Tag Archive for Enforcement

In defence of the exemption

FOI Man suggests that we should view the use of exemptions, and even decisions of the Information Commissioner and Tribunal, in a different light.

It’s a common shorthand in media stories about FOI that use of an exemption by a public authority = public authority secrecy. And of course there have been situations where authorities have been unnecessarily secretive. But I’d like to explain why I think exemptions – and complaints about their application – are often reported unfairly.

There’s the obvious point, of course, that most people recognise that some information must be withheld to enable public services to function – and more importantly to protect the rights of the public they serve. And it’s no surprise that views of what must be withheld will differ between those making requests and those holding the information.

I would argue further that even where an authority is later ruled against by the Information Commissioner or Tribunal, it may be unfair to attack them for applying exemptions in the first place.

FOI Officers – and their superiors – cannot be expert in every area that might be subject to an FOI request. We are dependent on advice from others. To give an example, people are often critical of public bodies for withholding information about security matters. But if a public authority receives advice from the police or security services that disclosing information will prejudice the safety of its staff or the public, it will be brave (to put it kindly) to dismiss that advice. Any FOI Officer worth their salt will of course ask for evidence and may query aspects of the advice, but ultimately they are unlikely to disclose information having received that advice.

Don’t forget also that in many cases, an authority has to reach a judgment on where the balance of the public interest lies. That process is subjective by its very nature. With the best will in the world, it is likely that authorities are going to reach different conclusions to the Information Commissioner on occasion.

That’s why FOI provides an appeal process. If information is disclosed only as a result of an internal review or Commissioner decision, I would argue that that is not a failure of FOI. It’s how it is supposed to work. It allows the more difficult cases to receive appropriate levels of scrutiny. Separated from the chaff of the more easily answered requests, a case that reaches internal review, and even moreso the Commissioner or Tribunal, will receive additional attention and resource. The threat of enforced disclosure will provoke more serious attention from external, as well as internal, sources of information and authority.

This is not to say that public authorities should not take requests seriously when they’re first received. They should be trying to answer the request correctly first time. And where there is clear guidance and case law that can be relied upon, there is really no excuse for ignoring that. But where there is significant doubt, and doubt that could put peoples’ rights or safety at risk, I find it hard to criticise the public authority that plays it safe. Even if they’re eventually forced to disclose that information.

I’ve always felt that more people should ask for internal reviews of how their FOI request was handled. Complaints can feel uncomfortable for those who are involved. But they should be seen as a positive thing – from both sides. For the public authority it can be a useful way to learn where improvements can be made. For the complainant, although their answer might be delayed, they might eventually get the response they were looking for, and they will have helped the cause of other requesters. I can certainly think of occasions, as an FOI Officer, when a request for internal review, or a complaint to the Information Commissioner, might have assisted me as well as the requester – I haven’t always agreed with the approach I’ve been instructed to take.

But neither side should view a reviewed decision as – necessarily – an indictment of the authority and its attitude to FOI. Complaints processes – whether related to FOI or other matters – are about reaching the right outcome, not necessarily about apportioning blame. If some of the reporting of FOI could recognise that, the whole process might become a little less confrontational, and rather more productive for everybody involved.


If you don’t use it, you won’t lose it

If you think about FOI as a children’s colouring book (just go with me on this), the lines were drawn by the legislation. The decisions of the Information Commissioner, Information Tribunals, and the courts add the colour, taking great care not to go over the lines. FOI Officers are not lawyers (in the main), but if we’re to be effective, we need to keep an eye on these decisions. Sometimes they can be very interesting, especially if you’re an FOI geek like me.

For those who aren’t familiar with the FOI appeal process, here’s a brief précis. If a public body refuses your request, you can ask it for an internal review of the decision. If they still refuse, you can appeal to the Information Commissioner. At that point, the Commissioner can either uphold the authority’s decision, in which case, you can appeal to the Lower Tier of the Information Tribunal, or he can instruct the authority to disclose the information, in which case, they might appeal to the Tribunal. Further appeal can then be made to the Upper Tier Tribunal (you used to go to the High Court on points of law at this stage), and if there are still points of law at stake, you or the authority concerned can appeal to the Court of Appeal. And then to the Supreme Court. Let’s not go any further or the Daily Mail may get excited.

Last week I was fortunate enough to attend a free seminar given by 11KBW (whose blog on information rights law, Panopticon, is well worth a look) on latest developments in information law. One of the barristers speaking, Robin Hopkins, explained the implications of a decision made by the Upper Tier of the Tribunal, and I sat up sharply in my seat. The decision related to requests submitted to the Department for the Environment, Food and Rural Affairs (DEFRA) and the Home Office. I’ve been thinking about it ever since, and sad as it may seem, I spent some of my Sunday afternoon reading the full decision.

The Upper Tier Tribunal was looking at an issue that has troubled a few sittings of the Tribunal. When a public authority refuses to provide information, it must write to the applicant and explain which exemptions apply and how it has reached that decision. But what happens if the applicant appeals to the Commissioner, or even the Tribunal? Can the authority suddenly decide that another exemption, not already relied upon, is relevant?

