Don’t Google your requesters

FOIMan explains that searching for FOI requesters is not a great idea – and is ethically (and legally) dubious.

This blog originally aimed to give the practitioner’s view of FOI. Far too often, the important role of FOI officers and public officials in making FOI work has been ignored. So an increasing interest in how FOI really works behind the scenes is to be celebrated.

We’ve seen it in two recent reports on FOI in local authorities. The first from MySociety looked at FOI in local government across the UK. The second, from the Campaign for FOI, focussed on how London boroughs managed their FOI obligations. Interestingly, the findings of the two reports on practices in local councils are broadly in line with my own research which you can read about in the free chapter from The Freedom of Information Officer’s Handbook that I wrote about in my last post.

The Campaign for FOI’s research commented on the London Borough of Lambeth’s practices, and I was reminded of this when my attention was drawn last week to a post by a local blogger who had obtained Lambeth’s internal staff guidance for handling FOI requests. The News from Crystal Palace blog published the guidance pretty much in full, highlighting a number of practices which they felt were of concern.

Having read through it, much of the guidance is pretty standard stuff, and in fact I would go as far as to suggest that there is some very good practice in Lambeth. For example, strict timelines and service standards are a good way to ensure that requests are answered within statutory deadlines.

One particular section is of concern, however. Staff allocated a request are told:

‘You may want to consider all or some of the following when you are assessing a request:

  • Google the requester to understand who is making the request, why and assess the likely impact to the council (e.g. political, media, legal, commercial, personal data).
  • Review previous requests from the requester in iCasework.’

No. I can, at a pinch, understand the human instinct of curiosity that might lead an uninformed member of staff to use a search engine to find out about a requester. But FOI officers should be discouraging this practice, and certainly not making it official policy.

I know all the excuses. Often it is linked to a policy whereby an authority’s Press Office is informed when a journalist makes a request. In principle I don’t have a problem with that, as long as public authorities are open about the fact that they do it. The problem is that some journalists, perhaps suspicious that they will be treated differently, don’t identify themselves as such. The Act doesn’t require them to do so. The argument goes that therefore every requester has to be googled in order to identify the very small percentage of requesters that are unidentified journalists.

I’m going to suggest that this is flawed logic. Firstly, since most public authorities, and certainly councils, are suffering the effects of cuts to their budgets, why are they encouraging staff to waste precious staff time on the off-chance that someone might be a journalist? Even if they are, it shouldn’t make any difference to the outcome of the request, so surely this is a complete waste of time?

Secondly, how does the council know that someone who isn’t a journalist in the formal sense won’t blog or Tweet about disclosed information? Or pass it to a journalist for that matter? Given this, the fact that one or two journalists might not be picked up doesn’t seem that important.

Thirdly, whilst I recognise that Press Officers have a job to do, I don’t see why they necessarily need to know who is making a request. The sensitivity of a request surely ought to be judged on the subject matter, irrespective of who has made it. Lambeth apparently circulate a list of requests to their Press Office and the Leader’s Office. If this just describes the subject matter of the request this should normally be enough for them to identify where they might need to be prepared for controversy (which really should be the limit of their involvement following an FOI request).

There will be a director of public relations somewhere barking “well, why shouldn’t we?”, so here are a few points in answer to that question.

  • what’s your lawful basis? An individual’s FOI request, their identity, biographical information about them is personal data. You need a lawful basis to justify the handling of personal data – including searching for information about someone online. I presume you’ve completed a legitimate interest assessment and successfully justified how your need to know whether or not someone is a journalist outweighs the rights and freedoms of requesters? Even if you decide that you do have such a basis, are you otherwise complying with the requirements of the GDPR? Are you telling requesters that if they make a request it will result in the council looking them up online?
  • they can find out that you’re doing it. If the requester has a website, the most commonly used analytics tools will provide enough information to them so that they will spot unusual spikes in interest from your general location just after they made a request to you. There’s an example of this happening described in my book if you don’t believe me.
  • it’s creepy. Most comment on Twitter in response to revelations about Lambeth’s practice was to the effect that Lambeth were ‘spying’ on their residents. If a public authority is so concerned about its reputation that it employs Press Officers, shouldn’t it be just a little uncomfortable about gaining a public image associated with the fiction of George Orwell?

FOI is a right. Full stop. If people choose to exercise it, that is their business. If a public authority has good reason to believe that someone is misusing this right – perhaps harassing a member of staff, for instance – there are mechanisms for dealing with that. It is not usually necessary for a public authority to snoop on people to identify this kind of misuse.

Don’t google requesters. There’s usually no good reason, and it has the potential to do a lot of harm.

 

Free Chapter of The Freedom of Information Officer’s Handbook

FOIMan brings you a free chapter from his recently published book The Freedom of Information Officer’s Handbook.

Copies of The Freedom of Information Officer's HandbookI was thrilled last week to read a really positive review of my new book by Lynn Wyeth, Head of Information Governance at Leicester City Council (and well-known commenter on FOI and information rights matters) in the Freedom of Information Journal. She had lots of good things to say including:

What makes this book different to other books written about FOI is that it’s written by a practitioner for practitioners…

Describing it as a ‘desperately needed practitioners’ FOI bible’, Lynn finishes by saying:

Every FOI Officer should have a copy on their desk.

