 14 and begins on page 46.
The BBC and FOI

February 9th, 2012

The British Broadcasting Corporation (BBC) is listed as a public authority for the purposes of the Freedom of Information Act 2000 (FOIA). However, it is only covered insofar as the information requested is not held by the BBC for the purposes of journalism, art or literature.

For some time now that there has been a lot of disquiet about just how broadly the BBC apply this exemption. The exemption is a legitimate one. It would not be good for the licence fee payer if, as a result of the FOIA, the BBC had to release information about programming, including future programming. It could harm the commercial viability of the BBC, which has an important overall aim. However, it does appear that the BBC has taken the exemption as cart Blanche to refuse any request that relates to any of its programming, even in the slighest of ways.

A good example of this broad interpretation can be found in this request made to the BBC. The request does relate to programming, but the question is whether the information requested is held for the purpose of journalism, art or literature. The BBC seem to think so, but as detailed above anything that relates in the slightest way to their programming output is generally withheld. Unfortunately, for the requestor in this example, the BBC is not also subject to the Environmental Information Regulations 2004 because had they been then it could be argued that the request is one for environmental information.

The current leading case (although it has been appealed to the UK Supreme Court with a decision due next week) is Sugar v The British Broadcasting Corporation and The Information Commissioner. Of particular interest is the discussion at paragraphs 53 to 59 and it would certainly seem that based on the Court of Appeal’s decision that this particular request falls outside of the scope of the derogation provided to the BBC under the FOIA. However, the applicant has indicated that the Information Commissioner agrees with the BBC on this particular request (although as I understand it no decision notice has yet been issued).

If the purpose of the derogation was to provide a virtually catch-all exemption for the BBC (the approach which the BBC and the Commissioner appear to have adopted) then it must be asked why make the BBC subject to the FOIA at all? No real purpose would be served if all recorded information held by the BBC was exempt. That suggests to me that there has been a fundamental flaw in the approach that the BBC and the Commissioner have taken.

The decision in the appeal currently before the United Kingdom Supreme Court is expected on Wednesday 15 February 2012 at 09:45. This is a vitally important decision from the UKSC for the future of FOI as it relates to the BBC. Whatever the decision of the Court as it relates to the information requested by the late Mr Sugar, it is vital that the Court produces a judgment in which they provide general guidance in Obiter as to the approach that should be taken by the BBC, the Commissioner, Tribunal and lower courts in determining whether information is “held” for the purposes of journalism, literature or art. If the result is a continued existence of the broad interpretation currently taken then the matter should be looked at by Parliament.

The Justice Select Committee has recently stopped accepting written submissions as part of its post-legislative scrutiny of the FOIA. I did provide a submission to the Justice Select Committee that I hope they will accept. However, the unique position of the BBC as the main public service broadcaster did not feature in my submissions. I suspect though that others will have mentioned the BBC in their submissions to the Select Committee. It may well be the case that a tightening up of the derogation is needed. I can’t profess to be an expert on what sort of tightening would be required or even how one would go about trying to work that one out. It is difficult because there is a very good reason for exempting the information held by the BBC for the purposes of journalism, art or literature. There is also a legitimate argument that an organisation which receives 100% of its funding from a Government levied “tax” should be open to public scruitny under the FOIA. However, the question as to what should and should not be covered by this derogation remains.

I look forward to sitting down and casting my eye over the Supreme Court’s judgment next week and will certainly aim to blog next Wednesday on the content of the judgment. The judges who heard the case are generally seinsble in their approach so I ame hopeful that some good guidance will comes out of this judgment.
A referendum on Scottish Independence: Would it be legal?

January 13th, 2012

One Scottish issue has had a lot of debate, discussion and broadcast time spent on it this week. The subject even managed to dominate Thursday’s edition of Question Time which came from London and made an appearance in Prime Minister’s Questions in the House of Commons on Wednesday afternoon. That’s right; I make reference to the issue of Scottish Independence.

In May 2011 the SNP won a historic victory in the Scottish Parliament. Of course it would be foolish to suggest that this was down to their lifelong policy of achieving independence for Scotland(though that doesn’t stop some members of the SNP claiming so). Undoubtedly though this gives the SNP a mandate to hold a referendum on the question of whether Scotland becomes independent or not.

