Author: actnowtraining

Act Now Training is Europe's leading provider of information governance training, serving government agencies, multinational corporations, financial institutions, and corporate law firms. Our associates have decades of information governance experience. We pride ourselves on delivering high quality training that is practical and makes the complex simple. Our extensive programme ranges from short webinars and one day workshops through to higher level practitioner certificate courses delivered online or in the classroom.

How to waste money and upset people

12023750-hospital-road-sign-on-a-white-backgroundOnce upon a time there were 6 people working for the NHS. Two of them in particular (let’s call them A & B)  were working on a function required by law which was difficult but over the previous 4 years they’d worked on it, sorted it out and had received plaudits for their work and were nationally acknowledged to be leading edge practitioners.

Then the NHS reforms started. Their PCT was being killed off and staff were transferring to  a new organisation. As usual a slotting in process was set up but surprisingly both A (the director level) and B (the admin level) person were not slotted in which was wierd as they were the only two working on this function. So they had to apply for their own jobs.

The NHS had decided that because there was no slotting in it was a job that anyone could do so they opened up applications to anyone at the same pay level.

A applied for his job and didn’t get it. B applied for her job (although she was actually applying for 3 jobs at a particular pay grade and once appointed would be allocated a job). There were 3 applicants for 3 jobs. Suddenly a person on the same grade who was on maternity leave found out that the jobs were available and applied. That meant that there were 4 people for 3 jobs. Things became tense. It became intense when it was decided that  the candidate on Maternity leave would be given one of the 3 jobs without needing to attend for interview even though they didn’t work in the particular department. When this was questioned it was found out that this was the law. So someone was going to lose out.

B didn’t succeed at interview. C, D  & E got the three jobs and would be managed by F. C stayed at home as she was on maternity leave. C, D, E & F didn’t know anything about the function. A & B did but had moved on. B has attended another generic interview and been given a different job in a different city doing a job she knew nothing about as it was generic job description.

Time passed. A moved on, B watched D, E & F try to understand a job she had been doing very well for years (and failing). Deadlines set by legislation were missed. The previous high quality system fell into disrepair. Then C returned to work but only half time. She didn’t help much as she knew nothing about the job (and didn’t really want it) so now there were 3.5 people not doing a job that B could have done standing on her head. D decided she didn’t like the job and started looking for alternatives. F went to 3 days a week as she had child care issues and E went on an extended holiday. The only person ready, willing and able to do the job was B who was struggling with a new job she didn’t really want. The big boss was informed of the situation and after a milli second decided that the people who didn’t know anything about the job and didn’t want it should “get on with it”.

A week later B resigned from the job she didn’t want. No-one is happy; no work is being done; a function required by law is lying fallow; millions have been spent destroying a structure that was working. 6 people and their families have been through the restructure grinder and been spat out the other end.

Post script. A & B had created an application in access that managed the function beautifully. It was so good that it was sold on to many other similar teams all over the country. They’re all really happy with it. The original system created by an enthusiastic systems analyst has been destroyed and corrupted by people who don’t know what they’re doing. The analyst has resigned.

Not much to do with information, I know. Had to get it off my chest.

Playground Duty

Teaching? A mugs game. The (mythical) long holidays, the (mythical) 3-30 finish, the (mythical) relaxed and friendly environment as you helped the enthusiastic next generation prepare for adult life…

Playground duty was the bane of my life when I was a teacher. Once a week you had to forgo the 15 minutes of peace in the staff room and that warm cup of coffee and patrol the school playground, breaking up fights, solving Rubik’s cubes and avoid being caught by those awful children’s jokes (If a bottle of medicine cures a cough what does half a bottle of medicine cure?).

So on a recent training session for schools in a northern council we talked to the delegates – mostly Headteachers – about the Publication scheme. We looked at the definition document listing the material the ICO recommended schools to pro-actively publish, we gave them the two common sense Act Now solutions (1. find all the relevant documents and put a paper copy of them in a ring binder in the school office then photocopy on demand or 2. turn them into PDFs and put them on the website so people can download what they want).

After considering all this and thinking for a moment or two one of the delegates (a headteacher no less) said  ” I don’t think we’ll bother with this. It’d take too long.”

What’s the punishment for forgetting to do playground duty?

Opprobium, embarrassment,  ridicule, double duty next week.

What’s the punishment for failing to carry out a duty under section 19 of the Freedom of Information Act for seven and a half years?

Over to you….

(The answer is 50% of a cough. Whatever you do don’t say half a cough).

FOI: Latest decisions and developments

FOI6

One of the key recommendations of the House of Commons Justice Select Committee in its July 2012 report on the Freedom of Information Act 2000 (FoI) was the introduction of a new exemption for academic research. The government accepted this recommendation in its official response late last year.

