Archive for Exemptions

A qualified opinion

FOIMan explains who is “qualified” to give an opinion under the exemption for prejudice to effective conduct of public affairs (section 36).

Picture of my Masters graduation

I may be qualified, but I’m not a qualified person

If you’ve ever had a freedom of information request turned down under the exemption at section 36 covering prejudice to the conduct of public affairs, you will be familiar with the phrase “qualified person”. There’s sometimes confusion over what this means, so I thought I’d devote a brief post to it.

How does one “qualify” for this role? Is there an exam? Do you get letters after your name?

The “qualified person” is not a fancy name for the organisation’s FOI Officer as I’ve seen suggested once or twice. And it isn’t just someone picked at random by the public body to make decisions about what can and can’t be released.

The qualified person is someone very specific. The Act itself lists a range of organisations and specifies exactly who the qualified person is. For government departments it is a minister. For the Greater London Authority it is the Mayor of London. Rather bizarrely this means that Boris Johnson can decide whether or not information held by the London Assembly which is supposed to hold him to account should be disclosed, which always struck me as an oddity of the legislation when I worked there. But for many parts of the public sector it is not spelt out in the Act. Instead, it provides that a minister should specify who the qualified person is for those organisations. In practice this means that Secretaries of State or their ministers have issued orders declaring who the qualified person is for areas within their brief. For example, David Willetts, the minister for higher education, has issued such an order indicating that Vice-Chancellors or their equivalent should fulfil this role in the higher education sector (which, helpfully, since the content of the BIS website was moved to www.gov.uk, I cannot now locate!). In local authorities, DCLG has set out that Chief Executives and Monitoring Officers should be the qualified person.

What are the practical consequences of this? Well, if you’re an FOI Officer make sure you know who your qualified person is. I’ve seen responses where the authority clearly didn’t understand this and because of that the exemption is invalid. In the event of an appeal to the Information Commissioner, one of the first things he’ll check is whether the decision was taken by the right person, and he may ask for evidence that the person concerned is the qualified person for that public body. For requesters, it’s worth checking if the person who made the decision was the “qualified” one for the same reason. An authority that doesn’t understand this provision is probably failing to understand other basic requirements of the Act.

For more on section 36, see my exemption index post.

A warning shot across the bows?

FOI Man considers the immediate impact of the Justice Select Committee’s report on FOI – on the Information Commissioner.

Before taking a break to follow the marvellous Olympic and Paralympic action, I last wrote here about the Justice Select Committee’s post-legislative scrutiny report. We’re still waiting to hear how Government will respond to the Committee’s recommendations, but I thought I’d write about the possible immediate impact of the report.

The headline conclusions have been discussed at some length (for example here by the Save FOI campaign) but what I find most interesting after reading the report more carefully are the messages the Committee appears to be sending to the Information Commissioner and Tribunals.

The Committee hasn’t been overtly critical of the Commissioner and took on board many of the messages Chris Graham put to them in his characteristically robust manner. But if you look closely enough the messages are there.

Notably, there was no recommendation – as some had expected – to make section 35, the exemption covering policy formulation and development, absolute. Whilst the immediate reaction to this of campaigners (including myself) was relief, it is notable that the Committee appears to have agonised at length on the issue of providing a “safe space”. It eventually concluded that it could not justify “any major diminution of the openness created by the Freedom of Information Act”. But it went on to caution:

“we remind everyone involved in both using and determining that space that the Act was intended to protect high-level policy discussions” (paragraph 201)

Who could they possibly be reminding? On the one hand, they were clearly saying to those in Government that they should feel that they could discuss the most sensitive issues without fear of disclosure. Gus, old chap, relax – there is plenty of protection in the Act for your successors to work within.

But the flip side of that is that those “determining” the scope of the safe space should be interpreting it in a way that supports that sense of safety in the Cabinet Office. I sense that at least some of the Committee think the Commissioner (and the Tribunal of course) needs a reminder of this. That perhaps Cabinet papers and NHS risk registers have been a step too far.

And if the Commissioner ignores this friendly advice? Well, the Committee recognises “that the realities of Government mean that the ministerial veto will have to be used from time to time to protect that space.” Back off Graham, or the Government will be at its liberty to flick you the big V.

This isn’t the only area where the Committee appears to be subtly signalling to the Information Commissioner and Tribunals that maybe they’ve been pushing the boundaries of acceptable interpretation of Parliament’s will.

Universities had indicated in their evidence that they were concerned about protection for those carrying out animal research. In their conclusions, the Committee encouraged universities to rely on section 38 (the exemption for health and safety) and stressed that they “expect that the Information Commissioner will recognise legitimate concerns.” (paragraph 222)

Similarly, universities, together with NHS bodies and others, raised concerns about FOI endangering their competitiveness in an environment where they are increasingly competing against private providers. The Committee looked at this and could reach no conclusion as to whether the exemption at s.43 was sufficient to protect public bodies. But they did state explicitly that “there is a strong public interest in competition between public and private sector bodies being conducted on a level playing field to ensure the best outcome for the taxpayer.” (paragraph 231)

It is presumably going to be difficult for the Commissioner and anyone else applying the Act to ignore such strong statements on the practical exercise of exemptions in the Act. Whilst we may have to wait a while to hear what the Government thinks of the Justice Committee’s conclusions on FOI, I wonder if we’ll begin to see their impact on the Commissioner and Tribunals almost immediately.

