Act Now Associate Appointed to Judicial Position

EDIT-37

Act Now Training would like to congratulate Susan Wolf our senior associate, who has been appointed as a Fee Paid Member of the Upper Tribunal assigned to the Administrative Appeals Chamber (Information Rights Jurisdiction) and First Tier Tribunal General Regulatory Chamber (Information Rights Jurisdiction). 

We are delighted that Susan will continue in her current position at Act Now Training delivering our full range of online and classroom-based workshops. Susan also writes for our information law blog and has developed our very popular FOI Practitioner Certificate

Prior to joining us, Susan taught information rights practitioners on the LLM in Information Rights Law at at Northumbria University. She has also taught and presented workshops on FOI, EIR and access to EU information in Germany, the Czech Republic and throughout the UK. 

Commenting on Susan’s appointment Ibrahim Hasan Director of Act Now Training, said: 

“I am delighted that Susan’s expertise as an information rights lawyer has been recognised through this judicial appointment. I am sure that she will use her fantastic skills and experience to the benefit her new role.”

DPO or not to DPO: The Data Protection Officer under GDPR

The General Data Protection Regulation (GDPR) is nearly upon us and one of the elements is the requirement for certain organisations to have a Data Protection Officer.

This throws up some interesting issues. A qualified, experienced data protection officer is a valuable commodity. They do exist but command salaries approaching £50,000 in large organisations (stop laughing at the back) and if you’re a small organisation they’re not going to work for you for peanuts. So where do you find a qualified, experienced DPO?

Secondly will there be a requirement upon you to have one? It looks like there will be three clear cases.

  1. processing is carried out by a public authority,
  2. the core activities of the controller or processor consist of processing which, by its nature, scope or purposes, requires regular and systematic monitoring
    of data subjects on a large scale
  3. the core activities consist of processing on a large scale of special categories of data.

But to go back to the DPO what does qualified mean? Yes there are qualifications out there. The accepted gold standard in the UK is the BCS certificate which has 40 hours of training plus a testing 3 hour exam. There are other firms in the sector who offer their own versions and most of them involve significant study (30 or 40 hours) plus exam. Other qualifications exist, like our GDPR Practitioner Certificate and CIPP certification from the International Association of Privacy Professionals – some for US and some for UK professionals – but the question everyone wants answering is which qualifications will satisfy the GDPR?

Do training providers have to apply for acceptance or endorsement from the EU or their national regulator? Will the content of these courses be examined or will a standard be set and the training providers tailor their material to a certain level or will it be a free for all with no standard to work to? Do you want a DPO who knows how to conduct a Privacy Impact Assessment or who knows about International Data Transfers or one with an understanding of the history of Data Protection? Or will there be a requirement to study a certain (large) number of hours to demonstrate competence? At the moment it looks like all the DPO will need is “sufficient expert knowledge” which doesn’t in itself mean a qualification.

Other skills required by a good DPO are those of Diplomat, Trainer; Advisor, Confidante; Interpreter; Persuader; Listener; Friend to requestors; Policy & procedures writer. They have the ability to talk to the top level of the organisation yet explain complex law in Plain English. Not your run of the mill person.

It looks like the route map will require the DPO to be an employee but one with a different type of outlook. Privacy is becoming a big vote winner; organisations who don’t respect customers privacy will feel the backlash of disgruntled consumers. It really needs someone who is part of the organisation who is present at all times and understand the data processing systems of their employer but is detached enough to be able to criticize his own organisation.

There is a way out for small organisations who think they need a DPO to ensure their organisation is fully compliant with the new regulation. Don’t give the job to an existing member of staff and expect them to learn it on the job; Don’t appoint a knowledgeable, qualified, experienced but expensive DPO – bring in an external one you can use as and when you need them.

Externals have significant benefits. They don’t work full time so the on costs disappear; You can bring them in as required for short term task and finish assignments; You can save the costs of training and continuing education for an internal data protection officer; your staff will react better to an external who appears to have the status of a “consultant”.