Clause 19 of the Intellectual Property Bill, currently proceeding through parliament, inserts this new exemption (section 22A) into FoI. Subsection 1(a) of clause 19 provides that information is exempt from disclosure if it relates to information obtained in the course of, or derived from, a programme of continuing research that is intended for future publication. Subsection (1)(b), however, provides that the information will be exempt only if disclosure would, or would be likely to, prejudice a matter listed in that subsection. The exemption will be a qualified one and so subject to the public interest test. Public authorities will not be required to confirm or deny that they hold section 22A information if, or to the extent that, compliance would, or would be likely to prejudice, any of the matters mentioned in subsection (1)(b).

What is information?

Section 84 of FoI defines information as ‘information recorded in any form’. This includes information held on paper, computer, video, audiotapes, as well as that contained in manuscript notes. Marks made on documents are also covered, according to an Information Tribunal decision from 2009 (O’Connell v the Information Commissioner and Crown Prosecution Service (EA/2009/0010)).

In the light of the above decision, it should come as no surprise that, in April this year the First-Tier Tribunal (Information Rights) ruled that images of MPs’ expense claim receipts comprised information to which the act applied (IPSA v Information Commissioner (EA/2012/0242)). The background to the request is that, following the MPs’ expenses scandal, the then newly formed Independent Parliamentary Standards Authority (IPSA) decided that it would not routinely publish images of the receipts submitted to IPSA by MPs in support of their expenses claims. Only text transcribed from the submitted receipts was to be published.

A journalist made an FoI request for the actual receipts submitted by a number of MPs. The question arose as to whether images of those receipts held by IPSA contained ‘information’ within the meaning of section 1 of FoI, which was not captured by the transcription process favoured by IPSA. The tribunal concluded that the definition of information (in this case) included logos, letterheads, ‘handwriting/manuscript comments’, and ‘the layout and style/design of the requested documents’ – each of which were not disclosed to the requester as a result of providing a transcription, rather than a copy, of the relevant receipts.

This is an interesting decision, especially for those public authorities which often insist, when refusing to supply actual documents (such as minutes of meetings) that FoI is about access to information not documents. Sometimes the requester is interested in the document which contains the requested information, as it will give a further insight into its background and the thoughts/observations of the producers/subjects of the document.

Vexatious requests

Until February 2013, there was no binding authority on the meaning of vexatious under section 14(1) of FoI, or manifestly unreasonable under regulation 12(4)(b) of the Environmental Information Regulations. In three distinct but related decisions, the Upper Tribunal has tried to plug this gap. The cases are Dransfield v IC(2012) UKUT 440 AAC, Craven v IC (2012) UKUT 442 AAC, and Ainslie v IC (2012) UKUT 441 AAC. According to Judge Wikeley, the appropriate question is: ‘Is the request vexatious in the sense of being a manifestly unjustified, inappropriate or improper use of FoI?’

The Information Commissioner’s Office (ICO) has now produced detailed guidance based on these key decisions. The guidance sets out a new list of 13 indicators (replacing the previous five) of a vexatious request: abusive or aggressive language; burden on the authority; personal grudges; unreasonable persistence; unfounded accusations; intransigence; frequent or overlapping requests; deliberate intention to cause annoyance; scattergun approach; disproportionate effort; no obvious intent to obtain information; futile requests; frivolous requests.

The ICO emphasises that these are meant as a guide only and are not an exhaustive list. The guidance also addresses topics which are very familiar to FoI officers, including round robins, fishing expeditions and requesters acting in concert or in pursuance of a campaign.

Legal privilege

The section 42 exemption (legal professional privilege) is often relied upon by public authorities when refusing to disclose legal advice. Not all advice given by a legal professional will attract this exemption though. It is important to ascertain who the advice was given by and what their role is within the public authority.

In February, the Information Commissioner ordered Cambridgeshire County Council (Ref: FS50457339) to disclose advice given by a chartered legal executive employed in its trading standards department to a company involved in a dispute. The commissioner concluded that the requested information did not attract legal professional privilege and was therefore not exempt from disclosure under section 42. He said: ‘The information must be communicated in a professional capacity, ie by a legal professional retained to provide legal services to their client. Consequently not all communications from a professional legal adviser will attract advice privilege.’

The communication in question needed to have been made for the principal or dominant purpose of seeking or giving legal advice. In the present case, the adviser was employed by the council as an adviser with expert legal knowledge to assist in providing advice and assistance to third parties on the council’s interpretation of trading standards legislation. This did not mean that he was employed as a professional legal adviser, funded by the council, to provide legal advice to third-party clients such as the company in question.

Also the commissioner did not believe that it could be said that the company in question had retained the services of the adviser in a professional capacity so that he could provide them with legal advice. Rather, the company appeared simply to have made use of the council’s trading standards advice service and was provided with advice, albeit by someone with a legal qualification. This advice did not attract legal professional privilege and so section 42 was not engaged.