While it is clear that the Scottish Government have a mandate for a referendum, it is less clear whether they are actually able to hold it. Questions arise over the legislative competence of the Scottish Parliament in passing legislation to hold the referendum. A referendum on Scottish Independence cannot be held without first having passed primary legislation. Those outside of the legal world could be forgiven for thinking what the problem is, after all the SNP won a majority and therefore the people of Scotland have confidence in them and in their manifesto and would undoubtedly expect the SNP to do what it promised in its manifesto. However, the problem is not a simple one.

The Scottish Parliament is not supreme in the same way that the UK Parliament is in Westminster. Its powers are set out within the Act of Parliament that brought it into being: The Scotland Act 1998. That Act in effect gives Holyrood the permission to pass legislation on any matter that is not reserved to Westminster. Essentially, any area that’s not specifically mentioned within the Scotland Act 1998 as being reserved is fair game for the Scottish Parliament to legislate. A political party could make all the promises it wanted in the world during an election campaign, but if the Scottish Parliament doesn’t have the legal power to legislate then quite simply it cannot legislate.

Those who sit within the Scottish Parliament have free will and could quite clearly pass legislation on a reserved matter. However, that legislation would be unenforceable. The Scotland Act 1998 states quite clearly that any “Act of the Scottish Parliament is not law so far as any provision of the Act is outside the legislative competence of the Parliament.” (Section 29(1)). There is a process whereby an Act of the Scottish Parliament can be challenged, first in the Court of Session and laterally before the Supreme Court of the United Kingdom, if it is believed that it is outside of the legislative competence of the Parliament. If the Courts so find then the legislation is declared to be ultra vires and is struck down; in essence it has no legal effect whatsoever.

What does all of this have to do with a referendum on Scottish Independence? Schedule 5 of the Scotland Act 1998 provides a list of “reserved matters”. The second matter on the list of those that are reserved to Westminster is “the Union of the Kingdoms of Scotland and England”. A referendum on Scottish independence relates to the Union of the Kingdoms of Scotland and England. The purpose of the referendum is to see if the Scottish people wish to bring an end to that 304 year old union. The SNP are obviously in favour of bringing an end to that union and would hope that the result of any referendum on Scottish Independence would eventually bring the union to an end.

It would appear that to hold such a referendum is currently out with the legislative competency of the Scottish Parliament. There are persuasive arguments for the position that it is not out with the legislative competency of the Scottish Parliament. However, my own personal view is that any legal challenge to the referendum legislation under the current law would more likely than not be held to be ultra vires.

Whatever your view on the legislative competence of the Scottish Parliament on holding this referendum under the current law, it would be foolish to think that there would be no challenge to the legislation. Any challenge to the legislation could delay the holding of the referendum by a number of years. It could take as many as two or three years before a determination from the Supreme Court as to whether the legislation is within the legislative competence of the Scottish Parliament or not.

If we assume that the legislation would be challenged and it were then found to be within the legislative competence of the Scottish Parliament and follow the SNPs preferred timetable for passing the legislation it could be as late as 2016 or 2017 before the referendum could be held. If it were to be held in 2016 it could get mixed up with the planned elections to the Scottish Parliament in May of that year. The delay would only lead to more uncertainty and could be very damaging for Scotland and the UK in economic terms. Business does not tend to like this level of uncertainty in politics and it might well put off foreign investors from bringing much needed investment into Scotland and the UK.

There is, I submit, no harm whatsoever in Westminster passing primary or secondary legislation clarifying the position and eliminating any potential challenge to the resulting legislation. One would expect the SNP to welcome such clarification as it means they can progress forward with the referendum with no doubt whatsoever that the referendum would be legal and won’t get tied up in a legal row over whether the Scottish Parliament had the power to pass it.

While it might be for the Scottish people to decide whether they wish to break away from the rest of the UK and become independent, Westminster has a place in the debate. Scottish Independence won’t just affect the people of Scotland but will affect everyone in the United Kingdom. Scottish MPs sit in Westminster and have just as much right to represent their constituents as the MSPs in Holyrood and those who represent English, Welsh and Northern Irish Constituents have the right (and indeed the responsibility) to play their part in the debate in order to represent the best interests of their constituents.

