Year: 2013

Data Sharing Consultation – Do we need new laws?

The Law Commission has opened a consultation on the law around sharing of personal information between public sector organisations. Law Commissioner Frances Patterson QC says:

“It could be that more data sharing would improve public services but, if that is so, we need to understand why data is not being shared.  Is there a good reason to prevent data sharing?  Or is the law an unnecessary obstacle?  Are there other reasons stopping appropriate data sharing?  These are the questions we want to answer in this consultation.”

The legalitiecanstockphoto1632442s of data sharing is a subject which often confuses public sector officials. Local authorities, in particular, are often stumped by the “To Share or Not to Share” question, even if the sharing is for very good reasons (e.g. child protection or crime prevention). In some cases, even internal departments have felt constrained from updating each other about a change of a service user’s address.

More often than not, the Data Protection Act 1998 (DPA) is made the scapegoat for officials’ failure to fully understand the law. It is wrongly perceived as a barrier to data sharing despite offering a range of justifications (e.g. consent, legal obligation, protecting vital interests etc. (Schedule 2)).

Many attempts have been made to resolve this “problem”. In May 2011, the Information Commissioner published a statutory Code of Practice on data sharing. The code explains how the DPA applies to the sharing of personal data both within and outside an organisation. It provides practical advice to the public, private and third sectors, and covers systematic data sharing arrangements as well as one off requests for information. Under Section 52 of the DPA, the code can be used as evidence in any legal proceedings and can be taken into account by the courts and the Commissioner himself when considering any issue.

Despite the clear guidance in the code, the Government has sometimes toyed with the idea of new laws. Last year, according a story in the Guardian newspaper, proposals were to be published by the Cabinet Office minister, Francis Maude, which would make it “easier” for government and public-sector organisations to share confidential information supplied by the public:

“In May, we will publish proposals that will make data sharing easier – and, in particular, we will revisit the recommendations of the Walport-Thomas Review that would make it easier for legitimate requests for data sharing to be agreed with a view to considering their implementation,” said Maude, adding that current barriers between databases made it difficult for public sector workers to access relevant information.

“It’s clearly wrong to have social workers, doctors, dentists, Job Centres, the police all working in isolation on the same problems.”

The Guardian reported that the proposals are expected to include fast-track procedures for ministers to license the sharing of data in areas where it is currently prohibited, subject to privacy safeguards.  I could not find the proposals on the web. Anybody know whether they were ever published?

Confusion around data sharing continues to reign! The tragic case of Daniel Pelka is one example. The recent report into the four-year-old’s death, published by the independent Coventry Safeguarding Children Board identified a number of missed opportunities where professionals across a number of agencies should have done more to protect Daniel. Amongst other things, it concluded that the sharing of information and communications between all agencies was not robust enough.

Ill informed comments about the current law (especially the DPA) do not help. In a recent Daily Telegraph article by Michael Gove, the Education Minister claimed that, whilst tying to understand the underlying causes of child exploitation, he discovered that OFSTED “was prevented by “data protection” rules, “child protection” concerns and other bewildering regulations from sharing that data with us, or even with the police.” There is nothing in the DPA which prevents this. Don’t just take my word for it. Read the Information Commissioner’s riposte to the learned Mr Gove.

Do we really need new laws on data sharing or a better awareness of the existing ones? My view is that the current law is adequate to regulate yet allow responsible data sharing. The DPA and the Data Sharing Code need to be properly understood. They can be a tool allowing responsible data sharing. Most public sector data sharing will be lawful if organisations comply with the Eight Data Protection Principles; particularly the First Principle which requires information to be processed fairly and lawfully. There are also numerous exemptions in the Act including where sharing is required for the purpose of prevention or detection of crime (section 29).

The Law Commission consultation runs until 16 December 2013 and the paper may be accessed at: http://lawcommission.justice.gov.uk/. Responses can be emailed to data.sharing@lawcommission.gsi.gov.uk or sent by post.

