Who will know if you make an FOI request?

Last week I posted about the NHS Information Governance Toolkit and its FOI requirements. David Higgerson highlighted in his blog on journalism the rules that NHS FOI Officers are expected to follow in relation to ’round robin’ requests. David was particularly concerned that this undermined the principle that requests should be processed in an ‘applicant blind’ manner. It started me thinking about what we circulate internally about requests and, more especially, requesters.

This whole issue of how requesters’ details should be handled is a fraught one for FOI Officers. Many of them are also responsible for Data Protection compliance in their organisations and are only too aware of the importance of protecting personal data. They are also keen to maintain the ‘applicant blind’ principle themselves.

In my experience, this can put them on a collision course with politicians and senior officials in their organisations. I’ve heard of FOI Officers and other staff being bawled at by very powerful people because they refused to provide this information. I’ve also heard of individuals who have decided to leave public bodies after being put under pressure in this way.

My own approach to this tricky issue is to routinely remove names and contact details from requests before circulating them. If someone wants to know who has made a request, I will initially tell them what kind of requester has made the request (eg private individual, journalist, business, etc.). If they insist on having a name, I will consider whether they have a legitimate need.

So what would I consider to be a legitimate need?

I would generally feel that the Press Office have a legitimate need to know the name of a journalist if they ask. The reason for this is that they may well be dealing with the same journalist themselves; it’s their job to oversee relations with the Press.

I routinely provide the Press Office with details of requests received from journalists (though not names unless they specifically ask), and where requested, I will also let them see a draft response. I can understand that might raise eyebrows. But I honestly don’t believe that automatically prevents the request being dealt with in an ‘applicant blind’ manner. The request will still be coordinated by the FOI Officer (or departmental staff in some organisations), the same information will still be sent out. It is just that the Press Office have a ‘heads up’ for any impending news story about the organisation. Even the Information Commissioner recognises that Press Officers will want to (and indeed should) work closely with FOI Officers.

Where I would draw the line would be if the Press Office insisted that the response should be different because of who the request is from. The reality is generally that the Press Office are more likely to change their line if it is out of synch with the FOI response (and by comparing notes, we may actually identify any errors in the response). Any sensible Press Officer is going to realise that they can’t interfere with a legal requirement. They might suggest different ways of saying things, but there is rarely any question (in my experience) of them changing the information that is going out.

It is arguable that it is ‘fair’ (to use the Data Protection Act terminology) to share the names of requesters making requests in a business capacity. Examples would be where it is clear that the request is being made by someone on behalf of the body corporate (eg they use a corporate email address; their signature includes their employer’s details; their letter has a corporate letterhead). I still wouldn’t routinely circulate a name, but I’d feel slightly better about it if asked.

There may be circumstances where individuals within the organisation need to know who has made a request to apply the Act itself effectively. For instance, if the case is being made to aggregate the costs of compliance with a series of requests, or to class a request as vexatious, the history of that individual’s contact with the organisation is likely to be a relevant consideration.

The crisis point for me would come if I felt that it wasn’t ‘fair’ to share the details and that there wasn’t a legitimate need. If the Chief Executive insists on knowing who made a request without providing adequate justification, how do I deal with that? Ultimately, under enough pressure, I know that I am likely to provide the information, as to be frank, I may well not have a choice. But first I would at least try to persuade them that they either don’t need a name, or at least to provide me with some sort of explanation as to why this is justified.

For this reason, I would always advise requesters to assume that their details will be known to anyone in the organisation they make their request to. Most of the time, for most people, that will probably not be a problem. However, I was recently asked for advice by someone who wanted to ask for information held by their employer, and I could only advise them that their best approach would be to use a pseudonym. I don’t generally condone that, but if anonymity is important, then that’s really your best option (and if your pseudonym is credible, the FOI Officer is not going to know – so you can avoid your request being refused under section 8).

No comments

  1. This is not a comment to your post. I simply wanted you to know about a video interview we made on FOI. It might (or might not) be useful to your readers:

    http://www.ncvo-vol.org.uk/networking-discussions/blogs/20294/11/01/28/video-interview-using-freedom-information-campaigning

    Best wishes,
    Virpi

  2. Chris Rusbridge says:

    In the context you’re addressing, well put and clear. However, something niggled away at me, prompted by your “applicant blind” phrase (which I do agree with, BTW). As I understand it, FoI legislation is deliberately phrased to make a request for information normal, not special. When I ask for information, I don’t have to say “FoI request”. Yes, there are special rules and limitations that apply to … requests for information that qualify as FoI requests (!). But the FoI “industry” seems to insist on treating “FoI requests” as special, rather than all requests being treated as well as FoI requests! Does that make any kind of sense?