This article first appeared in the Law Society Gazette: http://www.lawgazette.co.uk/

Ibrahim Hasan will be discussing these and other recent FOI decisions in the FOI Update workshops  in the Autumn

Do you want an international recognised qualification in FOI?

The BCS (ISEB)  Certificate in Freedom of Information  is the qualification of choice for FOI professionals. Try the test here:

The PM has set up an Information sharing task force.

info4And what will the task force do? It will report back.

In what way will it report back? Urgently.

What sort of priority will it have? The highest.

What will the report do? It will land on the PM’s desk.

What will be called for in the report? Better information sharing.

How will this be achieved? By departments working smarter.

What will result from the report? A drive.

What will be done to the drive? It will be spearheaded.

What will the spearheaded drive have? The PM’s blessing.

What will he lend to it? His weight.

In what way will he do this? He will call a Downing Street Summit.

What sort of spectrum of society will attend the summit? A wide one.

What privacy experts will attend? Shami Chakrabati  & Simon Davies

And what sort of industrialists? Top.

How long will the summit last? It will be an all-day summit.

And what will the attendees actually do? They will pose for a photograph.

What sort of squad will be appointed as a result of the summit? A hit squad.

And what will happen to this hit squad? It will be spearheaded.

By what kind of leader will it be spearheaded? An Information Tsar.

What kind of task will the Tsar have? An urgent one.

What type of barriers will they tackle? Public concern & privacy threats.

How will they tackle these concerns? By reassuring individuals.

In what way will they be answerable to the Prime Minister? Directly.

What will the Tsar propose? Information sharing measures.

What type of measures? A whole raft.

What will the Prime Minister do with measures? He will take them on board.

What will then be set by the Prime Minister? A target.

Can you be more specific about this target? It will be a performance target.

What adjective best describes this performance target? Tough.

What must happen to this performance target? It must be measured up to.

How will this “measuring up” be expressed? In league tables.

How will those not sharing be punished? They will be named & shamed.

Who will be sent in when information is not shared? A data hit squad.

What adjective best describes the powers of the hit squad? Wide-ranging.

What type of anxieties could arise from this? Very real ones.

What will the PM do to these anxieties? He will address them.

What further action will he take? He will take them on board.

What person will the PM appoint? A privacy watchdog.

What will this watchdog possess? Teeth.

Where will the watchdog report? Back.

In what way? Urgently.

To help with the project who will join in? The big society.

What kind of approach would they have? A no-nonsense approach.

What would be harnessed? Their energy and their goodwill.

What will then be called for on the Today programme? More resources.

How will the Chancellor stand? Firm.

In what way will the PM react? He will not be dictated to.

What is the result likely to be? A privacy crisis.

How will this crisis manifest? By extended news bulletins & public concern

How will the crisis be solved? The PM will set up a task force.

With acknowledgements to Oliver Pritchett who wrote the original in 2000.

New Certificated FOISA Course: What the Tutor Saw

ANT FOISA Webpage (2)Act Now runs a Practitioner Certificate in the Freedom of Information (Scotland) Act 2002 – the inaugural course has been completed, the second one is currently running, and two more are scheduled for October and December. The course is endorsed by the Centre for FOI based at Dundee university. If you’re considering joining the course, what can you expect?

I wrote the course and I deliver it in Edinburgh (or elsewhere, if you’re interested in us bring the certificate to you). The first thing you can expect is to be in expert company – this is not to blow my own trumpet, but to reflect the high quality of the candidates we’ve welcomed. On both of the Spring courses, we had very strong candidates from a variety of backgrounds. But this mustn’t put off, the FOISA novice. One of the advantages of experience fellow delegates is that you can ask questions and get information from a wide variety of people with different experiences. The course also starts right at the beginning, with a clear explanation of the FOISA nuts and bolts.

More importantly, you get a focus on practicality. If you want an academic focus on the political and philosophical implications of FOI legislation, you may be disappointed. We don’t spend time on the history, and the comparison between FOI 2000 and FOISA is drawn only when it might be helpful for delegates. This course is designed to be for practitioners – people who have to deal with a daily influx of requests, difficult and challenging applicants, and tricky decisions. We look at the Scottish Commissioner’s guidance, useful decisions, and best of all, delegates themselves share their experiences. Some of the best ideas came from those people who work on FOISA every day. Most trainers like to show off, but it’s been good to shut up sometimes and let other perspectives be heard.

One of the chief objectives of the course is to demystify areas that are sometimes shrouded in uncertainty – not every candidate is convinced that they need to know about the Environmental Information Regulations, but many seem to have gone away with the ‘is it FOISA or EI(S)R?’ question slightly higher up their list of priorities. We have also had the traditional ‘what is personal data?’ debate to good effect, despite the risk of exposing who in the room is a real information rights geek (it is usually just me!).