The legal question is by no means certain and people on both sides of the “is it legal?” divide undoubtedly have justification for their opinion. It would, in my view, be better for all sides if this question was put to rest quickly, without years of expensive legal action in the Court of Session and Supreme Court, and the people of Scotland allowed to have their opinion known as soon as is reasonably practicable.

The UK Government have launched a consultation on some of the questions surrounding the legislative competence of the Scottish Parliament holding a referendum and what should be done to ensure that any referendum is legal, fair and decisive. The consultation document can be found here. Responses are invited from anyone, regardless of their place of residence, by Friday 9 March 2012.
FOI and private E-mail accounts

December 29th, 2011

The Information Commissioner’s decision that official content held on a private E-mail account is subject to Freedom of Information laws appears to have come as a surprise to some, especially Senior Ministers and policy advisers. Really, as the Commissioner pointed out in his decision, this should not have come as any surprise to anyone. The Act covers recorded information held by or on behalf of a public authority. Clearly official correspondence and documentation held within a private E-mail account is held by or on behalf of the public authority and is therefore within the scope of the FOI laws.

What the Commissioner’s decision doesn’t do is make private E-mail accounts generally open to FOI. They are no more covered by the Act then personal correspondence carried out on official E-mail accounts. Personal correspondence and party business are not covered by FOI whether they are held on official or personal E-mail accounts. The Commissioner’s decision doesn’t mean that employees within public bodies need to hand over the passwords to their private E-mail accounts to their bosses so that they can be searched if an FOI request comes into the authority to see if relevant information is held on a personal account.

What it does require is that when the FOI Officer contacts an individual to see if they have any information that falls within the scope of a request received they have to consider whether there may be anything relevant within the personal E-mail account and if so search for it and hand it over to be considered along with the other information held. Public sector employees, Ministers and policy advisers don’t need to worry about their personal E-mail addresses being disclosed as this would undoubtedly breach the data protection principles and be exempt from disclosure. In any event the FOI legislation doesn’t provide a right to a copy of the E-mail only to the information contained within it.

What it requires is honesty on the part of public sector employees and others subject to FOI laws. That may be a tall order for some in the public sector, especially politicians. Knowingly not disclosing information held within private E-mail accounts would constitute a criminal offence. Likewise deliberately using private E-mail addresses as a way of trying to conceal it would constitute a criminal offence.

Does anyone really need to worry about their private E-mail accounts being accessed? Well, not really. Simple policies put in place by public authorities could avoid many of the issues. Banning the use of private accounts for official business would be a good place to start. I cannot think of a conceivable reason as to why any person subject to FOI would need to use their private E-mail address on a regular basis for work related activities? It’s unprofessional for a start! If in the rare event that a person does need to use their private E-mail account adding an official E-mail address into the “cc” field (either the employees own or the official e-mail of the recipient(s)) would also ensure that it is held officially on the authorities systems. It could then be picked up in the normal way that E-mail correspondence is identified when carrying out relevant searches in response to an FOI request. Indeed, the copying in of official E-mail addresses is suggested by the Commissioner as being a policy that public authorities should have in force to ensure that issues around information being held on private E-mail addresses is not missed.

The suggestion that the commissioner’s decision that FOI applies to text messages and private E-mails is an “over-extension of its original intent” is not something that can really be substantiated. It appears as if it might well be an attempt to amend the FOI laws to make them tighter and easier for Ministers (in particular) to avoid. Such moves must be forcefully objected to. Any tightening of the FOI laws must be resisted.

As for the suggestion that Cabinet minutes should be absolutely exempted from FOI laws by the outgoing Cabinet Secretary are, to put it mildly, a ridiculous suggestion. There are a number of exemptions under which these can be exempt from disclosure and there is not a steady stream of decisions coming from the ICO or the Courts forcing the Government to release such minutes. It’s not hard to argue that maintaining the exemptions being relied upon to exempt the minutes (and other papers) is in the public interest. However, it should be capable of requesting these and for it to be carefully considered whether it is actually in the public interest to withhold the information contained within them. Providing an absolute exemption to Cabinet minutes and documents would, in my view, run counter to the fundamental presumption of the FOI laws and that presumption is one of disclosure.

