Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public rights of access to information Grisilda Ponniah, Corporate Information Governance Manager Mary Elliott, FOI Officer Legal & Democratic Services.

Published byMoris Bridges Modified over 9 years ago

Similar presentations

Presentation on theme: "Public rights of access to information Grisilda Ponniah, Corporate Information Governance Manager Mary Elliott, FOI Officer Legal & Democratic Services."— Presentation transcript:

1 Public rights of access to information Grisilda Ponniah, Corporate Information Governance Manager Mary Elliott, FOI Officer Legal & Democratic Services

2 Contents Overview of Legislation FOI/EIR Examples of Requests DPA Examples of Requests

3 Legislation – rights of access to recorded information held by public bodies o Environmental Information Regulations 2004 (‘EIR’) – environmental information eg asbestos in school buildings, drainage, waste o Data Protection Act 1998 (‘DPA’) –information held about the person requesting the information o Freedom of Information Act 2000 (‘FOI’) – information not covered by either EIR or DPA o Pupil Information (England) Regulations 2005 – right of access to educational records for parents

4 Legal Timescales FOI – 20 school days ie does not include school holidays (up to a maximum of 60 working days) EIR – 20 or 40 working days (if request is complex and voluminous) FOI/EIR – clock can be stopped for clarification – then re-calculated from date of clarification DP – 40 calendar days Pupil Info regs – 15 school days

5 Requests under FOI/EIR Do not have to refer to FOI or other legislation FOI Requests must be in writing ie letter email online form tweet facebook EIR requests can also be verbal Clear description of the information required Name and address of applicant (No name needed for EIRs) - do not have to give postal address or telephone number and an email address is sufficient Applicant and purpose blind – responses deemed to be in public domain

6 o Publication Scheme/FOI Policy/DP Policy o Confirm/deny if information is held o Respond and supply within legal timescales unless: Not held Vexatious/repeated/manifestly unreasonable Exceeds cost limit (18 hours work) (NB does not apply to environmental information) Exemption applies o Give advice and assistance to requester o When responding tell the requester how they ask for a review of the handling of the request and how they can complain to the ICO (Information Commissioner’s Office) if still unhappy Your duties under FOI/EIR

7 Publication Scheme Pro-actively publish information/data Adopt Model Publication Scheme – see ICO website Various classes of information Guide to information available

8 Guide to information

9 Good Practice Points Make sure your records are properly managed and information can be located easily Keep a record of requests received and when they were responded to – the requester can complain to the ICO if the request is not handled properly Template responses

10 What happens if the requester is not satisfied If the requester is unhappy with the handling of the request he/she can ask the Chair of Governors to review how it was handled If not satisfied with the Chair’s review can refer it to the Governing Body The next stage is to complain to the ICO Followed by appeal to First Tier Tribunal

11 ICO enforcement powers Naming and shaming of authorities not complying or consistently issuing late responses and/or audit of those authorities Decision notice (may be accompanied by press release) re handling of request Information notice Undertaking Enforcement notice – failure to comply treated as if ‘contempt of court’ – fine/prison Powers of entry and inspection

12 Examples of Requests for Information

13 Example 1 Please provide me with the following materials: + An electronic copy of your staff handbook or equivalent document + An electronic copy of the dress code or guidance to which your teaching and support staff are expected to abide + An electronic copy of the plans/procedures regarding the lunchtime break and activities organised, who is in control, rotas etc. Email address request-5***2-bd***f**@whatdotheyknow.comrequest-5***2-bd***f**@whatdotheyknow.com The request came in on 12 August during the summer break.

14 Points to consider How long do I have to answer? Is it a valid request? Has the requester given a valid name and address? What do I need to include in any response? Is it already available on the school website? Should I make it available to limit further requests?

15 Example 2 - Request for contract documentation for building project The requester asks you for copies of all the tenders including the successful tender. He asks you to send it as an electronic document and gives you his email address

16 Points to consider Should all the information requested be released? Do you have to send it to the requester in the format requested? Has the project been completed? How much time has passed since the tender? Is any environmental information included?

17 Possible exemptions Section 41 – Information provided in confidence Section 43 – Trade secrets and disclosure prejudicial to commercial interests of authority/third party (public interest test) OR Regulation 12(5)(e) – the confidentiality of industrial information where such confidentiality is provided by law to protect a legitimate economic interest (public interest test)

18 What might be disclosable? Generally pre-award of contract information unlikely to be disclosed because it might prejudice the procurement process Contract negotiation phase some unsuccessful bidder info might be disclosed such as names rankings and any non sensitive info Successful bidder – some info such as total price but not cvs/refs/financial models/price breakdowns

19 Format of response FOI – can express a preference including inspection or summary Authority should supply in format requested so far as reasonably practicable (can take cost into account) EIR – authority should make it available in format requested unless it is reasonable to make available in another form or format or it is already publicly available and easily accessible to the applicant in another form or format

20 Example 3 I would like to request a complete list of suppliers/contractors and consultants that have been used over the past year when procuring IT Software and the total spend on IT Software during the past financial year. Request is from the Marketing Director of a software supplier

21 Points to consider This looks like a marketing exercise – can I therefore treat it as spam and not respond? Should I be publishing where to find details of business opportunities for potential contractors?

