• current Practice recommendations published on ICO website (s48): 0
  • Information notices published on ICO website (s51): 0
  • current Enforcement notices published on the ICO website (s52): 0
  • Certificates of non-compliance with Decision Notices (s54): 0
  • Use of powers of entry and inspection (s55, Sch 3): 0
  • Prosecutions for altering/blocking/concealing/destroying records with intent to prevent disclosure (s77): 0

Important notes

  • The statistics are based on the latest information that I can easily find, sources are indicated below.
  • I am not simply interested in enforcement action taking place, these figures about enforcement action being seen to be done.
  • Decision notices are excluded because I see these as ruling on whether or not a public authority has complied with the law as oppose to taking firm action to enforce the law. Also the ICO is legally required to issue Decision Notices (subject to certain limited exceptions) – I want to focus on the discretion he is exercising with regard to enforcement.
  • I am happy to accept any additions/corrections/clarifications that the Information Commissioner or any third party sees fit to provide.

Sources

  1. Good practice recommendations: The ICO has committed to publishing all practice recommendations. The latest one I found was one relating to Department of Health from March 2009. These recommendations are not binding as such so I am not particularly interested in searching for ones issued more than three years ago that are not listed on the ICO’s enforcement page.
  2. Information Notices: I checked the Enforcement page, ICO website (accessed 1 June 2013) and conducted other searches.
  3. It is known that the ICO has issued at least one (referred to in: FS50436434) but I could not easily find a copy.

  4. Enforcement notices: “There are currently no freedom of information enforcement notices available on the website.” Enforcement Notices page, ICO website, accessed 1 June 2013. The ICO has issued such notices in the past but my point is that none are regarded as current by the ICO.
  5. Certificates of non-compliance: Email from the ICO’s Assistant Internal Compliance Manager, 25 February 2009. I searched for more recent data but could not find any, in particular I checked the Enforcement page, ICO website (accessed 1 June 2013)
  6. Powers of entry/inspection: I checked the Enforcement page, ICO website (accessed 1 June 2013) and conducted other searches.
  7. Prosecutions: I checked the Enforcement page, ICO website (accessed 1 June 2013) and conducted other searches. The ICO is underfunded has a large backlog of cases which makes it difficult to catch offenders in time to prosecute.

Further note re practice recommendations
“Although a Practice Recommendation is not directly enforceable, a failure to comply with a Practice Recommendation may lead to a failure to comply with the FOIA or EIR. Further, a failure to take account of a Practice Recommendation may lead to an adverse comment in a report to Parliament by the Commissioner.” Source: ICO guidance on practice recommendations.

OK, lets back up a bit here to the year 2000 and the reason the Freedom of Information Act 2000 was brought in – the Act was brought in so that the public would have a legal right to access promptly any information held by a public body except where this would be harmful. That includes the right to access information the public body or the people who work for it don’t want you to have because it is embarrassing or would take up a bit of their time to put together. That said let’s get back to December 2012 and to the UKBA’s reasons for withholding information from the public. UKBA have been asked for information about exclusion orders. I understand why it might not be appropriate to release names of individuals and I understand that it might not be appropriate to release information about ethnic groups where there are only a very small number of individuals, however UKBA’s response is ridiculous:

(my emphasis)

“We have considered whether to withhold only the names of the individuals concerned, but to release the rest of the information requested. However, we have concluded that the data relating to the years 2009-2011, most of the data relating to nationalities and the information on the basis of each individual’s exclusion order, relate to sufficiently small numbers of people that its release would breach the Data Protection Principles. This is because the information released could be linked to
particular individuals, or enable individuals to be identified if that information were cross referenced with other data that may be available via other sources. Although not all of the nationalities relate to very small numbers of people, we consider that the release of figures relating to some nationalities but not others, could similarly make it possible for someone, who already knows information relating to any of the other nationalities, to deduce information about individuals who have been excluded because they would know, from the omission of that nationality from our response, that they are from a nationality of which only a small number of people have been excluded.”

I am left wondering under what circumstances UKBA would release any aggregated statistical data whatsoever. Presumably, the UKBA officials would oppose the publication of the 99% literacy rate of the UK population because it would mean that I could be virtually certain that my next door neighbour was literate. To be honest I am surprised they even released the total figure of 32 because had I told my neighbour that I was the 100th person ever to receive an exclusion order and I got a special cake from UKBA he would now know I had lied. Presumably, UKBA cannot admit to not having a holding centre inside the Ritz Hotel in case someone happened to tell a friend they were in a holding centre and putting two and two together she deduces that he wasn’t staying at the Ritz. Seriously, though if you go down the UKBA route where does it end?