This really is a non-issue and I fail to understand why Ministers and others seemed to be of the opinion that official information held on behalf of a public authority on an E-mail system out with that of the authority’s official E-mail system is not covered by FOI. I also fail to see why private E-mail addresses would need to be used for official government business. They can’t possibly offer the same level of security as the GSI network. I can’t imagine that Google provides the required level of security required for the processing of government business! Security issues aside, providing remote access to E-mail is not some advanced technology, plenty of private sector businesses provide remote access to not just E-mail but a whole load of systems to their employees. If working from home becomes essential for whatever reason ensuring public sector employees have access to their E-mail can’t really be considered as being beyond the capabilities of the state. A prime example being @LynnFOI who accessed her work E-mail from home on CHRISTMAS DAY to respond to someone’s FOI request!#

Anyway, make up your own mind. Is it really an “over-extension of its original intent” or just an excuse to try and restrict information access rights? I know what I think!
Bristol City Council: Being evassive?

December 23rd, 2011

In response to a request for information issued by the Council on 24 October 2011 Bristol City Council said:

We have not in the past had a system to check the identity of requesters but have now implemented a system to randomly seek proof of identity. (Emphasis added)

Section 8 of the Freedom of Information Act 2000 (FOI Act) does require that an applicant provide their real name when making a request for information. However, nothing within the legislation actually provides that a public authority can check the identity of an applicant. Where a public authority believes that an applicant may be making their request under a pseudonym then it has become practice that rather than simply refusing the request that public authority gives the applicant an opportunity to prove their identity. After all, this is something that they would be required to do if they wished to complaint to the Information Commissioner that a public authority has failed to comply with a valid FOI request (the request not being valid if it fails to use the applicant’s real name).

There are a number of reasons why the true identity of the applicant is needed. Firstly, the authority needs to ensure that what is being made is not actually a Subject Access Request under the Data Protection Act. This requires the authority to follow a separate framework for providing the information and the FOI Act provides an absolute exemption to a public authority where the applicant is requesting their own personal information (Section 40(1)).

There is also the question of considering whether a request is vexatious or repeated. That might be harder to do if a person is able to make applications for information under one or more pseudonyms. A public authority is not required to comply with a request for information that it deems is vexatious or repeated (Section 14). This is to try and safeguard public money. Providing answers to requests for information costs public authorities in both time and money and it is not right that they be required to comply with a request that is vexatious or one which is repeated.

The final main reason as to why it is important to know the identity of the applicant is so that it can properly apply the fees regulations. A public authority is not required to comply with a request if to do so would exceed the appropriate fee (either £450 or £600 depending on the authority). Again, this is about safeguarding public resources. The providing of information to an applicant should not cause a significant drain on the public authority’s resources. Public Authorities exist to provide specific functions and their finances are better spent on providing those functions to the public (although I do believe that FOI is necessary and essential, it’s reasonable that the costs of FOI are limited). Public authorities can group similar requests by an applicant made together and if those requests as a whole would exceed the appropriate cost limit then they can all be refused on costs grounds. This is to prevent applicants simply splitting their requests up into smaller chunks in a bid to avoid the cost limitations. If an applicant is able to make these smaller requests under various pseudonyms it would defeat the purpose of having the fee limit and the aggregation provisions in the first place.

However, at the same time a public authority is supposed to treat a request for information in a way that is blind to the applicant and to the motives of the applicant for requesting the information. While not expressly stated in the legislation the lack of any reference to being able to refuse on the grounds of who made or why the request was made (beyond vexatious and repeated requests) has been taken to mean that the authorities should be blind to these matters when processing the request.

So, what does all this have to do with the quote I mentioned at the start of this article? Well, quite simply Bristol City Council has said that it has introduced a process of randomly checking the identities of FOI applicants. This would go against what the Information Commissioner and the Tribunal considers to be the appropriate way to deal with an FOI request. It is not being blind to the applicant or their motives and without having a good reason for requesting proof of identity the Council could land itself in a spot of bother if it fails to respond to what is a valid request for information within the statutory framework. There are strict time limits laid out in the FOI Act as to when an applicant must receive a substantive response to their request for information (including a notice refusing the request).

When I telephoned the Council in October to confirm that they really did mean a random check I was told that this was in fact their policy. I then spoke with the Information Commissioner’s Office who said that if this did turn out to be the case that they would be concerned about such a policy.

