Tag Archive for Guidance

Exemptions

Exemptions have always been contentious. FOI Man provides a glimpse behind the scenes of how the decision to apply them is taken.

Back in the early noughties, when I was nought but an FOI Boy, the BBC showed a drama featuring Matthew Macfadyen as a young left wing activist gradually becoming disillusioned by the Labour Government’s attempts to water down their Freedom of Information Bill. MM does a fine line in moody young men, and he was particularly cross about the number of exemptions in the finished Act.

Exemptions have remained a contentious issue ever since. My own view is that MM was unduly concerned. Whilst there may be a large number of exemptions in the Act, experience has shown that there are also pretty strong checks and balances on their use. But more on those later.

Most requests result in full disclosure. You might not believe that if you read most commentary about FOI, but the statistics across the public sector bear me out (as I’ve discussed in a previous post). Some requests are too broad and require clarification, or are refused on cost grounds. But a minority are refused and an exemption (or exception under EIR) cited.

In my experience, it is rarely the FOI Officer who decides whether information should be withheld. Normally it is someone in the department that holds the information who suggests that there might be a problem with disclosure, and the ultimate decision to use an exemption will usually be a senior officer’s. The FOI Officer’s role is to advise whether information can be withheld where concerns are raised, and if so to ensure that the case for using the exemption is robust, by gathering evidence, and that statutory requirements, such as providing a meaningful refusal notice, are met.

The exception may be where an FOI Officer is familiar enough with the information requested to know that there may be problems with disclosure. Or, for example, as FOI Officers are often also responsible for Data Protection compliance, when information contains personal data relating to third parties. And on occasion, we may be aware from other sources (eg email discussion lists, other FOI Officers dealing with the same request, etc.) that we might need to consider using an exemption. But I’m always at pains to make clear to colleagues that it is their responsibility to highlight material that shouldn’t be released.

But they don’t need to know about exemptions. When we were preparing for FOI coming fully into force on 1 January 2005, our training courses for colleagues tended to dwell excessively on examinations of the various exemptions available. It only dawned on me later that this wasn’t necessary – and in fact became a hindrance because as we all know, “a little bit of knowledge is a dangerous thing”.  So nowadays if I’m training colleagues or advising them on answering a request, I focus on the key message – consider the harm of disclosure. If they can explain to me what the harm would be, I can then decide if an exemption can be justified.

The sorts of exemption that apply are obviously different from one part of the public sector to another. Central Government departments in particular are going to be most uneasy about policy matters and requests for information relating to ministers. The police are of course going to hold a lot of information that relates to law enforcement and that will be reflected in the kinds of exemption that they use. Other organisations may hardly use anything except the exemption for personal data. So very few, if any, FOI Officers will have used all of the exemptions available – usually they will know about a small sub-set that is relevant to their organisation. It’s a cause of some excitement when we get to use a new one! (or maybe that’s just me…)

Third party data is a particularly tricky problem. Much information held by public authorities was given to them by, or relates to, other organisations or individuals. This could include businesses providing them with services or tendering for contracts, individuals responding to a consultation, even other public bodies that the authority is working with. The Section 45 Code of Practice makes it clear that public bodies should consult third parties when they are considering disclosing data relating to them. But equally it is clear that it is the duty of the public body in receipt of a request to decide whether or not to disclose information. If the third party doesn’t want you to disclose information it can cause a great deal of grief, especially when they have a limited understanding of the obligations that public authorities are under.

FOI Officers and other staff dealing with requests can sometimes find themselves put under a lot of pressure to withhold information. Often they can see the case for the exemption and are happy to make it. On other occasions, they may well argue hard in favour of disclosure with varying results (one of the most common being a funny look from colleagues who are now convinced that they’re not a team player). Sometimes they end up having to make the case for an exemption that they disagree with.