  3. foiman says:

    Chris – thanks for the post. I started answering and then realised that there’s a whole post in this. Watch out for something soon.

  4. S Jones says:

    Not all FOI requests are equal, although all applicants are (or should be!)

    A straightforward request can – and in our organisation normally is – just answered straight away by whoever receives it, no “process” required.

    Other requests for information need to go through the whole FOI “process” of being logged, recorded, etc, because a number of internal people need to be consulted, or information isn’t collated in the format requested (but can be), etc. i.e., some requests are complicated. It’s not unusual for 5 or more people to be involved, sometimes from outside the organisation [1], and someone – that would be your FOI lead – needs to co-ordinate all that to ensure that the 20 day response time is met. That’s what makes FOI requests “special”.

    [1] No legal obligation at present for us to obtain information from local authority for joint services, but it’s still taxpayers’ money, so I’m with WDTK – ethically we should – and do – respond.

    Additionally, if enquirers specifically state that they are asking for information as an FOI, then it also goes through the ‘process’. This might be as simple as an instant response, or might not – it just so happens that the FOI lead is dealing with it. Some enquirers have the cheek to quote the law at us (I KNOW) – and these are often very complicated requests that are exasperatingly ignorant of the way the NHS works and need “special” treatment so we can direct the enquirer appropriately (Section 16). Again, someone in the organisation has to co-ordinate this – so a request doesn’t fall into a hole between several people who all think someone else is sorting it out. It also helps to ensure that a consistent approach is taken “whoever” the applicant.

    The vast majority of requests for information *are* straightforward – and, annually, are in the thousands if not tens/hundreds of thousands for many public sector organisations. Although correspondence is retained within departments, etc, trying to centrally collect data on all of these would be far too bureaucratic – which is why any public sector organisation’s reporting on FOIs will be a vast understatement of the true scale of information provided on request.

    Media requests are a whole other “kettle of fish” – I’m not sure of my ground here, but believe that this isn’t legislated, just universal best practice? – the deal is that if a journalist contacts an organisation (usually via Communications/PR teams) for a statement or for relatively easy-to-get information, they can expect a pretty quick turnaround – 24-48 hours.

    While I am here: I liked this – http://www.guardian.co.uk/society/patrick-butler-cuts-blog/2011/feb/04/cuts-lets-just-blame-the-bureaucrats. For anyone who thinks public sector servants are being over-sensitive and should get over themselves, you try being told on a daily basis that you’re a waste of space by the very people (politicians and media) who account for a large proportion of your workload through having created expectations (and mostly rightly) about transparency/accountability. I’m not just talking FOI officers here either, this applies to *all* of us who are trying to ensure that taxpayers’ money is spent to best value, whatever our roles.

  5. Chris Rusbridge says:

    Thanks, both of you, for the comments and the follow-up post; that’s pretty much what I thought. It’s FoI if it mentions FoI, or there is doubt on whether it can be answered normally; otherwise, it merely has to be dealt with promptly.

  6. Fascinating post but what I don’t get is what difference it makes to a chief exec, press officer or councillor that they know who is making the request. Surely the request for Info should get the same response regardless?

  7. foiman says:

    David – welcome back and was hoping you’d comment. I completely agree with you. What I’m saying is that whilst the Press Officer, the Chief Exec, the Councillor, MAY be told who made a request (although I hope I’ve made clear that that certainly isn’t a default position), they can’t dictate what information is disclosed based on who made the request. If they tried to they’d skirt dangerously close to infringing section 77 and committing a criminal offence, and they’d certainly be putting us in a position where we were failing to comply with the Act. In my experience I’ve never been asked to refuse a request to a particular person – the assumption is that if we’re refusing to one requester, we would take the same approach to another.

    I’d also stress what I hope I made clear in my post – many FOI Officers feel very uncomfortable themselves with sharing any details of requesters with colleagues. But sometimes they are put in a position where they have no choice.