If you provide certain information to friends, neighbours and others it does make it more likely they can usually find out more information about you using other information in the public domain – that’s obvious and to a point you have to accept this.

Why can’t UKBA at least address the question: “In each case, what was the basis of the exclusion order?” for the 32 exclusion orders issued on a no names no nationalities basis?

The UK Border Agency’s highly questionable interpretation of FOI law is contrary to the spirit of transparency that is so badly needed in this country today.

The Information Commissioner’s formal ruling that the Royal Household is not legally required to answer requests for environmental information has today been criticised by a number of freedom of information experts and activists after it was found to contain unattributed extracts from three Wikipedia articles.

Background
Environmental information was requested from the Royal Household in March 2012. The Royal Household refused to answer the request on the basis that it was not a public authority despite receiving millions of pounds of public funding and being responsible for the upkeep of the state-owned Occupied Royal Palaces. The requester (@foimonkey on Twitter*) appealed this decision to the ICO in May 2012, who formally responded around nine months later.

Plagiarism from Wikipedia
The ICO’s formal Decision Letter contained unattributed extracts from three Wikipedia articles – the material from Wikipedia was not in quotes and was passed off as though it were the ICO’s original analysis of the legal and constitutional position of the Royal Household. This is particularly embarrassing for the ICO as the Decision Letter was signed off by the Deputy Information Commissioner with responsibility for FOI (Graham Smith) and given the nature of the ruling should have been looked at by the ICO’s high profile case unit.

The ICO may have broken copyright law by reproducing this material without attributing Wikipedia. Questions are now being asked about the use of unattributed sources in the ICO’s formal decisions.

Plagiarism from Royal Household website
The ICO’s Decision Letter also included a number of unattributed extracts from the Royal Household website again passed off as though it were the ICO’s own analysis. This demonstrates a lack of rigour by the ICO in reaching formal decisions and suggests that it taking statements made by the bodies it regulates at face value rather than acting as a robust and responsible regulator. The ICO’s conduct in this matter will be taken by many as a sign that it gives too much weight to the views of public bodies and is is too quick to dismiss the legitimate concerns of FOI requesters.

Absurd ruling
A number of other deficiencies in the ruling have been identified. One claim made by the ICO is particularly absurd and is likely to anger Monarchists and Republicans alike:

“the Commissioner is satisfied that the Sovereign does not exercise functions that are public in nature.”

(This despite the Queen’s role in the State Opening of Parliament, in awarding Peerages and honours and appointing ministers, as Head of the Armed Forces, I could go on…)

No mention of right to appeal
It has also been noted that the ICO has not notified the requester of their right to appeal the ruling – this failure is already the subject of a separate complaint to the ICO.

Conclusion
The Information Commissioner’s Office has a number of questions to answer about the quality of formal decisions and needs to take urgent action to regain the confidence of FOI requesters.


*well known to me and many who read my blog

The BBC has reported that Rutland Council could be the first local authority to sue for defamation. Lawyers claim the council’s reputation had been damaged and suggested they could sue using the powers the Council now has under the Localism Act 2011.

This threatens a long standing principle of English law that prevents local councils from suing for defamation.

“The Derbyshire county council v Times Newspapers Ltd judgment of 1993 specifically rules out local authorities from suing for libel. As Lord Keith said in the judgment: “It is of the highest public importance that a democratically elected governmental body, or indeed any governmental body, should be open to uninhibited public criticism”.” [This protection is called “the Derbyshire Principle”.] Guardian, 14 February 2012

Where it went wrong
The Localism Act 2011 was intended to reduce red tape for local councils … so where did it all go wrong. Supporters of the bill were eager to reduce legal hurdles that stopped local councils innovating. One of these perceived barriers was a rule which states that a council cannot legally do something unless it is expressly authorised by law (this contrasts with the position for a private person who is allowed to do anything unless the law says he or she cannot). To eliminate this rule Section 1(1) of the Act says “A local authority has power to do anything that individuals generally may do.” and it is this clause which puts the Derbyshire Principle at risk.

Why you should care
You should care because:

(1) Anyone who supports freedom of speech and/or freedom of the press and/or hates corruption and incompetence should be greatly concerned about this threat to our previously well established right to criticize local councils as corporate bodies without fear of a defamation action being taken against us.

(2) Defamation actions in the UK are incredibly complex and expensive. In the words of the Libel Reform Campaign: “The potential cost of defending a libel action is prohibitive”. When a council loses a defamation case against a local newspaper or blogger its costs will be paid for out of your Council Tax and other taxes. Many bloggers and journalists will be put off by the potential cost and you simply won’t see the story.

