This newsletter provides a round up of freedom of information and data protection developments and outlines information and guidance available from the Information Commissioner's Office (ICO).
Richard Thomas
Information
Commissioner
Richard Thomas will shortly be writing to public authority Chief Executives urging them to adopt the ICO's new model publication scheme. Every public authority subject to the Freedom of Information Act is required to adopt and maintain a publication scheme. A publication scheme is a commitment to routinely and proactively provide information to the public. The Information Commissioner will also make clear the ICO commitment to spot checks from February 2009, to ensure compliance with the requirements.
The ICO held a series of workshops around the country with freedom of information practitioners in order to develop the new model publication scheme. The workshops informed representatives how to get the best out of a scheme, what information should be included and how it should be presented to the public.
Details about the new scheme can be found on the ICO website: ICO model publication scheme
David Smith
Deputy Information Commissioner David Smith launched the ICO's data protection strategy at the Data Protection Officer conference in Manchester on 11 March 2008.
The strategy sets out how the ICO goes about its task of minimising data protection risk. In doing so it explains how the ICO will focus its resources on situations where there is the greatest risk of harm to individuals through improper use of their personal information.
The ICO is inviting tenders to carry out a study into the strengths and weaknesses of EU Data Protection Law.
Iain Bourne, Head of Data Protection Projects at the ICO, said: "There is a growing feeling that the EU Directive on data protection is becoming increasingly outdated and is more bureaucratic and burdensome than it needs to be. Although only the European Commission can initiate the process for changing the directive, the ICO wants to start a debate about its strengths and weaknesses to ensure EU data protection law effectively meets the needs of organisations and individuals."
For further information about the invitation to tender please see the website: Invitations to tender or contact Iain Bourne at iain.bourne@ico.gsi.gov.uk
We now have over 4000 subscribers to this newsletter, four times more than twelve months ago. However, recent stakeholder feedback suggests many are still unaware of it.
If appropriate we would be grateful if you would forward the following link onto colleagues in your own, or other organisations, who may like to sign up for future editions
The ICO's regional office in Northern Ireland has moved to:
Information Commissioner's Office
51 Adelaide Street
Belfast
BT2 8FE
Tel: 028 9026 9380
Fax: 028 9026 9388
Email: ni@ico.gsi.gov.uk
This e- newsletter is Browsealoud enabled which means web pages can be read aloud for people who find it difficult to read online. Reading large amounts of text on screen can be difficult for those with literacy and visual impairments.
The Information Commissioner has been approached by a number of individuals and organisations for a view on Phorm's Webwise and Open Internet Exchange (OIX) products.
The ICO's full statement can be found here
The Commissioner is responsible for enforcing the Data Protection Act and the Privacy and Electronic Communications Regulations. Therefore the Commissioner is confining himself to the question of whether the use of the products offered by Phorm complies with these laws.
The Article 29 Working Party (made up of representatives of the data protection authorities of all the EU member states) recently adopted a working document to consult on the protection of children's personal data (Working Document 147)
It is aimed at national data protection supervisory authorities, who are responsible for monitoring the processing of children's data.
Please click here for more information on this document and to contribute to the online consultation. The deadline for comments is 30 June 2008.
The ICO held its first ever Data Protection Officer conference on Monday 10 March 2008 in Manchester's Bridgewater Hall.
The day itself was attended by 120 Data Protection Officers working in the public, private and third sector. Over 400 applied for places but unfortunately space was limited
Speakers included Amanda Chandler from Vodaphone and Kathy Ford from Avon and Somerset Constabulary, who both provided their views on the challenges facing their sectors of ensuring data protection compliance and 'buy-in' from their organisations.
The ICO's Minister of State, Michael Wills MP, also gave his perspective on the importance of data protection as more information is shared across organisations to streamline access to services.
The ICO is committed to developing a mutually beneficial working relationship with Data Protection Officers and will be looking at how it can build on the success of this conference.
Following the ICO's privacy impact assessment handbook launch in December, the National Police Improvement agency has become the first organisation to commit to using it to help develop the new Police National Database.
The ICO issues guidance in the form of good practice notes, 'it's your information' notices and technical guidance. Since the last newsletter in February the ICO has published the following new guidance:
Good practice notes:
The purpose of a good practice note is to present organisations with data protection and freedom of information advice in a simple, easily understood form. The notes are written in plain English with no jargon. They are aimed at people who have limited time to absorb information about their obligations. The focus of the notes is often therefore quite narrow and will aim to address questions that are often asked of our helpline or advice teams.
Skipton Financial Services
The ICO has found Skipton Financial Services in breach of the Data Protection Act. This follows the theft of an unencrypted laptop which contained the personal information of 14,000 customers.
The laptop, which contained names, dates of birth, national insurance numbers and investment amounts, was stolen from a Skipton Financial Services contractor. It is the ICO's view that there should have been appropriate encryption measures in place to keep the data secure.
Loans.co.uk
The ICO investigation into complaints against Loans.co.uk has been completed. Appropriate regulatory action was taken and an ex-employee of the company has been formally cautioned for a criminal offence of unlawful disclosure of personal data contrary to section 55 of the Data Protection Act
ADC Organisation Ltd a Manchester debt recovery company pleaded guilty to six charges under the Privacy and Electronic Communications Regulations and has been fined £600. The action follows thousands of complaints from individuals and businesses to the ICO and the Fax Preference Service. The organisation was also ordered to pay £1,926.25 in costs.
Last year the ICO issued ADC with an enforcement notice ordering the company to stop sending unwanted faxes to individuals and companies who were registered with the Fax Preference Service or who had not given consent to receiving such faxes. Since then the ICO and the FPS received over 2,000 complaints about ADC.