More Information: Read our article for a full explanation of the ICO Data Sharing Code or watch this free webinar. We also run full day Multi Agency Information Sharing workshops.

The 2013 Surveillance Commissioner Report – Key Points

RIPA22The Chief Surveillance Commissioner published his 2013 annual report (covering the period from 1st April 2012 to 31st March 2013) on 18th July 2013. It is important reading for those public authorities who conduct surveillance under Part 2 of the Regulation of Investigatory Powers Act 2000 (RIPA).

The report details statistics relating to the use of Part 2 of RIPA by public authorities and information about how the Office of the Surveillance Commissioner (OSC) conducts its oversight role. Non-law enforcement agencies (including councils) authorised Directed Surveillance on 5,827 occasions. This continues a downward trend over the last few years.

The report highlights a number of important issues some of which are listed below:

  • Common errors by RIPA authorities include miscommunication or failure to communicate the details of an authorisation; failure to conduct thorough reviews, renewals or cancellations; ignorance on the part of officers; or poor administration or processes.
  • The Commissioner says that all public authorities have struggled with the use of the Internet for investigations, particularly social networking sites. At paragraph 5.7 he advises caution on conflating the offline word with the online world. There may be cases where RIPA authorisation is required when doing research about a person on the Internet. He goes on to say, “… it is important to bear in mind that it is not always possible to give a definitive answer as to whether a particular activity requires authorisation: facts are infinitely variable. Where there is doubt authorisation is prudent.”  Act Now has developed a course on E-Crime and Social Networking Sites which examines all the relevant RIPA and wider legal issues.
  • Too many tactics requested by investigating officers are unused. Authorising officers and Senior Responsible Officers should monitor whether applicants are lazily requesting tactics out of habit rather than necessity.
  • Too many cancellations provide an insufficient record of surveillance actually conducted and the details of collateral intrusion. Rarely does guidance on the retention or destruction of product go beyond an inadequate reference to policy. It is vital that surveillance product that does not match the objectives stated in the authorisation is not retained on databases.
  • At paragraph 5.5, the Commissioner reiterates his view that RIPA is permissive legislation and there may be occasions where surveillance outside the scope of RIPA may be required. He points to the recent IPT decision in BA and others v Cleveland Police (IPT/11/129/CH). This is in keeping with Ibrahim Hasan’s view as explained on this blog.
  • Where there is an invasion of privacy and RIPA does not apply, due to all conditions not being met, then the Commissioner recommends use of a similar written authorisation mechanism where Article 8 issues (privacy) are considered.
  • The Commissioner also considers the changes, which took effect on  1st November 2012; namely magistrates’ approval for council surveillance and a new six month threshold test for Directed Surveillance.  On the whole they are working well. There were 142 approval requests made to a Magistrate in the reporting period of which only two were rejected.
  • Finally the Commissioner fires a shot across the bows of those authorities who drag their feet in accepting his recommendations. At paragraph 5.18 he says, “I expect the recommendations of my reports to be followed whether or not individual officers agree with them. Continued failure to do so – especially on the ground that current practices have been unchallenged in court proceedings – may result in publication of my guidance or recommendations to a wider audience.”

Now is the time to consider refresher training for RIPA investigators and authorisers. Please see our full program of RIPA Courses which have been revised to take account of all the latest developments. We can also deliver these courses at your premises, tailored to the audience. Finally, if you want to avoid re inventing the wheel, our RIPA Policy and Procedures Toolkit gives you a standard policy as well as forms (with detailed notes to assist completion) for authorising RIPA and non-RIPA surveillance. Over 200 different organisations have bought this document (available on CD as well).

At Last! A Certificated Course for Scottish FOI Practitioners

FOISAPageimageFor years Scottish Freedom of Information practitioners did not have a Scottish FOI qualification that they could study for. Unlike their counterparts in England and Wales, the BCS (formerly ISEB) FOI course is not suitable as it concentrates on the Freedom of Information Act 2000.