 

 

In defence of the exemption

FOI Man suggests that we should view the use of exemptions, and even decisions of the Information Commissioner and Tribunal, in a different light.

It’s a common shorthand in media stories about FOI that use of an exemption by a public authority = public authority secrecy. And of course there have been situations where authorities have been unnecessarily secretive. But I’d like to explain why I think exemptions – and complaints about their application – are often reported unfairly.

There’s the obvious point, of course, that most people recognise that some information must be withheld to enable public services to function – and more importantly to protect the rights of the public they serve. And it’s no surprise that views of what must be withheld will differ between those making requests and those holding the information.

I would argue further that even where an authority is later ruled against by the Information Commissioner or Tribunal, it may be unfair to attack them for applying exemptions in the first place.

FOI Officers – and their superiors – cannot be expert in every area that might be subject to an FOI request. We are dependent on advice from others. To give an example, people are often critical of public bodies for withholding information about security matters. But if a public authority receives advice from the police or security services that disclosing information will prejudice the safety of its staff or the public, it will be brave (to put it kindly) to dismiss that advice. Any FOI Officer worth their salt will of course ask for evidence and may query aspects of the advice, but ultimately they are unlikely to disclose information having received that advice.

Don’t forget also that in many cases, an authority has to reach a judgment on where the balance of the public interest lies. That process is subjective by its very nature. With the best will in the world, it is likely that authorities are going to reach different conclusions to the Information Commissioner on occasion.

That’s why FOI provides an appeal process. If information is disclosed only as a result of an internal review or Commissioner decision, I would argue that that is not a failure of FOI. It’s how it is supposed to work. It allows the more difficult cases to receive appropriate levels of scrutiny. Separated from the chaff of the more easily answered requests, a case that reaches internal review, and even moreso the Commissioner or Tribunal, will receive additional attention and resource. The threat of enforced disclosure will provoke more serious attention from external, as well as internal, sources of information and authority.

This is not to say that public authorities should not take requests seriously when they’re first received. They should be trying to answer the request correctly first time. And where there is clear guidance and case law that can be relied upon, there is really no excuse for ignoring that. But where there is significant doubt, and doubt that could put peoples’ rights or safety at risk, I find it hard to criticise the public authority that plays it safe. Even if they’re eventually forced to disclose that information.

I’ve always felt that more people should ask for internal reviews of how their FOI request was handled. Complaints can feel uncomfortable for those who are involved. But they should be seen as a positive thing – from both sides. For the public authority it can be a useful way to learn where improvements can be made. For the complainant, although their answer might be delayed, they might eventually get the response they were looking for, and they will have helped the cause of other requesters. I can certainly think of occasions, as an FOI Officer, when a request for internal review, or a complaint to the Information Commissioner, might have assisted me as well as the requester – I haven’t always agreed with the approach I’ve been instructed to take.

But neither side should view a reviewed decision as – necessarily – an indictment of the authority and its attitude to FOI. Complaints processes – whether related to FOI or other matters – are about reaching the right outcome, not necessarily about apportioning blame. If some of the reporting of FOI could recognise that, the whole process might become a little less confrontational, and rather more productive for everybody involved.

 

Should a public body disclose details of requests made by a named individual?

FOI Man looks at whether a named individual’s FOI requests should be published or disclosed. 

Guardian writer Ben Goldacre asked on Twitter whether public authorities are able to publish or disclose the names of FOI requesters. This is an interesting question which is difficult to explain in 140 characters.

First off, my basic rule on this is “no”. Fundamentally, I just don’t think its ethical. Most FOI Officers are even nervous about circulating the details of a requester internally, let alone outside the organisation. But here’s the legal argument.

I could spend a long time telling you about a chap called Durant, and case law involving him which established the current legal definition in the UK for what counts as personal data. But I won’t. Suffice to say that information about an individual that has a “biographical” element will be personal data.

The fact that you as an individual make an FOI request about a particular subject is enough information in my view to be considered personal information. All personal information is covered by the Data Protection Act, which sets out conditions for the processing (including disclosure) of that information. The most important is that any processing should be fair and lawful.

Clearly it’s unfair if a public authority announces that you’ve been making FOI requests to them without your consent. Most people wouldn’t expect that to happen, so it would be a nasty surprise if it did. Which is exactly what happened to one requester to a GP’s surgery recently.

But, as Ben Goldacre asked, what if you’re a big multi-national tobacco company making an FOI request? Well, in theory, that’s different. A tobacco company is a “person” from the point of view of FOI, but it is not a “data subject” in Data Protection terms.

But in practice, it might not be that simple. Even an FOI request from a company is usually signed by an individual employee. So is the request from the company or the employee? It will depend on the context, and may not be clear.