(3) The UK’s defamation laws are bad enough already which is why we have attracted ‘libel tourism’.

(4) Do you really want the secretive and influential City of London Corporation being able sue for damage to the Corporation’s reputation?

(5) It is dangerous precedent to allow local councils to sue for defamation – the next step could be allowing Central Government bodies the same powers.

How can I help to stop this?
I don’t have all the answers but here are my initial thoughts:

(1) There is a Defamation Bill and a Crime and Courts Bill currently before Parliament so write to your MP and tell them that you are extremely concerned about this threat to a long standing principle of English law.

  • Ask your MP to put forward an amendment to one of the bills already before Parliament to put this important civic right on a solid legal basis.
  • Ask your MP to consider proposing an early day motion on this issue – an early day motion is a bit like a petition that MPs and only MPs can sign – it will help to highlight the issue.
  • Ask your MP to ask a written question to the Government about whether the Localism Act 2011 means that the Derbyshire Principle no longer applies?

(2) Raise awareness – tweet and blog about this issue and encourage others to take action.

(3) Write to one of the Lords interested in defamation law and ask them to help secure this important right.

Acknowledgements
Thank you to Ganesh Sittampalam for an email which made me sit up and take notice of this issue.

Given the fact that in coalition it is hard to get agreement on big policies, especially as there isn’t a lot of spare cash, I thought I would write a list of pro-transparency ideas that would be fairly small and reasonably easily to implement – though not all are uncontentious. I am an eternal optimist and I hope that lots of political parties will copy these ideas and put them in their manifestoes.

Increase the number of bodies covered by the Freedom of Information Act

  • Make all exam boards subject to FOI in respect of the administration of public examinations.
  • Make the Higher Education Statistics Agency (HESA) subject to FOI.
  • Make all housing associations subject to FOI.
  • Make all trust ports subject to FOI.
  • Make the Panel on Takeovers and Mergers subject to FOI.
  • Make Returning Officers and Electoral Registration Officers in public elections subject to FOI.
  • Make ‘any person providing health, education, social care, criminal justice services under a contract made with a public authority where the provision of the service is function of that authority’ subject to FOI

See also: more ideas and even more ideas.

Make Freedom of Information Act 2000 more effective by making the whole process quicker

  • Introduce fixed time limits for internal reviews.
  • Introduce fixed time limits for public interest extensions.

Reduce the “get out clauses” and “loopholes” … and make transparency laws more robust

  • Toughen up the wording – require public bodies to demonstrate ‘substantial prejudice’ before using an exemption to withhold information, rather than simply demonstrating ‘prejudice’.
  • Close the loophole that means that HMRC does not have to release information about corporate tax payers even when it can be shown that the public interest is harmed by non-disclosure.
  • Scrap the Ministerial Veto – take away right of ministers to overrule the independent Information Commissioner (if appropriate it could be retained for matters of National Security only).
  • Remove the exemption that exists in respect of communications with the Royal Family and Royal Household – this is in line with the idea that everyone should be equal before the law
  • Only allow information to be withheld under the “intended for future publication” exemption if the public body has made a public commitment to publish the information within 90 days.
  • Make the BBC more accountable by replacing the BBC’s “derogation” with a properly drafted exemption.
  • Bodies subject to the FOI should be required to publish a functioning email contact address on their website (with due prominence) – Note companies providing services through websites are already legally required to do this
  • Where the opinion of a “qualified person” is used to block disclosure that person should have to be named in the refusal notice.
  • Make all companies owned 90% or more by one or more public bodies subject to FOI.
  • Make the House of Commons Commission and the Corporate Officers of the Houses of Parliament subject to FOI to avoid the present situation where the senior officials working in the Palace of Westminster will not answer FOI requests while Parliament is dissolved.
  • Make it easier for people to request information about themselves under Data Protection law by only allowing exemptions to be used where it is in the public interest, this already happens for FOI exemptions.

Make publicly owned companies accountable

Say those owned 90~ by one or more public bodies

  • give the public the right to attend Board Meetings of public companies, except those parts of the agenda where there was a good reason to go into closed session.
  • require each director’s vote to be minuted on all formal decisions.
  • require (draft) minutes of open meetings to be published online within 15 working days of the day on which the meeting finishes and that final minutes are published online promptly once approved.

Be flexible on format when supplying public sector information

Extend Whistleblower Protection

  • Give students the same whistleblower protection that employees already have.
  • Give non-executive directors the same whistleblower protection that employees already have.

