IC trouble ahead

FOIMan argues that funding cuts to the Information Commissioner’s Office are a huge threat to FOI.
Christopher Graham addresses the 2013 ICO Data Protection Officers' Conference

Christopher Graham addresses the 2013 ICO Data Protection Officers’ Conference

Transparency’s a marvellous thing isn’t it? These days we can find out what goes on in all sorts of meetings across the public sector. One example is the way we get to eavesdrop on what the FOI and DP regulator is saying internally.

A couple of weeks ago the minutes of the Information Commissioner’s April Management Board were published in the ICO’s publication scheme. And one thing in particular caught the eye.
The Commissioner stressed in frank terms the financial difficulties his office was facing. At the moment, the ICO is funded by the notification fees that it receives under the Data Protection Act and grant-in-aid that it receives from the Ministry of Justice. The former brings in substantial amounts but is ring-fenced – it can only spend that money on its data protection-related activities. FOI activities are entirely dependent on MoJ funding. That funding has been progressively reduced over the last few years. The Commissioner stated that:

If grant in aid was cut further, action on anything other than routine freedom of information enquiries would be impossible.

It’s not as though the Office is profligate with its money. Whenever the ICO advertises a post, I am horrified at the level of salary on offer (and I’m not alone). Employees that will be responsible for considering high-profile and influential cases are apparently joining the office on salaries of less than £20,000.
ICO salaries are far from excessive

ICO salaries are far from excessive

Even taking into account that the North West is cheaper to live in than London and the South East, salaries are very low. To put it in perspective, I once considered joining the ICO and the only job that matched my then salary would have involved managing 60 staff. As an FOI Officer in a high-profile London-based public body, I was reasonably remunerated, but not THAT reasonably. It’s not unknown for privacy or information security roles in the private sector to attract starting salaries of £70,000 or more, so it is faintly ridiculous to think that they would be explaining themselves to ICO Case Officers earning around a third of their income.

Bearing in mind how poorly paid many of its staff appear to be, and its increasing struggle for funding, it must be said that the ICO punches above its weight. The constant churn of new guidance, Codes, initiatives, decisions, undertakings, penalties suggests an organisation that is working hard and effectively. Much of my work as a trainer and consultant (not to mention blogger) is informed by their publications.  I know from my own experience that the work the Commissioner’s Office has done to raise awareness of data protection and privacy issues is making a difference, and monetary penalties are focussing minds. The progress made by the Commissioner was noted last year by the Justice Select Committee. Christopher Graham, whilst occasionally rubbing people up the wrong way (and perhaps this is actually a symptom of his success) has achieved wonders in reducing the backlog of complaints.

Nobody’s saying it is perfect – I’ve occasionally criticised it. All organisations make mistakes – they are, after all, staffed by human beings. The sheer volume and scale of the ICO’s work means that statistically they’re occasionally going to call something wrong. And given that much of information rights law is open to interpretation, it is inevitable that there will be differences as to how the law should be applied at times.  (And of course, it’s much easier to criticise from the boundary – harder to be the team out there playing the game).

Now Mr Graham says that the regulation of FOI is under threat due to successive cuts in funding. This is a major limitation on the effectiveness of FOI. We often forget that before 2005, most commentators expected FOI to be a damp squib. That it hasn’t been is at least partly due to a regulator prepared to challenge the status quo. Remember it was the Information Commissioner that ruled in favour of Cabinet minutes, risk registers and Prince Charles’ correspondence being disclosed, and often used his resources to argue the case further through lengthy appeal processes in the courts.

If the ICO is not properly funded, it is in my view at least as great a threat to FOI as attempts to water down the legislation (which are at least subject to a degree of Parliamentary scrutiny). Political parties that claim to support FOI and transparency (ie all of them, publicly at least) must commit to properly fund the office if elected to govern next year.

Things could get worse. The European Union’s proposed Data Protection Regulation would end the requirement to notify the Commissioner each year, and more importantly the annual fee that currently involves. If that happens, the ICO may be completely dependent on funding from Government in future. Given the current state of affairs, that is not an encouraging thought.


  1. John Rudkin says:

    Sadly this comes at a bad time. I have had a number of FOIs – specific to my work – ignored by one Council. The problem is, I worked there and was able to see the way some were handled. There were a number of appeals to ICO that were either ignored or “pout back” and never once did I hear of any one making it to the ‘teeth’ of the ICO.
    Sometimes the way the FOIs were handled was the subject of hoots of laughter.
    I can tell you that every opportunity was taken to be awkward or obstreperous. If there was a technical reason to refuse, it was taken. It was more Restriction Of Information (ROI – the antithesis). The CIO needs to look into the organisations that make a habit of being as awkward as they can be – and make examples of them.

  2. Derek O'Connor says:

    Maybe reduced FOI funding might make the ICO better target which complaints they take forward. For example a S12 refusal to provide expenditure on PR advice might be worthy of investigating if the requester was a local council tax payer – but not when they are a reporter from the other end of the country who is just looking for a story? I know FOI is applicant and purpose blind but lets face it that is why it gets abused. Given that public bodies have less money to less good work, I for one would not like to see the Regulator get more money to do more regulating.

  3. The funding issues of the ICO are a real concern, especially if notification fees are to go. I worked in an industry where an Ombudsman could get involved and when a customer complained to the Ombudsman our company had to pay a fee (regardless of the outcome). Perhaps this could be an option for DPA complaints – might encourage Data Controllers to be more pro-active in resolving issues rather than being reliant on the ICO for their customer relations (as some are). I wouldn’t like to see the ICO keeping MPN money; it would open them up to accusations that they’re simply revenue raising and that wouldn’t be great for DPA enforcement or image.

    As for the funding of FOI regulation – I wouldn’t like to see either the PA or the applicant having to pay a fee. For the applicant it will simply restrict the ability of individuals to exercise their right to complain and as a result we might lose out on important information being made public. On the PA side of things, resources are already tight and adding another cost into the overall FOI cost wouldn’t be all that helpful. More funding from the MoJ for the Commissioner’s FOI work would be good.