Tag Archive for Heather Brooke

Read the story, then count to ten…

When you’re a public employee, even one who sees themselves as progressive and enlightened, it’s easy to reject media criticism of public sector practices as misguided and ill-informed. But maybe we need to keep an open mind.

Confession time. I sometimes get really annoyed with journalists’ stories about Freedom of Information. And their comments on Twitter.  I know that colleagues in the public sector, and even other FOI Officers, will be familiar with that feeling.

It’s the hyperbole that sometimes appals. Other times it’s the lack of understanding of how government (at all levels) works. Quite a lot of the time its just an instinctive reaction to seeing colleagues (in the loosest sense – most of the time I don’t even know the people being talked about) criticised in print, apparently just for doing their job.

Heather Brooke revels in her reputation as a thorn in the side of the public sector on FOI and transparency. She has consistently argued that more details of public employees should be made public. Like many other FOI Officers, I’m responsible for Data Protection compliance in my organisation. I’ve made the point here previously that I think there are fundamental differences in the approach to personal data and privacy taken in Heather’s native US and here in the UK. I know many colleagues in my own organisation and elsewhere who would feel very uncomfortable with their details being made public. There are plenty of employees in private sector organisations (including media corporations) that would feel similarly. I resent the characterisation of all public employees as sinister power-hungry figures intent on creating and/or maintaining a big brother state under a shroud of secrecy. All of these objections and more boil in the cauldron of my mind as I read Heather’s latest criticism, often accompanied by a thin wisp of steam rising from my scalp.

But fundamentally, she’s doing her job. If I try to see past my instinctive reactions, I can see that she’s got a point – there are circumstances where more transparency about who is doing what would be beneficial. And a lot of my discomfort is less about privacy and more about the fear of my colleagues’ reactions.

Last week I read a story (possibly apocryphal) in a blog post about a Minister having to ask a friendly MP to make an FOI request to obtain information from his own department. The argument he’d been given was that the papers belonged to the previous administration so he couldn’t see them. Whilst the journalist was making the point that this was ridiculous, the public servant in me was dying to respond. I wanted to point out that there were good reasons for this. It’s about ensuring that the civil service is seen as impartial. There’s a convention in government that you don’t let Ministers of a new government see the papers of the previous administration.

But, let’s pause a second. If the papers could be disclosed under FOI, it patently is ridiculous. And even if the full facts would have justified how the situation was handled, of course it looks stupid to the outside world. Journalists can’t be expected to understand the inner workings of Whitehall, any more than I can be expected to understand the functioning of a national news outlet. And more than that. The whole point of FOI and moves to transparency in our public sector is to challenge the status quo. Conventions that have stood for centuries in some cases absolutely should be scrutinised to see if they are consistent with the new way of working.

For instance, I have issues with the convention of collective responsibility being trotted out religiously in defence of withholding Cabinet Minutes. And for that matter with the convention that protects the impartiality of the Monarch and the Heir being given as an excuse for not disclosing correspondence with the Prince of Wales. Surely the best way to maintain the impartiality of members of the Royal Family is for them to be impartial. These conventions often seem like they put the cart before the proverbial horse – surely we should be looking at whether actual harm will be caused to good government, individuals or third parties when considering FOIs, not whether harm will be caused to a convention (which in itself was designed to protect those things in an age before FOI existed).

That’s not to say that there aren’t good reasons at times for information to be withheld. And journalists, along with other people who make requests, are never going to be happy when information is withheld. But I think it’s important that those of us trying to change the culture in the public sector pause a moment when our reaction is to reject criticism. Many of us have been working in the public sector for years. It’s easy to assume that the way things are done is the way they should be done. It ain’t necessarily so.

And when journalists and others get it wrong, or they just don’t understand why decisions have been made, maybe we need to be more open about the process and the reasoning. This blog is one reaction to that – I want people who make requests to understand why FOI works the way it does. That won’t stop critical stories about FOI handling. But it’s another dimension to the openness agenda that we’re all trying (or should be trying) to push within the wider public sector.

So I’m going to keep a fire extinguisher to hand and put out the fires of my indignation next time I react angrily to media criticism. Openness will apply to my mind as well as my job. I will count to ten before I dismiss a journalist’s latest story as “Balderdash” or something stronger. Mrs FOIMan, who knows me better than most, reading this over my shoulder, comments “Good luck with that.”

Divided by a common language – personal data and openness

A few months ago I was fortunate enough to travel to New York for a few days’ holiday. Sheltered soul that I am, this was my first visit to the USA.

The whole trip was fabulous, but you’re not here to have my holiday snaps inflicted upon you. The only down point really, as many others have found in recent years, was trying to get into the country.

I’d already had to complete my ESTA (electronic entry visa), and on the plane I was given a Customs Declaration form to fill in. On arrival I stood in line for about an hour whilst we were herded through the cramped arrivals hall and towards one of the immigration officials, sat in their cubicles of bullet-proof glass. Despite the posters promising friendly and courteous staff, when the time came for me to stand in front of one of these officials, he glowered at me suspiciously (fair enough, some might say), barked instructions and interrogated me as to my intentions. I’ve never been on trial, but my first experience of the US made me feel a little like I suspect I would as a defendant in the dock.