22 Example 4 Please supply the following information: [Long list of data required, some of which is archived information or will require going through a large number of paper files]

23 Points to consider Will it take longer than 18 hours to locate retrieve and collate the information? How to estimate the work involved? Choices eg refuse supply free of charge or charge Duty to advise and assist – narrowing scope Records Management/Retention Schedule

24 Example 5 Please supply me with copies of all the governing body minutes for the past year The request is from a local resident

25 Points to consider Should I disclose Part 2 confidential minutes? If not, on what grounds? Section 36 exemption (prejudice to effective conduct of public affairs) can only be applied by a qualified person – chair of governors Is there any personal information that needs to be redacted?

26 Example 6 Please supply the following Head Teacher’s salary Mrs P’s (classroom assistant) salary The classroom assistant for Green Class’s salary The total expenditure on staff salaries

27 Points to consider Is the information requested personal information? If it is, can I refuse it? Is the member of staff a senior or junior member of staff? Do I treat senior/junior staff differently? Balance between public accountability and privacy

28 Example 7 In accordance with my rights under the Freedom of Information Act I want see all the information that you hold about me.

29 Points to consider Is this a request under FOI? How should it be handled?

30 Any Questions?

31 Access under DP Act (Subject Access Requests)

32 What is Personal Data? o“ Personal Data ” - any information relating to an identified or identifiable living individual (data subject) oAn identifiable person – a person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity

33 Notification to Information Commissioner’s Office (ICO) o ICO is regulator – statutory requirement to notify o Description of the processing activities is placed on a public register of notifications o You must comply with data protection principles - framework for the proper handling of personal information

34 8 Principles of ‘Good Information Handling’ 1. Fairly and lawfully processed 2. Processed for limited purposes 3. Adequate, relevant and not excessive 4. Accurate and up to date 5. Not kept for longer than is necessary 6. Processed in line with your rights 7. Secure 8. Not transferred to countries outside of the EEA without adequate protection

35 Other forms of processing personal data CCTV Photographs of pupils/staff biometric data eg finger prints used for library/school meal payments etc

36 Examples of DP breaches Loss/theft of unencrypted laptop/memory stick Wrong email/fax recipient Not checking photocopying before sending out and including page/s not intended for recipient Having an insufficiently secure IT system with weak password control (allowed hackers access to sensitive information) Personnel file left in car park Conversation about personal information in a public environment eg train bus café SEN file left in discarded filing cabinet

37 What are the implications? For the Head Teacher – disciplinary proceedings leading to dismissal for gross misconduct For the School – the possibility of a compensation claim under DPA and/or enforcement action by the ICO plus bad publicity and/or follow up FOI requests from parents/local press

38 ICO enforcement powers Prosecutions – Section 55 offences Monetary Penalty Notices (up to £500,000) Undertakings Enforcement Notices eg to introduce measures such as mandatory training for staff

39 Who can make requests for personal information under DPA (Subject Access Requests)? Parents or those with parental responsibility in own right as parents (Educational records) on behalf of child (Subject Access Request (DPA)) – consent needed from child if ‘Gillick’ competent ie mature enough to understand (c 12-13 years old) Child if competent as above Solicitors acting for parent/child – need consent from parent/child as appropriate

40 Timescales/Charging Request proof of identity and/or fee 40 calendar days from proof of identity/payment of fee £10 fee for subject access requests Sliding fee up to £50 for copies of educational records

41 Format for response Hard copy – ensure redaction is secure Electronic – convert to pdf format or password protect Ensure recipient receives response direct if possible and not through 3 rd party

42 Examples of Requests for personal information

43 Example 1 The school receives a telephone call from an officer at the Borough Council. The officer is investigating benefit fraud and is asking for the addresses of 4 pupils who attend the school so he can check this against their records

44 Points to consider Should the requester be asked to put request in writing confirm ID confirm authority from Council? Is consent necessary? Powers under Section 29 (3) (see later slides for more detail)

45 Example 2 A man contacts the school office to inform the school that he is the estranged father of two new pupils in Year 4 and 6. He is requesting copies of all documents relating to his children and wants to be added to the contact list so he receives copies of communications from the school

46 Points to consider ID? Is the request in writing? Parental responsibility? Notified of issues relating to access? Court injunction?