If someone makes an FOI request for a named individual’s FOI requests, that information would still be personal data, and in theory, a public authority could argue (and in my view would rightly argue) that section 40(2) of FOI applies – ie the exemption for personal data. The exception might be if they had been given consent by the original requester (the data subject) to disclose their requests. Indeed, the section 45 Code of Practice (also known as the Lord Chancellor’s Code), recommends that public authorities consult third parties (and that would include corporate bodies) if they are asked for information provided by those third parties. So in theory, at the very least, a public body should consult a requester before disclosing their requests.

This can lead to a spiral of requests. I remember one request for correspondence between the Mayor of London and an individual. I then consulted the individual, who made an FOI request for the identity of the first requester. So…then I had to ask the first requester for consent to disclose his identity. It can become rather complicated, and the FOI Officer has to keep his wits about him in these cases!

Another exception might be if there was a public interest in disclosing the requests made by a named requester. This might well be another argument for disclosing the requests made by, say, a tobacco company. At a stretch, it might be feasible for a public body to argue that there was a public interest in disclosing the requests made by an individual who had made excessive use of FOI to tie up the resources of an organisation. But that’s a dangerous road to go down. I can imagine the Commissioner or Tribunal arguing in response that the Act provides alternative mechanisms for dealing with such situations.

It would be different if a requester asked for, say, all requests on a particular subject, and the requests could be disclosed without identifying the requester. In effect, the information ceases to be personal data so can be disclosed. Similarly, a public body can publish requests as long as they don’t name the requester. Indeed this happens all the time with Disclosure Logs.

So, in summary, public authorities shouldn’t publish or disclose the requests made by a named individual without their consent, unless there is a strong public interest in doing so.

 

Should Cabinet minutes remain in the closet?

FOI Man challenges the claims of the Lord G.O.D. and his exalted predecessors that FOI threatens good government.

Just before Christmas, the outgoing Cabinet Secretary, Gus O’Donnell, known affectionately (mostly) in the Civil Service as G.O.D., took the occasion of his retirement to criticise FOI. In particular, he felt that there was not enough protection for Cabinet minutes, inferring that he favoured an amendment to the Act to protect them. He told the Times:

“Freedom of Information that allows the public to ask questions about things is fine, but the bit that I’m really against in freedom of information is that bit where it reduces the quality of our governance…I want Cabinet to have real discussions, for people to be able to say, ‘I disagree with this policy’.”

The now Lord G.O.D. (he now has a seat in the House of Lords), is not alone in raising this concern. This week a short debate in the House of Lords allowed a number of his predecessors as Cabinet Secretary to air similar views. And it’s not just former Civil Servants. Back in 2007, the then Secretary of State for Trade and Industry, Alistair Darling, wrote to the Lord Chancellor, Lord Falconer, to raise his concerns:

“I am concerned that the FOI Act, as it appears, prevents us from protecting robustly and across the board advice from officials to Ministers…we will need to watch Information Tribunal case law carefully and in due course consider whether change to the legislation is needed to redress an apparent imbalance between the “right to know” and the protection of private space where necessary for good governance.”

So what sort of change do FOI’s critics envisage? At the moment Cabinet Minutes (and related discussion) are protected by section 35(1)(b) of the Act. Section 35 is a class-based exemption. This means that there is no prejudice test, as there is for, say, section 36 (prejudice to effective conduct of public affairs). Cabinet Minutes and other ‘Ministerial Communications’ are exempt from disclosure because they fall within that category. Whenever an appeal relating to this exemption ends up with the Commissioner or Tribunal, they usually uphold the application of the exemption to Cabinet Minutes and their like – they either are, or aren’t, Ministerial Communications.

However, the exemption, like many others, is subject to a public interest test. On the rare occasions where the Commissioner or Tribunal have ruled in favour of disclosing Cabinet Minutes, they have argued that the Cabinet Office have judged the public interest incorrectly. So in effect, it’s this aspect of the Act that critics want to change. They want the exemption for Ministerial Communications to be made absolute (or perhaps for a new narrower absolute exemption for Cabinet papers to be introduced), so that a public interest test won’t apply. This is the same change that was made to the exemption covering correspondence from the monarch and her heirs in 2010. (It’s worth pointing out that whilst it might be possible for the UK Government to introduce an absolute exemption for Cabinet minutes under FOI, discussions at Cabinet relating to environmental matters would be subject to the Environmental Information Regulations (EIR). Exceptions in the EIR are all subject to a public interest test, and since the regulations are based on a European Directive, there is little likelihood of changing them in this way).

To be fair to those who want this change, it would not be an entirely unusual approach to Cabinet Minutes. Most countries have some level of protection for Cabinet minutes or their equivalents. In Ireland, Cabinet Minutes are protected by an absolute exemption, though this is tempered by the fact that this protection is only available for ten years (in the original Irish Act it was 5 years, but this was later amended). But in New Zealand, for example, the Government has to demonstrate that the convention of collective responsibility would be prejudiced by disclosure, before also carrying out a public interest test.