Externals also won’t have any political or organisational baggage and can act in an unbiased manner without fear for their job. An external data protection officer also has no worries about favouring certain departments or individuals in the company. Many organisations appoint their Head of Legal as their DPO which brings with it the ethical/legal/best course of action conflict. An external won’t need to bother with this.

You can concentrate on your core business and the external can take care of your data protection.

Once you have appointed an external DPO they will compile a detailed data protection audit on your data protection compliance. They will then identify possible data protection issues and legal risks and explain what is required to remedy them. Then you can start making the necessary changes.  Your business will soon be in full compliance with current data protection laws.

But it doesn’t stop there. The external DPO will be on call and can discuss day-to-day DP issues by phone or email for a small fee. If more detailed work is required further fees and timescales can be agreed.

Working with an external data protection officer is based on a consulting agreement. There may be a retainer fee plus an hourly or daily rate to follow. If your Data Protection needs are low you may not have to consult your EDPO too often.

Not surprisingly EDPOs are starting to appear on the web. They’re quite common in Germany and it’s likely they will become a staple in the UK. Various UK law firms advertise such a service but unsurprisingly the rates they charge are not on view. It might end up costing more than you think especially if you opt for a ’big’ name.

There’s also the scope however for sharing a DPO. This has already happened in various parts of the country as cash strapped rural councils pay for a percentage of a DPO and have them on site part of a week.

At a recent educational conference a group of 30 schools in the same region kicked around the idea of each contributing to buy a DPO for all of them who would fulfill their information law obligations. Sounds quite a good idea until you realise there’s only about 240 working days in a year so each school would have 8 of those days to themselves and the shared DPO would have a significant petrol expenses tab. A few rural councils with a shared DPO would have a much better deal.

Sadly GDPR is not well understood and there are those who think Brexit will derail it (though not true) but a wise organisation should be thinking now if and when they will need a DPO, what qualification they will have and how do they find one.

An external who is called on infrequently might appear be the cheapest option but might have further hidden costs and a part share of a DPO might be a good short term solution but would they be as good as the expert knowledge and day to day hands on work of a full timer.

Good news for Data Protection Officers…

We are running a series of GDPR webinars and workshops and our team of experts are available to come to your organisation to deliver customised data protection/GDPR workshops as well as to carry out health checks and audits. Our GDPR Practitioner Certificate (GDPR.Cert), with an emphasis on the practical skills required to implement GDPR, is an ideal qualification for those aspiring for such positions.

I Don’t Believe It! Fees for FOI Tribunal Appeals

Just when you thought FOI was safe (“Oh no we didn’t! Not after that Cabinet Office packed the new FOI Commission with people who don’t particularly care about FOI”, I hear you say), The Ministry of Justice has announced a consultation into changes to fees for, amongst others, FOI appeals at tribunal stage.

If the proposal goes ahead, it will cost £100 to apply for an appeal to the First Tier Tribunal (Information Rights) or the Upper Tribunal (if the case is transferred), and £500 for an oral hearing. Christopher Knight of 11 KBW has produced a helpful summary in this post on the Panopticon Blog.

This proposal is not a great surprise. In July 2012, the Justice Select Committee published its Report into Post-Legislative Scrutiny of the Freedom of Information Act 2000. The Government published its official response in December 2012 and paragraph 24 mentioned the possibility of introducing tribunal fees despite the Committee never suggesting it.

Introducing tribunal fees is clearly an attempt to curtail the public’s right to know in the guise of cost saving. The Campaign for Freedom of Information are mounting a vigorous defence of FOI. We should all try and contribute. Readers can also sign the 38 Degrees Petition to protect FOI laws.

Tribunal fees will have a big impact on the number of challenges to public authority decisions. Overworked FOI Officers may initially see cause for celebration. However if fewer appeals are heard the quality of FOI caselaw on important matters of interpretation will suffer. Consequently application of the FOI exemptions, as well as other provision, will become more difficult. This alone is a good reason for a robust response to the consultation from the public sector.

The consultation paper and the impact assessment on tribunal fees are both on the Ministry of Justice website. The deadline for responses is 15th September 2015.

What else is afoot for FOI? I looked into my crystal ball, after the election, to predict how FOI could change now we have a Conservative majority government. It will be interesting to see how many of my predictions come true when the FOI Commission reports back in November.

