The mystery of the disappearing immigration stats

FOIMan probes the refusal of a request for immigration statistics by the Home Office – and finds they haven’t always been so cautious.

A docked ferry at Dover

A docked ferry at Dover

Earlier this afternoon I was asked if I would agree to being interviewed on BBC Radio Kent about the refusal of a request they had made to the Home Office. Not wishing to sound a complete dunce, I did a little digging around and was quite surprised at what I found.

The BBC had asked the Home Office for the numbers of illegal immigrants that had been detained seeking to enter the UK via the port of Dover in Kent in each of the last 5 years. A month late, it should be said, they received a response refusing the request, citing the exemption at s.31(1)(e) – if disclosure would, or would be likely to, prejudice the operation of immigration controls. BBC Kent sent me a copy of the response to see what I thought of it.

Well, for a start, it failed to set out the exemption correctly – for example, failing to say how likely the prejudice is. With exemptions formulated as “would, or would be likely to”, the Commissioner and Tribunal expect public authorities to say which of those applies. The nature of the prejudice claimed was only explained as part of the public interest test, presented in an annex.

The Home Office fears that if it disclosed these figures, and then other requests were made for the same statistics in relation to other UK entry points, this could be used to establish the weak points in the border. It’s the classic “jigsaw request” argument – that the prejudice might occur through the piecing together of data from different sources.

In all honesty, my initial reaction was one of scepticism. But I checked the Information Commissioner’s decisions to see if the ICO had looked at any similar requests. Sure enough, I found that last year a request for similar details relating to Glasgow Airport had been refused on similar grounds. It’s difficult to be sure without having seen the response, but there are suggestions in the Decision Notice that the same mistakes were made in applying the exemption then (which begs the question as to why the Home Office don’t appear to have learnt anything since then). Despite this, the Commissioner upheld the use of the exemption. Fair enough, I thought, he’s obviously been persuaded by the Home Office’s arguments, and ICO investigators are quite likely to have been party to more background detail than I am. So I was all ready to tell BBC Kent that it looked like they were out of luck.

But then I tried TheyWorkForYou.com – the sister site to WhatDoTheyKnow.com that provides ready access to responses to MPs’ questions in Parliament. And up came a response given by Damien Green, the then Minister for Immigration in the Home Office, provided to Dover MP Charlie Elphicke in 2011. In response to an almost identical question to that asked by BBC Kent, the Minister provided the statistics for 2008-09, 2009-10 and 2010-11.

So the real question is – what’s changed between 2011 and 2014 to make the Home Office suddenly so reticent about disclosing these figures? I wonder if the ICO were aware of this when they made their decision in relation to Glasgow Airport.

Photograph by Robin Drayton [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Wikimedia Commons.

 

FOI Dependencies

FOIMan highlights forthcoming new FOI laws in Crown Dependencies.

Jersey Police patch

Soon you’ll be able to request information about Jim Bergerac’s investigations

There are states very near our shores here in the UK that have yet to implement a Freedom of Information Act. A couple of those – Jersey in the Channel Islands and the Isle of Man – are in the process of putting that right.

First, a little bit of constitutional detail. Contrary to what many may think, these states are not part of the United Kingdom. They are closely related as they share our Head of State (I rather like the fact that according to Wikipedia – only the best sources for this blog – the Queen in fact rules Jersey in her capacity as Duke of Normandy, and hope I won’t be corrected on that).

So if they are to be subject to FOI laws, they need to enact their own legislation. The State of Jersey has already done so. Their Act was passed in 2011, and it is planned that it will come into force at the start of 2015. Perhaps surprisingly, it is already being amended – to strengthen the ability of the Jersey authorities to refuse requests on cost grounds and to allow Jersey’s highest court to overturn decisions of the Jersey Information Commissioner. One of the features that stands out to me about the 2011 law is the requirement at s.7 to prepare an index of information that is held – there is a real emphasis on records management in this legislation. How effectively that provision has been implemented will be something to watch out for in 2015.