Seeing this unmet training need, Act Now Training has now designed a new certificated course; the Practitioner Certificate in the Freedom of Information (Scotland) Act 2002. The course is endorsed by the Centre for FOI based at Dundee University.

The course is suitable for the FOISA novice as well as the experienced practitioner. The course structure is designed to thoroughly examine the law as well as the practical aspects of dealing with FOISA (and EI(S)R) requests on a day-to-day level

Two courses were completed in the Spring/Summer season. Two more are scheduled for October and December. Thus far we have had very strong candidates from a variety of backgrounds. All have said how useful they have found the course.

If you’re considering joining the course, what can you expect? Read what the tutor has to say.

Think you know about FOISA? Have a go at the FOISA test.

Download the course flyer here

1st September 2013: D Day for (FOI) Datasets

MC900438779From 1st September 2013 public authorities will face new obligations when it comes to the release and re use of datasets. Recent publications provide more details about the new provisions and how public authorities should prepare for their implementation.

The Protection of Freedoms Act 2012 amends the Freedom of Information Act 2000 (FOI). The key points of Section 102 of the Act (which amends section 11, 19 and 45 of FOI) are:

  • There will be a new duty on public authorities, when releasing datasets, to adhere to any request to do so in electronic form which allows their re-use where reasonably practicable.
  • Any dataset containing copyright material (where the authority holds the copyright) must be made available for re-use under a specified licence.
  • Publication schemes will, in future, contain a requirement to publish datasets, which have been requested, as well as any updated versions.
  • Such datasets will also have to be published in an electronic form capable of re use and any copyright material must be available for re use in accordance with the terms of a specified licence.
  • Public authorities will be able to charge a fee for allowing re use of any datasets containing copyright material.

It is important to note that the changes do not give new rights of access. They are concerned with format and the ability to re-use datasets, once the public authority has decided that no exemptions or other provisions (e.g. costs, vexatious) in the legislation apply.

New Guidance and Code

There is also a new Code of Practice (datasets), which will sit alongside the existing Section 45 Code of Practice under FOI. This outlines the licencing framework which public authorities must use when making copyright material within datasets available for re-use.

The new code aims to make it clear as to what is meant by the terms set out in the new provisions. For example, what is meant by “an electronic form which is capable of re-use” or a “re-usable format” for the purposes of the Act.

The new code contains three standard licences available to public authorities when allowing re use of copyright material contained in a dataset which is disclosed under FOI. The first two are the Open Government Licence and the Non-Commercial Government Licence. Both allow re use of the information without charge including copying, publishing, distributing and adapting the information as well as combining it with other information. The new code encourages authorities to use the Open Government License wherever possible. The Non-Commercial Government licence is slightly more restrictive because it contains a clause preventing the use of the information “in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation.” It will be interesting to see if public authorities routinely offer this licence (even though it would be against the spirit of the Act and the new code) just to prevent the private sector from profiting from the requested dataset.

Charging

The third type of licence is the Charged Licence. This has been published by The National Archives in beta form . It can be usedby public authorities that have reason to charge for the re-use of the dataset information they hold or produce. As I have said before, this provides an opportunity for public authorities to raise some much needed revenue. The Secretary of State has exercised his power (under new Section 11B of FOI) to make regulations prescribing “the amount of any fee payable or providing for any such amount to be determined in such manner as may be prescribed, provide for a reasonable return on investment. (See The Freedom of Information (Release of Datasets for Re-use) (Fees) Regulations 2013). It will be interesting to see how many complaints are made to the Information Commissioner about public authorities over charging.

What to do now?

According to the ICO, public authorities need to:

  • Start thinking about the definition of a dataset: what information or categories of information do they have that fits the definition?
  • Promote the key principles of open data in their organisation: use an open format and open licences by default and only deviate from this when they have good reasons to do so.
  • Charging for re-use is not encouraged but can be justified in some situations: does the authority have existing powers that allow a charge? Can the cost recovery and return on investment be justified?
  • Be clear who owns the intellectual property rights (IPR) in their datasets.