At the end, we have an assessment, and again, the focus is on practicality. The feedback from the first round of delegates has been very positive, and so the format will remain unchanged. Many people who return to the exam room after years working in the office find the transition tricky and the effort of hand-writing an exam exhausting, so we have tried to find an alternative to the traditional 3 hour pressure cooker. The exam is a test of knowledge – candidates have to remember facts, and apply their knowledge to three detailed, list-style questions. Few FOISA professionals benefit from being able to remember specific subsections by rote, so the focus is on providing clear, accurate answers to practical questions. After this, delegates are given projects to choose from, and in 20 working days, they have to pick a request, consider all of the options, and then deliver a full response including a refusal notice.

The aim of the course is to give practitioners confidence, to ensure that they know how FOISA and the EI(S)Rs work, and to improve their ability to do their work. However, anything involving a ‘Certificate’ inevitably comes around to the big question of getting the marks. To pass this course, candidates need at least 50% of the marks on both parts of the assessment – exam and project. The first round of results are in, and everybody passed. The exam results were solid, but all candidates came into their own with the project. Every single one was really impressive, despite our demand for absolute precision on the project side. The results may be flattered by the quality of the candidates, but by giving people the chance to go away, consult other sources and have the time to make their case, we saw superb results.

This is not an easy course – day 1 is straightforward, but days 2 and 3 are hard work, with homework after each and the prospect of an exam shortly after the final day(see the course structure ). However, all candidates seem to have enjoyed it, and more importantly, all of them have shown so far that they are practitioners of a high standard. Roll on October!

Tim Turner is the tutor for the Act Now Practitioner Certificate in FOISA. More details of the course are on our website. Please get in touch if you have any questions (info@actnow.org.uk

Disclosure of Staff Names in FOI Refusals

canstockphoto0164766This is an FOI decision from the Information Commissioner that I have planned to blog about for some time, but have now only just got round to blogging about it.  On 11 March 2013 the ICO issued decision notice FS50468600 which involved the Department for Work and Pensions (DWP).  The content of the decision notice is not all that important until we turn to paragraphs 32-36, which are headed up as “other matters”.

In particular paragraph 35 is of note in which it states that his office experienced difficulty in actually speaking to those who were involved in the request at the DWP’s side of things.  It described the DWP’s practice of not providing telephone numbers or contact details within its responses and how this makes it very difficult for the appropriate contact to be located within the organisation.  The public authority advised the Commissioner that it did not include these details so as not to breach the privacy of the non-senior staff involved; it described the staff in question as not being in public-facing roles.

In Paragraph 36 of the decision notice the Commissioner states quite clearly that he does not agree with this approach.  The decision notice states that “if such staff are responding to requests made under the FOIA then he considers this to be a public-facing role which is unlikely to attract an expectation of privacy” (Paragraph 36).

The DWP are by no means the only public authority which has adopted similar processes in respect of FOI requests.  I can remember one time trying to get hold of a central Government department (I can’t remember exactly which one, but I have a feeling it was either the Home Office or a connected public authority) to discuss a response that had been issued by them (something that merely wasn’t very clear and, as it later transpired wasn’t in need of an internal review). However, there was no contact details provided for the individual.  I was informed that the FOI team were not public-facing and they wouldn’t speak to members of the public over the telephone.

It was very frustrating and actually resulted in a higher cost to the public authority in my case.  There was just one thing that I wasn’t clear about and I’m sure that had I been able to have a quick telephone conversation with the person who issued the decision then there would have been no need for them to conduct an internal review.  However, the Authority’s attitude and processes meant my only option to get the clarification was to request an internal review.  This will have then required a senior member of staff within the authority to review the entire handling of the request and issue a response to me; far more expensive than 5 minutes on the phone explaining something to the applicant.

Not publishing contact details for those responsible for FOI within the organisation also makes seeking advice and assistance from the public authority almost impossible.  My reading of the Act suggests to me that advice and assistance is not only something to be provided in a refusal notice, but something that should be available to prospective applicants.  I know that I’ve certainly phoned up a public authority and had a chat with them about a request before making it; as a consequence I have been able to frame my request in a way that has made it a much more efficient process for the public authority (and thereby reducing the cost to the taxpayer).  The FOI Officer, knowing the structure of their organisation and how information is generally held, was able to advise as to what information they were likely to hold and how it was likely to be held.