This is not easy, especially if it is appealed as far as the Information Commissioner. One of the trickiest exchanges I had with a case officer from the ICO related to information provided by a very powerful third party. My organisation was under pressure not to disclose that information, and in truth we wanted the ICO to order us to disclose so that we could show that we’d done all we could. But I couldn’t tell the ICO that and they wouldn’t make a decision without more information from us as to how the exemption applied. So for a while we were at stalemate (and the poor requester was still waiting).

At least nowadays, there is plenty of case law to go on. Back in 2005, we were making it up as we went along, and it’s no surprise to me that a backlog built up very quickly at the ICO. Once that case law started to become available, and the ICO’s guidance adjusted as a result, we were able to make decisions on exemptions from a more informed standpoint.

There are two aspects of the Freedom of Information Act as passed which mean that Matthew Macfadyen’s character can sleep easy in his bed at night. Neither thing, bizarrely enough, was in the original Freedom of Information Bill at its First Reading. They were both introduced during Committee Stage – so Tony Blair didn’t have it all his own way. One is the power of the Information Commissioner to order disclosure (as opposed to just ‘advising’) and the other is the public interest test for most exemptions. In a further post I’m going to talk about how we apply the public interest test and why I think it is so important.

Guest post – re-use of disclosed information

Emily Goodhand, Twitter’s @copyrightgirl, returns with her second guest post for FOI Man.

Re-using Public Sector information: what you need to know

There’s been a lot of interest and discussion around the government’s Open Government Licence and whether it covers information released under FOI. In short, it does not. The Open Government Licence (OGL) allows others to re-use information which has been made publicly available (i.e. on the public facing web) by a government authority so that individuals wishing to make use of this information do not constantly have to write for permission to do so. It is important to note that not all public authorities have adopted this licence, and that the licence only applies to works which have been published. Any information received by an applicant under FOI will not automatically fall under this licence, and therefore permission would have to be sought via a request to re-use this information before further use (including reprographic publication) could be made.

Why would a Public Sector Organisation be reluctant to apply an Open Government Licence to information released under FOI?

The OGL reads:

“You are free to:

copy, publish, distribute and transmit the Information;

adapt the Information;

exploit the Information commercially for example, by combining it with other Information, or by including it in your own product or application.”

The wide scope of this licence means that it is unlikely that public sector organisations will adopt it as a blanket licence to cover all of the information that they release under FOI.  It is more likely that a selective approach would be favoured, in that some information requested would be released under the licence at the point at which it is sent to the requester, but not all.  This would very much depend on the type of information being requested, which may not fall under an FOI exemption but may prejudice the organisation’s interests were it to be used for commercial purposes. West Middlesex University Hospital NHS Trust’s website provides some excellent examples of why a public sector organisation would not wish to release information under the OGL:

“Providing access to information does not give an automatic right to re-use it. Re-use can include publishing information or issuing copies to the public. Examples might be private sector companies wanting to re-publish our documents on their website as part of a commercial service, or wanting to publish our images in commercial publications.”

It is important to take these concerns into account in order to get a fair and balanced view of why, at times, a public sector organisation may not allow re-use of information in certain ways.

The Re-Use Regulations

Public sector information which is publicly available but is not released under the Open Government Licence is still subject to the terms laid out in the Re-Use of Public Sector Information Regulations of 2005. Information received under FOI from a public sector body is subject to these regulations with the following exceptions:

  1. The Regulations do not apply where a third party owns relevant intellectual property rights in the document (i.e. the document was written by an independent consultant who retained the copyright in the work)
  2. The Regulations do not apply to public service broadcasters and their subsidiaries, educational and research establishments, or cultural establishments

A request for re-use of information can be submitted to the remaining authorities who are not excepted from the regulations at the same time as an FOI request. The FOI request will be dealt with first, as re-use of information is impossible if access to that information is not granted. It is up to the institution as to whether it chooses to grant re-use of the information supplied, and it is entitled to make a charge for the re-use of the information. Complaints are handled by the Office of Public Sector Information, and more information about the re-use of public sector information is available from the National Archives.