So let’s look at the key arguments against disclosure of Cabinet minutes.

The convention of collective responsibility is the convention that Ministers speak with one voice on Government policy. It is why Ministers who don’t agree with Government policy and wish to speak out against it have to resign. It is one of the most common arguments against disclosure of Cabinet minutes in this country. However, as is often pointed out, the convention is regularly undermined by former Ministers and civil servants publishing memoirs, making ‘off the record’ briefings, and leaks. It is rare, some would say, that the views of individual Ministers are not public knowledge when it comes to the most controversial areas of Government policy. The Information Commissioner’s view is that FOI is a method through which conventions may be legitimately challenged. Conventions have never been set in stone – they evolve over time to reflect political realities.

The other argument made by critics of FOI is that Ministers (or officials) can’t speak candidly because they are aware that their views might be made public. The Tribunal’s answer to this in a number of cases has been to point out that Ministers and their most senior officials are not exactly “shrinking violets” (to quote a phrase used in a comparable Tribunal decision looking at the BBC’s Board of Governors). Similarly, G.O.D.’s argument that the risk of disclosure undermines governance – because minutes have to be written in an anodyne way in case of disclosure – has also been countered by the Tribunal in the past, who argue that good practice should prevail over sensitivity. (The Tribunal dismantled a number of these arguments quite effectively in a case involving the then Department for Education and Skills in 2007; the arguments have been rehearsed many times since).

The Ministry of Justice found it difficult to reach any conclusion on the matter in its recent Memorandum, so the evidence in support of G.O.D.’s arguments is clearly rather equivocal. According to Eagles, Taggart and Liddell (Freedom of Information in New Zealand, OUP, 1992), who studied the New Zealand Official Information Act, the fear of disclosure has had little impact on the way that public employees and ministers express themselves in that jurisdiction. It is argued that this is because firstly, accurate records are necessary for these people to defend themselves in the future; and secondly, the risk of disclosure of any one document is actually very slight. This last argument reflects my own experience, and that of other FOI Officers I’ve spoken to. The biggest problem we have had is with officials who have been somewhat flippant in correspondence or notes and only realise the error of their ways when a relevant request is received. There is little sign that fear of FOI has inhibited their record-keeping.

It seems to me that fears over Cabinet minutes are misplaced. I’ve looked at the Commissioner’s decisions in relation to Cabinet Minutes. The Commissioner has looked at 14 cases where s.35(1)(b) was applied in relation to Cabinet or Cabinet Committee minutes. Of these, half upheld the Cabinet Office’s view that the minutes should be withheld. The remaining 7 cases related to the Falklands War (which happened 30 years ago, let’s not forget), the Westlands affair (almost 30 years ago), Devolution discussions in 1997/8, and the takeover of Rowntrees by Nestle in 1988. The only decision that related to recent history was that ordering disclosure of some of the minutes recording discussion of the Attorney General’s advice in relation to the war in Iraq. And both the Commissioner and Tribunal made some convincing (to me at any rate) arguments in this case as to why the disclosure was in the public interest. They also made it clear that they viewed the circumstances as unusual.

The Commissioner and the Tribunal have repeatedly, and reasonably, made clear that the public interest in withholding information will diminish over time. Is it really that odd that they would consider that it is reasonable to disclose Cabinet minutes nearly 30 years after they were written when the Government itself is committed to opening up Cabinet minutes after 20 years at some unspecified point in the (hopefully) near future? What always strikes me whenever I look at such decisions is that the Cabinet Office, to borrow the famous criticism of first world war Generals, are always fighting the last war. They keep spouting the same arguments against disclosure, even though the Commissioner and the Tribunal have repeatedly dismissed those arguments. And G.O.D. and his predecessors are repeating them again.

Instead of parroting the same old arguments, or calling for FOI to be reined in, wouldn’t it be more productive for the Cabinet Office to examine previous decisions and work out a better strategy for protecting information where it really is necessary? It seems to me that in most cases, where they are able to demonstrate that there is a public interest in withholding information, the Commissioner is willing to listen. But what he can’t do is act as though FOI doesn’t exist in relation to Cabinet minutes. However much some would like that to be the case.

The best, and most succinct, argument against amending the Act’s provisions for Cabinet minutes came, encouragingly, from the current Government’s Minister responsible for FOI, Lord McNally, as he closed this week’s debate in the House of Lords. I will leave the last word on this to him:

“…when Prime Ministers and mandarins object, this Act might actually be doing something that it was intended to do.”

 

Take it Online

FOI Man explains that online discussion between FOI Officers is part of the job, not a nationwide conspiracy.

I’ve become aware of a new form of twisted corruption that FOI Officers are prey to. And been shocked to realise that I too am amongst the shadowy forces at work. Our crime? Subscription to an email discussion list.

Of course, most professions have such a resource. In my own organisation, I know that the Finance Officers follow lists for Finance Officers; the Facilities Officers follow lists for Facilities Officers; and the Chief Executive follows a list for Airline Pilots…no, sorry, Chief Executives. Most people would recognise that this is a cost effective way for professional people, geographically separated, and often isolated in their own organisations, to share best practice and find solutions to common problems.