Make it easier for people to reuse public sector information and hold the public sector to account without fear of litigation

Further Acknowledgements

Foiwiki ideas and more ideas.

A quick search of the ICO’s Register of Data Controllers for the word “coroner” reveals just 18 records. This does not compare favourably with the dropdown box on the Coroner Society figure of about 110. Only 32 of these are ‘whole time’ coroners the remainder being paid for each case. Now let’s consider whether coroners need to be registered as data controllers and other key questions that arise.

(1) Do coroners hold data about living individuals?
Yes. It is accepted that information about the deceased is not ‘personal data’ for the purposes of the Data Protection Act but as noted in the registration of Her Majesty’s Coroner for Greater Manchester (North District) coroners hold data about the “RELATIVES, GUARDIANS, PERSONS ASSOCIATED WITH DECEASED”.

(2) Are coroners covered by the data protection registrations of local authorities?
No. In the ICO FOI Decision notice the Commissioner “determined that the tapes are held by the public authority solely on behalf of the Hertfordshire Coroner and not for its own purposes. Coroners are not designated as public authorities under
the Freedom of Information Act 2000 and therefore their records are not subject to the information access regime of this Act.”
It goes on to conclude “It holds the information on behalf of another person and that other person, the Hertfordshire Coroner, is not a public authority as defined in the Act”.

It seems therefore very unlikely that the ICO would take the opposite view for Data Protection purposes, so I think it is safe to say that the coroner as an independent judicial officer is also a Data Processor who is not covered by the local authority registration.

If that isn’t enough, in EA/2008/0010:

“the Tribunal concluded that the Coroner had in this case made the decision what was or was not to happen in relation to this information. This was consistent with the statutory regime under the Coroner’s Rules and indicated that ‘ownership’ of and control over this information lay both in fact and law with the Coroner. That this should be the case was consistent with the fact that the Coroner is an independent judicial office holder, whose decisions are made independently of the Council.”

Clearly, the coroner is a data processor.

(3) Are coroners exempt from registering?
No. If you read the ICO’s guidance and bear in mind that coroners are responsible for the administration of justice you will see that no exemption is available.

(4) Why doesn’t the ICO do something?
You would have to ask the ICO that question really, but the ICO’s general approach is not to pro-actively look for potential instances of non-compliance with notification requirements, far from it. In fact, the ICO often does not act when instances of non-compliance are brought to its attention.

Please see information rights and wrongs excellent piece on failure to notify by MPs in which the ICO response is recorded as “Our non notification activities are targeted at particularly high risk or under represented groups or sectors.”

(5) Why does any of this matter?
Firstly, because non-registration is a criminal offence and hardly could conduct for a judicial officer. Secondly, you can choose to buy goods and services from people you trust to process your data lawfully but when it comes to public authorities you usually don’t get a choice and this is true for coroners you might come into contact with in the most tragic of circumstances. Finally, because it again calls into question the ICO’s choice of who to target with enforcement action. I am reminded of Tim Turner’s comment:

“Chris Graham’s speeches are impressive and stirring, with an attitude that no stone will be left unturned, no organisation or sector can act with impunity, but the reality is different. Rather than issuing CMPs [civil monetary penalties] to big private sector organisations, they go after councils. Rather than prosecuting MPs for non-notification, they do estate agents. They have to concentrate scant resources, and the targets that they choose could be exemplars – big, powerful institutions and individuals whose fate would serve as a lesson for all”

I have set up a petition to close HMRC’s FOI loophole, it is currently awaiting approval. Please sign this as soon as it is approved and promote it in any way you can. It should appear here once it is approved: Ministry of Justice Petitions (‘Civ’ to ‘Con’)

Close the HMRC freedom of information loophole petition


“While almost all public bodies are required to release information about companies under the Freedom of Information Act 2000 there is a loophole that means HMRC does not have to do so. The loophole is contained in Sections 18 & 23 of the Commissioners for Revenue and Customs Act 2005. This loophole means that HMRC does not have to release information about corporate tax payers even when it can be shown that the public interest is harmed by non-disclosure. In fact HMRC would not even be required to release relevant information it holds in cases where corporations have knowingly mislead the public about the amount of tax they pay,

Whilst we accept that private individuals have a right to privacy, we fail to see why this right extends to the tax affairs of major corporations.

We call on the Government to introduce legislation to close this loophole in respect of companies and other organisations as step towards a fairer and more transparent tax system.”


The oldest written law currently in force in England is the Distress Act, part of the Statute of Marlborough, 1267 (sources: [1], [2][3]) – but a Law Commission document published in April 2012 reveals that after more seven hundred years on the statute book the Act came very close to being repealed.

