Copyright and FOIA

FOIMan writes about the relationship between copyright and freedom of information.

Practitioners and others often get confused about the way that copyright interacts with FOI. In this piece for the Freedom of Information Journal, I attempt to provide some clarity. In summary, whilst public authorities retain copyright in much of the information that they disclose, it will often be difficult for them to prevent requesters and others from re-using disclosed data.

Back to the FOIA: FOI, historical records and archives

FOIMan writes about the relationship between FOI and the past.

Way back before I got involved with FOI, I started my career as an archivist. In my latest article for the Freedom of Information Journal, I’ve written about the complex relationship between FOI, historical records and archives. Both archives and FOI provide means to hold public authorities to account. So how do they interact – and is FOI damaging archives?

You can find out by reading the article here.

FOI enforcement developments

FOIMan notes a couple of developments on FOI enforcement.

A brief note of two important enforcement actions taken by the Information Commissioner’s Office (ICO) in the last few weeks.

First off, the Royal Borough of Kensington and Chelsea has been given a Monetary Penalty Notice of £120,000 for accidentally disclosing personal data. The FOI Officer apparently failed to notice that a spreadsheet contained a pivot table which held personal data in it. This is similar of course to a previous MPN given to the London Borough of Islington a few years ago. The council was criticised in particular for failing to train its FOI Officers adequately.

Even more notably, and in a first, it was reported this week that the ICO is prosecuting a councillor with Thanet District Council in Kent under s.77. Whilst this provision has always been there to sanction the destruction, hiding or alteration of records to avoid FOI, it has never been used by the ICO. The case will be heard in September, so one to watch.

Data protection doesn’t require important records to be destroyed

FOIMan explains why any organisation which blames the destruction of important records on data protection rules is being either disingenuous or is ignorant of what the law requires.

In recent weeks The Guardian has drawn attention to the plight of those innocent people who have lived in the UK for many years, only to be told recently by the Home Office that they could face deportation. This week the Home Secretary finally apologised, but many people are still in a legal limbo, unable to prove their status, not realising that they would ever need to.

Now a former Home Office employee has reported that disembarkation cards which might have helped establish the status of many of these people were deliberately destroyed by the Home Office a few years ago. Responding to the claim, the Home Office has conceded that records were destroyed but claims that this was necessary to comply with the Data Protection Act (DPA). The records were, according to them, destroyed:

to ensure that personal data … should not be kept for longer than necessary. Keeping these records would have represented a potential breach of these principles.

This argument has a long pedigree. It was cited by a police chief constable at the time of the Soham murders as a reason why records were not retained about Ian Huntley which might have prevented his employment as a caretaker at a school. It was used more recently by the House of Commons to justify the early destruction of MPs’ expenses records.

In both these cases, and in the latest example, this is just plain wrong. If the press officer or whoever drafted this statement had checked with their Data Protection Officer, they would have been able to tell them this.

It is true that one of the data protection principles requires that personal data be kept no longer than necessary, and that data controllers – organisations – are required to put in place procedures to ensure this. However, note that word “necessary”. It places the responsibility fairly and squarely at the door of the organisation that has collected the data to decide what is “necessary” and to justify it. If records are still being used to answer enquiries about individuals’ immigration status (as the Home Office whistleblower has maintained), or are at the centre of one of the biggest scandals to hit modern British politics, I would suggest that it is “necessary” to retain them, and to do so can be easily justified. Data protection laws do not say they must be destroyed.

Furthermore, even if there is a view that it is no longer necessary to retain records for their original purpose, both the DPA 1998 and GDPR permit records to be retained for historical research purposes in a record office. The Home Office whistleblower reports that it was suggested that the cards be offered to a record office, but that they were told that no archive wanted them. As public records, the National Archives would have had first option on these and since these records would seem to be of great value to genealogists and those studying the history of migration and minority ethnic communities in the UK, it is hard to imagine them turning such an offer down. Even if they did, are we to believe that other record offices, including for example Brixton’s Black Cultural Archives (based in Windrush Square), a repository specialising in the history of Britain’s African and Caribbean communities, would have said no? It seems unlikely if they were given the opportunity (and the significance of the cards was explained to them). Data protection rules would have allowed the cards to be retained indefinitely in a record office.

Data protection rules simply do not require records with continuing value to be destroyed. Anyone claiming that they do is being disingenuous or is ignorant of what data protection requires. Let’s hope that organisations – particularly those that should know better – stop churning out this misconception every time that they are criticised for the disposal of records.

References:

Home Office destroyed Windrush landing cards, says ex-staffer, The Guardian, 17 April 2018 https://www.theguardian.com/uk-news/2018/apr/17/home-office-destroyed-windrush-landing-cards-says-ex-staffer

MPs to escape expenses investigations after paperwork destroyed by Parliament, Daily Telegraph, 2 November 2014 https://www.telegraph.co.uk/news/newstopics/mps-expenses/11204405/MPs-to-escape-expenses-investigations-after-paperwork-destroyed-by-Parliament.html

The politics of records management, FOIMan blog, 7 November 2014 https://www.foiman.com/archives/1337

Soham police chief ‘ignored advice’, The Guardian, 26 March 2004 https://www.theguardian.com/uk/2004/mar/26/soham.ukcrime

FOI and Open Data Developments

FOIMan reports on a new strategy from the ICO and a move for open data (and data sharing) responsibilities in government.

Elizabeth Denham, Information Commissioner

Elizabeth Denham

I’m briefly emerging from my monastic cell to note some recent developments in FOI that may have passed you by amidst frenzied GDPR preparations.

The Information Commissioner recently gave the annual Jenkinson Lecture at University College London. In it, she made intriguing reference to a new ICO FOI strategy. What does this strategy consist of?

  1. The Commissioner wants to augment the “request-based, and frankly, reactive” model of FOI. There appears to be a new focus on pro-active disclosure, and linked to this, the Commissioner is interested in giving new impetus to open data initiatives, particularly focussing on making them more sustainable. Self-assessment tools for public authorities are mooted.
  2. She wants FOI to expand to reflect changes in the way that public services are run (not a new call, of course). Housing Associations were particularly singled out for attention.
  3. She remains concerned about compliance with FOI deadlines, and is keen to explore ways to improve these. The publication of FOI statistics proposed by the FOI Commission in March 2016 (and more recently included in the draft s.45 Code of Practice released before Christmas) was highlighted, and it was suggested that the Commissioner could carry out audits even where no specific complaint has been received (or ‘own-motion compliance investigations’).
  4. Access Impact Assessments may be coming your way. Presumably inspired by her office’s preparations for GDPR, the Commissioner suggested that assessments should be made of the “access impact of new systems and initiatives”.

News of such a strategy is interesting in its own right, but I read earlier today of changes to responsibilities in central government (what are known as ‘changes to the machinery of government’). Responsibility for open data policy, together with data sharing, data governance and data ethics has moved from the Government Digital Service (in the Cabinet Office) to the Department for Digital, Culture, Media and Sport (DCMS). Could the Commissioner’s comments on open data be linked to this move, perhaps? And are there moves afoot to move FOI to DCMS as well? It would make sense – but machinery of government changes don’t always appear to be made with good sense in mind.