Year: 2012

Unkindleness

Likkindlee many other dads, and mums and ordinary human beings I received a Kindle as a Xmas present.

Having ripped off the wrapping paper and found it had power I registered my device in the process passing my contact details to Amazon.

I quickly found a book I’d been looking for in charity shops and libraries for just £1-99 so bought it and 30 seconds later there it was on my shiny hi-tech beautiful slimline direct marketing device.

It’s the adverts you see. Now and again it shows me an advert. I didn’t ask for it. I never had a legitimate expectation I’d have adverts on my Kindle. I couldn’t find a way to turn them off. Research on the net shows that Amazon subsidise the price of a Kindle and if I refund the subsidy (about £15) I can stop the ads.

Amazon didn’t tell me nor did the retailer. The price paid was for a Kindle not a discounted Kindle. Do I have any rights here? Answers on a postcard to Section 10, Act Now Training, The Internet.

I will write to Argos (my retailer) and point out that they shouldn’t send me Marketing  and no doubt they’ll pass me on  to Amazon. Or is it direct marketing? Have Amazon found a way to direct market to me in an indirect way? Will Big  Chris listen to my complaint and take action or do I need to find another 99 people who feels the same as me. Answer in several months. Watch this blog.

New FOISA Qualification

Act Now Training is pleased to announce the Practitioner Certificate in Freedom of Information (Scotland).  This is the first certificated course specifically designed for those who work with Freedom of Information and the Environmental Information Regulations in Scotland. Successful candidates will receive a certificate  demonstrating that they possess a good knowledge of Freedom of Information and other information laws  they apply in Scotland, as well as an understanding of the practical implications for their organisation.

cfoi

The Certificate is endorsed by the Centre for Freedom of Information based at the University of Dundee. The Executive Director of the Centre is Professor Kevin Dunion (formerly the Scottish Information Commissioner). Professor Dunion says:

“On behalf of the Centre for Freedom of Information, I am pleased to endorse Act Now Training’s Practitioner Certificate in Freedom (Scotland). In my view it is important that the skills which our FOI(S)A practitioners have built up should be formally recognised through a certificated qualification. The training approach and course documentation reflect the distinctiveness of our Scottish FoI regime. I am confident that Scottish FOI(S)A practitioners will find this course invaluable in acquiring a greater understanding of all aspects of information rights legislation which impacts on Scotland. In particular the practical elements of the course will improve delegates’ ability to deal with the increasingly complex information requests received by Scottish public authorities.”

The course runs over four days followed by online sessions and an exam. Candidates also have to submit two practical case studies. In drafting the course syllabus we have consulted the Office of the Scottish Information Commissioner and taken account of their comments and suggestions. We also have an independent exam board (chaired by Professor Dunion) consisting of FOI(S)A practitioners and renowned experts.

We are confident that the Act Now Practitioner Certificate in Freedom of Information (Scotland) will soon become the qualification of choice for FOI(S)A practitioners in Scotland.

Please get in touch if you would like more information.

Changes to FOI : Government Response to Justice Committee Report

Cartoon

In July 2012, the Justice Select Committee published its report into post-legislative scrutiny of the Freedom of Information Act 2000. Running to more than 100 pages, and considering submissions from a wide range of those who operate the Act, the report is broadly summarised in its first sentence:

“Freedom of Information has been a significant enhancement of our democracy and the Act is working well. “

The Committee largely resisted calls for FOI to be amended fundamentally. It did recommend that the Government should make some (many would say modest,) changes to the FOI regime. The Government has now published its official response to the Committee’s report. It is fair to say that the Government has rejected many of the report’s recommendations. Below is a brief analysis of the main recommendations of the Committee and how the Government has responded: (For another account see the SaveFOI Campaign’s latest blog post. )

1. A Change to the Costs Regime

Many of those that responded to the Committee’s call for evidence, had expressed concern about the sheer cost of dealing with FOI requests (although the basis of calculation of some of the figures seemed highly dubious). The Committee recommended that consideration be given to reducing the amount of time an authority need take in searching for and compiling information:

“We would suggest something in the region of two hours, taking the limit to 16 hours rather than 18, but anticipate the Government would want to carry out further work on how this would affect the number of requests rejected.”