Don’t forget on 18th July 2015 the new Re-use of Public Sector Information Regulations 2015 (ROPSI) came into force, replacing the 2005 version. They contain some important changes to the UK public sector information re use regime.

Ibrahim Hasan will be reviewing the latest FOI developments and caselaw in detail, in our forthcoming FOI Update webinar.

The ICO and Seven Shades of Grey

If you’ve nothing to do at lunchtime and you’re an experienced DP person try the ICO quiz on the difference between Data Controllers and Data Processors. You can find it here. After all it’s not a hard quiz. Data Controllers determine the purpose and own the data; data processors just do as they’re told. For years we’ve had this easy to understand relationship and many organisations have outsourced some work involving personal data, drawn up the contract, monitored the performance of it and we all knew where we were. Data Controllers were liable for any problems and Data Processors just did as they were instructed.

Recent guidance from the ICO changes this. Instead of clear yes/no and black/white definitions the commissioner recommends that each relationship with another person processing your data is examined to see how much influence the other person has over how the data is processed. As a result there are no easy answers. Just some shades of grey.

If you are eager to do the quiz and go for it without reading the guidance prepare yourself for a shock. Better DP experts than yourself have taken the test and not performed at all well.

The guidance is well meaning but bends over backwards to accommodate every possible possibility that it’s not that useful.

Image credit www.jimbanks.com

What is “information” under FOI?

Section 1 of the Freedom of Information 2000 (FOI) contains the general right of access to information held by public authorities. But what exactly is “information”? Section 84 defines information as “information recorded in any form.” This includes information held on paper, computer, video, audiotapes as well as that contained in manuscript notes. FOI does not give access to information that is known to the public authority but is not available in some recorded form (see Ingle v Information Commissioner (EA/2007/0023) ).

Mere marks made on documents are also information according to an Information Tribunal decision from 2009 (O Connell v the Information Commissioner and Crown Prosecution Service (EA/2009/0010)). Here the Tribunal considered access to manuscript notes made by a defence barrister, during a criminal trial, on his client’s typed police interview record. The Information Commissioner’s view was that some of the notes, which consisted of asterisks and underlining of words on a document, were not information for the purposes of FOI.

The Tribunal rejected this submission. In its view, however tenuous and potentially misleading the material sought may be, it still constituted information; even if it was only information to the effect that certain marks had been made on certain sheets of paper held by the public authority. The Tribunal did however rule that the requested information was sensitive personal data, disclosure of which would breach the Data Protection Principles. Consequently it was exempt under section 40(2) being third party personal data.

It is an oft-repeated phrase that FOI provides a right of access to information rather than documents. However, a request for a copy of a document will generally be a valid request for all of the information contained within that document (including visual format, design, layout etc). In considering whether the public authority has complied with the request, the question is whether all of the information recorded in the document has been provided. It will not be sufficient to rephrase the document or provide an outline or summary of its contents unless the applicant has specifically expressed a preference for a digest or summary under section 11(1)(c).

In April 2013 the First Tier Tribunal (Information Rights), ruled that images of MPs’ expense claim receipts was information to which the FOI applied (IPSA v Information Commissioner (EA/2012/0242)). The background to the request was that, following the MPs’ expenses scandal, the then newly-formed Independent Parliamentary Standards Authority (IPSA), decided that it would not routinely publish images of the receipts submitted to IPSA by MPs in support of their expenses claims.  Only text transcribed from the submitted receipts would be published.

A journalist made an FOI request for the actual receipts submitted by a number of MPs. The question arose as to whether images of those receipts held by IPSA contained “information” within the meaning of section 1 of FOI, which was not captured by the transcription process favoured by IPSA. The Tribunal concluded that the definition of information (in this case) included logos, letterheads, handwriting, manuscript comments, and even the layout and style of the requested documents. These were not disclosed to the requestor as a result of providing a transcription, rather than a copy, of the relevant receipts.