So why is it that when FOI Officers do this, we are accused of collusion and conspiracy? I know of one requester who had seen the content of correspondence on the list (notably out of context) and complained that all the correspondence was about how to stop information being disclosed. This apparently demonstrated that not only those who posted messages, but also those who read them, were acting against the spirit of the legislation.  Oh right then, case closed.

Of course all the discussion is about how to stop information being disclosed!!! Our jobs are easy when information can unquestionably be sent out. We don’t need to discuss those cases because they are uncontroversial and can be easily resolved. Applying exemptions is the most difficult part of our jobs (which, by the way, means that we use them as sparingly as possible). That’s the stuff we need the help of our fellow professionals with.

It is helpful to know that if you are considering using an exemption, you are not straying far from the pack. But equally, if there are Officers posting to the list arguing that an exemption can’t be legitimately applied, that can lead others to look again and maybe reach a different conclusion. What’s more, there’s no imperative for FOI Officers subscribing to the list to go along with what others are proposing to do. It’s a matter of choice for each institution, quite rightly, how to respond to specific requests.

This ‘revelation’ (which as far as I know, no FOI Officers have ever sought to hide) has prompted some requesters to threaten ‘investigations’. They are speaking to the Information Commissioner. To the media. To Uncle Tom Cobley. To all.

I don’t blame requesters for being unhappy with our responses. I am happy to look again and ask more senior officers to review how I’ve handled requests. That’s the process. I don’t even blame them for asking questions when they receive similar responses from several organisations (but isn’t that pretty likely? If you’ve asked a question about an issue that is sensitive to one organisation, the chances are that it is sensitive to all).

But for goodness sake, can we please be allowed to do our jobs? In an informed way without every routine action that we take being seen to be a conspiracy? What next? Will FOI Officers be banned from reading my blog in case I corrupt them with my dark and cynical ways?

Believe me requesters when I say that if you think that the problems with FOI lie with FOI Officers talking to each other, you are barking up the wrong tree.

Why the public interest test is so important

Most exemptions are subject to a public interest test. But why is it so important to ensuring that the Freedom of Information Act works?

If you make FOI requests, you probably hate it when public authorities respond citing an exemption. If the Bill that the Labour Government first presented in 1999 had stood, all requesters would have remained frustrated.

The Bill allowed for appeal to the Information Commissioner. But the Commissioner would only have been able to advise public authorities to disclose information. Few, if any exemptions were subject to a public interest test. So the Commissioner would only have been able to advise disclosure if it was clear that the public authority had mistakenly applied an exemption. Let’s take a look at what that means.

I’ve carried out a rough and ready survey of the decisions reached by the Commissioner in 2008 relating to one of the exemptions, section 36 (prejudice to effective conduct of public affairs). Section 36 is a very broad exemption and has been criticised in the past because of this. In 2008, 30 decision notices were issued relating to the exemption. In 21 of these cases, the Commissioner found that the information did fall within the exemption. Not really terribly surprising given the breadth of the exemption.

But of those 21 cases, the Commissioner ordered disclosure in 13 cases because he found that the public interest test had been applied incorrectly. And that’s why the public interest test is so important. If all the Commissioner could consider was whether an exemption applied, his power to challenge public authorities’ decisions would be very limited. The public interest test has empowered the Commissioner to take a broader view, and as a result has really given the FOI Act teeth.

So what is the public interest? It’s not defined in the Act, but it is a well known concept in law. In a high profile Australian court case, it was defined as:

“…a term embracing matters, among others, of standards of human conduct and of the functioning of government and government instrumentalities tacitly accepted and acknowledged to be for the good order of society and for the well-being of its members…events of interest to the public may or may not be ones which are for the benefit of the public; it follows that such form of interest per se is not a facet of the public interest.” (DPP v Smith [1991] 1 VR 63 at 75 for those lawyers amongst you who like to check my facts)

Or, as the Information Commissioner’s guidance more succinctly put it, the public interest is that which serves the interests of the public, not necessarily that which the public is interested in. So whenever we apply a qualified exemption (which is most of them), we have to consider whether the public will be better served by disclosure or by withholding the information.

The Environmental Information Regulations explicitly say that public authorities should presume that information should be disclosed when considering the use of exemptions. But the FOI Act, believe it or not, doesn’t actually say that. In practice though, the courts have found that there is an assumption that information should be disclosed running through the Act. It is, after all, called the Freedom of Information Act.

This means that one of the arguments for disclosure is always that there is a public interest in accountability and transparency. There may well be arguments in favour of disclosure in addition that are specific to the information requested. So, for example, it might be argued (and often is) that as an issue is currently the subject of controversy, there is a public interest in disclosing such information so that public debate can be well informed. The arguments for disclosure can be very general, yet they should be given considerable weight.