The ICO also encourages FOI officers to learn a little more about copyright, the licencing framework and the new version 2.0 of the OGL. In some organisations open data is not part of the remit of the FOI officer. It’s crucial to make sure these two functions have an understanding that they need to work together. Looking longer term, the ICO’s advice is to think about open data requirements when procuring new IT systems. Public authorities shouldimplement “transparency by design.”

In preparation for the provisions coming into force on 1st September 2013 the ICO has revised the approved model publication schemes to reflect the new legislative requirements. It has also published new guidance on datasets. Ibrahim Hasan’s detailed article on datasets will also assist. How will datasets be used by the private sector? (Read about Fearsquare.)

This will be discussed in our forthcoming datasets webinar. If you prefer a more detailed face to face discussion and sharing of best practice, please attend one of our one day workshops.  If you want to give your career a boost, why not start by attaining an internationally recognised qualification in FOI?

Grandma’s spends

granGrandma had been getting worse day by day. She’s living in her own home with help from various agencies but she’s an easy target. Dementia has been diagnosed. Last year she paid a door to door salesman £1,800 by cheque for an item she didn’t want which was available on ebay for £45. It took a long time for the firm to accept that they had exploited an elderly woman and it took quite a while to get the money back. As a result of that Grandma’s cheque book was confiscated by her granddaughter. Pension was redirected to the bank instead of the Post Office and Grandma was given some spends. Problem solved. She couldn’t spend the not insignificant balance in her bank just the handful of tenners in her purse (and these mostly went on fags and fish & chips).

Then the spends started disappearing. £50 on Monday evening turned into £30 by Wednesday and Grandma complaining that she didn’t have enough. Daughter in law topped Grandma up to £40.  It turned into £10 by Friday and no-one knew where it was going. Grandma and Alzheimers didn’t help. Her short term memory was non existent. She didn’t go out much at all. She didn’t appear to buy much. Rarely did anyone call at the door. Carers & meals on wheels arrived, so did the hairdresser.

Eventually the conclusion was reached that it was either Grandma stashing it away for the future or someone else was involved. To resolve the issue a hidden camera would be installed. After a few quotes we settled on a local man who’d done this many times. 3 motion activated hidden cameras in lounge, kitchen and understairs cupboard. £375 a week. They went in last Monday.

” I can save you £375″ he joked as he twiddled his screwdriver, “It’s always the carer”.

Donning our DP hats for a moment…

  • Who is the data controller?
  • Who are the data subjects?
  • Is notification required?
  • Is there data processor issue?
  • What Schedule 2 or 3 condition justifies the processing?
  • Are the Subject information Provisions relevant?
  • Which exemptions might apply?
  • Is RIPA relevant?
  • Do we need a PIA?

The Security firm didn’t consider any of these questions. They just installed the cameras.

Two hours after installation (but a week later as we trawled through 800 images downloaded to our laptop from the card inside the cameras) we saw on image number 4 someone go into the understairs cupboard with Grandma’s handbag, hang it up on a hook, open it, take some notes from the purse and replace it. The Security man said the evidence was good enough for the police (being well versed in this sort of thing). It happened again on image 43 then again on image 267.

The culprit? It was someone the grand daughter knew well and who had been visiting grandma every day to check she was eating properly, doing odd jobs around the house and generally looking out for a vulnerable old lady. She was being paid for this service but had chosen to take a few pounds every day to boost her income.

The next stage is to confront the person; consider telling the police; consider informing her employer; find a new helper; let grandma know what has been going on and pay the security man who had a part time job as a fortune teller.

It was, as he predicted, the carer.

Parking & the DPA

fixed_penaltyI received this web link in an email from CONFUSED.COM which I thought was interesting so I’ve reblogged it. The DPA does feature (slightly) but it’s a good read.