Meanwhile, the Isle of Man government has just completed a consultation on a new Freedom of Information Bill. The Isle has had a Code of Practice on Access to Information in place for some time, which appears to have been successful in developing transparency on the island. The new Bill is badged as merely formalising existing arrangements and bringing them into line with nearby territories.

As the Jersey amendment highlights, the greatest concerns of those introducing new FOI legislation are around the cost. It is understandable that any government about to impose significant new obligations on itself will hold concerns about the cost of implementation. As the UK experience has shown, until FOI is in force, it is difficult to be sure what the impact will be. And as we know, the UK government is itself about to consult on potential amendments to FOI cost limits. Let’s hope these fears don’t lead to these fledgeling openness laws having their wings clipped from the start.

Photograph by Dave Conner [CC-BY-2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons.

Peeps [at the] diary

FOIMan looks at whether politicians’ diaries are fair game under FOI.

Diaries

The decision about Andrew Lansley’s diary is useful for FOI Officers

Not long after FOI came into force in the UK I returned to the office from an external meeting to find my boss looking a little frazzled. This was never good news at the best of times. Tentatively I enquired as to what had been going on. It turned out that the Evening Standard had published a two page splash on Ken Livingstone’s diary.

Splash, as it turned out, was the right word. It included details of the time he set aside for a morning swim. No cuts were in evidence, other than the haircut that was also reported. Someone at the GLA had disclosed the entirety of the Mayor of London’s diary under FOI. The Mayor’s adviser, furious, had apparently hauled the Head of Law out of a meeting to demand an explanation. The Head of Law had in turn tried to find me to find out what had happened, and had instead found my boss, which explained her state on my return. Thankfully, by the time I returned it had already been established that someone in the Mayor’s Office had – against procedure and advice – sent out the whole diary without asking for advice from me as to what exemptions could be applied to it. Phew.

Over time, I came to realise that diaries were a sensitive subject. And a decision by the First Tier Information Tribunal this week has reinforced that impression.

The appeal concerned a request for Andrew Lansley’s ministerial diary at the time that he was Health Secretary. The Department of Health had released some information but withheld much of the diary under a range of exemptions and other means. The Information Commissioner had ordered that much of the information should be disclosed.

The decision of the Tribunal contains some interesting gems. My particular favourite is the argument by the Department that diary entries relating to party political meetings immediately cease to be held by the Department after the meeting has been held. It’s one of those tortuous metaphysical contortions that only government departments appear to be capable of. The Tribunal unsurprisingly gave this short shrift.

Another argument advanced by the Department was that the Tribunal should defer to its arguments as to the public interest in withholding information under section 35 of FOIA (the exemption for policy formulation). In other words that there was a strong public interest in just accepting the Government’s version of events over anyone else’s. If this approach were to prevail, it would effectively be game over for any future attempt to overturn the use of section 35. Thankfully, the Tribunal was again dismissive of this argument.

I was surprised to realise that this decision was the first concerning disclosure of a ministerial diary at the Tribunal level. Given this, it’s a useful one for all FOI Officers, especially those who work in organisations where politicians exercise an executive role. The key learning points from this case are that:

  • there’s no blanket rule that Ministers’ diaries can’t be disclosed
  • instead, public bodies need to methodically analyse the contents and identify what exemptions might apply to each entry
  • entries covering personal and party political appointments are held – they might well be exempt as personal information for example, but they are held under the definition at s.3
  • regular pro-active publication of the Minister’s meetings and appointments does not satisfy the public interest in disclosure if it excludes certain appointments – for example in this case, quarterly publication of these details excluded video conferences and telephone calls which appeared in the diary.

For a more detailed analysis of the decision, including discussion of the decision’s comments on aggregation of public interest arguments, see Tim Pitt-Payne’s article on 11KBW’s Panopticon Blog.