The Upper Tribunal’s appeal decision in this case, has now put the matter beyond doubt. In Independent Parliamentary Standards Authority v IC & Leapman [2014] UKUT 33 (AAC) Judge Williams dismissed the appeal by IPSA. At Paragraph 22 of the judgement he said:

“It is to me also trite to note that the wording on a typical receipt or invoice is only part of what a recipient sees when looking at it. Typically there will be verbal and numerical content to be read and understood, but there will also be visual content to be seen, rather than read, but which may also require to be understood for the recipient to have appreciated the whole of the experience, if I may term it that, communicated by the receipt or invoice.”

In the judge’s view information is more than just the words and figures on a piece of paper. Sometimes the nature of the request will mean that the only way to convey all the information on a document is to disclose the original or at least a copy. He gave the example of Land Registry plans, drawings and photographic evidence of a particular building.

In coming to his decision the judge took note of the Scottish Court of Session decision in Glasgow CC v SIC [2009] CSIH 73 under the Freedom of Information (Scotland) Act 2002 (FOISA). As a general point of principle, the Commissioner and the Tribunal is not bound by Court of Session decisions on FOISA, although they may be considered persuasive where the terms of FOISA mirror the terms of FOI. In the Scottish case the applicant specifically wanted the public authority to provide copies of the documents, although he acknowledged that the same information was available elsewhere. The Court confirmed that FOISA entitles requesters to the information within a document, rather than a copy of the document itself. To the extent that this request was specifically for copies of the documents over and above the information they contained, it was invalid. The Court rejected an argument that the copy documents were “information” distinct from the information contained within them.

The Court stated at paragraph 45 of the judgment:

“Where the request does not describe the information requested… but refers to a document which may contain the relevant information, it may nonetheless be reasonably clear in the circumstances that it is the information recorded in the document that is relevant.”

However paragraph 48 should be noted:

“The difference between the original and a copy… does not consist in any difference between the information recorded in each document: that information, if the copy is true and accurate, will be identical.” (my emphasis)

In the IPSA case, the judge ruled that transcriptions of the requested receipts would not be “true and accurate”, as they would not contain all the same information as on the originals e.g. logos, style, layout etc.

If you want to know more on the Scottish case, read the briefing note published by the Scottish Information Commissioner. The basic principles (and these apply equally to FOI requests) are:

  • The Freedom of Information (Scotland) Act 2002 (FOISA) provides a right of access to information and not a right of access to copies of specific documents.
  • Authorities should not automatically refuse requests for copies of documents, as long as it is reasonably clear from the request that it is the information recorded in the document that the applicant wants.
  • Requesting a document (e.g. a report, a minute or a contract) is a commonplace way to describe information. Where it is reasonably clear that a request is for the information contained in a document, the authority should respond to the request as one properly made under FOISA.
  • If a request is for a document, but it is not reasonably clear what information is being requested, the authority should contact the applicant to seek clarification.

These are interesting decisions especially for those public authorities who often insist, when refusing to supply actual documents (such as minutes of meetings) that FOI is about access to information not documents. Sometimes the requestor is interested in the document, which contains the requested information, as it will give a further insight into its background and the thoughts/observations of the producers/subjects of the document.

Finally to quote one of our FOI trainers (Philip Bradshaw):

“Much will also in practice depend on the wording of the request. Contrast “How much did you spend on pencils?” with “Can I have a copy of your pencil invoices”. You can clearly provide in permanent form all the recorded information within scope of the first request without copies, but not perhaps for the second.”

Ibrahim Hasan will be discussing this and other recent FOI decisions in the FOI Update workshops which are delivered in online sessions as well as face to face.

Freedom of Information Caselaw Roundup

The Freedom of Information Act 2000 (FOI) applies to information held by a public authority or held on its behalf by another person (Section 3(2)). What of information about people working for a public authority but who are legally employed by a third party?

This question arose recently in an appeal to the First Tier Tribunal (Information Rights) (FTT). In Hackett v Information Commissioner (EA/2012/0265), the  (ULT), an education charity running 21 Academy schools, was asked for, amongst other things, details of senior staff members’ pay, pension contributions, other remuneration and expenses.  The request was refused on the basis that the information was not held by ULT, but by the United Church School Trust (UCST) who employed the staff and who, as a non-publicly funded charity, is not subject to FOI.

