Tag Archive for Procedures

What are FOI Officers for?

I’ve been meaning to write this post for some time, but there’s always been something topical getting in the way. But as the data deluge begins to subside (?), here are my observations on the role of FOI Officers in the UK.

When FOI was passed (and I am dismayed to recall that I missed the FOI Act’s 10th birthday on 30th November), public authorities preparing for its impact had little to go on. Each authority came up with its own way of handling requests or alternatively, failed to, and reaped the consequences in January 2005. As a result, each public authority has its own way of processing FOI requests, and each FOI Officer has a different job.

In one organisation I’ve worked in, the FOI Officer is very much an advisor – they only get involved in the answering of individual requests if there are concerns about disclosing information. Most requests are answered by staff working on the subject area of the request. My impression is that this is characteristic of central government’s handling of FOI requests (generalising broadly). In these bodies, the person answering your request may well not know very much about the Act (so may use the wrong terminology/make odd statements about their obligations under the Act), but should be knowledgeable about the subject that is being asked about.

In other organisations, including my current one, the FOI Officer receives, acknowledges and responds to the request. Departments are asked to provide relevant information, and advise if they have any concerns with the information being disclosed (I wrote about this process in more detail in my post Being Human last month). This is probably characteristic of FOI procedures in sectors outside central government (again, generalising – many may not). This is an approach probably favoured additionally by smaller organisations.

As well as differences in the way that FOI requests are processed, there are also variations in attitude and approach amongst practitioners. There isn’t a single FOI Officer profession – we’re a range of individuals, with different backgrounds, skills and attitudes. There isn’t a professional body for FOI Officers – though the Records Management Society (RMS) recently became the Information and Records Management Society (IRMS), partly I suspect in an attempt to fill this vacuum (logical, since many FOI Officers started out as Records Managers, and the Section 46 Code of Practice makes the link clear).

Often we have many other responsibilities in addition to FOI. Commonly this includes records management and Data Protection Act compliance (with significant workloads attached to both) but often very many other duties as well.

This means that there is no single understanding of what an FOI Officer is for. Some, I’m sure, see their role as to do as they’re told – if they’re told to withhold information by a senior officer, then they find a way to do so, no matter how weak the basis. And who can blame them? I know of one FOI Officer who was casually threatened with redundancy for themselves and a junior colleague if they couldn’t be “more helpful” (for which read “find ways to avoid answering uncomfortable requests”).

A few FOI Officers, I believe, take common cause with the FOI critics in their organisation and set out, in their view, to defend their employer. Without much persuasion, they will seek out ways to thwart requesters. They will complain loudly about ‘abuse’ and ‘misuse’ (sometimes justifiably, but perhaps on occasion not) of the legislation. Their advice and decisions may not be based on available case law, but on their own view of what is reasonable. They will shout loudly – and in fairness, correctly – that the Information Commissioner’s decisions do not set precedent.

Then there are those that take the view that they are there to challenge the status quo, to promote the principles underlying the legislation. In practice, this means not just accepting it when a colleague or a manager asks them to find an exemption to apply, but asking the difficult questions. Why can’t it go out? What harm will result? How likely is that harm? Will it really cost this much to provide the information? This approach is strongly influenced by the decisions of the Information Commissioner, Tribunal and higher courts.

In my view, this is the right approach, however unpopular it may be with managers and colleagues. There is, after all, a statutory presumption (Environmental Information Regulations) or assumption (FOI, as established through case law) to disclose, and in my experience it is often difficult for those closest to information to take an approach consistent with that. The FOI Officer is there to make that assumption or presumption for the public authority. They might ultimately decide that it is right to withhold the information, or they may be overruled, but they have to ask the questions.

In truth, of course, we’re all on a scale covering all of those approaches. I certainly recognise myself in all three scenarios. It’s not wrong of FOI Officers to seek to defend their employer, but we do that better by minimising the risk of referral to the Commissioner, or at least increasing the likelihood of the Commissioner upholding the decision made. I’d also argue that by basing our approach around case law and available guidance, FOI Officers will be seen to be professional, even if they don’t belong to a profession.

What don’t we like about What Do They Know?

A few weeks ago, Ibrahim Hassan posed the question “Can a local authority refuse to deal with FOI requests made through the What do they know website?“.  When the question was posted as a link on twitter, there was a veritable dawn chorus of negative responses. But why has the website What Do they Know become so unpopular with some public authorities?

I can think of a few reasons, and I’m going to set these out. Try not to get too incensed though if you’re a What Do They Know (WDTK) volunteer or user and read to the end of this post – you may be surprised by what I have to say.