A qualified opinion

FOIMan explains who is “qualified” to give an opinion under the exemption for prejudice to effective conduct of public affairs (section 36).

Picture of my Masters graduation

I may be qualified, but I’m not a qualified person

If you’ve ever had a freedom of information request turned down under the exemption at section 36 covering prejudice to the conduct of public affairs, you will be familiar with the phrase “qualified person”. There’s sometimes confusion over what this means, so I thought I’d devote a brief post to it.

How does one “qualify” for this role? Is there an exam? Do you get letters after your name?

The “qualified person” is not a fancy name for the organisation’s FOI Officer as I’ve seen suggested once or twice. And it isn’t just someone picked at random by the public body to make decisions about what can and can’t be released.

The qualified person is someone very specific. The Act itself lists a range of organisations and specifies exactly who the qualified person is. For government departments it is a minister. For the Greater London Authority it is the Mayor of London. Rather bizarrely this means that Boris Johnson can decide whether or not information held by the London Assembly which is supposed to hold him to account should be disclosed, which always struck me as an oddity of the legislation when I worked there. But for many parts of the public sector it is not spelt out in the Act. Instead, it provides that a minister should specify who the qualified person is for those organisations. In practice this means that Secretaries of State or their ministers have issued orders declaring who the qualified person is for areas within their brief. For example, David Willetts, the minister for higher education, has issued such an order indicating that Vice-Chancellors or their equivalent should fulfil this role in the higher education sector (which, helpfully, since the content of the BIS website was moved to www.gov.uk, I cannot now locate!). In local authorities, DCLG has set out that Chief Executives and Monitoring Officers should be the qualified person.

What are the practical consequences of this? Well, if you’re an FOI Officer make sure you know who your qualified person is. I’ve seen responses where the authority clearly didn’t understand this and because of that the exemption is invalid. In the event of an appeal to the Information Commissioner, one of the first things he’ll check is whether the decision was taken by the right person, and he may ask for evidence that the person concerned is the qualified person for that public body. For requesters, it’s worth checking if the person who made the decision was the “qualified” one for the same reason. An authority that doesn’t understand this provision is probably failing to understand other basic requirements of the Act.

For more on section 36, see my exemption index post.

The defeat of the Mysterious Veto?

FOIMan thinks it may be too soon to start celebrating yesterday’s ruling by the Court of Appeal that Prince Charles’ letters to Ministers should be disclosed, but argues that interpretation of European law may yet prove crucial in this case and for others.

An examination of s.53

FOIMan examines the offending section of FOIA

Yesterday’s judgment by the Court of Appeal, apparently overturning the use of the section 53 veto for the first time, was immediately welcomed by FOI campaigners, supporters and of course, journalists. And it is a victory – for now – for Rob Evans of the Guardian who has pursued the disclosure of letters from Prince Charles to Government ministers for 9 years.

Personally I would be very happy if this decision stuck. The ability of Ministers to overturn the considered decisions of the Information Commissioner, information tribunals, and ultimately the courts, is in my view as well as the Lord Chief Justice’s “a constitutional aberration” (para 2). But…I can’t help feeling that this decision is not the end of the road on this case.

Firstly, that’s a matter of fact. The Attorney General has been granted leave to appeal to the Supreme Court. And he’s already indicated that he intends to.

Secondly, as Jon Baines has already pointed out, the decision in relation to FOI seems at odds with the intention of Parliament. The reason for the veto was to allow ministers to overturn FOI decisions that they didn’t like. That was why the government of the day proposed the veto, and that was what Parliament voted for. That in the end was what Charles’ own mum gave assent to. The Master of the Rolls says that s.53 is “a remarkable provision”,

“because it seriously undermines the efficacy of the rights of appeal accorded by sections 57 and 58 of the FOIA.” (para. 39)

To which the answer is, well, yes, that was the point. Jack Straw, the Home Secretary who was responsible for taking FOIA through Parliament, told the Justice Select Committee (para 169) two years ago:

“Without the veto, we would have dropped the Bill. We had to have some backstop to protect Government.”