The next step is to consider the arguments against disclosure (and in favour of applying the exemption). Of course, in truth, unless we (or at least somebody in the public body) thought there were strong reasons for withholding the information, we wouldn’t even have started down this route. Try making an FOI request to a public body for its written consideration of the public interest in cases where the information was eventually disclosed – there won’t be any record. Part of the FOI Officer’s role is to be aware of case law and have a sense of whether or not withholding information is viable. If we don’t believe that a public interest can be successfully argued, expect us to resist the reliance on an exemption in the first place. Of course there are times when we have to find arguments even if we don’t think there is a strong case, but it is usually possible to find reasons – there is generally some grain of justifiable concern if someone is insisting on withholding the information, even if we’re not necessarily convinced that it would survive an encounter with a member of the Commissioner’s staff.

So what does survive an encounter with the Information Commissioner or the Information Tribunal? Analysis of their decisions demonstrates that it is about how convincing the argument is. It will be more convincing where an authority is able to produce evidence of the damage to the public interest. A great example I saw recently was when a University argued successfully in favour of section 36 to withhold a list of email addresses for all their staff. Quite often in the past, the Commissioner has ruled in favour of disclosure in these kind of cases, but what I think was different about this case was that they were able to produce evidence, in the form of experience of previous accidental disclosures, that disclosure could cause significant disruption to the university, and that this was not in the public interest.

The public interest test is a complex process. You can’t say for sure, whether you’re a public authority or a requester, which way appealed decisions will go. It ensures that the application of exemptions is fluid, that FOI doesn’t become trapped in the year 2000 when the Act was passed. It’s a brilliant mechanism and one that shouldn’t be underestimated in any assessment of how important the Act is in practice.

 

Keeping secrets secret

The Daily Telegraph has highlighted the tricky issue of redaction. FOI Man reflects on the perhaps surprising difficulties of blanking out a bit of text.

Today’s Daily Telegraph features a story about redaction. And for a change, this is not a story complaining about public authorities redacting too much, but about them failing to do so properly.

The Departments for Health and Communities and Local Government, and the Ministry of Defence, are all alleged to have disclosed and published documents containing redactions. But unfortunately, it appears that the redactions were poorly done, and as a result, the material that should have remained secret can be read by requesters and others with very little effort on their part.

Redaction, for those who don’t speak FOI, is the term used to describe blanking out information in documents. It happens when public authorities are disclosing documents but there are particular words or passages that contain sensitive information and are therefore exempt. Rather than refusing to provide the whole document, public authorities will blank out the relevant sections.

It is a difficult process from start to finish. First of all, if the document (or documents) is very long, it can be time consuming (and this time often can’t be included in estimates of the cost). Secondly, as the Telegraph has highlighted, the practicalities of how to redact are not straightforward.

The Telegraph gives two examples of how redaction can go wrong. In the first, it appears that the Civil Servant responsible thought they had successfully blanked out the relevant sections using available software, but when the journalist studied the documents, it was a simple matter to highlight the relevant sections to see what had been supposedly hidden. In the second, rather more prosaic (and familiar) example, the text had been blanked out using a black marker pen, but when the document was held up against the light, again the information was magically revealed.

Another common difficulty occurs with Track Changes™ or similar functionality in office software (or more accurately, with staff understanding how it works). In a previous job, we  purchased redaction software in an attempt to overcome these issues, only to find that it didn’t work properly (it tended to blank out more than the section you wanted to cover up).

In the end, less technical solutions tend to be the most effective. The standard one is to use a black marker pen to cover the relevant words, then photocopy the pages, possibly use the pen again on the photocopy, then photocopy the pages again, and so on until you (and usually half a dozen colleagues interrupted to double check it for you) are satisfied that the words or passage can’t be read.

My favoured solution, sometimes complemented by the one above, is to use cut up bits of Post-It ™ note or paper that can be otherwise secured, and place them over the relevant sections before photocopying the pages (taking care not to dislodge said bits of paper en route to the photocopier). You can even indicate the relevant exemptions on the paper covering each section. This is effective, and has the added benefit of making your desk look like the aftermath of a Blue Peter craft session. “And here’s a document I prepared earlier…”

So I feel for my colleagues in central Government. They will no doubt want to read up about redaction, so if they and you want to know more, both the Information Commissioner and the National Archives publish useful guidance for public authorities.

If you’re waiting for my post on exemptions and the public interest test, don’t worry, I haven’t forgotten about it. I’ve just extended the deadline(!) and hope to publish it later this week.

Exemptions

Exemptions have always been contentious. FOI Man provides a glimpse behind the scenes of how the decision to apply them is taken.

Back in the early noughties, when I was nought but an FOI Boy, the BBC showed a drama featuring Matthew Macfadyen as a young left wing activist gradually becoming disillusioned by the Labour Government’s attempts to water down their Freedom of Information Bill. MM does a fine line in moody young men, and he was particularly cross about the number of exemptions in the finished Act.

Exemptions have remained a contentious issue ever since. My own view is that MM was unduly concerned. Whilst there may be a large number of exemptions in the Act, experience has shown that there are also pretty strong checks and balances on their use. But more on those later.