Fair Dealing: what the Copyright Act allows you to do

The CDPA makes certain allowances for the use of work without the need to request permission to use it from the copyright holder. The main defence is fair dealing with a work for the purposes of: a) non-commercial research and private study; b) criticism and review; c) news reporting. It should be noted that photographs are specifically excluded from the fair dealing defence for the purposes of news reporting.

The emphasis in the Act is on the word “fair” – although it is not specifically defined, various case law has indicated that the work used must be no more than is necessary to make the point (i.e. an insubstantial amount) and must not have a detrimental economic impact on the original work. In addition to this, other factors also come into play, such as whether the work is published or unpublished, what the motive was for the dealing, and whether the purpose could have been achieved by different means. The defence, if relied on, should be used carefully, as one court found the copying of as little as 11 words to be copyright infringement. However, it is generally accepted that journalists can rely on this defence to re-use insubstantial portions of the information they receive as a result of an FOI request for the purposes of news reporting, with the exclusion of photographs.

New guidance – FOI Man’s guide to making FOI requests

Happy new year to all my readers! I’m now back and ready to keep posting here and on Twitter on FOI, associated issues and anything else that catches my attention.

Just before Christmas, a campaigner who reads this blog and follows me on Twitter asked if I’d be prepared to contribute a guide to writing an FOI request for readers of his website. It occurred to me that this might be something of use and interest to others, so I’ve written this guide to making an FOI request (which can also be found under the FOI Man Guides heading on the right of this page).

There are lots of other places you can go to find out the mechanics of making a request – authorities’ websites, the Information Commissioner’s website, books, WhatDoTheyKnow to name just a few (the FOI Other Resources section further down on the right of this page may be helpful if you’re stuck). So instead of regurgitating what they all have to say, my guide gives Ten Top Tips on making requests effectively, and most importantly, responsibly.

In these straitened times, it’s important that people recognise the stresses and strains that public authorities will be under and use their services, including FOI, appropriately. Even if you have little sympathy for public employees, you ought to be considerate of the impact of your requests, because ultimately poor and irresponsible use of FOI can lead to backlashes against these rights which will leave us all the poorer.

And the key thing is that by taking more care over your requests, you can make them more effective. Often the requests that cause most consternation to FOI Officers and their colleagues are the least productive from the requester’s point of view as well, as they aren’t clear enough or are simply unrealistic in their expectations.

Let me give you a couple of examples that I’ve heard about or had to deal with myself.

We regularly receive ’round robin’ requests – requests which are sent to a number of authorities. One recent one received by several organisations asked for all expenditure on a specific activity by “the Trust”. Since many organisations that received it were not Trusts (presumably NHS Trusts were what the requester had in mind), some at least will not unreasonably have responded by asking them if they really intended to send the request to them. Presuming that they did intend to send it to all the public authorities concerned, they now have to write back to those authorities to clarify that they would like the information from them even if they aren’t Trusts, and have lost days or weeks before they will get a response.

Another chestnut (not suitable for an open fire) is the request that asks for all expenditure on ‘marketing’. What does that mean? If we have a department called marketing, is it not reasonable for us to take that as a request for the cost of the marketing department? But if you’re comparing the expenditure on ‘marketing’ across several public bodies, is that really useful? It’s likely that different marketing departments will do different things, so the costs won’t be comparable. And unless you’ve specified which marketing activities you’re interested in, it’s unlikely our interpretation of which activities fall under that heading would be the same as your’s.

With that last example, we could of course, come back to you to ‘advise and assist’, but even if we do, the whole process has slowed down. If you’d been more specific in the first place, we could get an answer to you that met your requirements and sooner.

So hopefully the guide will prove useful to any of you that want to make requests in avoiding these pitfalls. If, like the campaigner who asked for this, you want to use the text on your website, there are instructions for its use at the bottom of the guide.