I made an Information request pursuant Section 1(1) of the FOI Act (this is what gives people the right to approach a public authority for information). The Council responded to the request for information on 23 November 2011. The Council’s response did not actually comply with the requirements of the FOI Act. It took the request as being “what is the Council’s policy on this” rather than actually supplying the content of the policy documents as requested by me (among other things). The Council failed to tell me whether it held the information and to provide it to me (or a notice that it was exempt), but instead sent me to its website which contained a short paragraph on checking the identity.

As the Council had failed to respond to the request for information I sought from the Council a review into its response. The FOI Act doesn’t set out any statutory timescales for responding to such requests (unlike the Scottish FOI Act), however the Information Commissioner has issued guidance on this matter to fill the gap left by it not being provided for in the legislation. The Information Commissioner’s guidance states that:

[T]he Commissioner considers that a reasonable time for completing an internal review is 20 working days from the date of the request for review. There may be a small number of cases which involve exceptional circumstances where it may be reasonable to take longer. In those circumstances, the public authority should, as a matter of good practice, notify the requester and explain why more time is needed.

In our view, in no case should the total time taken exceed 40 working days.

In my request for review I made reference to the Information Commissioner’s guidance and let the public authority know that I would contact them if I hadn’t received a response from them (whether that be a full response or notification that it had not been possible to conduct a review) by a certain date. This date represented the twentieth working day following receipt. The Council didn’t respond and so I have written to them prompting them and advising them that if no response is forthcoming by a specified date that I would exercise my rights under Section 50 of the FOI Act and apply for a decision from the Information Commissioner to the effect that they failed to comply with the request for information.

Are Bristol City Council being evasive? If they are why would this be? One can only speculate, but it would seem rather odd that the request could not be answered fully within the twenty working days permitted by the request (subject to any public interest considerations). The bulk of the request related to policy documents presumably held by their FOI Officer given it relates to their FOI policy. The remained related to communications either internally or with the ICO when developing the policy.

It will be interesting to see what comes back from Bristol City Council in terms of their policy on identity checking. Their failure to answer the request the first time and the delay without explanation in conducting the internal review does put more weight to the “being evasive” category. What exactly does Bristol City Council have to hide?

The request made and all associated written correspondence can be viewed here. Certainly worth keeping an eye on to see what happens.
OSIC Decision: Mr David Rule and the Scottish Ministers

December 21st, 2011

This decision Notice issued by the Office of the Scottish Information Commissioner considers whether the Scottish Ministers had failed to comply Part 1 of the Freedom of Information (Scotland) Act 2002 (FOISA).

The applicant wrote to the Scottish Ministers requesting from the First Minister’s Office all information held within correspondence with named individuals. The Scottish Ministers did not respond to the applicant’s request and that applicant requested an internal review be carried out under Section 20 of FOISA. The Ministers did not respond to this request and the applicant applied to the Scottish Information Commissioner for a decision in terms of Section 47(1) of FOISA. When the Ministers were notified of this application they wrote to the applicant advising them of the outcome of their review. In that decision the Ministers took the view that the request was not valid in terms of Section 8 of FOISA. In doing so they relied upon the judgment of the Court of Session in Glasgow City Council and Dundee City Council v Scottish Information Commissioner. This decision clarified that information requests must describe the information sought.

Unhappy with the Scottish Ministers’ decision the applicant applied to the Commissioner again in terms of Section 47(1) for a decision. The Commissioner’s decision notice has a number of interesting things contained in it.

In paragraph 9 of the decision notice it states that the Commissioner is satisfied that it would be appropriate to treat the applicant’s E-mail requesting the information not as one single request for information, but rather 19 separate requests for information (one for correspondence between each of the named individuals).

The Decision Notice states in paragraph 9:

[I]t would be wholly artificial (and thus unreasonable) to do otherwise. If valid, each of these is quite capable of standing alone and is in no way dependent on any of the others.

FOISA sets out what is required in order to make a request for information a valid request for information. This can be found with s.8 of FOISA. The request must contain the applicant’s name, an address for correspondence and describe the information sought. The Ministers’ submissions to the Commissioner focussed entirely on s.8(1)(c) of FOISA which provides that the request must describe the information sought.

The Minister’s argued in their submissions to the Commissioner that the applicant’s request was a general request for information held on specific named individuals and did not clearly identify the information that he was seeking. The Ministers’ contended in their submissions that applying s.8(1)(c) of FOISA and the decision of the Court of Session in the Glasgow City Council case that the applicant’s requests were not valid.