47 Educational records – what should not be disclosed if disclosure would be likely to cause serious harm to the physical or mental health or condition of the child or someone else information re risk of child abuse, where the disclosure of that information would not be in the best interests of the child references supplied to potential employers of the child etc certain court reports information recorded by the pupil during an examination; third party personal information without consent unless reasonable in all circumstances any legal advice given to the School

48 Example 3 A dance teacher uses the school hall for an after school activity. The after school activities coordinator has given the dance teacher the mobile telephone numbers for parents

49 Points to consider Is this a breach of the Act? Purposes personal information collected? If it is, what should the school have done to process the information in accordance with DP?

50 Section 29 Crime and taxation. (1)Personal data processed for any of the following purposes— (a)the prevention or detection of crime, (b)the apprehension or prosecution of offenders, or (c)the assessment or collection of any tax or duty or of any imposition of a similar nature, … (3)Personal data are exempt from the non-disclosure provisions in any case in which— (a)the disclosure is for any of the purposes mentioned in subsection (1), and (b)the application of those provisions in relation to the disclosure would be likely to prejudice any of the matters mentioned in that subsection.

51 Questions to ask if Section 29(3) DPA being used Has the request been submitted in writing and signed by a senior officer Am I sure the person is who they say they are? Is the person asking for this information doing so to prevent or detect a crime or catch or prosecute an offender? – need to be specific If I do not release the personal information, will this significantly harm any attempt by the police to prevent crime or catch a suspect? –consent not needed If I do decide to release personal information to the police, what is the minimum I should release for them to be able to do their job?

52 Do I have to release the information requested? If you have genuine concerns about releasing the personal information (for example, because you think you have other legal obligations such as the information being confidential), then you can ask the police to come back with a court order requiring the release of the personal information. If the court decides you should release the information, you will not break the Act by obeying the order. Consult Legal Services if part of ‘legal insurance scheme’

53 Example 4 A memory stick has been found in the park by a member of the public who passed it to a local reporter who rings the school. Amongst the information stored on the device are SEN statements – the name of the school is shown together with the names of the pupils

54 Points to consider Is this a breach? Was the memory stick encrypted? Did the School know it was missing ie was the loss reported? How long was it missing? Where was it during the time it was missing? Who should be informed? Containment and recovery

55 Finally…points to remember o Ensure language used in any recorded information is appropriate as it could be made available on request o Take care when o e-mailing – use cc and bcc appropriately and ensure correct recipient o faxing o photocopying o Only use encrypted devices o It is a criminal offence to conceal, damage or destroy records after they have been requested (currently £5,000 fine) o FINES OF UP TO £500,000 FOR DP BREACHES

56 Any Questions?

57 Further information Guidance on ICO website on FOI and DP including plain English guide to the FOI Act and Model Publication Scheme The Guide to Data Protection hardback published by ICO

58 Contact Details www.ico.gov.uk Rachel Hickman (Schools Solicitor) 020 8541 9128 xxxxxx.xxxxxxx@xxxxxxxx.xxx.xx Mary Elliott (Freedom of Information Officer) 020 8541 7969 xxxx.xxxxxxx@xxxxxxxx.xxx.xx Grisilda Ponniah (Corporate Information Governance Manager) 020 8541 9915 xxxxxxxx.xxxxxxx@xxxxxxxx.xxx.xx

Download ppt "Public rights of access to information Grisilda Ponniah, Corporate Information Governance Manager Mary Elliott, FOI Officer Legal & Democratic Services."

Similar presentations

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
BC Freedom of Information and Protection of Privacy Act

BC Freedom of Information and Protection of Privacy Act
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Transparency in Public Administration – FOI and EIR

Transparency in Public Administration – FOI and EIR
Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.

Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.
Www.nationalsmartcardproject.org.uk www.scnf.org.uk National Smartcard Project Work Package 8 – Information Law Report.

National Smartcard Project Work Package 8 – Information Law Report.
Freedom of Information – a brief guide David Evans.

Freedom of Information – a brief guide David Evans.
Data Protection and Freedom of Information The Warwick Network 12 August 2015 Natalie Snodgrass – Administrative Officer, University Secretary’s Office.

Data Protection and Freedom of Information The Warwick Network 12 August 2015 Natalie Snodgrass – Administrative Officer, University Secretary’s Office.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
1 OVERVIEW PRESENTATION FREEDOM OF INFORMATION (SCOTLAND) ACT 2002.

1 OVERVIEW PRESENTATION FREEDOM OF INFORMATION (SCOTLAND) ACT 2002.
Exemptions and the Public Interest Test Louise Townsend - Masons.

Exemptions and the Public Interest Test Louise Townsend - Masons.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations

Similar presentations

Ads by Google