I tend to agree with the commissioner that anyone sending a response out to a FOI request is clearly public-facing; it might be that a particular role was not public facing pre-FOI, but in these post-FOI days anyone could, in theory, be a public-facing member of an authority’s staff.  It should be easy for applicants to contact public authorities, not least because the public authority is obliged to provide advice and assistance, but it can just save public authorities money.  It can help ensure more focused FOIs that are easier to deal with and can prevent expensive internal review requests (or perhaps even more expensive ICO investigations).(Ed – See also Ibrahim Hasan’s blog post on disclosure of staff names under FOI)

Hopefully the ICO’s criticisms of this approach in this decision notice will feed their way round any other public authorities who still adopt a practice of not giving out contact details for someone able to provide advice and assistance.

Alistair Sloan is a 4th year LLB student in Scotland, blogger (http://scotslaw.wordpress.com/about-2/) and FOI proponent. Follow him on Twitter (http://www.sloansonline.me.uk/

Ibrahim Hasan will be discussing this and other recent FOI decisions in the FOI Update workshop  on 3rd June 2012 in London.

Do you want an international recognised qualification in FOI?

The ISEB Certificate in Freedom of Information  starts in Manchester and London in June.

ICO 2013 Conference Review

Roger Bescodpoc2013website.ashxby reviews the recent ICO conference…

I was on my travels last week and on Tuesday (5th May 2013) found myself at the ICO Data Protection Officers’ Conference  in Manchester. Over 800 people present and about 300 ‘waiting outside the door’ as they say. It was, and always is, massively oversubscribed. It is the main event in the ICO calendar and a fantastic opportunity to get a feel for the way the regulators are thinking. Well worth getting on the guest list.

This is the third year I have attended this Conference and once again I found myself pretty much the only representative from the insurance investigation sector. Can you believe that??  Here we are, post Leveson, NOTW and with worrying EU Regulation on privacy coming out of our ears – and only Brownsword Group there from the entire industry. Does that make us ‘anoraks’ or supremely responsible chaps??  Answers on a post card…

I picked up on two main points that I would like to share with you all:

Europe?  You Never Had It So Good…

There are some massive EU reforms on the way in the form of new European Regulation on Data Privacy. By 2016 it’s looking like we are going to be regulated centrally by Brussels on DP. ‘Fine’ you may say, but when you consider the vastly differing attitudes towards Data Protection by the 27 Member States, and that the UK currently has a considerably more liberal attitude than most, it’s time to look at what might be coming our way.  The explosion in social media is being blamed for the need for tougher regulations – an observation difficult to argue with.

You may remember I highlighted last year that current proposals in Brussels suggest that personal data can only be shared if it falls into one of the new proposed exemptions. Sharing of data by insurers for the purposes of fraud prevention is NOT currently listed amongst the exemptions. This seems to be a glaring omission and now evidently an oversight.  The Association of British Insurers (ABI) and the Financial Services Authority (FSA), amongst others, have been lobbying hard on this very point and seem to have now made some headway. The issue is currently now under review by no less that 5 COMMITTEES in Brussels, all presumably deliberating on what has to be the most obvious decision they will ever have to make – but remember – this is the EU Parliament we are talking about!

During the mass Q&A in the afternoon, Assistant Commissioner David Smith answered a question put by a delegate in a grey suit and Salford accent, on the very point. He admitted that there were several points within the current EU proposals with which the ICO had issues and that this was a typical example. He went on to say that he felt confident that data sharing would always be justified if it was being done for the purposes of the ‘legitimate interests’ and for the ‘prevention and detection of crime’ and that he had not seen anything in the new proposals that changed that.

So, on the face of it, good news but it really is worth keeping an eye on the EU proposals. Wouldn’t we all feel happier if the insurance fraud world was specifically recognised by way of an exemption?

And what does the EU think of secret filming? If the UK were forced to adopt even some of the tough regulations on covert surveillance that exist across much of mainland Europe we would see the biggest upheaval in recent history in our sector. I detected an insatiable appetite from the regulators on the issue of ‘consent’ to processing. The nightmare scenario of having to say to a surveillance subject,  “Hi Mr Smith, is it OK if I film you next Tuesday in relation to your claim?” may not be as farcical as it seems. I kid you not!

I also heard one opinion from a senior ICO official that he favoured following the RIPA example, that of seeking Magistrates’ approval if you wish to put somebody under surveillance in non Public Authority scenarios…you have been warned! (Certainly some form of written authorisation for non-RIPA surveillance is favoured by the Office of Surveillance Commissioners and others – Ed)

‘Unmanned’ Surveillance – Too Risky??

There were two excellent breakout sessions at the conference dealing specifically with surveillance.  The way covert video evidence was captured, and in particular the justification for filming individuals, was discussed at length. The point was made most emphatically by the ICO officials that they would only condone the covert processing of personal data (i.e. filming) if it was evidently targeted upon the data subject, and of course that the intrusion could be justified.