The appellant argued that the corporate structure of ULT and UCST was an accounting process set up to avoid disclosure of the requested information which was about the spending of public money. In addition he submitted that both companies were subsidiaries of the United Church Schools Company and as such were, in effect, both part of one company.

The FTT upheld the decision of the Information Commissioner that the information was not held by ULT, but by UCST, and so not subject to FOI.  It took account of the fact that the corporate structure had been urged on ULT by the Department for Education, the two charities had maintained a complete corporate separation and that the service agreement between ULT and UCST expressly referred to the senior staff being employed by UCST. Could this decision mean that more public bodies will adopt innovative structures to avoid public scrutiny of their finances?

The section 40 exemption applies to personal data disclosure of which would breach one of the Data Protection Principles. This usually involves considering whether disclosure would be fair and lawful under Principle 1. Not all personal data will be exempt from disclosure. Sometimes there is a legitimate interest in the public knowing some personal data.

In Innes v Information Commissioner (EA/2013/0044) the FTT ruled that the reasons for a head teacher’s long-term sickness absence from his school did not have to be disclosed as they constituted personal data, but whether the head teacher was being paid a salary during his absence should be disclosed. As head teacher, the individual in question occupied a senior position of responsibility at the school. He was no longer performing an active function at the school and whether or not he was being paid from public funds during the period of absence and inactivity is a legitimate matter of public interest and one which outweighs his right to privacy.

Personal Data under section 40 has the same meaning as in Section 1 of the Data Protection Act i.e. it has to be information, which relates to a living identifiable individual. The requested information does not always have to include a name. Even job title information can be personal data according to the FTT decision in London Borough of Barnet v Information Commissioner and another (EA/2012/0261). Here the requestor wanted the job titles of council employees who had attended a meeting at a solicitor’s firm in respect of a major council outsourcing project. Referring to a Supreme Court decision (South Lanarkshire Council v The Scottish Information Commissioner [2013] UKSC 55), the FTT ruled that disclosing details of a job title held by more than one local authority official could constitute processing personal data if there was a chance of those individuals being identified. The test was whether the subjects could be identified, not just by an ordinary member of the public but, by a “motivated intruder” (including the requestor himself with all the other information at his disposal).

Continuing on the same theme, in Yiannis Voyias v Information Commissioner (EA/2013/0003), the FTT held that the London Borough of Camden was correct to refuse to disclose the number of hours its employees worked and how much overtime they were paid. It was satisfied that disclosure of this information would lead to the identification of individuals and would be unfair. Therefore section 40 applied.

Personal data in Building Regulations applications held by councils is not exempt under section 40 just because it relates to another person’s property. In James Henderson v IC EA/2013/0055), the appellant’s neighbour was carrying out renovations on the other side of their shared wall. This resulted in cracks on his side of the wall, followed by a steel beam coming through the wall. He asked Brentwood Council for details of the works, as a Building Control application had been made to them.

The FTT held that full details of a Building Regulations application was personal data; but disclosing this information would not contravene the First Data Protection Principle. Therefore, the exemption set out in section 40(2) did not apply and the information was ordered to be disclosed. The FTT disagreed with the Commissioner, who held that the data subject would have had a reasonable expectation of privacy in relation to the information. In doing so the FTT took account of the fact that (a) before starting any work the data subject was obliged to make a formal application to the local authority which meant that the property and the work would be subject to inspections by their officers, (b) the property was to be rented out rather than lived in by him; and (c) the work had a direct effect on his neighbour’s property.

The Freedom of Information (Scotland) Act 2002 has a specific exemption to cover a deceased person’s health record. There is no such exemption in the 2000 Act. Sometimes the section 41 exemption (Breach of Confidence) can be claimed.

Two recent Tribunal decisions again emphasise the importance of checking whether the requestor is the deceased’s appointed personal representative. In Webber v IC and Nottinghamshire Healthcare NHS Trust (GIA/4090/2012), the appellant had made an FOI request for information (including hospital records) about the death of her son in 1999. The Commissioner and the FTT upheld the decision to refuse on section 41 grounds. The Upper Tribunal also dismissed the appeal. It ruled that disclosure would entail a Breach of Confidence which was actionable after the patient’s death. The appellant was not the personal representative of the deceased even though she could have applied to become so.