Things improved immeasurably from that point on. But the point is that throughout the process of entering the US, I was asked for a great deal of personal information. Now, it may cause you to roll your eyes heavenwards, but I found myself entertained during my long wait in the queue by contemplating a passage of small print on the back of the Customs Declaration form. It read:

“PAPERWORK REDUCTION ACT NOTICE: The Paperwork Reduction Act says we must tell you why we are collecting this information, how we will use it, and whether you have to give it to us…The estimated average burden associated with this collection of information is 4 minutes per respondent or record keeper depending on individual circumstances. Comments concerning the accuracy of this burden estimate and suggestions for reducing this burden should be directed to US Customs and Border Protection…”

This was in exactly the position that UK or European forms would place a Data Protection notice. What I thought was interesting is this. Here in the UK (and across Europe) we are increasingly concerned with what government and other organisations do with the data that they hold about us. We reacted with horror when HMRC lost two CD-ROMs containing details of 25 million families. It seems not a month goes past without the ICO issuing press notices about the latest NHS Trust data breaches, and they can now fine organisations up to half a million pounds in the worst cases. And the metaphorical and political blood that has been spilt over proposals for ID card and NHS patient databases could fill the country’s blood banks for the next decade.

Yet in the US, the equivalent concern is for bureaucracy. All very well and good, we’d all like to see less of that (yes, even us public employees). But that’s apparently the concern that takes priority over privacy. Of course, in limiting paperwork, a side effect may well be that less personal data is collected, but this or the protection of that data, is not the driver over there.

I was reminded of my post-plane perusals this week when I happened across a news article about a US court case reviewing an FOI appeal. In the US they don’t have an Information Commissioner, so anyone appealing against a public authority’s decision has to take the case to court.

The request was from a civil liberties group who wanted to have copies of the images taken by airport scanners. This has become quite a concern of late in the US (as here), as the latest scanners are reputed to reveal in intimate detail the contours of the human body. The judge in the court case upheld the authority’s decision not to disclose the images.

Now this in itself didn’t surprise me. I’d have assumed that if the images really do allow the sort of insight that most people only allow their intimate partner, then there’d be a reasonable argument to withhold the information on personal data or privacy grounds. But the story appeared to suggest that they’d been refused not for those reasons, but on the grounds of national security, as potential terrorists might be able to find ways to fool the scanners through analysis of the images.

This looks like another example to me of where US culture, law and politics is subtly, perhaps significantly, different to ours. They don’t have data protection laws. UK organisations are only allowed to exchange data with US businesses because of something called ‘Safe Harbor’. This means that US businesses can register with the US authorities promising to handle personal data in line with principles similar to our Data Protection Principles. But the only reason they do this is because otherwise they wouldn’t be able to do business with European bodies, public or commercial. Importantly, it’s voluntary. It’s a completely different mindset.

So why is this significant? And why am I talking about Data Protection on a blog about FOI?

Well-known freedom of information campaigner and freelance journalist Heather Brooke has a new book out called The Silent State. I’ll be up front and say that I haven’t had chance to read it yet. But by all reports it repeats something that she has said on many occasions before.

Heather is from the US and began her journalistic career there. One of her biggest complaints about public authorities in the UK is that they are secretive about the names and contact details of public employees. Apparently, in her native state the names, job titles, contact details and salaries of all public employees are published on-line. Not just senior executives. Everyone, from the street sweepers to the Chief Executive.

Her argument is that the UK’s culture of secrecy makes it inefficient and bureaucratic. That people hide their ineptitude behind the high crenellated walls of their particular public employer. And of course that things are much better in the US where they are open about who is doing what.

Conservative commentator Peter Oborne has written gushingly about Heather’s agenda. He comments that her connection of secrecy and inefficiency:

“…is a Tory insight and if David Cameron has real courage he should make Heather Brooke’s radical agenda his own.”

I don’t doubt that some public authorities are too secretive, and should be prepared to make more information available (and be less defensive when they receive FOI requests). And personally, I have no problem with my details being made available on my organisation’s website (they are). I could even accept my salary being published.

But I equally understand that some people don’t feel comfortable with that. Perhaps they resent the idea of such a degree of openness. They may see this as yet another ‘punishment’ for the ‘crime’ of taking a job in the public service. But they also may have very good, personal, reasons. Should the individual who has moved on to a new life after escaping an abusive relationship be forced to work in the private sector because they don’t want their former partner to track them down? Should anyone who fiercely defends their privacy be restricted in this way?

Most would agree that publishing details of the most senior and public facing officials is a good thing. But in reality, why would you want to know the name of the street cleaner? If you’re not happy with their work, your local council presumably provides a mechanism to report that. Is the idea that you should be able to directly confront them, vigilante style, if you find a cigarette stub on the pavement outside your house?

We have a tradition in this country of respecting individual freedoms. Our culture and our law recognises the importance of privacy and particularly of how personal data should be handled. There may well be virtue and value in publishing more details about public officials. But before we start to bash public authorities over the head with their perceived secrecy over their employees, we ought to consider what it is that we really want. Do we want our current model which balances the need for government openness with the need for individual privacy? Or do we want to make a significant shift to a US model where protecting personal data is much lower down the agenda?