They then made the further point that such covert data processing must be discriminate and that every attempt must be made to avoid the inadvertent capture of footage of ‘un-connected’ individuals. They went on to say that whilst some ‘collateral intrusion’ was inevitable, the installation of static unmanned covert cameras, vehicle based or otherwise, was absolutely  ‘unfair and excessive processing’ and breached basic DPA principles.

I know that some surveillance companies out there openly recommend and market such tactics – suffice to say it is not a route The Brownsword Group will be going down. The thought of maybe two dozen ‘friends and neighbours’ of a legitimate surveillance target bringing privacy actions against our client is a risk we will not be taking – and that’s before the ICO themselves come down like a ton of bricks.

And Finally – Something Else……..The FSA and a ‘Thematic Review’ of the Use Of Private Investigators

I can advise that the FSA Conduct Business Unit have embarked upon what they are calling a ‘Thematic Review’.   They are “seeking information from  firms about the controls, oversight and due diligence procedures operated by insurance companies regarding the use of private investigators.”

I understand that specific attention is being paid to TCF, the payment of any inducements or incentives, the frequency and success of investigator involvement and also whether the 2007 ABI Guidelines are being adhered to. It is not surveillance specific.

Insurers can expect a visit in the coming months. Brownsword Group have written to the FSA offering help, assistance and guidance in the production of the review, hopefully providing a view from the ethical  investigator’s side of the fence.

It is likely that at this stage the FSA will have little first hand knowledge of the vital working relationships that exist between Insurers and investigators. This, and in the light of current suspicious attitudes from certain regulators towards the investigation sector, may suggest that a degree of education may be necessary from insurers and investigators alike.

Hopefully, in the fullness of time, the FSA will interact with us on this and we will be able to explain the value of the investigators support role to the insurance sector.

I hope you found the above of interest, comments and questions welcomed.

Roger J Bescoby is Director of Strategic Development at the Brownsword Group. Visit www.brownsword.com & www.talk-safe.co.uk

Data Protection Update workshop – Analysis of the latest DPA cases, developments and news from the ICO. Our next workshops are in Manchester on the 28th May and in London on the 31st May.

Doing BCS (ISEB) Courses? Top Tips from a Successful Candidate

ANT ISEB WebsiteI have been asked to write a blog on what I had learned from recently taking – and thankfully passing – the ISEB/BCS courses in FOIA and DPA. Maybe I internalised the legislation too much, but for some reason I could only think of addressing it in terms of 8 principles:

1. Start from scratch

Whilst you may have a lot of knowledge and experience in FOI/DPA, try and go back to square one and approach the Acts like new legislation. You may find that, due to the demands of your sector and your role, you know different areas of the relevant Act much better than others. The syllabus leans towards no sector in particular so picking up the legislation again and starting from scratch can really help. Some of the areas I knew least about at the start of the course became the basis of my strongest essay answers.

2. The pen is mightier hard to write with than the keyboard

Writing legibly is one thing. Writing legibly for three hours is a whole different matter. If like me, you are so used to rattling away on a keyboard that you get cramp scrawling a shopping list, then it is time to do some training a good few weeks before your course starts. Start by trying to write a few pages of longhand, even if it is just copying some text. It is worth the effort. Investing in a couple of decent pens really helped my writing, which has never been the neatest.

3. Do your homework!

…as my mum used to shout! This is tough. You may feel inspired by the session and then find yourself back in a hectic day job, and suddenly training day comes round again. Try and find time for it, either over lunch at work or blocking time in the evenings. I knew people who wrote essays perfectly well on the tube – I don’t know how! The homework essay questions are essential to get back into that mode of constructing an argument and recalling facts. Avoid the ‘I did the essay in bullet points’ approach; presenting the argument in paragraphs and prose is as much part of the exercise as knowing the key points. It helps with principle 2 aswell.

4. Expand your mind

Many of us will make use of the ICO’s website or the JISC lists to pick up the latest information. For your exam and for your overall working knowledge it is really worth doing some ‘wider reading’. For matters FOI/DPA there is luckily a thriving blogosphere and twitterati (is that even a word?) to follow the latest developments. This is especially important for the DPA ISEB, where knowledge of the case law is vital. I found the following really useful (in no particular order) – there are many more:

Act Now Training http://www.actnow.org.uk/

Information Rights and Wrongs http://informationrightsandwrongs.com/

FOI Man http://www.foiman.com/

2040Information Law Blog http://2040infolawblog.com/

Panopticon http://www.panopticonblog.com/

Data Protector http://dataprotector.blogspot.co.uk/

David Higgerson http://davidhiggerson.wordpress.com/

whatdotheyknow.com https://www.whatdotheyknow.com/

Campaign for Freedom of Information http://www.cfoi.org.uk/

5. Enjoy the group

In both the DPA and FOI ISEBs, I have been really lucky to be in with a friendly and supportive group of co-students. The benefits of this go way beyond the practicalities of preparing for the exam. It is re-assuring to meet others who have faced the same challenges and problems. They may have tried different approaches to policy or procedural questions. Chat to the person next to you!