Most requests result in full disclosure. You might not believe that if you read most commentary about FOI, but the statistics across the public sector bear me out (as I’ve discussed in a previous post). Some requests are too broad and require clarification, or are refused on cost grounds. But a minority are refused and an exemption (or exception under EIR) cited.

In my experience, it is rarely the FOI Officer who decides whether information should be withheld. Normally it is someone in the department that holds the information who suggests that there might be a problem with disclosure, and the ultimate decision to use an exemption will usually be a senior officer’s. The FOI Officer’s role is to advise whether information can be withheld where concerns are raised, and if so to ensure that the case for using the exemption is robust, by gathering evidence, and that statutory requirements, such as providing a meaningful refusal notice, are met.

The exception may be where an FOI Officer is familiar enough with the information requested to know that there may be problems with disclosure. Or, for example, as FOI Officers are often also responsible for Data Protection compliance, when information contains personal data relating to third parties. And on occasion, we may be aware from other sources (eg email discussion lists, other FOI Officers dealing with the same request, etc.) that we might need to consider using an exemption. But I’m always at pains to make clear to colleagues that it is their responsibility to highlight material that shouldn’t be released.

But they don’t need to know about exemptions. When we were preparing for FOI coming fully into force on 1 January 2005, our training courses for colleagues tended to dwell excessively on examinations of the various exemptions available. It only dawned on me later that this wasn’t necessary – and in fact became a hindrance because as we all know, “a little bit of knowledge is a dangerous thing”.  So nowadays if I’m training colleagues or advising them on answering a request, I focus on the key message – consider the harm of disclosure. If they can explain to me what the harm would be, I can then decide if an exemption can be justified.

The sorts of exemption that apply are obviously different from one part of the public sector to another. Central Government departments in particular are going to be most uneasy about policy matters and requests for information relating to ministers. The police are of course going to hold a lot of information that relates to law enforcement and that will be reflected in the kinds of exemption that they use. Other organisations may hardly use anything except the exemption for personal data. So very few, if any, FOI Officers will have used all of the exemptions available – usually they will know about a small sub-set that is relevant to their organisation. It’s a cause of some excitement when we get to use a new one! (or maybe that’s just me…)

Third party data is a particularly tricky problem. Much information held by public authorities was given to them by, or relates to, other organisations or individuals. This could include businesses providing them with services or tendering for contracts, individuals responding to a consultation, even other public bodies that the authority is working with. The Section 45 Code of Practice makes it clear that public bodies should consult third parties when they are considering disclosing data relating to them. But equally it is clear that it is the duty of the public body in receipt of a request to decide whether or not to disclose information. If the third party doesn’t want you to disclose information it can cause a great deal of grief, especially when they have a limited understanding of the obligations that public authorities are under.

FOI Officers and other staff dealing with requests can sometimes find themselves put under a lot of pressure to withhold information. Often they can see the case for the exemption and are happy to make it. On other occasions, they may well argue hard in favour of disclosure with varying results (one of the most common being a funny look from colleagues who are now convinced that they’re not a team player). Sometimes they end up having to make the case for an exemption that they disagree with.

This is not easy, especially if it is appealed as far as the Information Commissioner. One of the trickiest exchanges I had with a case officer from the ICO related to information provided by a very powerful third party. My organisation was under pressure not to disclose that information, and in truth we wanted the ICO to order us to disclose so that we could show that we’d done all we could. But I couldn’t tell the ICO that and they wouldn’t make a decision without more information from us as to how the exemption applied. So for a while we were at stalemate (and the poor requester was still waiting).

At least nowadays, there is plenty of case law to go on. Back in 2005, we were making it up as we went along, and it’s no surprise to me that a backlog built up very quickly at the ICO. Once that case law started to become available, and the ICO’s guidance adjusted as a result, we were able to make decisions on exemptions from a more informed standpoint.

There are two aspects of the Freedom of Information Act as passed which mean that Matthew Macfadyen’s character can sleep easy in his bed at night. Neither thing, bizarrely enough, was in the original Freedom of Information Bill at its First Reading. They were both introduced during Committee Stage – so Tony Blair didn’t have it all his own way. One is the power of the Information Commissioner to order disclosure (as opposed to just ‘advising’) and the other is the public interest test for most exemptions. In a further post I’m going to talk about how we apply the public interest test and why I think it is so important.

If you don’t use it, you won’t lose it

If you think about FOI as a children’s colouring book (just go with me on this), the lines were drawn by the legislation. The decisions of the Information Commissioner, Information Tribunals, and the courts add the colour, taking great care not to go over the lines. FOI Officers are not lawyers (in the main), but if we’re to be effective, we need to keep an eye on these decisions. Sometimes they can be very interesting, especially if you’re an FOI geek like me.