Firstly – it’s my old hobby horse, the attitude towards public authorities. Maybe it’s justified, I’m not sure, but there’s an assumption in their guidance to users and in their templates that we’re going to use every means at our disposal to avoid answering requests.  And therefore their users should be prepared for evasiveness.  Subtle, and polite, but it’s there. And can their guidance to FOI Officers on timeliness of responses be any more patronising (see especially “How do you calculate the deadline shown on request pages?”)?

Then there’s the double standards. Whilst insisting that public authorities have a duty to comply with the legislation, they provide guidance on how to sidestep the requirement for requesters to provide their real name (which is, of course, a duty for requesters to comply with – quid pro quo). Meanwhile, whilst promoting openness, they haven’t exactly made it clear to those responding to requests submitted through the site that their names and contact details will be published on the website. OK, so most FOI Officers are well aware of that now (and probably wouldn’t mind), but often it is staff who are responsible for a subject area, who may well not know much about the wider FOI world, who are answering these requests.

There’s the ease with which requests can be made. It takes seconds for a requester to submit their request through the site, and not much longer to send it to several. They don’t have to consider what resources will be used in those public authorities to answer the product of their idle curiosity. The same can apply to the new facility to submit ‘one-click’ requests via Openly Local. Yes, people have a right to make requests. But these sites make it easy for individuals to ignore their responsibilities.

Perhaps as a result of this, WDTK can be utilised as a weapon against public authorities. WDTK recently tweeted about a response sent by one of their users to Salford University, who had refused their request under s.14, claiming it was vexatious. I took the opportunity to check the background on the site, and it is very clear that whatever the rights and wrongs of the University’s treatment of that particular individual, there is some sort of campaign under way for which WDTK was being used in support. I don’t know the background to the ongoing dispute, but it is now being waged through the pages of WDTK. It wasn’t just those individuals who started off using the site in this way that suffered, or the staff of the University. It was anyone who then made requests through the site, as it was becoming more and more difficult to identify who was part of the campaign and who was not.

Finally, copyright. This has proved to be the key battleground in the dispute between WDTK users and public authorities. The most high profile combatant has been the House of Commons, but they’re not the only one by far. The argument made by public authorities is that if they disclose information via WDTK, it will instantly be published in breach of their (and third parties’) copyright. Several have therefore found more and more convoluted ways to try to comply with their FOI obligations without sending the information to the WDTK site. The Information Commissioner issued a decision notice following the House of Commons case which should be the final chapter on this dispute but it hasn’t proved to be so far. Not least because the Information Commissioner’s Office doesn’t appear to have a great deal of knowledge about copyright law, so it makes it quite difficult for them to be authoritative. Take for example, this quote from page 3 of the minutes of their recent meeting with the HE sector:

“The ICO acknowledged that further work needed to be done around understanding IPR [Intellectual Property Rights] as it resides in research data, and SW [Steve Woods, former FOI blogger and in charge of policy at the ICO] confirmed that his team has already begun to explore this question.”

Could it be that the ICO is only beginning to look at IPR/copyright issues generally and not just specifically as it relates to research data? There certainly isn’t much to go on in the decision notice.

So for all these reasons, public authorities are, to say the least, suspicious of WDTK. And yet…and yet…

I rather like WDTK. It’s a nice bit of technology that appears to work well (contrast that with many systems developed by the public sector). I’ve used it to make FOI requests and found it easy to use. It keeps track of the process of making a request really well.

It was really easy for me to see the background to the Salford University situation. It would be easy for me to identify vexatious requests being made through the site (even if they soon became difficult to distinguish from the other requests). I can see readily how other authorities are responding to requests that come to my authority. It’s transparent, which is, well, the point of all this.

I’ve got an idea, which fellow FOI Officers may well disown me for. But why don’t we embrace it as a concept rather than fighting it? For example, couldn’t we adopt it as our Disclosure Log? Actually encourage requesters to use it so that our answers to them can help others and maybe prevent duplicate requests? It’s a thought, and on that thought I shall strap on my hard hat and leave it to you…

Tips for journalists using FOI

Found this blog post from David Higgerson giving 6 tips to journalists using FOI. Although I’d query some of the more cynical statements there (there does seem to be an assumption that we spend our days working out how best to frustrate journalists), the tips here would in the main be good starting points for anyone thinking of making a request.

In particular, a friend of mine in central government gets very frustrated that people seem determined to ‘demand’ particular information through FOI, when they’ve actually always been very willing to provide the information when asked informally, and would be happy to advise anyone who contacted them. (I have pointed out that if they’re willing to provide the information, there’s nothing stopping them just getting on with it, but their procedures are apparently quite rigid in terms of how they handle enquiries which cite FOI, eg they have to seek approval, which of course slows things down).