6. Don’t mock it

The mock exam is one of the most important parts of the whole course and invaluable in preparing you for the big day. You can do an essay question for homework under exam conditions but it won’t prepare you for starting the same question with only half an hour left on the clock and 25 pages of writing behind you. Treat it as much as possible like a real exam. Even going through the basics in the mock helped (e.g. how to fill out the multiple choice paper). It means that on the exam proper you can focus your stress on the questions themselves. I also learnt that eating an entire packet of mints in 3 hours would not necessarily enhance my exam performance.

7. Revise!

Forget DVD box sets or the football on TV for a few weeks – you have to make the revision count. Go for everything you can fit in: practice questions, podcasts, online seminars. I personally had a lot of difficulty with the Section B ‘bullet point’ questions, which rely on memorising information (e.g. the headings of the FOIA s45 Code of Practice). I found refuge in the humble index card to get the basics down and had friends or family test me. Make the time for yourself – you will reap the benefit come the exam.

8. Treat it as more than just a certificate

Education is becoming increasingly seen as a commodity, something you pay for and get a return from. Fair enough, the ISEB works like this. Work hard and get your certificate. And yet, like all education it does so much more than that. It fills you with ideas to take back to your workplace, makes you think about where you can take your new-found or rediscovered study skills (more part-time education or qualifications?) and develops contacts and networks with other practitioners.

Good luck!

Kit Good is University Records Manager and FOI Officer at the University of London. He has successfully completed both BCS (ISEB) courses with Act Now. Follow Kit on Twitter: @kit_urm and read his blog: http://allabouttherecords.blogspot.com/

Our next BCS (ISEB) courses start in June.  Delegates can now make use of our online resources page  with exclusive access to guidance notes, quizzes and over four hours of videos.

More advice about BCS ISEB and how to pass here:

http://actnowtraining.blog/2012/05/23/do-you-want-to-be-certified/

http://actnowtraining.blog/2012/01/31/how-to-pass-the-iseb-certificate/

The £200 taxi and the 4 inch fish.

It was December. I’d spent a day training in Edinburgh and the following day was doing a morning in Reading. Bad planning I know but all I had to do was take a train from Edinburgh to London then on to Reading and I’d make the hotel in time for a pizza and a beer. I’d booked in advance and found a first class advance ticket from Edi to Lon for just £31. I was looking forward to a pleasant journey and maybe a quality snack or two.

Things started badly. There was flooding in the air. I know it’s usually on the ground but we live in interesting times.

taxi

The booked train was cancelled. I took the following one and settled down to a slightly delayed journey but ultimately a stuffed crust and a kronenbourg. Then we arrived at Darlington. The floods meant that we had to sit still for 3 hours. It wasn’t much fun. The relief train crew from Newcastle, contrary to all expectations, had forgotten to load the pies so first class refreshments were down to cans of speckled hen and Dolmen peanuts. They were free which did ease the pain.

Further delays as we were re routed meant a very late arrival in London. As the clock ticked round to midnight I started to get worried. Tubes would stop; most busses would stop; I suppose there would be taxis but would Paddington be open this late…

Out of the blue at 0115 in the morning as we crawled though north London an announcement came over the tannoy. “Passengers needing assistance for their onward journey should contact East Coast staff at Kings Cross who would help with taxis.”

Wow…

I walked through the train to get to coach M so I was first off and strode boldly up to an East Coastie.

“Where are you going to sir?”

“Reading”

“Follow me sir”

Minutes later I was in a large taxi with 5 other fellow travellers sliding westwards through slick rain covered streets. My companions were  going to Ealing, Heathrow and other points west but I was the Marathon man so I snickered silently to myself.

Eventually at 3am we arrived at my hotel. For the last 30 minutes I chatted to the driver and he set out a wonderful life enjoyed by London mini cab drivers on the evenings when trains were delayed. They knew from experience and watching the media when the pickings would be rich. When they arrived at the terminus they would have no idea where they would end up but they knew it was a large guaranteed fare.

My driver said he’d done Kings Cross to Portsmouth; Victoria to Leeds, Kings Cross to Bath. The best nights were when Eurostar was delayed. He’d once has a trip to Edinburgh from St Pancras. He didn’t tell me the exact meter reading but the phrase “Four figures guv” said a lot. Some weeks in the winter he did two or three nights like this.

It had been a full train due to the earlier cancellations. There had been standing in first class. I estimated several hundred grumpy and tired passengers had disembarked at Kings Cross and been squeezed in to taxis to finish their journeys. Even with 5 in a taxi at least 100 taxis had been used on that train at £200 a taxi. I wonder how much that cost?