In its report at the conclusion of the post-legislative scrutiny, the Committee appeared to fully support the use of the veto in this way, and indeed suggested that its use ought not to be considered “exceptional”.

So my hunch – and I hope I’m wrong – is that the decision in relation to FOI will be overturned by the Supreme Court. Even if it isn’t, I could easily see an amendment to FOIA being passed with little opposition whatever party is in power to plug the gap. Celebrations of the death of the FOIA veto are likely to be short-lived.

However, I don’t think it’s all doom and gloom from this end of the bar. The Court of Appeal also ruled that the application of the veto to environmental information was unlawful. That seems to me a much stronger argument. The Environmental Information Regulations 2004 (EIR) are the UK government’s implementation of a European Union Directive. Article 6 of the Directive requires that:

“Member States shall ensure that an applicant has access to a review procedure before a court of law or another independent and impartial body established by law, in which the acts or omissions of the public authority concerned can be reviewed and whose decisions may become final…”

It is hard to see how the veto is compatible with that. And there would be little the government could do to change the law, short of leaving Europe altogether (which of course is possible but not in the immediate future).

The implications of that are several. First, many of Prince Charles’ letters apparently related to environmental issues, so if the Supreme Court quashes the Court of Appeal’s ruling on the FOI veto but upholds the ruling on EIR, then there may still be a significant disclosure of correspondence in this case. Second, there will be implications for another veto decision. Only at the end of January, the Transport Secretary vetoed the disclosure of a report on HS2. The report was viewed to constitute environmental information, so it is likely that if the Supreme Court upholds the Court of Appeal’s position on the veto and EIR, then that decision will be viewed as unlawful as well. Thirdly, it reinforces the already strong impression that EIR can be more effective at achieving disclosure than FOI (though of course this is only useful if you want to access environmental information – but that’s an increasingly broad spectrum of information thanks to case law).

Even in respect of my primary argument above, there is hope if the Supreme Court agrees that the veto is incompatible with European law. It was successfully argued in the Court of Appeal (paras 74-80) that the Attorney General had failed to consider in his certificate how the public interest in disclosure of non-environmental information would be affected if the environmental information had to be disclosed. If the Supreme Court does order the disclosure of the environmental information, it may therefore decide that the Attorney General’s veto certificate is flawed more generally – and rule that the rest of the letters must be disclosed as a result.

We’ll have to wait and see what the Supreme Court decides, so we have yet to hear the fat lady finish her scales let alone receive the rapturous applause of a satisfied audience. And as this particular battle for correspondence has so far taken 9 years, it appears a somewhat extreme example of the point I made in my last post. Getting access to correspondence is unlikely to be an easy – or quick – exercise.

Avoid using the C word

FOIMan explains why those requesting information under FOI should think twice before asking for correspondence.

FOIMan logo in stop position

Stop and think before asking for correspondence

When I was an FOI Officer there was one word in a request that would make my heart sink. That word was “correspondence”.

It wasn’t that I had any problem with individuals asking for it in principle. The Freedom of Information Act means that anyone can ask for whatever they want, and I’ve always been supportive of that. It was just that I knew that more often than not, a request for correspondence would result in internal grief, and a disappointed requester. Let me explain.

There are several reasons why requests for correspondence are inherently difficult. Firstly, just think about your domestic correspondence. Nowadays that includes letters that you might send and receive through the post as well as email you send and receive using any of your email accounts (and many of us have several). It might also include messages you send and receive via Facebook or other social media sites. It’s not simply a matter of checking your filing cabinet (if indeed you are organised enough to file your letters at home). There are lots of places that your correspondence is stored.

Now multiply that by the number of people in the public sector body you are interested in. Hopefully – but not necessarily – they will have record keeping policies that require emails, letters and so on to be filed in certain places. Maybe even most members of staff follow the policies. Even then that’s a lot of places to look. But if records management isn’t a priority for the organisation or its staff (there is, after all, very little in the way of legal requirement to improve record keeping), there will be even more to do.