Similarly, I’d agree that a bit of research before making your request goes a long way – David gives the example of asking about “delayed discharges” in NHS Trusts instead of “bed blocking”. Mind you, he also suggests that “it reduces the chances of an active misunderstanding of your FOI request”. I know that does on occasion happen, but it might occasionally be good if journalists applied Occam’s Razor when authorities have misunderstood their request, ie the simplest solution (that we actually just didn’t understand it) is usually the correct one. So thinking carefully about how your request is phrased will always help.

It is interesting though, so do take a look.

Being Human – how FOI Officers find information

It might sound odd, but sometimes FOI Officers have to, let’s say, bend the Act in order to get information out there. I’ll explain that statement later…

People probably don’t give this much thought, but finding information requested under FOI is not as easy as it sounds. My suspicion is that many requesters assume that the FOI Officer just has to enter their question into something akin to Google, and up the information comes. Then we twiddle our thumbs for 19 days before disclosing or refusing, unless we’re feeling particularly difficult, in which case we might decide to extend the deadline.

It’s true that back before January 2005, the Labour Government did tie FOI implementation into plans for e-Government, and there was a lot of pressure initially for all public authorities to adopt electronic document and records management systems (EDRMS). But the association was then quietly forgotten as rumours circulated about the limited success and high cost of the few implementations that did progress.

I’m a sceptic when it comes to IT solutions and their ability to find information. Even if you have a system that allows all electronic data to be searched:

a) it won’t pick up paper records or the contents of people’s notebooks (either physical ones or off-line electronic ones)

b) it will only pick up information containing the terms you search for – which is fine if the request is very specific, but this is rarely the case

c) if it is searching every electronic system in the organisation (what is technically called an “enterprise search”), it may not be clear to the searcher what the context of the information is – is it a draft? is it sensitive information? who should I ask for clearance to disclose?

Of course, it’s possible to overcome all of those shortcomings, but in my experience, they rarely are. There are also all sorts of privacy concerns connected with enterprise searches. I’ve never been given the ability to search all emails for a request, the key reason being that it would allow me to see private emails sent and received by colleagues (which arguably would constitute a breach of several Data Protection principles). So FOI Officers rarely, if at all, are in a position to conduct searches of all the electronic information in their organisation. Let alone the physical records.

We therefore have to rely on our knowledge of the organisation, and on the cooperation of colleagues. When I receive an FOI request, I forward the request on to contacts in the relevant departments. I always remove the details of the requester (that’s a debate for another day) and ask the relevant department(s) to provide the information or let me know if they have any concerns with the information being disclosed. They are asked to let me know if I should be contacting someone else. I am entirely reliant on them in collating the relevant information and providing it to me. With slight variations, I suspect this is the process in every public authority in the land.

It is a very human process. It is therefore, of course, entirely feasible that we will fail to locate all of the information. It might be that the FOI Officer is new to the organisation and doesn’t know where the information is likely to be. It might also be that the departmental contact doesn’t know about the scrawled note in a colleague’s notebook. It might be that someone is on sick leave and unable to answer pleas for information on the issue they are responsible for. I’m sure that nobody in my organisation would ever deliberately deceive me, but I wouldn’t be entirely surprised if that happened in some organisations from time to time. But I suspect that the vast majority of the time, such omissions are entirely accidental.

Here’s an illustration (and this is condensed). On one occasion, I received a request for all emails from a particular senior official relating to a specific subject. I forwarded it to their PA. I was sent about half a dozen emails. I sent a response. The requester complained that they knew there were more. I went back to the PA. I was assured with some irritation that no, they had provided all of the emails. I responded to the requester in like terms (but more politely). The requester calmly pointed out that they had emailed the official and their email wasn’t amongst the emails we had disclosed. Oops. Back to the PA. Silence for a few days. Then “…erm, I’ve found about 70 other emails”.

The point is that much as FOI requires public authorities to disclose ALL of the requested information, there are all sorts of reasons why that might well not happen. Some might scream at their screen at this stage that this is further evidence of the incompetence and possibly corruption of the public sector. But I wonder how easy businesses or journalists would find it if they had to locate all information on a particular subject in their organisation? We make all reasonable efforts, but we’re not perfect.

To come back to the point at the start of this piece. Bearing all this in mind, what happens when we get one of those requests for “all correspondence held by the organisation on xxx”? Strictly, we should probably send out a global email to the whole authority asking every member of staff to search their email and paper files to locate correspondence on the subject. We should unleash an army of staff to read every file, every document, every inbox (and sent folder). But of course, we don’t. We work out who is most likely to hold such correspondence and we email them. If we didn’t, we would have to refuse every single request phrased in that way as it would breach the cost limit immediately.