For those who aren’t familiar with the FOI appeal process, here’s a brief précis. If a public body refuses your request, you can ask it for an internal review of the decision. If they still refuse, you can appeal to the Information Commissioner. At that point, the Commissioner can either uphold the authority’s decision, in which case, you can appeal to the Lower Tier of the Information Tribunal, or he can instruct the authority to disclose the information, in which case, they might appeal to the Tribunal. Further appeal can then be made to the Upper Tier Tribunal (you used to go to the High Court on points of law at this stage), and if there are still points of law at stake, you or the authority concerned can appeal to the Court of Appeal. And then to the Supreme Court. Let’s not go any further or the Daily Mail may get excited.

Last week I was fortunate enough to attend a free seminar given by 11KBW (whose blog on information rights law, Panopticon, is well worth a look) on latest developments in information law. One of the barristers speaking, Robin Hopkins, explained the implications of a decision made by the Upper Tier of the Tribunal, and I sat up sharply in my seat. The decision related to requests submitted to the Department for the Environment, Food and Rural Affairs (DEFRA) and the Home Office. I’ve been thinking about it ever since, and sad as it may seem, I spent some of my Sunday afternoon reading the full decision.

The Upper Tier Tribunal was looking at an issue that has troubled a few sittings of the Tribunal. When a public authority refuses to provide information, it must write to the applicant and explain which exemptions apply and how it has reached that decision. But what happens if the applicant appeals to the Commissioner, or even the Tribunal? Can the authority suddenly decide that another exemption, not already relied upon, is relevant?

Previous Tribunal decisions have suggested that it is entirely at the discretion of the Commissioner or the Tribunal to decide on this. The only way that an authority could guarantee that an exemption would be taken into account would be if it had included it in its response to the applicant. In other words, “use it or lose it”, which explains why many authorities throw everything including the kitchen sink at requests for particularly sensitive information. The new Upper Tribunal decision from Judge Jacobs takes a new line. He ruled that authorities have the right to introduce new exemptions at a later stage. This would mean that the Commissioner and the Tribunal have to consider exemptions (or exceptions under EIR) raised late in the day by authorities.

This sounds at first hearing to be a bit lenient on public authorities, and I can understand (and so could Judge Jacobs to be fair) why it won’t go down well with some observers. But I also think that it’s the right approach.

The point is that exemptions are usually there to protect other individuals’ and organisations’ rights. As Jacobs points out:

“If [the public authority] is not allowed to change its position to rely on another exemption, this may hamper a full consideration of the public interest and prevent the interests of third parties being taken into account.” (GIA/1694/2010 and GIA/2098/2010, para. 29)

Let me illustrate this through a hypothetical situation. Somebody has requested details of a meeting between the police and a government body about knife crime. One of the attendees was a family member of a victim of knife crime, there to describe their experience. It was a traumatic and difficult experience for them, but they agreed to take part on the understanding that their involvement wouldn’t be known outside the meeting. The authority refuses the request on grounds of s.31 (law enforcement), but when it gets to the Commissioner, he rules that while the exemption applies, the public interest is in favour of disclosure. The authority then realises that it should also have claimed s.40 (personal information) and/or s.41 (information provided in confidence) in respect of the details of the member of the public who had had such a traumatic experience. Does the Commissioner rule that the details of that person should be disclosed, purely because the authority had failed to raise the need for the exemption in their original response?

Of course not, and in fairness to the Commissioner, it is likely he would have used his discretion to allow the use of the exemption in this situation. But Judge Jacobs argues that it is only by analysis of individual circumstances that it will be possible to identify whether exemptions should be allowed. If the Commissioner or Tribunal used their discretion not to allow late use of exemptions, they might not give sufficient consideration to important issues affecting third parties.

In fact, the ruling suggested further that:

“…it is necessary for the Commissioner to take the initiative in appropriate circumstances and to do so as a matter of duty, not of discretion.” (GIA/1694/2010 and GIA/2098/2010, para. 49)

In other words, the Commissioner also has a duty to identify exemptions that might apply that the authority has missed. This again, makes sense, however unpalatable it may be for the Commissioner’s Office. Surely they have to ensure that their decisions don’t cause harm (or prejudice, to use the legal jargon), and that has to mean looking beyond just what the public authority may have argued. After all, shouldn’t the Commissioner’s staff be better informed than most on the application of exemptions?

I can’t say whether the information requested in these cases should have been disclosed or not (that wasn’t looked at in the ruling). But I do think that Judge Jacobs got it right on this important, if technical, point.

Exemptions (or exceptions) either apply or not. He argues that information and the exemptions that protect them are “intimately connected”. Sensitive information shouldn’t lose its protection just because of human error at an early stage in dealing with a request. If you don’t use exemptions, you won’t lose the opportunity to introduce them at a later stage. This decision is particularly important because of its recognition of the practicalities of managing the FOI process:

“Legislation has to be interpreted so that it is workable. No administration is perfect. Documents can be misplaced, overlooked or difficult to find. Officials may fail to identify the potential application of exemptions.” (GIA/1694/2010 and GIA/2098/2010, para. 35)

I can’t imagine that I’m the only FOI Officer who will appreciate this recognition of the realities of how FOI works in our organisations. Nobody’s perfect, and third parties certainly shouldn’t have their rights infringed just because of that eternal truth.