However, the Committee rejected the suggestion that reading, consideration ND redaction time should also be taken into account when deciding whether the 18-hour limit has been reached. The Government doubts that much will be achieved through the reduction of the costs limit. It is though in favour of allowing additional factors to be taken into account in deciding whether the 18 hour limit has been reached:

“The Government does not share the assessment of the Committee that it is unfeasible to develop an objective and fair methodology for calculating the cost limit which includes further time spent dealing with information in response to a request. As such, the Government is minded to explore options for providing that time taken to consider and redact information can be included in reaching the cost limit.”

At present, according to the FOI Fees Regulations, costs of different FOI requests can be aggregated only where the requests relate to the same or similar information. The Government may change this to make it even easier to aggregate costs. At paragraph 19 of its response, it states:

“We will also look at addressing where one person or group of people’s use of FOIA to make unrelated requests to the same public authority is so frequent that it becomes inappropriately or disproportionately burdensome.”

2. New Research Exemption

Universities strongly argued before the Committee that there was insufficient protection for pre-publication research under FOI. The Committee took this on board and recommended that section 22 of the Act should be amended to give research carried out in England and Wales the same protection as in Scotland under FOISA.

The Government accepts this recommendation. It says in its response (at paragraph 48), that it is minded to introduce a dedicated exemption to cover pre publication research, which would be qualified and prejudice based. However this would be reviewed at a suitable point after introduction.

3. New Statutory Time Limits

At present where a public authority wishes to extend the 20 working day time limit to consider the public interest test, or is asked to undertake an internal review of a refusal to disclose, there is no further statutory time limit (although the ICO recommends that a further 20 working days is appropriate in most cases). The Committee recommended the 20 day extension be put into statute.

The Government has rejected this recommendation in part. Whilst it acknowledges the importance of internal reviews and consideration of the public interest test being done in a timely fashion, it does not believe that time limits should be enshrined in the Act itself. It believes that these matters are best dealt with through amendments to the S.45 Code of Practice.

4. Disclosure Logs and Names of Requestors

The Committee recommended that public authorities should be required to publish more information about their handling of FOI requests and meeting deadlines. The Government felt that this would be an additional burden on public authorities at any time of financial constraints.

Surprisingly the Committee also recommended that where the information released from FOI requests is published in a disclosure log, the name of the requestor should be published alongside it. The Government has rejected this recommendation on the basis that, amongst other things, it would risk unfair disclosure of personal data and so breach the Data Protection Act 1998.

5. Section 77 Prosecutions

The Committee recommended a change to the provisions of the Act dealing with the criminal offence of altering/erasing/concealing information. Currently this provision effectively requires the Information Commissioner to bring a prosecution within six months of the offence taking place. As often the Commissioner would not find out about an offence until well after this, the chances of bringing a prosecution have been very low. The Committee suggested (at paragraph 121):

“The summary only nature of the section 77 offence means that no one has been prosecuted for destroying or altering disclosable data, despite the Information Commissioner’s Office seeing evidence that such an offence has occurred. We recommend that section 77 be made an either way offence which will remove the limitation period from charging. We also recommend that, where such a charge is heard in the Crown Court, a higher fine than the current £5000 be available to the court. We believe these amendments to the Act will send a clear message to public bodies and individuals contemplating criminal action.”

The Government has rejected the idea of making the S.77 offence an either way offence and so attracting a higher fine. It proposes though that the 6 month window for prosecution should be triggered when the offence is discovered rather than when it occurs.

6. Fees for Tribunal Appeals

The Committee never considered the issue of charging fees for Tribunal appeals (which are free at present although the Tribunal has a discretion to award costs to either party). Thishas not stopped the Government (at paragraph 24)considering the idea:

“…the Government is keen explore the potential for users to contribute more towards the costs of tribunals. Fees are already charged in some jurisdictions (for example, in the Immigration and Asylum tribunal) and we will examine the scope for extending this approach to other types of tribunal, including the Information tribunal.”

7. Extension of FOI

On the question of extending FOI to the private sector the Committee stated:

“We believe that contracts provide a more practical basis for applying FOI to outsourced services than partial designation of commercial companies under section 5 of the Act, although it may be necessary to use designation powers if contract provisions are not put in place and enforced. We recommend that the Information Commissioner monitors complaints and applications for guidance in this area to him from public authorities.”

The Government, in its response, states that it is continuing consultations with various public sector sector bodies with a view to adding them to the list of public authorities under FOI. These include the LGA, harbor authorities and the NHS Confederation. It is also going to consult 2000 housing associations. Any additions to the list of public authorities will come into effect by Spring 2015. However, the following quote, from paragraph 56 of the Government’s response, will disappoint FOI campaigners and those who think that FOI should be extended to the private sector:

“The Government therefore does not intend, at this time, to legislate to extend FOIA obligations to contractors. In particular the Government is concerned about the potential impact on SMEs, the voluntary sector and social enterprises, but does not think that a minimum contract value threshold for formal inclusion should be adopted given that public interest does not always equate to the size of a contract.”

FOI Update webinar– This and other FOI developments and cases will be discussed in our forthcoming FOI Update Webinar.

Leveson: What future for Data Protection?

LevesonThe Leveson Report has finally been published.

The Report recommends that a tougher form of self-regulation backed by legislation should be introduced to uphold press standards. Much has already been written (http://www.bbc.co.uk/news/uk-20543936) and will continue to be written about this central recommendation and whether it is good or bad for democracy and a free press. But amid the furore about whether the Prime Minister should or should not accept the central recommendation, it is easy to forget that the report will also have implications for Data Protection Act and the Information Commissioner.

One of the areas that Lord Justice Leveson was required to consider was ‘the extent to which the current policy and regulatory framework has failed, including in relation to data protection’.

I started writing a blog post on the way back from London, and got as far as the above, when an e mail from the good people at 11KBW  (Panopticon Blog) landed in my inbox.

On well if you can’t beat them, read them! Here is their excellent analysis of the DP recommendations of Leveson:

http://www.panopticonblog.com/2012/11/29/leveson-inquiry-report-spotlight-on-proposed-data-protection-reforms/

I was only training round the corner and passed the QE2 centre where LJ Leveson was giving his press conference. Perhaps, I should have camped out overnight to beat the Panopticon Team?

FOI and Datasets: Draft Code of Practice

The Protection of Freedoms Act will amend the Freedom of Information Act 2000 so that in the future public authorities will have greater obligations in relation to the release and publication of datasets. The key points of Section 102 of the Act (which amend section 11 of FOI) are:

  • There will be a new duty on public authorities, when releasing datasets, to adhere to any request to do so in electronic form which allows their re-use where reasonably practicable.
  • Any dataset containing copyright material (where the authority holds the copyright) must be made available for re-use under a specified licence.
  • Publication schemes will in future contain a requirement to publish datasets, which have been requested, as well as any updated versions.
  • Such datasets will also have to be published in an electronic form capable of re use and any copyright material must be available for re use in accordance with the terms of a specified licence.
  • Public authorities will be able to charge a fee for allowing re use of any datasets containing copyright material.

These provisions are likely to come into force in April 2013.  If you want to know more read Ibrahim Hasan’s detailed article

A recently launched mobile phone application provides a useful insight into what could be possible if public authority datasets are fully exploited. (Read about Fearsquare).

New Draft Code and Licenses

The Government recently began an online consultation about a new set of guidance to accompany the new dataset provisions. This includes a new Code of Practice (datasets), which will sit alongside the existing Section 45 Code of Practice under FOI. The new draft code also outlines the licensing framework which public authorities must use when making copyright material within datasets available for re-use.

The new draft Code of Practice (datasets) aims to make it clear as to what is meant by the terms set out in the new provisions in the FOI Act. For example, what is meant by “an electronic form which is capable of re-use” or a “re-usable format” for the purposes of the Act.

The consultation is the first I have seen where the Government is using a “crowdsourcing” method. Responders can see, in real time, what other peoples’ views on the draft code are as opposed to submitting their views to an email address and then waiting for the summary of responses to be published after the consultation is over. The aim is to enable responders to have a conversation with each other as to whether a particular paragraph, sentence or word in the new code could be improved upon.

The new code contains three standard licences available to public authorities when allowing re use of copyright material contained in a dataset which is disclosed under FOI. The first two are the Open Government Licence and the Non-Commercial Government Licence. Both allow re use of the information without charge including copying, publishing, distributing and adapting the information as well as combining it with other information. The new code encourages authorities to use the Open Government License wherever possible. The Non-Commercial Government licence is slightly more restrictive because it contains a clause preventing the use of the information “in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation.” It will be interesting to see if public authorities routinely offer this licence (even though it would be against the spirit of the Act and the new code) just to prevent the private sector from profiting from the dataset.

The third type of licence is the Charged Licence. This has been published by The National Archives in beta form . It can be used by public authorities that have reason to charge for the re-use of the dataset information they hold or produce. As I have said before, this provides an opportunity for public authorities to raise some much needed revenue. However it will be interesting to see if the Secretary of State exercises his power (under new Section 11B of FOI) to make regulations prescribing “the amount of any fee payable or providing for any such amount to be determined in such manner as may be prescribed, provide for a reasonable return on investment.

The consultation ends on 10th January 2013. Public authorities need to think now what datasets they may receive requests for and what their approach to licensing their re use will be.

FOI Update webinar – This and other FOI developments and cases will be discussed in our forthcoming FOI Update web seminar: http://www.actnow.org.uk/content/93

Privacy Conference – Call for Papers

The Fifth Northumbria Information Rights Conference will take place on Wednesday 1 May 2013 at the Centre for Life, Newcastle Upon Tyne, UK.   The theme of the conference will be “Changing notions of privacy”.

The aim of the conference is both to explore developing understandings of privacy, and the tensions that exist between privacy, openness and freedom of expression. The following topics will be explored within the overall theme, and papers will be grouped for presentation accordingly:

  • What is privacy?
  • Privacy v freedom of expression
  • Technology and the challenges of protecting privacy
  • Privacy in a commercial context
  • Privacy and the Freedom of Information Act 2000
  • Privacy or openness
  • Privacy and the Data Protection Act 1998

The university will also consider abstracts which do not fall within these themes but which are nonetheless relevant to the overall theme.

This call is open to academics, postgraduate students and practitioners from all disciplines, but particularly law, politics, information science and records management. Ibrahim Hasan presented a paper to this conference last year examining the Government’s proposals to change RIPA and whether they were a sledgehammer to crack a nut. We would urge our readers to get involved.

Those interested in presenting a paper are invited to submit abstracts to the conference administrator Maureen Cooke: email maureen.cooke@northumbria.ac.uk. Abstracts should be submitted by 7th December 2012. They should not exceed 300 words. Submission must be by Word document e-mail attachment at the email address shown above and should include, in addition to the abstract, your title, name and organisation/institutional affiliation and your email address for correspondence.

All proposals will be reviewed, and successful applicants will be notified at the latest by 21st December 2012. Please contact maureen.cooke@northumbria.ac.uk for any general enquiries about the conference or telephone 0191 243 7597.

RIPA, CHIS and the IPT

A recent legal case about undercover police officers’ activities whilst investigating protest groups, has raised the importance of RIPA forms being completed correctly and care being taken when authorising them.

Ten women have launched  a legal action claiming they were tricked into forming “deeply personal” relationships with undercover police officers acting as a Covert Human Intelligence Source (CHIS) under Part 2 of the Regulation of Investigatory Powers Act 2000 (RIPA). The case is the first civil action to be brought before a court.

Three of the women referred to in court had intimate relationships with Mark Kennedy, who spent seven years living as an environmental campaigner. Kennedy’s deployment was made public last year after activists worked out he was a police spy.

Lawyers for the police are currently applying to have the case moved from the High Court to “a secret Tribunal”. Normally cases involving a breach of RIPA are heard by the Investigatory Powers Tribunal (IPT). Most cases heard by the Tribunal are in private and not open to the media. Very few judgements are published. Most cases are about conduct by, or on behalf of, the Intelligence Services (MI5, MI6and GCHQ). The Tribunal has the power to award damages to complainants and to quash or cancel any authorisation to do the surveillance.

Not surprisingly, the IPT is the forum of choice for the police in this case. According to a report in The Guardian:

“Monica Carrs Frisk QC, representing the police, said their argument was not about denying the women remedy, but determining the correct forum for determining their claims.The police argue the case should be heard in the investigatory powers tribunal, as it was set up specifically to consider allegations of unjustifiable surveillance by the state.They also argue they may be unable defend the case because they have a long-established policy of neither confirming nor denying the identity of undercover police officers.”

When the Kennedy case came to light, Her Majesty’s Inspectorate of Constabulary (HMIC) conducted a report into the circumstances. It concluded that, whilst undercover officers deployed into protest communities gathered intelligence which enabled the police to prevent acts of serious violence, there was serious intrusion into the lives of others, and this risk needs to be better managed in the future.

More will come about these cases especially if (as is likely) the civil case remains in the High Court. The circumstances shows the importance of all public authorities, not just the police, considering the applicability of Part 2 of RIPA , especially the CHIS provisions, very carefully when engaging staff to “go undercover”. In addition to the usual considerations of necessity and proportionality, the CHIS authorisation form  requires a risk assessment to be done, together with a need to have a separate CHIS Handler and a Controller. Detailed records also need to be kept in accordance with the RIPA (Source Records) Regulations 2000 (SI 2000/2725). If these roles were carried out correctly then abuses of RIPA, as in this case, would be very rare.

Of course local authorities are very infrequent users of the CHIS process (and they certainly do not authorise CHIS operations involving sleeping with the targets!). Any potential for abuse has been minimised even further by the Protection of Freedoms Act 2012 (sections 37 and 38) which came into force on 1st November 2012. This changes the procedure for the authorisation of local authority surveillance under RIPA. From 1st November, local authorities have been required to obtain the approval of a Magistrate for the use of any one of the three covert investigatory techniques available to them under RIPA namely Directed Surveillance, the deployment of a Covert Human Intelligence Source and accessing communications data. On 5th November, Gateshead Council received (what could be) the first Magistrates’ approval.

The case of Mark Kennedy (and others) does beg the question; Is it time the police were required to seek judicial approval for surveillance under RIPA? Should we even stop there? What about surveillance abuses by the press which have come to light as a result of the Leveson Inquiry? Is it time to RIPA it up and start again?

Act Now can help you prepare for the new RIPA process. We have an update  course in December in London. If you would like advice on what needs to be done or customised in house training, please get in touch.

Finally all RIPA authorities need to revise their guidance and policy documents. See our RIPA Policy and Procedures Toolkit.

Nobody cares for me. Signed DC.

Dear Mr xxxxxxxx, 

As a registered user of www.tpexpress.co.uk we are legally required under the Data Protection Act 1998 to contact you with the information outlined below.

Please note: This is not a marketing communication and does not affect your opt-in/out preferences for marketing emails.

What is changing?
We will be changing our online booking system during November and we are writing to you to notify you of the change in data controller from thetrainline.com to ourselves as a result of this change.

What does this mean to you?
Your retail contract will be exclusively with:
First/Keolis Transpennine Limited (FTPE),
50 Eastbourne Terrace,
Paddington,
London,
W2 6LG
Company Registration Number 04113923

Can anyone tell me which section of the Act requires a Data Controller to inform a data subject of a change of data controller? Or is it just good business practice? Or just plain “we don’t know what we’re doing”?

Answer on a postcard please to

DPO, Customer Relations, Some Train Operator, Leaves on the line, Adelstrop.

What’s the difference between PCC & BCC

The picture that said a thousand suppliers.

Fresh from being elected with less than 10% of the electorate in favour of him a recently appointed Police Commissioner writes to all the suppliers to tell them the email addresses of all their suppliers (and a few extra organisations – such as rape crisis centres, police officers, probation officers and some personal email addresses).  Still no harm done eh? No law broken, no real personal data involved. No brain cells used in the distribution of this list.

Makes me feel like Phillip Schofield. (When I say this it doesn’t mean I feel like him as in desire him – more like feel I’m in a similar predicament…)

First Magistrates’ Approval of RIPA Surveillance

Gateshead Council MAY HAVE become the first local authority in the country to successfully obtain Magistrates’ approval for covert surveillance under new laws which came into force on 1st November 2012.

Chapter 2 of Part 2 of the Protection of Freedoms Act 2012 (sections 37 and 38) changes the procedure for the authorisation of local authority surveillance under the Regulation for Investigatory Powers Act 2000 (RIPA). From 1st November, local authorities have been required to obtain the approval of a Magistrate for the use of any one of the three covert investigatory techniques available to them under RIPA namely Directed Surveillance, the deployment of a Covert Human Intelligence Source and accessing communications data.

The Home Office has now published its RIPA Magistrates’ Approval Guidance both for local authorities and the Magistrates’ Court. However until recently, no council had reported a successful application to the Magistrates. We believe, Gateshead Council is the first to do so.

Colin Howey, Senior Trading Standards Officer, explains what they did:

“Like most authorities we were a bit anxious about the new RIPA regime. Whilst we wanted to continue to use covert surveillance techniques in a necessary and proportionate manner, we were concerned about the cost and resource implications of the new Magistrates’ approval process.

Following a full day training workshop we were more confident about what was required. But the new process was still untested.

On 5th November though we obtained what may well be the country’s first judicial approval of a RIPA authorisation. Gateshead Magistrates’ Court approved our use of Directed Surveillance to investigate some serious trading standards offences.

We carefully followed the procedure as set out in the Home Office RIPA Magistrates’ Approval Guidance.  We were also careful to ensure the surveillance was necessary on the amended grounds set out in The Regulation of Investigatory Powers (Directed Surveillance and Covert Human Intelligence Sources) (Amendment) Order 2012, SI 2012/1500  which also came into force on 1 November 2012. This makes Directed subject to a new Serious Crime Test.

Once we obtained the internal authorisation in the usual way we contacted the Gateshead Magistrates’ Court to arrange a hearing.  They asked us to e mail through the original RIPA authorisation form as well as the completed judicial application/order form.

The hearing was attended by the investigating officer and the Council Solicitor. The court was also aware that it was the first RIPA application it had received so a District judge heard the application advised by the Clerk of the Court.  The hearing was in private. The judge considered the RIPA authorisation and the judicial application/order form.  He asked one or two relevant questions to satisfy himself that the surveillance was necessary and proportionate and then signed the judicial order form

The whole thing was relatively straightforward. It only took the judge fifteen minutes to consider and approve the application.

My tips for those who need to make a similar application are:

1. Train your staff – All investigators and authorising officers need to know about the new process.  Those who will be attending court need to be trained in completing the new judicial application/order form.

2. Designate staff who will be attending the Magistrates Court -This is done under section 223 of the Local Government Act 1972.  It is worth giving staff a letter of designation to take to the court when making the application.

3.  Contact your local Magistrates Court now to discuss how they will deal with RIPA applications. Like ours they may want documents e mailed to them beforehand. This will also save time on the day.”

Our thanks to Colin Howey and the Regulatory Services Team at Gateshead Council for this fascinating insight. The training provided to Gateshead Council was conducted by Ibrahim Hasan, of Act Now Training.

Did your council achieve a RIPA approval before Gateshead? Use the comment field to let us know.

Act Now can help you prepare for the new RIPA process. We have an update  course in December in London. If you would like advice on what needs to be done or customised in house training, please get in touch.

Finally all RIPA authorities need to revise their guidance and policy documents. See our RIPA Policy and Procedures Toolkit.