Remember that contrary to popular perception, the FOI Officer does not have a big red friendly button that allows them to search all the email accounts and files of everyone in their organisation. They are usually reliant on the individuals themselves conducting a search of their email account. And of course any private email accounts that they have used for corporate business. The FOI Officer has to trust the individual to conduct that search thoroughly (and that they have the technical skills to be able to extract all relevant emails, which isn’t necessarily always the case). On more than one occasion it transpired that for whatever reason, only a small proportion of the information was provided to me at the first attempt.

Then there’s the fact that it is human nature to consider correspondence “personal”. In my experience, the most awkward discussions with colleagues about FOI related to requests for correspondence. Allegedly government ministers and their advisers will go a long way to try to avoid their correspondence being accessible through FOI (and Government departments will fight tooth and nail to defend their right to do so), and they are not alone. Most of the time there is very little to hide in the correspondence itself, they just feel uncomfortable. But there are also the times when they forgot themselves and wrote something embarrassing. “There is no exemption for embarrassment” is an oft-quoted mantra, but it doesn’t stop beleaguered politicians and officials wanting to create one. Which makes for some very long drawn-out conversations between them and the organisation’s FOI Officer.

For all of the above reasons, the chances of an FOI request for correspondence – unless very well defined – resulting in information being disclosed within 20 working days are considerably less in my experience than with requests for other information. The likelihood is that you will achieve one of the three following outcomes:

  • the request will be refused on the grounds that it exceeds the appropriate limit – i.e. it will cost too much/take too much time
  • the request will be refused on other grounds, perhaps under the policy formulation or effective conduct of public affairs exemption
  • the information will be supplied, but in all likelihood after the 20 working day deadline.

Of course, with any of these, you have the right to complain. Not answering within the statutory deadline is a breach of the legislation, for example. And maybe the Information Commissioner will give the authority a slap across the knuckles. But the effect will be the same. You won’t get any information very quickly if at all.

So what am I saying? That FOI has limited use in accessing correspondence? That there’s a de facto exemption for correspondence? No. But I do think that requesters have to box clever if they want to get to useful information. Here are some tips if you are thinking about making a request for correspondence:

  • think about whether you need correspondence to get the information you’re after – it may be possible to just ask the public authority what they have done rather than trawling through emails and letters to work it out for yourself.
  • do some research first. Work out which department or individual is most likely to hold the information.
  • using your research, be as specific as possible. The most effective way to use FOI in relation to correspondence is when you know a particular email or letter exists so you can ask for it. The least effective is to ask for all correspondence on a particular subject in the last 5 years.
  • often with FOI, the key is to see it as a long game. Maybe you make one or two FOI requests for other information first to establish a sequence of events and then ask for specific transactions that you know must have taken place to back your findings.
  • avoid requiring the public authority’s employees to interpret your request. If you ask the authority to provide “all correspondence on the funding of the new leisure facility”, not only are you asking someone who may well not be sympathetic to your aims to decide what counts as “funding” or “the new leisure facility”, but you are also asking them to read through every piece of correspondence to establish which emails or letters fall into their personal definition.

In sum, avoid the C word unless it is absolutely necessary. And if you must use it, do so with precision.

FOIMan provides a commercial service for journalists, campaigners and others to help them fine tune FOI requests and avoid wasting time with badly phrased requests. Contact me if you’d like a quote

Wanting to get data sharing right is not time-wasting

FOIMan is concerned that legitimate questions and concerns about data sharing are too often dismissed by those in a rush to exploit big data. And explains that this is nothing new.

Ambulances at A&E

Ambulances outside A&E

Years ago I worked for a hospital NHS Trust. Soon after I started, I was invited to a meeting with local police, council officers, a representative from the Department of Health and a manager from our own A&E department. The meeting was to discuss sharing A&E data with the police and local council.