There are more reviews available on the Facet Publishing website if you are interested. I hope you’ll understand me drawing attention to these reviews: writing a book is a huge undertaking and a) given the work involved, it is heartwarming and (honestly) a relief to see such a positive reception, and b) I’d like as many people as possible to read it!

As an academic publisher, I understand that some will find Facet’s standard pricing of their output a little on the high side. I’ve been very conscious of this since first discussing the idea with them back in 2017. With this in mind, just a few things that I’m doing to try to ensure anyone who is interested can access at least some of its content:

Whether you’re studying for a qualification, need help with answering requests, or are just interested in FOI and access to information, I hope you’ll enjoy reading the free chapter provided here and perhaps the book itself.

EIR charges curbed by ICO

FOIMan reports on a move by the Information Commissioner to clamp down on charges for environmental information.

Wind turbine in countrysideA new decision from the Information Commissioner moves the regulator’s position on charges under the Environmental Information Regulations (EIR) on from the policy announced in 2016. If the decision stands, it means that public authorities will not be able to charge for environmental information if they wouldn’t be able to charge for it under the Freedom of Information Act (FOIA).

In a decision issued to Folkestone and Hythe District Council the Commissioner  has ruled that a charge of £325 to access environmental information was not reasonable. In effect, the ICO’s decision sets out that it cannot be reasonable to charge for environmental information below the appropriate limit set out in the FOIA fees regulations. Although the fees regulations do not directly apply to EIR, the Commissioner’s view is that the appropriate limit (of £600 for central government and £450 for other public authorities) provides a useful starting point when considering charges under the regulations.

More generally, the ICO are keen to reduce inconsistencies in charging policies in relation to environmental information. In a blog post accompanying the decision, Gill Bull, the ICO’s Director of Freedom of Information states that authorities should avoid routinely charging for environmental information, and is unlikely to be sympathetic when charges are made for information falling beneath the appropriate limit. She links the decision to Parliament’s declaration of a ‘climate change emergency’, pointing out that it is more important than ever for people to be able to play a full and informed part in debate about the environment. This should not be hampered by financial barriers, she argues.

This decision emphasises the important relationship between access to information and the major issues that face society. The ICO will be updating their guidance later in the year to reflect this change in approach.

FOIMan’s FOI Inbox

FOIMan answers your questions in the latest issue of the Freedom of Information Journal.

I recently put out a call to practitioners for their FOI problems with a view to featuring them (and my solutions) in one of my articles for the Freedom of Information Journal. You can now read the results in what I hope will be the first of a semi-regular feature: FOIMan’s FOI Inbox.

Problems posed in the first of these articles are:

  • when can small numbers be refused as personal data (if you shouted out ‘five or less’ or similar just now, you can do three laps of the sportsfield – rounded up to five, of course – right now…go on, off you go *folds arms, raises eyebrows, P.E. teacher-style*)?
  • do public authorities have to provide an email address to which FOI requests can be addressed?
  • how do you work out whether information in the possession of contractors is held for FOI purposes, especially when many contractual relationships are so complex?

Thanks to Gillian, Sarah and Mark for contributing the questions this time around. If you’re an FOI Officer struggling with any FOI or EIR issues, please do get in touch with myself or the FOI Journal editor and I’ll try to answer your query in print in a future issue.

Upcoming events featuring FOIMan

FOIMan highlights some upcoming events he’ll be speaking at.

Freedom of Information in Practice: this Wednesday (17th April 2019) at 12.30pm I’ll be delivering a webinar for CILIP (the Library Association) which is open to anyone. We’ll be looking at the practical aspects of FOIA compliance: logging and tracking requests, training, establishing an internal network of helpers and so on. Details of how to book to attend can be found here on the CILIP website.

Effective Records and Information Management: I’ll be leading a day exploring the features of a records and information management programme for Understanding ModernGov on 24 April 2019. A programme and details of how to book can be found here on the Understanding ModernGov website.

Raiders of the Lost Archivist – the Quest for Compliance in the Netflix Era: join myself and Alison Drew as we discover the impossibility of escaping information governance, data protection, record management and freedom of information on a night in with the telly. If you’re attending the Information and Records Management Society (IRMS) conference at Celtic Manor between 19th and 21st May 2019, you’ll be able to hear what Bond, Indiana Jones, Bodyguard and a ton of sci-fi can tell us about the growing relevance of these issues in the modern world. You can find details of the IRMS conference and how to attend here.

Records Management and FOI: I’ll be making a return to the IRMS’s Public Sector Group on 12 July 2019 to discuss how records management does (and sometimes doesn’t) help with FOI compliance. IRMS members have priority for bookings. Details will be available in due course here on the Public Sector Group part of the IRMS website.

Complying with Data Subject Access Requests: a full-day course on handling subject access requests under data protection laws provided by Understanding ModernGov, and taking place on 17 July 2019. Full details here on the ModernGov website.

Watch out for details of more events as they are announced.