    Just to go back to the ’round robin’ issue, I don’t think there’s anything intrinsically wrong with authorities identifying and discussing them. And to a degree, I think its inevitable unless you’re going to ban staff at different authorities from talking to each other. Many FOI Officers are dropped into the role and don’t have anyone to ask for advice, so they benefit from talking to others about how to deal with a particular request. It would certainly be wrong if authorities were being ordered to respond a certain way, and I’ve always felt very strongly that it is up to my authority to decide what to do in the end, whatever guidance/advice/discussions we’ve had access to. I do feel quite uncomfortable though with any formalisation of discussion such as the NHS approach discussed in the previous post – we should be free to seek guidance and discuss issues where we choose, not forced to do so.

  8. S Jones says:

    Just to clarify, to the best of my knowledge, there is currently NO “enforcement” on the NHS approach. I’ve had numerous obvious (from massive distribution lists) “round robin” requests which have been straightforward, so I’ve just dealt with them as normal, not told the SHA, and not received any communication from the SHA to indicate that any of my counterparts in other bodies have forwarded them either. I haven’t been given my P45 yet …

    What can happen with more complex or potentially controversial requests (e.g. where data protection issues may come into play – and this happens frequently in healthcare related requests) is that someone asks the SHA for advice on a particular request and a suggested “line” is sometimes circulated. SHA comms re “round robin” FOIs are usually informal advice or contain no ‘suggestion’ at all – just a request to share our response to assist others. There is no obligation put on us to follow any SHA line “because it’s from the SHA” – but they may advise us on legal implications and that’s very useful in some instances. I’d just like to forcefully make the point here that our final response, ultimately, is *not* “dictated” by the SHA – but -may- be advised by them. And as FOIman says above, FOI officers may discuss obvious round robins between themselves/compare notes. You don’t want us to do this? Well, dear enquirer, that’s up to you not to make the entire distribution list visible to us! – we’re only human.

    To me, the reason for it to make sense to share obviously “round robin” requests is so that a consistent approach (or as consistent as possible) can be taken by NHS respondents *on the basis of the request*, not the identity of the applicant. There have been issues where information has been released incorrectly by one body, leading to an expectation on the part of the enquirer that they are entitled to the same information from others – which has the potential to create a big fat headache for the body that correctly applies exemptions in relation to the same response. It’s not even a question of “incorrect” release of information in some cases. Varying sizes of organisations and differing internal systems mean that one organisation might be able to supply information requested quite easily or legally, another might correctly apply exemptions because although they hold the information, it isn’t collated centrally (there is no obligation to do so for *everything* that an enquirer could *possibly* want to know); or the organisation is too large to collect the data in 18 hours; or owing to demographics/NHS body size/other reasons the numbers of people to whom the information relates are so small as to breach data protection so statistics cannot be released; the contract for which detail has been requested is currently out to tender (temporary commercial interest exemption) or any number of other reasons!

    In some of these instances it’s very useful to know how others have responded so we can expand detail on our internal systems/the reasoning for exempting (or charging for!) information from our body which has been released by another.

    As we work across the whole organisation and deal with information requests on a daily basis, FOI officers *may* be more likely to have the skill/experience to apply a consistent approach and be objective about requests for information and apply a consistent approach than someone who spends most or all of their time working in one particular area, doesn’t receive many requests for information, may know enquirers personally, or – through no fault of their own – has a “skewed” view of the sensitivity of the information they work with on a daily basis.

    In terms of internal people wanting to know who has made the request – well, if I was a Chief Exec going to a meeting with a local MP, it would be rather useful to know if the MP had received information under FOI in relation to the issue to be discussed – nothing to do with “preparing a defence” or altering the response, just efficiency/saving a lot of potential duplicated explanation!

    Enquirers don’t have to state their reasons for requiring information – but if they do, then this may make our response different from that to an enquirer who has asked the same questions with no reason. Frankly, there may be detail in the request “blurb” which is not an explicit “request” but makes it quite blatantly obvious that additional information/context would be useful/is required (Section 16: duty to advise and assist!). What I’m saying here is that the content of requests is what colours our response far more than your identity – and request wording is quite definitely the responsibility of the enquirer to consider carefully to ensure they get (assuming no exemptions apply) exactly the information they want.