You’ll also have noticed that I’ve called this FOI Man Guide No.1. Which rather suggests that I might be thinking of other subjects to add in future…

What Do I Know? A Postscript

Well, this blog has come of age this week. The Campaign for FOI described my last post as “Interesting and provocative”. And it certainly has provoked more comment than anything I’ve previously written.

Before addressing the most controversial issue raised in the comments, I just want to highlight some great advice that WhatDoTheyKnow have given to FOI Officers if they want to follow my suggestion and encourage their requesters to submit requests through WDTK (to facilitate its use as a Disclosure Log):

  • The simplest method is to link to the WDTK site – you can link directly to the part of the site for your organisation – WDTK have no problem with you doing this and you don’t have to let them know you are doing it
  • I would suggest that if you’re going to do this effectively, you should at the very least provide instructions on your website to potential requesters explaining how they can make their request through WDTK alongside your direct contact details; it’s up to you how far you promote this as a method of making requests (ie is it your preferred method or just one of several?)
  • Alex from WDTK has suggested that “If an authority wants to go a bit further, e.g. by having all their requests on the site or wanting a branded request service, then they should talk to us in the first instance to discuss their requirements.”

So there you go, those are your options if you want to try this out.

The most controversial of the points I raised related to the suggestion that WDTK advised requesters on how to avoid providing their name when making requests. I’ve got to say that at this stage I’m unapologetic about this point (though if I’m persuaded otherwise I may post on this topic again). My reasons for this are:

  • It’s there in black and white at section 8 – a request is only valid if it “states the name of the applicant”; the Information Commissioner also takes this view and explains why in his guidance (CFOI disagree with the Commissioner on his view)
  • There’s good reason – much as you as a requester may not like it (especially if you are on the fringes of acceptability when it comes to your dealings with the authority), if we don’t have a name, it is difficult to identify requesters that are making repeat or vexatious requests, or to apply the fees regulations where costs could be aggregated
  • It costs money to answer requests; arguably we should not be spending this money on requests that are not valid, or can be refused for other reasons. We have a duty not just to those who use FOI but also to other taxpayers.

To me, it always comes back to the Act itself. Someone commented that ‘vexatious’ is “redundant and subjective”. It’s not. A vexatious request is defined in the Act and in numerous ICO and Tribunal decisions now. The ICO’s guidance is clear on when it can be applied. We are not talking about vague concepts here, but about specific behaviour which goes beyond what public officials should be expected to put up with. In 6 years, I’ve only used section 14 once, and this was for an individual who had written well over 100 times (not all FOIs) in a year, and had made threats of physical violence to a politician at the authority. But to apply it depends on being able to demonstrate who is making the requests in the first place.

I completely accept that some people might have a reason for remaining anonymous (CFOI cited an example where someone lost their job as a result of making a request). And ultimately, who’s going to know if you do use a (subtle) pseudonym? But I stick by my view that in general, if you’re making a request you should follow the rules just as you expect a public authority to do.

In passing, I should recommend a blog posting from a barrister on WDTK’s liability if they publish documents containing libellous material. This wasn’t an issue discussed in my post, but is certainly of interest.

Thanks for your continued support – nearly 1400 of you have read the blog at some point in the last 6 weeks, and whether I agree with you or not, its also great to receive your comments. Do continue to spread the word – if you have access to other forums or blogs, please do mention this blog if they touch on subjects I’ve discussed. More next week.

What don’t we like about What Do They Know?

A few weeks ago, Ibrahim Hassan posed the question “Can a local authority refuse to deal with FOI requests made through the What do they know website?“.  When the question was posted as a link on twitter, there was a veritable dawn chorus of negative responses. But why has the website What Do they Know become so unpopular with some public authorities?

I can think of a few reasons, and I’m going to set these out. Try not to get too incensed though if you’re a What Do They Know (WDTK) volunteer or user and read to the end of this post – you may be surprised by what I have to say.