This was part of a national programme sponsored by the Home Office. Academic research had found that where police had access to certain A&E data, crime – and particularly violent crime – dropped as they could target hotspots. A&E admissions also dropped. So win-win. The Home Office was obviously very interested in this and was pushing for all hospitals with an A&E department to share data in this way.

I was new to the job, and to data sharing, so I needed to know a few things. One of the key questions any DP Officer worth their salt needs to know in this situation is what legal power they have to share the data. So I asked, and nobody knew (which was interesting in itself, given this was supposedly a national project). They said they’d ask the doctor who’d done the original research to contact me and let me know.

So one afternoon I received a call from him. Initially he was very pleasant but he didn’t actually tell me what I needed to know. When I pushed him on this, his response was to angrily tell me that people were dying because I was delaying the project.

Eventually (and with no thanks to the researcher or the Home Office) I reached agreement with the community team. We would share some of the data they wanted (but not all), and the agreement stated that the police were not allowed to put the data together with their own to enable reidentification of individuals who may have been in contact with both organisations.

There seems to be an attitude from NHS England at the moment that is reminiscent of this episode. Reasonable questions about safeguards are being dismissed. Rational concerns about privacy are portrayed as preventing progress. I’m not someone who is blind to the benefits of care.data or other big data projects. But I want them to be handled properly and to have confidence in those looking after the data.

When concerns like these are dismissed as time-wasting or a failure to understand, it bothers me. And I suspect it bothers lots of other people too, whatever their views on the benefits of the individual project. It feels high-handed, as though the medical establishment doesn’t really care about the views or privacy of the public as long as they get their precious data. I’m sure that isn’t the case, but a continued failure to acknowledge legitimate concerns allows this impression to grow.

Photograph by D-G-Seamon [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Wikimedia Commons

CP and DP

FOIMan finds DP being breached in his own backyard.

Back in 1936, the Crystal Palace, originally built for the Great Exhibition in 1851, and later moved to parkland to the south-east of London, burnt down. It had been in decline for many years, so there was no rush to rebuild it. Indeed, nearly 80 years on, its site still stands bare, save for a few sphinx, crumbling steps and headless statues.

A sphinx in Crystal Palace Park

Plans to rebuild the Crystal Palace have kicked up a sphinx

One of the reasons that it has remained that way is that local residents kind of like it. There is a romantic air about the site, and the lack of a central attraction means that its surrounding parkland is a nice place for a quiet stroll, occasionally interrupted by a dinosaur. It’s our little secret.

So there are a few raised eyebrows in this suburb of south London at Boris Johnson’s excited pronouncement last year that a Chinese investor, Zhong Rong International (Group) Ltd,  wants to rebuild the Crystal Palace. And keen to drum up community support the consultants coordinating the project, Arup, have arranged a series of drop-in sessions where locals can ask questions and complete a questionnaire about their views on what should be built (or indeed whether anything should be built at all).

Mrs FOIMan and I are sceptical about the plans so we decided to pop along to today’s session. The first thing we were asked to do was to add our name, address and email address to a sheet by the door. Mrs F, on the ball as ever, asked why they were collecting the information. The slightly flustered looking lady on the door answered:

“It’s just so we can write to you with updates, that sort of thing.”

Needless to say there was nothing on the sheet to explain this and it wasn’t volunteered. The lady at the door just asked each person who arrived to fill in their details as though it was a requirement of entry.

After we’d chatted to the staff from the Greater London Authority (Boris’s HQ, and my former employer) and Bromley Council we dutifully completed our questionnaires. Before asking about the plans, it asked for some personal information. It explained this time that we didn’t have to give this, but that it would be used to contact us with updates on the plans. Which is fair enough. Except that apparently they needed our gender, ethnicity, and age group to contact us.