The Minister’s contended that the applicant’s use of the phrase “information contained in correspondence” was too vague and was an insufficient description of the information sought. The Minister’s further argued that it provided no assistance to them in locating the information held which fell within the scope of the request.

The Ministers’ further submitted that the request gave insufficient information as to allow them to identify the individuals to whom the applicant was referring. They utilised Linkedin to demonstrate to the Commissioner the number of people as to whom the applicant could have been referring.

In paragraph 15 of the Decision Notice the Commissioner found that the applicant sought all information contained within a specific type of document (i.e. correspondence). The Decision Notice states at paragraph 15 that:

The Commissioner finds it reasonably clear that the applicant is seeking the information recorded in that type of document. The word “correspondence” provides specification about the type of communication.

The commissioner did not accept the Ministers’ argument that the request must stipulate the subject matter of the correspondence in order to satisfy the requirements of s.8(1)(c). The Commissioner felt that to do so would run contrary to the overall aim of FOISA, which is to provide openness with the absolute minimum number of formal requirements in order to achieve that aim (paragraph 16).

The Commissioner also noted that some of the names on the list of persons supplied by the applicant were prominent people in the public eye. This was eventually accepted by the Scottish Ministers. However, they maintained that some of the names on the list were “exceedingly common and could refer to private individuals or officials in the Scottish Government with those names” (Paragraph 17).

In Paragraph 18 the Commissioner applied a “common sense” approach and took the view that it would be appropriate to interpret the names by way of a common characteristic (i.e. that they were all people of note). The Commissioner commented that:

It does not appear reasonable to start from the premise that the applicant has constructed a basically random list of subjects, some of whom are public figures and some of whom are not.

The Commissioner referred to the provisions in s.1(3) which relate to seeking clarification when considering what the case might be if there were more than one person with the same name who was of prominence.

The Commissioner found that the requests as submitted by the applicant were valid in terms of s.8(1)(c) of FOISA and required that the Scottish Ministers to review their handling of the requests and notify the applicant of the outcome of that review.

The Commissioner went on to make a number of findings in relation to technical aspects of the handling of the request which relate to the timescales set out in ss. 10(1) and 21(1) of FOISA.

Comment

It does seem rather odd that the Scottish Ministers took the view that the request by the applicant was not valid. It seems quite clear from the Commissioner’s explanation of the request that it was clear as to what the applicant was seeking. If the Ministers had been in any doubt as to which particular individual with a name listed within the applicant’s request that the request related to then it was open for them to use the mechanism under s.1(3) of FOISA. This would have allowed the Ministers to go back to the applicant and ask for further information in order to help them locate what the applicant was looking for.

What is particularly interesting about this Decision Notice was the view that the Commissioner took in relation to the number of requests made. The Commissioner found that the E-mail sent by the applicant to the Scottish Government was in fact making a separate request for information for each individual listed. This decision might well assist the applicant in terms of the fees regulations. Under FOISA no public authority has to comply with a request that is estimated to cost more than £600 to process. Unlike under the Freedom of Information Act 2000 this £600 applies to all public authorities covered by FOISA and includes the time taken to redact information from documents that is not to be disclosed.

The requests are sufficiently different that it would be hard for the Scottish Ministers to argue that they should be aggregated together whereas if the request was to be considered as one single request rather than 19 separate requests it is quite likely that it would exceed the £600 limit in terms of costs.

The Commissioner also took the opportunity to clarify that FOISA does not entitle people to request copies of documents (a point brought out in the Glasgow City Council and Dundee City Council case), but that any request for documents should be taken to mean the information contained within a document.

The Commissioner’s decision seems entirely reasonable. It will, I’m sure, provide some clarity for the public and public authorities as to what approach should be taken when a list of names is presented within a request for information under FOISA. Of course, it is far more sensible to take the time to specify clearly in the request exactly what information is sought. Taking an extra few minutes to “flesh out” the request to provide as much clarity as possible can save a lot of time in the long term. Applying to the Commissioner for a decision is a lengthy process. In this instance the Decision Notice was issued more than six months after the request was submitted.

The Commissioner’s Decision can be read in full by clicking below:

Decision 245/2011 Mr David Rule and the Scottish Ministers