The Upper Tribunal also found that there would not have been a public interest defence to the Breach of Confidence. It gave weight to the fact that some of the information sought would or could come into the public domain or be obtained in another way: a coroners’ inquest, or through an application under the Access to Health Records Act 1990. This allows for requests for access to information to be made by, amongst others, the patients’ personal representative.

When considering disclosure of a deceased person’s information, consideration has to be given to any wishes expressed by the deceased before their death. In Trott and Skinner v Information Commissioner (EA/2012/0195) (March 2013) the appellants requested information relating to the care records of their deceased sister. East Sussex County Council confirmed that it held a relevant care file but refused to disclose it on the basis that it was provided in confidence. The FTT and the Commissioner were satisfied that the section 41 exemption was engaged. The requested information was confidential, disclosure of which would be a Breach of Confidence. Amongst other things it took account of the fact that the deceased was given the opportunity to indicate (in her home care agreement) that she agreed to let the Council “share personal information on care with family members/friends listed below.” She did not sign her agreement or list anybody in the space provided. The Tribunal also heard that on several occasions she was given specific assurances that her information would be kept confidential.

Furthermore the FTT was satisfied that the Breach of Confidence would be actionable. This was despite the fact that the sisters were the next of kin of the deceased. They were not the personal representatives of the deceased though. Neither the council nor the Commissioner had enquired as to who was. On further inquiry by the Tribunal, it was discovered that there was a will and therefore an Executor who has standing to act as the deceased’s personal representative. There was no evidence of consent for disclosure under FOI from this Executor. Therefore section 41 was engaged and there was no public interest defence to the disclosure.

Give your career a boost in 2014 by gaining an internationally recognised qualification in FOI. Keep up to date with all the latest FOI decisions in 2014 by attending our FOI Update workshops.

Section 36 of FOI: An Appellant’s Perspective

Norman Baird writes:

The University of London International Programmes offers an LLB degree by distance learning. It is studied by thousands of students worldwide. With such a large number of students, the University relies on a large number of lecturers from a variety of universities to mark the exam scripts. The University provides some academic support – in the form of written guides and recorded lectures – but relies on private institutions to provide face-to-face tuition. I am Academic Director of one such institution. I made an FOI request for the marking guidelines issued to the markers.

My request was declined. The University relied on S.36(2)(c) which is engaged if, in the reasonable opinion of the Qualified Person(QP), disclosure would or would be likely to prejudice the effective conduct of public affairs. If it is engaged it is then subject to a public interest test. The University stated that :

“disclosing the marking guidelines, in this case and as a precedent, would fundamentally affect one of the University’s core functions, that of robust exam assessment”.

And this opinion was arrived at on the basis of three subsidiary claims of particular harms. These are, somewhat confusingly, also described in terms of prejudices.

First, the University contended that “the disclosure of the marking guidelines… would be likely to prejudice the effective operation of the University’s examiners in preparing the most robust and effective guidelines…”

Second, that “disclosure of the marking guidelines would be likely to prejudice the actions and efforts of students, who may try to adapt their essay answers to marking guidelines developed at examiner level for examiners, resulting in mistakes in comprehension and lower attainment scores.”

Third, the University maintained that “disclosure would be likely to prejudice the nature of the guidelines, where a requirement to establish a process to publish marking guidelines will transform them from useful internal assessment tools to just another external facing study aid, of which a wide range of provision already exists.”

The Information Commissioner found in favour of the University and so I appealed to the First Tier Tribunal (Information Rights) on the grounds that the opinion was neither reasonable in substance nor reasonably arrived at. In addition, I contended that the public interest in favour of disclosure outweighed the arguments against. But in the limited space here I only want to look at a couple of my submissions.