Previous Tribunal decisions have suggested that it is entirely at the discretion of the Commissioner or the Tribunal to decide on this. The only way that an authority could guarantee that an exemption would be taken into account would be if it had included it in its response to the applicant. In other words, “use it or lose it”, which explains why many authorities throw everything including the kitchen sink at requests for particularly sensitive information. The new Upper Tribunal decision from Judge Jacobs takes a new line. He ruled that authorities have the right to introduce new exemptions at a later stage. This would mean that the Commissioner and the Tribunal have to consider exemptions (or exceptions under EIR) raised late in the day by authorities.

This sounds at first hearing to be a bit lenient on public authorities, and I can understand (and so could Judge Jacobs to be fair) why it won’t go down well with some observers. But I also think that it’s the right approach.

The point is that exemptions are usually there to protect other individuals’ and organisations’ rights. As Jacobs points out:

“If [the public authority] is not allowed to change its position to rely on another exemption, this may hamper a full consideration of the public interest and prevent the interests of third parties being taken into account.” (GIA/1694/2010 and GIA/2098/2010, para. 29)

Let me illustrate this through a hypothetical situation. Somebody has requested details of a meeting between the police and a government body about knife crime. One of the attendees was a family member of a victim of knife crime, there to describe their experience. It was a traumatic and difficult experience for them, but they agreed to take part on the understanding that their involvement wouldn’t be known outside the meeting. The authority refuses the request on grounds of s.31 (law enforcement), but when it gets to the Commissioner, he rules that while the exemption applies, the public interest is in favour of disclosure. The authority then realises that it should also have claimed s.40 (personal information) and/or s.41 (information provided in confidence) in respect of the details of the member of the public who had had such a traumatic experience. Does the Commissioner rule that the details of that person should be disclosed, purely because the authority had failed to raise the need for the exemption in their original response?

Of course not, and in fairness to the Commissioner, it is likely he would have used his discretion to allow the use of the exemption in this situation. But Judge Jacobs argues that it is only by analysis of individual circumstances that it will be possible to identify whether exemptions should be allowed. If the Commissioner or Tribunal used their discretion not to allow late use of exemptions, they might not give sufficient consideration to important issues affecting third parties.

In fact, the ruling suggested further that:

“…it is necessary for the Commissioner to take the initiative in appropriate circumstances and to do so as a matter of duty, not of discretion.” (GIA/1694/2010 and GIA/2098/2010, para. 49)

In other words, the Commissioner also has a duty to identify exemptions that might apply that the authority has missed. This again, makes sense, however unpalatable it may be for the Commissioner’s Office. Surely they have to ensure that their decisions don’t cause harm (or prejudice, to use the legal jargon), and that has to mean looking beyond just what the public authority may have argued. After all, shouldn’t the Commissioner’s staff be better informed than most on the application of exemptions?

I can’t say whether the information requested in these cases should have been disclosed or not (that wasn’t looked at in the ruling). But I do think that Judge Jacobs got it right on this important, if technical, point.

Exemptions (or exceptions) either apply or not. He argues that information and the exemptions that protect them are “intimately connected”. Sensitive information shouldn’t lose its protection just because of human error at an early stage in dealing with a request. If you don’t use exemptions, you won’t lose the opportunity to introduce them at a later stage. This decision is particularly important because of its recognition of the practicalities of managing the FOI process:

“Legislation has to be interpreted so that it is workable. No administration is perfect. Documents can be misplaced, overlooked or difficult to find. Officials may fail to identify the potential application of exemptions.” (GIA/1694/2010 and GIA/2098/2010, para. 35)

I can’t imagine that I’m the only FOI Officer who will appreciate this recognition of the realities of how FOI works in our organisations. Nobody’s perfect, and third parties certainly shouldn’t have their rights infringed just because of that eternal truth.

ICO Naming and Shaming could be good for FOI Officers

The ICO has today announced that it will publish lists every quarter of those authorities that it is monitoring for poor performance in meeting the 20 working day deadline for responding to FOI requests. The 33 organisations in the first list include the Cabinet Office, Transport for London, Birmingham City Council, several London Boroughs and the Met Police.

The criteria for being on the list have also been made available – they are:

  • the ICO has received more than six complaints concerning delay about an authority within a six month period;
  • it appears to the ICO that an authority has exceeded the time for compliance by a significant margin on one occasion or more;
  • (for those authorities which publish data on timeliness) – it appears that less than 85% of requests are receiving a response within the appropriate timescales.

The Campaign for FOI has already pointed out that the Ministry of Justice is not on the list despite falling under the last category, so perhaps the organisations need to fall under all three of the criteria to be listed.

This seems a good idea to me. Although I hope that the ICO (and requesters) exercise some discretion – frankly, I’d rather my local hospital saved lives than answered FOI requests on time 100% of the time – this is probably overdue as a tactic in the ICO’s armoury. Many public sector organisations are very good at meeting the deadline and do so for the vast, vast majority of their requests. However, if there appears to be no sanction against those that don’t, it makes it difficult for FOI Officers to encourage their colleagues and superiors to meet deadlines. This action adds to the armoury of FOI Officers as well at a difficult time.