Now if you’re trying to reassure a sceptical public of your plans, collecting their details unfairly (ie without telling them what you’re going to do with it) and breaching at least two data protection principles in the process (1 and 3 as you ask) probably isn’t the best way to do it. As more high profile projects have found, this kind of thing can come back to bite you. And it doesn’t exactly smack of a professional, well-run operation.

We completed it anyway (apart from the data that they had failed to justify) and left. On the way out Mrs F turned to me and said “Damn, I wish I’d made a copy of my questionnaire”.

I considered this and replied helpfully:

“Well you could always make a subject access request…or at least you could have done if they’d told us who the data controller was.”

Sigh.

If you want to know how to collect personal information fairly, why not book on my Practical DP course through Act Now Training?

Care:crash

IMG_0337FOIMan despairs of the way the care:data project is being handled.

Care:data has literally kept me awake at night. Six months ago I wrote a piece which referenced care:data as an example of what I perceived to be a knee jerk reaction to any proposal to share personal data. That was a mistake. But that’s only part of the reason for my angst.

I still think that data protection practitioners need to be careful not to be known as “Doctor No”. I do worry that often, through a polarisation of views on these issues, there is a risk that “the baby is thrown out with the bathwater” in projects that involve personal data processing. And I also worry that because of the polarisation that happens, the debate – or argument, as too often it can be categorised – becomes bitter and often personal.

I have been concerned, and remain concerned, that it has been impossible for patients, practitioners and others to get to the bottom of what is happening with care:data. This is not just because of the failings of NHS England, who of course bear the primary responsibility for the problems that have emerged. But I have also felt uneasy about the information coming from opponents of care:data which has been one-sided, often verging on propaganda (for example, posters for GPs to place in their surgeries explaining only why patients should opt out are not really “informing patients” in my view). I also question whether activity that verges on trolling of NHS representatives on Twitter and elsewhere is the best way to make the case for privacy. These activities have alienated me, and perhaps many others who might have been persuaded by a more balanced approach (though I was pleasantly surprised to find that Phil Booth of MedConfidential and Nick Pickles of Big Brother Watch came over as measured during today’s committee hearing, and didn’t respond to the bait laid by some MPs asking them if they were insisting that care:data be made “opt-in” only).

But the truth is that just from watching this afternoon’s Health Select Committee session on care:data, it is clear to see that there are major problems with the project. They go way beyond communication – though that has been lamentable (no, I didn’t get the leaflet either). The witnesses from NHS England and the Health and Social Care Information Centre in particular were very poor. It was not unexpected that the MPs would want to ask about the disclosure to the Actuaries society reported in the Telegraph. So why wasn’t Max Jones of HSCIC better briefed beforehand? It is simply incredible to claim not to have any information on it because it happened when the organisation was in a previous form. There was time to establish the facts before the hearing. Tim Kelsey and Daniel Poulter appear to be in denial about problems, and despite promising to listen seem to have wax in their ears. “I don’t trust the performances I’ve seen here today” said one MP and I’m with her on that.

Agonising is the appropriate word to describe my attempts to make sense of care:data, so God help patients who haven’t been reading about it. Today’s committee wouldn’t have helped, with both MPs and witnesses appearing confused. Even the Information Commissioner’s Office has given conflicting statements on the project (within 48 hours they went from being satisfied with the communication of the project to dissatisfied, somewhat incredibly). My gut instinct is that I want my data to be used for medical research for the reasons articulated by Ben Goldacre in his brilliant article for The Guardian at the weekend. But unless NHS England, HSCIC and the Department of Health get their acts together, even I’ll be wanting to opt out. And that’s if it doesn’t get axed, which based on today’s performance is increasingly likely. It could well lead to this baby being pitched right out on its ear.

After the flood

FOIMan recalls the impact a flood can have on an organisation’s information – especially if it chooses to store it in a basement.

It’s a terrible sight seeing people wading through their own homes. Those who live along the Thames, in Somerset, and elsewhere are having a terrible time and most of us can’t imagine what that must be like.