My first ground was that the Qualified Person, Vice-Chancellor (V-C) Professor Geoffrey Crossick, had not expressed an opinion as required by the section. This had been added to my grounds of appeal at a late stage as it was only when the University responded to my initial appeal that I first saw the ‘opinion’ signed by the Qualified Person. He had been provided with an ‘evidence pack’ in which he was advised that, in the opinion of the International Academy of the University, disclosure would be prejudicial. He had written:

“I have now reviewed the evidence with respect to the FOI request asking for… the marking guidelines. It is my conclusion that the opinion – that disclosing the marking guidelines, in this case and as a precedent, would fundamentally affect one of the University’s core functions, that of robust exam assessment – is reasonable in substance.

I confirm that, in my capacity as qualified person, that this exemption is engaged with respect to the request for marking guidelines.”

He states that the opinion (of the International Academy) that disclosure would be prejudicial was a reasonable one. Now, it is clear that one person may recognise another’s opinion as reasonable without sharing that opinion. The section requires the QP to express his opinion that prejudice would or would be likely to be caused. The V-C did not do so.

And it is not possible to conclude from his final sentence that he believed that prejudice would result. He appears to have formed the view that, provided he thought the opinion was reasonable, the section was engaged. In effect, he expressed himself in terms consistent with the role of the Information Commissioner and not that required of a Qualified Person.

It is notable that the V-C was not consulted again at the internal review stage and there was no other evidence that, in his opinion, disclosure would be prejudicial. In addition, the advice given in the evidence pack with which the V-C had been provided the advice was ambiguous. Although S.36(2)(c) was reproduced, the V-C had been advised that the University’s opinion was that disclosure would be prejudicial and that he was required to ‘authorise’ the exemption.

My second ground of appeal was that the ‘opinion’ was not reasonably arrived at. There were a number of limbs to this submission including the fact that the subsidiary claims were unsupported by evidence, were barely comprehensible and there was no evidence that anyone involved in making the decision or advising the V-C had actually read the documents.

But I would like to focus on one submission as it appears to me to be central to the way in which the ‘opinion’ and the Decision Notice (DN) should be approached. It is well established that although the opinion need only be a reasonable opinion and not the most reasonable it must be ‘rational’, ‘not illogical’, ‘not arbitrary’. I submitted that there was a lack of logical coherence between the opinion and the subsidiary harms upon which it rests.

The ‘opinion’ was that disclosure would prejudice robust exam assessment. The subsidiary claims, however, are expressed in terms of likely effects. To conclude that prejudice to the assessment system would occur because prejudice to students and examiners is likely is as illogical and irrational as concluding that consumption of a drug would be fatal on the grounds that it is likely to induce a fatal heart attack and/or terminal cancer.

The response to this argument by the Information Commissioner was that although the University and the Decision Notice had claimed throughout that disclosure ‘would’ cause prejudice the overall tenor of the opinion and the DN was that the ‘would be likely’ limb was being relied on. In effect, the IC is saying that although he said one thing he meant another. As I argued at the Tribunal, if the opinion is to be read so that it is consistent with the subsidiary claims it is impossible for a requester to argue that the opinion and the subsidiary claims are incoherent.

The section is a powerful one for a Public Authority. It has been described as a ‘get out of jail free card’ and so it is submitted that it ought to be construed narrowly and applied strictly. It is not particularly difficult to express the opinion correctly. And although the Decision Notice is not to be read as though it is a judgment of the Court of Appeal, a requester who appeals is at a great disadvantage if all its inconsistencies are smoothed over to ensure the appearance of logical consistency and coherence.

It has been said (and was repeated at the Tribunal) that a requester will find it difficult to establish that an opinion was not ‘ a reasonable opinion reasonably arrived’. That will certainly be true if an opinion can be found when none was expressed and if the central requirements of reasonableness – rationality and logical coherence – are ignored or fudged.

I look forward to reading the opinion of the Tribunal but I am not optimistic.

Norman Baird has been lecturing on Criminal Law and Jurisprudence for approximately 30 years and runs law courses in London and abroad. He also publishes a blog: www.llblondon.com

Ibrahim Hasan will be discussing this and other recent FOI decisions in our FOI Update workshops in 2014.

Do you want an international recognised qualification in FOI? The BCS/ISEB Certificate in Freedom of Information starts in March 2014 in London and Manchester.

Exit mobile version
%%footer%%