FOIMan explains that searching for FOI requesters is not a great idea – and is ethically (and legally) dubious.
This blog originally aimed to give the practitioner’s view of FOI. Far too often, the important role of FOI officers and public officials in making FOI work has been ignored. So an increasing interest in how FOI really works behind the scenes is to be celebrated.
We’ve seen it in two recent reports on FOI in local authorities. The first from MySociety looked at FOI in local government across the UK. The second, from the Campaign for FOI, focussed on how London boroughs managed their FOI obligations. Interestingly, the findings of the two reports on practices in local councils are broadly in line with my own research which you can read about in the free chapter from The Freedom of Information Officer’s Handbook that I wrote about in my last post.
The Campaign for FOI’s research commented on the London Borough of Lambeth’s practices, and I was reminded of this when my attention was drawn last week to a post by a local blogger who had obtained Lambeth’s internal staff guidance for handling FOI requests. The News from Crystal Palace blog published the guidance pretty much in full, highlighting a number of practices which they felt were of concern.
Having read through it, much of the guidance is pretty standard stuff, and in fact I would go as far as to suggest that there is some very good practice in Lambeth. For example, strict timelines and service standards are a good way to ensure that requests are answered within statutory deadlines.
One particular section is of concern, however. Staff allocated a request are told:
‘You may want to consider all or some of the following when you are assessing a request:
- Google the requester to understand who is making the request, why and assess the likely impact to the council (e.g. political, media, legal, commercial, personal data).
- Review previous requests from the requester in iCasework.’
No. I can, at a pinch, understand the human instinct of curiosity that might lead an uninformed member of staff to use a search engine to find out about a requester. But FOI officers should be discouraging this practice, and certainly not making it official policy.
I know all the excuses. Often it is linked to a policy whereby an authority’s Press Office is informed when a journalist makes a request. In principle I don’t have a problem with that, as long as public authorities are open about the fact that they do it. The problem is that some journalists, perhaps suspicious that they will be treated differently, don’t identify themselves as such. The Act doesn’t require them to do so. The argument goes that therefore every requester has to be googled in order to identify the very small percentage of requesters that are unidentified journalists.
I’m going to suggest that this is flawed logic. Firstly, since most public authorities, and certainly councils, are suffering the effects of cuts to their budgets, why are they encouraging staff to waste precious staff time on the off-chance that someone might be a journalist? Even if they are, it shouldn’t make any difference to the outcome of the request, so surely this is a complete waste of time?
Secondly, how does the council know that someone who isn’t a journalist in the formal sense won’t blog or Tweet about disclosed information? Or pass it to a journalist for that matter? Given this, the fact that one or two journalists might not be picked up doesn’t seem that important.
Thirdly, whilst I recognise that Press Officers have a job to do, I don’t see why they necessarily need to know who is making a request. The sensitivity of a request surely ought to be judged on the subject matter, irrespective of who has made it. Lambeth apparently circulate a list of requests to their Press Office and the Leader’s Office. If this just describes the subject matter of the request this should normally be enough for them to identify where they might need to be prepared for controversy (which really should be the limit of their involvement following an FOI request).
There will be a director of public relations somewhere barking “well, why shouldn’t we?”, so here are a few points in answer to that question.
- what’s your lawful basis? An individual’s FOI request, their identity, biographical information about them is personal data. You need a lawful basis to justify the handling of personal data – including searching for information about someone online. I presume you’ve completed a legitimate interest assessment and successfully justified how your need to know whether or not someone is a journalist outweighs the rights and freedoms of requesters? Even if you decide that you do have such a basis, are you otherwise complying with the requirements of the GDPR? Are you telling requesters that if they make a request it will result in the council looking them up online?
- they can find out that you’re doing it. If the requester has a website, the most commonly used analytics tools will provide enough information to them so that they will spot unusual spikes in interest from your general location just after they made a request to you. There’s an example of this happening described in my book if you don’t believe me.
- it’s creepy. Most comment on Twitter in response to revelations about Lambeth’s practice was to the effect that Lambeth were ‘spying’ on their residents. If a public authority is so concerned about its reputation that it employs Press Officers, shouldn’t it be just a little uncomfortable about gaining a public image associated with the fiction of George Orwell?
FOI is a right. Full stop. If people choose to exercise it, that is their business. If a public authority has good reason to believe that someone is misusing this right – perhaps harassing a member of staff, for instance – there are mechanisms for dealing with that. It is not usually necessary for a public authority to snoop on people to identify this kind of misuse.
Don’t google requesters. There’s usually no good reason, and it has the potential to do a lot of harm.