They also refunded the cost of the ticket as it was waaaaaaaaay over their expected arrival. I expect the other several hundred passengers had theirs refunded as well.

Contrast that with the 1703 north from Kings Cross on an equally cold and wet day in February. I’d done another day’s training and was looking forward to my first class offering. (Senior rail card otherwise I’d be in second err…standard class).

The complimentary glass of alcohol. OK. The complimentary peanuts. OK. The hot dish was a disappointment. Fish & Chips. Nonetheless I ordered it.

filetoWhat a disaster. When it arrived 5 minutes later as we crawled past Finsbury Park there it was on a small plate in front of me.

A four inch fish  and with 6 square cut chips beautifully arranged three on top of three others. I looked at it for too long before eating as the waiter asked if I was alright.

“A bit small isn’t it?”

“You can have another afterwards if you want Sir, we’re not busy today”

I declined. There was cheese & biscuits to follow or so I thought.

Wrong. Like the Filet ‘o’ Fish I had just eaten it was a load of pollocks.

“Cheese is on the 1733 Sir”

So there you have it. Phenomenal customer service on a late running train at enormous expense. Very poor first class food on the 1703. Who decides how this train company spends its money? Whose money is it anyway? Would an FOI request elicit this information? If it was a public body we could find out.

Hang on a minute….

 

Trainer under Surveillance! – RIPA required or even obtainable?

CCTV

About 5pm I arrive at a small hotel ready to deliver training the next day. There is no car park at the hotel so I park on the large pay and display opposite. I check the charges, and buy the minimum – one hour, while I go into the hotel to check-in and see about parking for the night. As I buy the ticket from the machine I hear the CCTV camera above as it moves like something from War of the Worlds, scanning the car park.

The receptionist is very helpful, and asks if I have parked on the pay and display car park. She goes on to say that unfortunately there is no car park at the hotel, but 6pm until 8am is only £2.50 pay and display. But beware, she says, you must be sure to have moved your car before 8am or paid more for the day rate, since during the night a council employee drives around this and other similar car parks, checking parking tickets displayed and recording vehicle registration numbers and the make and model, and exactly where they are parked. Then, during the morning the CCTV cameras are manned and used to check if each car has moved or if anyone has bought a day ticket. If not, a fine is posted to the address of the registered keeper. She knew this because of reports from previous customers who had been caught out by only a few minutes.

What do you think about this type of activity? Good use of resources? Is it directed surveillance that would require a RIPA if it met the recently introduced crime threshold. – Small wonder some generally law abiding citizens are even opposed to overt surveillance when we hear the purpose it is adapted to pursue

Don’t want the police and other public protection services to watch you because they care!

As I get older I make Victor Meldrew seem like a party animal. I object to anyone knowing anything about me, and I get very aggressive when I realise someone or some organisation who I have never communicated with knows something about me.

I hear lots of people ranting about the police or others that protect us from harm, breaching our right to privacy as they try to counter ever-more devious and resourceful individuals who would do us harm or cause us some loss. I deliver open source internet courses, and delegates learn how to find what others put about themselves or their family and friends on Facebook, or organisations and blogs and forums that provide contact and other information about those who contribute. This is scary enough for delegates who attend the courses and realise how vulnerable they are by virtue of what is posted publicly on the internet or uploaded in pictures they display to all and sundry.

But there is a far more sinister threat to our right to privacy than these public web pages and the on-line hackers and scammers. Every click, every place visited, and everything we do is recorded, analysed, and disseminated between the internet service providers, search engines such as Google, and other interested parties. This data is sold and re-sold, and used and re-used. Each of us on the internet is generating data and therefore income for businesses monitoring our activity for financial gain, and targeting our ‘type’ for some particular purpose.

Add to this the technical vulnerabilities that no one seems bothered to address. The ‘savvy’ users work hard on ensuring their privacy settings on social networking sites such as Facebook only ensure those allowed can see their private information, and details of friends and family etc. Then they use their device on public WiFi networks drinking coffee or eating a burger, smug that their accounts are actively communicating with others but they are too clever to let fraudsters see their information. However, there is at least one freely available add-on that can be downloaded legitimately, and the user can connect to the same coffee or burger shop WiFi network, and using the add-on, identify every single user account on devices connected to the WiFi network, and then focus on a particular account and see as much as the account user can – username, private messages – everything public and hidden by privacy settings. So as we walk blindly into a surveillance society with our data available to so many, either through the internet, or our own activity, or the techniques and equipment, surely, supported by checks and balances, public protection bodies should be allowed to at least catch up with the rest!

Come along to one of the internet research courses and see just what information is available and how to find it. And discuss these issues and many others with Steve Morris the trainer.

This article was written by Steve Morris who was formerly a detective with the West Midlands Police Force. Steve is now a full time trainer in relation to various law enforcement and investigation subjects to the public and private sector.