Nothing more to say – enjoy reading it but remember that the DVLA sell on your personal data that you thought you gave them to administer your car ownership. An unlawful act? A breach of principle 2? No it’s covered by the Road vehicles (Registration & Licensing) Regulations 2002 which requires the DVLA (inter alia) to release information to anyone who can prove they have reasonable cause to have it. That wonderful word reasonable again…

If you’re interested in this there are many sites on the net that help out here. The attractively named AppealNow is one of them. Pepipoo is another. If you know any more let us know.

The school that didn’t learn its lesson.

In 2011 I received a gorgeous CD through the mail from a school. It invited me to send my children (at the time aged 30, 29 and 25) to their school (35 miles away from my house). Read the full story on Act Now website ( a Northern school). I did complain to the ICO but his decision was in favour of the school. This was my conclusion to the affair.

“A school/college with no prior relationship with me buys my name from a list broker as I am apparently rich and with junior age children (wrong on both counts) and then sends me unsolicited marketing material through the post. When I exercise my right to subject access they ignore it for two and a half weeks then fail to give me what I ask for because they don’t know from where they obtained my personal data.

The ICO when asked to look into the case decides the college did nothing wrong.

Moral – keep bad records, mail who you like even those with no relevance to your product, fail to respond to individuals exercising their right to access promptly and you’ll be fine rather than fined. “

I put it down to experience never expecting to hear from the school again but today they emailed me. Despite me reporting them to the ICO and an investigation taking place and their promise to delete my name and address from their database they emailed me with an offer I couldn’t refuse.

I will complain again. This time I have PECR on my side as they have strayed into electronic marketing as well as basic section 11 stuff. The school is also now a serial offender. Will the ICO listen, take action or will I get a similar response 5 months after I complain. See you around Xmas time.

It’s time to name and shame Queen Ethelburgas. Look out for the information notice.

It gets worse.  I chose to report the message as spam as they invited me to. Here’s the screenshot of  their procedure. Only a few errors in spelling and punctuation.

usub

How to waste money and upset people

12023750-hospital-road-sign-on-a-white-backgroundOnce upon a time there were 6 people working for the NHS. Two of them in particular (let’s call them A & B)  were working on a function required by law which was difficult but over the previous 4 years they’d worked on it, sorted it out and had received plaudits for their work and were nationally acknowledged to be leading edge practitioners.

Then the NHS reforms started. Their PCT was being killed off and staff were transferring to  a new organisation. As usual a slotting in process was set up but surprisingly both A (the director level) and B (the admin level) person were not slotted in which was wierd as they were the only two working on this function. So they had to apply for their own jobs.

The NHS had decided that because there was no slotting in it was a job that anyone could do so they opened up applications to anyone at the same pay level.

A applied for his job and didn’t get it. B applied for her job (although she was actually applying for 3 jobs at a particular pay grade and once appointed would be allocated a job). There were 3 applicants for 3 jobs. Suddenly a person on the same grade who was on maternity leave found out that the jobs were available and applied. That meant that there were 4 people for 3 jobs. Things became tense. It became intense when it was decided that  the candidate on Maternity leave would be given one of the 3 jobs without needing to attend for interview even though they didn’t work in the particular department. When this was questioned it was found out that this was the law. So someone was going to lose out.

B didn’t succeed at interview. C, D  & E got the three jobs and would be managed by F. C stayed at home as she was on maternity leave. C, D, E & F didn’t know anything about the function. A & B did but had moved on. B has attended another generic interview and been given a different job in a different city doing a job she knew nothing about as it was generic job description.