Ken Macdonald, Assistant Commissioner for Scotland at the ICO, has written to every Community Council Liaison Officer in Scotland to remind them of their obligations under the Act and to explain why most community councils should notify their processing with the ICO.
A record 536 barristers in Northern Ireland are now registered as data controllers thanks to an initiative between the ICO and the Northern Ireland Bar Council. This initiative is a welcome move and has set a national precedent for organisations to recognise and comply with the Data Protection Act.
Under the Data Protection Act organisations that process personal information about individuals must notify with the ICO, and if they fail to do so they can be prosecuted (see next story). To ensure every member of the Northern Irish Bar notifies, barristers can no longer obtain a practicing certificate unless they notify with the Information Commissioner.
The Information Commissioner's Office has successfully prosecuted accountants from North London and Bolton and four London based solicitors for failing to notify as a data controllers. This was despite repeated reminders from the ICO of their obligations under the Data Protection Act.
Accountant David Darko of Darko Consulting Ltd, was fined £300 and ordered to pay costs of £539.20. Solicitor Samuel Koranteng of Koranteng Hughes & Co was fined £150 and ordered to pay costs of £539.20. Azhar Saleem of Saleem and Co. Accountants in Bolton was fined £300 and ordered to pay costs of £428.50. Sajjad Khan of Knights Solicitors was fined £650 and ordered to pay costs of £525.40. Olubi Adejobi of Grier Olubi Solicitors and Robert Bentley of Bentley's Solicitors were each fined £300 and ordered to pay costs of £500.
Each was also ordered to pay a victims' surcharge of £15.
The Information Commissioner, Richard Thomas, has strongly criticised Hounslow Primary Care Trust for failing to meet its obligations under the Freedom of Information Act. The Trust failed to respond adequately to information requests, refused to provide all the relevant documents to the requester and missed several deadlines for responding to both the requester and the Information Commissioner.
Richard Thomas said: 'Hounslow PCT's records management is clearly inadequate and its performance in handling this case has been totally unacceptable. The Freedom of Information Act must be properly implemented by public bodies - it is not a voluntary scheme that organisations can dip in and out of - I consider that other health trusts and public authorities could usefully learn lessons from this case.'
Conference hosts - the ICO, the Constitution Unit and the Ministry of Justice - invite delegates to explore the benefits and challenges of working with FOI, and to learn from others, at the 'Sixth annual Information Rights conference for the public sector in the UK'.
A booklet, 'Hints for Practitioners handling FOI and EIR requests', has been produced by the Ministry of Defence,, the Department for Environment, Food and Rural Affairs the Ministry of Justice and the ICO. The guidance provides practitioners with advice on best practice in responding to requests for information. It will also help to ensure that freedom of information requests are handled consistently across the public sector.
The booklet can be downloaded from the ICO's website or ordered by contacting the ICO on 08456 306 060.
National Offender Management Service (NOMS)
The ICO has issued the National Offender Management Service with a formal practice recommendation.
This action followed a review by the ICO that showed NOMS had repeatedly failed to respond to information requests in line with its obligations under the Freedom of Information Act.
In particular the practice recommendation should ensure that information requests receive adequate priority and resources, and delays in providing full responses are addressed.
Department of Health
The ICO has issued the Department of Health with a formal practice recommendation.
This action has been taken because they failed to offer appropriate advice and assistance to people making requests under the Act and delayed the conduct of internal reviews beyond a reasonable timescale.
The practice recommendation follows an ICO decision earlier this year involving the Department of Health after it breached the Act several times over a request for information relating to its electronic recruitment service.
The ICO commissioned research to understand how public authorities in England, Wales and Northern Ireland felt that the Freedom of Information Act was working in practice, what their perceptions are and how they see it working in the future. The findings have been compared with the results from previous years.
During the fourth quarter of the financial year 2007/08 we received 711 complaints under the Freedom of Information Act and Environmental Information Regulations.
This diagram outlines FOI cases received and resolved up until the end of March 2008.
For details of all decision notices issued by the ICO go to the decision notices page of the ICO website. Some decisions announced since publication of the last e-newsletter include:
Pension funds
The Information Commissioner ordered 32 local authorities to disclose the amount of money paid to brokers by investment managers on behalf of employees' pension funds. The Information Commissioner, Richard Thomas, has ruled that there is a strong public interest in releasing the information.
Cabinet minutes
The Information Commissioner ordered the Cabinet Office to release the minutes of Cabinet meetings where military action against Iraq was discussed. He does not believe, however, that the disclosure of these minutes will necessarily set a precedent in respect of other Cabinet minutes.
Personal information
The Information Commissioner ruled that the Mersey Care NHS Trust was right not to disclose five critical incident reports into five separate murders carried out by patients of the Trust. The Information Commissioner's Office agreed with the Trust's decision that the reports contain personal information and that their release under the Freedom of Information Act would breach the Data Protection Act 1998.
House of commons expenses
The Information Commissioner ordered the House of Commons to release further details of some MPs' spending, including incidental expenses and staff costs, on the grounds that such expenses arise from their role as public representatives and are reimbursed from the public purse.
We welcome your comments on our e-newsletter. If you have any comments or suggestions please e-mail websitefeedback@ico.gsi.gov.uk
Unsubscribe: To stop receiving the ICO e-newsletter please follow the link.
The ICO is the UK's independent public body set up to promote access to official information and protect personal information.
We enforce the Data Protection Act, the Freedom of Information Act, the Privacy and Electronic Communications Regulations and the Environmental Information Regulations, regulating the organisations that come within their remits.
We provide guidance to organisations and individuals to promote awareness of information rights and obligations, ensure compliance with the law and encourage good practice.
We rule on eligible complaints and can take action when the law is broken.