“As indicated earlier in this Part we looked at the topics of distress and waste in the context of the Statute of Marlborough 1267 but, as explained, formed the view that it would be premature to pursue repeal of the distress chapters, pending enactment by parliament of amendments to the Tribunals, Courts and Enforcement Act 2007 following the UK government’s consultation on transforming bailiff action, and that it would be inappropriate to repeal the chapter on waste.”

Depending on the outcome of the Government’s consultation on bailiff action the Act could still get repealed. Worryingly nowhere in the Law Commission’s analysis to they really take into account the historical significance of this Act as the oldest law we have left.

The 13th century Act has the effect of stopping a person recovering damages from someone else except by order of a court which amounts to outlawing private feuds. The Act also protects tenant’s property in certain circumstances.

I am not proud of every aspect of British history but I think everyone in the UK can be proud of the positive contributions the British have made to the development of the rule of law and democracy (Magna Carta being among the most famous).We should try to save Britain’s oldest law from repeal if it all possible.

The Government’s plans to charge for FOI requests are really rather disappointing as the Government has previously had a relatively good record on FOI and in 2010, Eric Pickles even spoke out against Local Councils charging journalists for making FOI requests: “If town halls want to reduce the amount they spend on responding to freedom of information requests they should consider making the information freely available in the first place.” My aim in this blog post though is not to explain why charging for accountability is bad in principle but to explain the practical difficulties and additional bureaucracy that will result from introducing charges. Before I go any further, it is worth noting that although there can be charges for photocopying etc fees are very rarely charged in practice. The following extract from the WhatDoTheyKnow FAQ illustrates how even the present limited charging system is more bureaucratic than it needs to be. “Authorities often include unnecessary, scary, boilerplate in acknowledgement messages saying they “may” charge a fee. Ignore such notices. They hardly ever will actually charge a fee.” How much more red tape will there be if a routine charging system is implemented.

dealing with routine enquiries
One of the strengths of the present Freedom of Information Act 2000 is that you don’t need to use any magic form of words to invoke the Act. If someone ask a public body in writing for recorded information then they have made an FOI request even if they have never heard of the Act. This means that if someone emails their Local Council to ask what the opening times are for the library or for a copy of a particular form then they have made an FOI request. Public bodies often deal with these requests under “business as usual” but having front line staff even considering whether or not to charge the public for answering routine enquiries is a very unhelpful innovation.

dealing with requests for information about the handling of complaints etc
Often requests for information about how a complaint was handled are (or at least ought to be) dealt with partly under the Data Protection Act (the personal data part) and partly under FOI (everything else). The best approach is for the public body to consider the request under both sets of rules and release as much information as possible at no charge. The maximum charge for Data Protection Act requests is in most cases £10 – it would be unhelpful for public sector staff to have to apply two separate charging systems in respect of one request. Not to mention the poor member of the public already dissatisfied with the public body in question could end up paying twice to see information his/her taxes paid to create in the first place.

dealing with requests for environmental information
The UK has signed up to the Aarhus Convention which means we have to allow to access any public registers or lists of environmental information free of charge (Article 5) and in addition public authorities must make environmental information available for inspection at no charge (Article 6). The definition of ‘environmental information’ is a wide one and covers things people might not expect such as town planning, human health and safety, noise, radiation and biodiversity (see: ICO Guidance).
The upshot of all this is that a public sector employees when dealing with a request for information might have to consider providing all or part of the information under the Environmental Information Regulations even if the person requesting it refuses to pay the new FOI charge. The Government should really be trying to cut bureaucracy by making these two access to information laws as similar as possible and as simple as possible.

refunds
If you start charging for something and you don’t provide or you only provide all of it or you provide it late or there is a problem with it expect requests for refunds. Public bodies will have to have a procedure in place for deciding when to pay refunds and procedures for paying money back which could end up costing more than the modest fee the Government might be planning to introduce. Individual requesters may be more likely to request internal reviews and raise complaints with the ICO and other regulators if they feel they have not received what they have paid for. A no refunds policy might be an option but then you have to deal with the unhappy customer who finds out later that the information he/she had requested was on your website but much harder to find than it should have been.

people will ask for more information in one request
If people are charge say £15 per request they will be tempted to get as much information as they can in one go to get value for money rather than asking for what they think they need at that point in time. This will lead to longer and more complicated requests.

conclusion
A small charge for each request may seem superficially attractive as a way of covering the cost of FOI but it will cause a number of practical difficulties when we should be trying to make accessing information from public bodies as simple as possible.