Firstly – it’s my old hobby horse, the attitude towards public authorities. Maybe it’s justified, I’m not sure, but there’s an assumption in their guidance to users and in their templates that we’re going to use every means at our disposal to avoid answering requests.  And therefore their users should be prepared for evasiveness.  Subtle, and polite, but it’s there. And can their guidance to FOI Officers on timeliness of responses be any more patronising (see especially “How do you calculate the deadline shown on request pages?”)?

Then there’s the double standards. Whilst insisting that public authorities have a duty to comply with the legislation, they provide guidance on how to sidestep the requirement for requesters to provide their real name (which is, of course, a duty for requesters to comply with – quid pro quo). Meanwhile, whilst promoting openness, they haven’t exactly made it clear to those responding to requests submitted through the site that their names and contact details will be published on the website. OK, so most FOI Officers are well aware of that now (and probably wouldn’t mind), but often it is staff who are responsible for a subject area, who may well not know much about the wider FOI world, who are answering these requests.

There’s the ease with which requests can be made. It takes seconds for a requester to submit their request through the site, and not much longer to send it to several. They don’t have to consider what resources will be used in those public authorities to answer the product of their idle curiosity. The same can apply to the new facility to submit ‘one-click’ requests via Openly Local. Yes, people have a right to make requests. But these sites make it easy for individuals to ignore their responsibilities.

Perhaps as a result of this, WDTK can be utilised as a weapon against public authorities. WDTK recently tweeted about a response sent by one of their users to Salford University, who had refused their request under s.14, claiming it was vexatious. I took the opportunity to check the background on the site, and it is very clear that whatever the rights and wrongs of the University’s treatment of that particular individual, there is some sort of campaign under way for which WDTK was being used in support. I don’t know the background to the ongoing dispute, but it is now being waged through the pages of WDTK. It wasn’t just those individuals who started off using the site in this way that suffered, or the staff of the University. It was anyone who then made requests through the site, as it was becoming more and more difficult to identify who was part of the campaign and who was not.

Finally, copyright. This has proved to be the key battleground in the dispute between WDTK users and public authorities. The most high profile combatant has been the House of Commons, but they’re not the only one by far. The argument made by public authorities is that if they disclose information via WDTK, it will instantly be published in breach of their (and third parties’) copyright. Several have therefore found more and more convoluted ways to try to comply with their FOI obligations without sending the information to the WDTK site. The Information Commissioner issued a decision notice following the House of Commons case which should be the final chapter on this dispute but it hasn’t proved to be so far. Not least because the Information Commissioner’s Office doesn’t appear to have a great deal of knowledge about copyright law, so it makes it quite difficult for them to be authoritative. Take for example, this quote from page 3 of the minutes of their recent meeting with the HE sector:

“The ICO acknowledged that further work needed to be done around understanding IPR [Intellectual Property Rights] as it resides in research data, and SW [Steve Woods, former FOI blogger and in charge of policy at the ICO] confirmed that his team has already begun to explore this question.”

Could it be that the ICO is only beginning to look at IPR/copyright issues generally and not just specifically as it relates to research data? There certainly isn’t much to go on in the decision notice.

So for all these reasons, public authorities are, to say the least, suspicious of WDTK. And yet…and yet…

I rather like WDTK. It’s a nice bit of technology that appears to work well (contrast that with many systems developed by the public sector). I’ve used it to make FOI requests and found it easy to use. It keeps track of the process of making a request really well.

It was really easy for me to see the background to the Salford University situation. It would be easy for me to identify vexatious requests being made through the site (even if they soon became difficult to distinguish from the other requests). I can see readily how other authorities are responding to requests that come to my authority. It’s transparent, which is, well, the point of all this.

I’ve got an idea, which fellow FOI Officers may well disown me for. But why don’t we embrace it as a concept rather than fighting it? For example, couldn’t we adopt it as our Disclosure Log? Actually encourage requesters to use it so that our answers to them can help others and maybe prevent duplicate requests? It’s a thought, and on that thought I shall strap on my hard hat and leave it to you…