Flooded towns are nothing new, so organisations should take appropriate precautions

Flooded towns are nothing new, so organisations should take appropriate precautions

Floods can cause significant problems for information managers and their employers. Back in 2000, the south of England was suffering from a similar surfeit of wet weather. At the time, I was records manager for a council on the south coast. Many if not most organisations use basements as storage for their physical records (and often servers containing their digital records too).

And why not? These spaces are convenient and often very large. They’re otherwise wasted space – too dark and gloomy to accommodate human beings (unless they’re records managers or trogladytes).

Well, I’ll tell you why not. They’re also often damp. Many boxes were starting to show signs of mould. The plaster was peeling away from the wall. After 18 months of buttering up the Facilities Manager I finally got our office replastered and painted. We even got a plush(ish – it was local government after all) new carpet to replace the bare threads and occasional tufts of fabric which I had been assured were once a carpet about 15 years before. Which brings me to the other reason why it’s often a bad idea to store records in the basement.

Because when, like this year, there is so much rain that streets start to look like tributaries of a major river system, the sewers overflow. And the sewers in the area that I worked ran just beneath…you guessed it, the basement of the council offices. So in early 2000, you could find me wading ankle deep around a vast storeroom trying to move boxes of records above an ever-rising flood. It was like a not very exciting Indiana Jones film.

Eventually the waters subsided, and the dehumidifiers begged from the Museums Service chugged away at their heroic (and probably futile) task. A few building plans and housing files that had sunk beneath the waves were collected by a company, Harwell Document Restoration Services, that specialises in rescuing waterlogged papers. A few weeks later they would return, looking better than they had before (which wasn’t saying much). The tiles in the storeroom had lifted under the pressure of water gushing from beneath, and needed replacing. Records were sent off-site temporarily to a commercial storage company in rotation so that the floor could be repaired and retiled. And we got a (slightly less plush) carpet fitted in the office. And things returned to normal. Well, not quite. I’m sure it wasn’t entirely unconnected, but later that year I decided to climb out of the basement and found a job in London as Parliamentary Records Manager. Being based in the Victoria Tower, I figured there was much less chance that I would face another flooded records store.

Shortly after that, in early 2001, I received an email from my successor. The basement had flooded again.

If you are a facilities person, or a chief executive, and you think that you can save money by putting your records (and information managers, come to that) in the basement, you might want to think again. Aside from the fact that waterlogged records tend to make a mess of your lovely leather-embossed desk when you need to access them, there is a very good chance that your organisation will fail to meet its legal obligations. Aside from the many statutory requirements to retain information – auditors are probably going to be less than impressed if they have to don waders to check your receipts – failure to properly protect records will most likely be a breach of information law these days.

Section 46 of the Freedom of Information Act requires the Lord Chancellor to issue a Code of Practice on the management of records. The Code is written by the experts of The National Archives, and one of the requirements of the Code is that:

“Authorities should know what records they hold and where they are, and should ensure that they remain usable for as long as they are required.”

That Code is not statutory (though the Information Commissioner can take it into account in working out whether to take action against a particular authority), so perhaps more important to note is that retaining records – especially those relating to living individuals – in a basement that is prone to flooding is likely to constitute a breach of principle 7 of the Data Protection Act.

It is common knowledge that losing personal data on an unencrypted memory stick or a social worker leaving a file relating to a vulnerable child on a train can land an organisation with a fine of up to half a million pounds. But principle 7 also requires data controllers to take “appropriate technical and organisational measures” against “accidental loss or destruction of, or damage to, personal data”.

Businesses and public authorities in flood-hit parts of the country will have other – and perhaps more urgent – things on their minds at present. But all organisations should think very carefully about whether bargain basement storage really is the opportunity it appears.

Image by Keith Moseley (Drybridge Street Flooded, Monmouth) [CC-BY-SA-2.0 (http://creativecommons.org/licenses/by-sa/2.0)], via Wikimedia Commons.