Time passed. A moved on, B watched D, E & F try to understand a job she had been doing very well for years (and failing). Deadlines set by legislation were missed. The previous high quality system fell into disrepair. Then C returned to work but only half time. She didn’t help much as she knew nothing about the job (and didn’t really want it) so now there were 3.5 people not doing a job that B could have done standing on her head. D decided she didn’t like the job and started looking for alternatives. F went to 3 days a week as she had child care issues and E went on an extended holiday. The only person ready, willing and able to do the job was B who was struggling with a new job she didn’t really want. The big boss was informed of the situation and after a milli second decided that the people who didn’t know anything about the job and didn’t want it should “get on with it”.

A week later B resigned from the job she didn’t want. No-one is happy; no work is being done; a function required by law is lying fallow; millions have been spent destroying a structure that was working. 6 people and their families have been through the restructure grinder and been spat out the other end.

Post script. A & B had created an application in access that managed the function beautifully. It was so good that it was sold on to many other similar teams all over the country. They’re all really happy with it. The original system created by an enthusiastic systems analyst has been destroyed and corrupted by people who don’t know what they’re doing. The analyst has resigned.

Not much to do with information, I know. Had to get it off my chest.

Playground Duty

Teaching? A mugs game. The (mythical) long holidays, the (mythical) 3-30 finish, the (mythical) relaxed and friendly environment as you helped the enthusiastic next generation prepare for adult life…

Playground duty was the bane of my life when I was a teacher. Once a week you had to forgo the 15 minutes of peace in the staff room and that warm cup of coffee and patrol the school playground, breaking up fights, solving Rubik’s cubes and avoid being caught by those awful children’s jokes (If a bottle of medicine cures a cough what does half a bottle of medicine cure?).

So on a recent training session for schools in a northern council we talked to the delegates – mostly Headteachers – about the Publication scheme. We looked at the definition document listing the material the ICO recommended schools to pro-actively publish, we gave them the two common sense Act Now solutions (1. find all the relevant documents and put a paper copy of them in a ring binder in the school office then photocopy on demand or 2. turn them into PDFs and put them on the website so people can download what they want).

After considering all this and thinking for a moment or two one of the delegates (a headteacher no less) said  ” I don’t think we’ll bother with this. It’d take too long.”

What’s the punishment for forgetting to do playground duty?

Opprobium, embarrassment,  ridicule, double duty next week.

What’s the punishment for failing to carry out a duty under section 19 of the Freedom of Information Act for seven and a half years?

Over to you….

(The answer is 50% of a cough. Whatever you do don’t say half a cough).

FOI: Latest decisions and developments

FOI6

One of the key recommendations of the House of Commons Justice Select Committee in its July 2012 report on the Freedom of Information Act 2000 (FoI) was the introduction of a new exemption for academic research. The government accepted this recommendation in its official response late last year.

Clause 19 of the Intellectual Property Bill, currently proceeding through parliament, inserts this new exemption (section 22A) into FoI. Subsection 1(a) of clause 19 provides that information is exempt from disclosure if it relates to information obtained in the course of, or derived from, a programme of continuing research that is intended for future publication. Subsection (1)(b), however, provides that the information will be exempt only if disclosure would, or would be likely to, prejudice a matter listed in that subsection. The exemption will be a qualified one and so subject to the public interest test. Public authorities will not be required to confirm or deny that they hold section 22A information if, or to the extent that, compliance would, or would be likely to prejudice, any of the matters mentioned in subsection (1)(b).

What is information?

Section 84 of FoI defines information as ‘information recorded in any form’. This includes information held on paper, computer, video, audiotapes, as well as that contained in manuscript notes. Marks made on documents are also covered, according to an Information Tribunal decision from 2009 (O’Connell v the Information Commissioner and Crown Prosecution Service (EA/2009/0010)).

In the light of the above decision, it should come as no surprise that, in April this year the First-Tier Tribunal (Information Rights) ruled that images of MPs’ expense claim receipts comprised information to which the act applied (IPSA v Information Commissioner (EA/2012/0242)). The background to the request is that, following the MPs’ expenses scandal, the then newly formed Independent Parliamentary Standards Authority (IPSA) decided that it would not routinely publish images of the receipts submitted to IPSA by MPs in support of their expenses claims. Only text transcribed from the submitted receipts was to be published.

A journalist made an FoI request for the actual receipts submitted by a number of MPs. The question arose as to whether images of those receipts held by IPSA contained ‘information’ within the meaning of section 1 of FoI, which was not captured by the transcription process favoured by IPSA. The tribunal concluded that the definition of information (in this case) included logos, letterheads, ‘handwriting/manuscript comments’, and ‘the layout and style/design of the requested documents’ – each of which were not disclosed to the requester as a result of providing a transcription, rather than a copy, of the relevant receipts.

This is an interesting decision, especially for those public authorities which often insist, when refusing to supply actual documents (such as minutes of meetings) that FoI is about access to information not documents. Sometimes the requester is interested in the document which contains the requested information, as it will give a further insight into its background and the thoughts/observations of the producers/subjects of the document.

Vexatious requests

Until February 2013, there was no binding authority on the meaning of vexatious under section 14(1) of FoI, or manifestly unreasonable under regulation 12(4)(b) of the Environmental Information Regulations. In three distinct but related decisions, the Upper Tribunal has tried to plug this gap. The cases are Dransfield v IC(2012) UKUT 440 AAC, Craven v IC (2012) UKUT 442 AAC, and Ainslie v IC (2012) UKUT 441 AAC. According to Judge Wikeley, the appropriate question is: ‘Is the request vexatious in the sense of being a manifestly unjustified, inappropriate or improper use of FoI?’

The Information Commissioner’s Office (ICO) has now produced detailed guidance based on these key decisions. The guidance sets out a new list of 13 indicators (replacing the previous five) of a vexatious request: abusive or aggressive language; burden on the authority; personal grudges; unreasonable persistence; unfounded accusations; intransigence; frequent or overlapping requests; deliberate intention to cause annoyance; scattergun approach; disproportionate effort; no obvious intent to obtain information; futile requests; frivolous requests.

The ICO emphasises that these are meant as a guide only and are not an exhaustive list. The guidance also addresses topics which are very familiar to FoI officers, including round robins, fishing expeditions and requesters acting in concert or in pursuance of a campaign.

Legal privilege

The section 42 exemption (legal professional privilege) is often relied upon by public authorities when refusing to disclose legal advice. Not all advice given by a legal professional will attract this exemption though. It is important to ascertain who the advice was given by and what their role is within the public authority.

In February, the Information Commissioner ordered Cambridgeshire County Council (Ref: FS50457339) to disclose advice given by a chartered legal executive employed in its trading standards department to a company involved in a dispute. The commissioner concluded that the requested information did not attract legal professional privilege and was therefore not exempt from disclosure under section 42. He said: ‘The information must be communicated in a professional capacity, ie by a legal professional retained to provide legal services to their client. Consequently not all communications from a professional legal adviser will attract advice privilege.’

The communication in question needed to have been made for the principal or dominant purpose of seeking or giving legal advice. In the present case, the adviser was employed by the council as an adviser with expert legal knowledge to assist in providing advice and assistance to third parties on the council’s interpretation of trading standards legislation. This did not mean that he was employed as a professional legal adviser, funded by the council, to provide legal advice to third-party clients such as the company in question.

Also the commissioner did not believe that it could be said that the company in question had retained the services of the adviser in a professional capacity so that he could provide them with legal advice. Rather, the company appeared simply to have made use of the council’s trading standards advice service and was provided with advice, albeit by someone with a legal qualification. This advice did not attract legal professional privilege and so section 42 was not engaged.

This article first appeared in the Law Society Gazette: http://www.lawgazette.co.uk/

Ibrahim Hasan will be discussing these and other recent FOI decisions in the FOI Update workshops  in the Autumn

Do you want an international recognised qualification in FOI?

The BCS (ISEB)  Certificate in Freedom of Information  is the qualification of choice for FOI professionals. Try the test here: