Hawktalk takes a break until New Year

Have a good holiday

Commissioner to be questioned by MPs over poor FOI performance

Are you interested in Parliamentary blood sports? This happens when a hapless witness is given the “once-over” by a Select Committee seeking answers to basic questions.  If the answer is “yes”, put Tuesday 5 January (4.45pm) down in your diary; the Information Commissioner is giving evidence before the Justice Committee on “the Operation of the Ministerial FOI veto (Cabinet Minutes) and FOI caseload”.

Last Monday, my favourite digital channel featured a thirty minute adjournment debate at midnight. It was instigated by Gordon Prentice MP about his FOI request which appears to have taken over two years to resolve (Decision Notice still not issued). The MP was ranting and raving to an empty House of Commons except for the Minister and the Chair of the Justice Committee (Alan Beith MP) who was in attendance, listening intently.

Mr Prentice informed Parliament that “the Information Commissioner's office has a huge backlog of hundreds of cases, which go back to 2005”. He had received a copy of the "case-load snapshot" that the Information Commissioner issued: this runs “to about 30 closely typed pages, and about 30 to 40 cases are listed on each page. Prentice claimed that “the system is just gumming up”.  It will come as no surprise that the MP complained that his own request was one of those that were gummed up.

The Commissioner's attempt to calm the situation backfired. Possibly being alerted to the adjournment debate, he had hastily despatched an apologetic “I-am-eating-a-lot-of-humble-pie” letter whose other message can be summarised as: “We are now getting our finger out and will let you know by the end of January when we have investigated”.  This was dismissed by Prentice with the comment: “After 20 months, he is seeking further information” and the conclusion that the “Commissioner’s office is simply not coping”.

This means that the MPs on the Justice Committee will want to find out whether this experience is a common one – and believe me, this consideration will be informed by the many MPs who have experienced the FOI regime as requestors. That collective experience could result in another hard time from another Select Committee (see the blog of 15/09/2009: “Information Commissioner wrong to blame Parliament and the Courts”)

I think the Commissioner has two choices in January? He can argue that his office will be able to cope and the FOI system is not gummed up. As evidence, he can point to the facts published in his last Annual Report: namely that freedom of information appeals are up by 29 per cent, and that he is closing cases at a faster rate and the reduction in the backlog of cases. However, I think the more statistics like this he quotes, the more popular he makes the FOI regime, the more the impression he will give that he is swimming hard against an incoming tide of requestors without the necessary resources.

The second choice is for Commissioner to point to the fact that his office is constrained by Ministry of Justice (MoJ) control of the purse strings. He could say that the extra 10% of funding for FOI (£500,000) offered by the MoJ this year does not resolve the resourcing issues. He could also say that relying on help from the MoJ (e.g. the use of seconded civil servants by the Commissioner) presents a potential conflict of interest, in that when these civil servants return to their Departments, they are returning to public authorities against whom the Commissioner might take action.

In other words, the Commissioner has the chance to "cry freedom". He can argue that his office should report to, and be funded by, Parliament instead of being shackled to the paltry resources proffered by the Government of the day.

I will be watching to see whether he takes or misses that opportunity.

Reference: 14 Dec 2009 : Column 774 : Freedom of Information Requests. We are holding a number of FOI courses in Leeds, Manchester and London next year - details on http://www.amberhawk.com/brochures.asp

This is how to subscribe to Hawktalk using Outlook

1. On the Tools menu, click Account Settings.

2. On the RSS Feeds tab, click New.

3. In the New RSS Feed dialog box, type http://amberhawk.typepad.com/amberhawk/atom.xml

4. Click Add.

5. Click OK.
Posts will then appear in the RSS Feeds section automatically

ISA safeguarding rules use the wrong criteria.

I think whatever the procedures adopted by the Independent Safeguarding Agency (ISA), cases of unfair and excessive processing of personal data will be the likely outcome in future. The reason: the ISA’s check uses the wrong criteria.

The BBC’s web-site today explains that “The Vetting and Barring Scheme (VBS) will now involve only those working with the same children once a week, not once a month, for example” and that “the new rules will apply to about two million fewer people”.

The frequency of contact, I would argue, should not be the main risk criteria for a vetting check. The important risk factors are: the quality of unsupervised contact with children; the likelihood of such contact being lengthy in time; and whether such contact is in private and on a one-to-one basis (or in some cases one-to-very few basis).

That is why the much publicised case of authors reading their work at different schools is so illuminating. There is frequent contact with children but very little of such contact is unsupervised in the way described above. So why the need for an ISA criminal check at all? Changing the rules with respect to “frequency of contact” do not directly relate to the real risk factors: the nature of such contact.

In addition, paedophile Vanessa George would have sailed through the ISA’s comprehensive vetting system because there was no record of her involvement in such activities; as I argued before, checking once with the ISA is not a substitute for vigilance by other adults working with children.

In summary, not a significant change.

Also see.
(1) Blog of 02/10/2009 concerning Vanessa George: "Are data retention policies misguided?" (http://amberhawk.typepad.com/amberhawk/2009/10/are-data-retention-policies-misguided.html).

(2) Blog of 14/09/2009 dealing with "Vetted volunteers to “volunteer” fingerprints and obtain a “voluntary” ID Card?".  (http://amberhawk.typepad.com/amberhawk/2009/09/vetted-volunteers-to-volunteer-fingerprints-and-obtain-a-voluntary-id-card.html)

 

Scottish Government to extend coverage of FOISA? Hold your breath!

With a General Election looming, the Scottish minority SNP Government has decided to put clear “Skye-Blue” water between its attitude to Freedom of Information and that of the Labour Party – the main opposition in Scotland.

Scottish Minister for Parliamentary Business Bruce Crawford has confirmed the Scottish Government will consult in spring 2010 on whether to extend the Freedom of Information (Scotland) Act 2002 [FOISA] for the first time to cover a wider range of bodies who deliver public services in Scotland.

The organisations to be consulted on extending the FOISA legislation are:

• Local authority trusts and bodies with responsibility for providing leisure, sport and cultural services.
• Private prison operators running Scottish prisons and private contractors providing prisoner escort services.
• Glasgow Housing Association (mainly because of its size and influence) but no other Housing Association.
• Private contractors who build and maintain schools and hospitals, and those who operate and maintain trunk roads across Scotland.

However there is a large “get-out” provision. The Government promises to “listen to organisations who raise concerns about being able to meet the requirements of FOI".

When the UK Government set out a similar consultation exercise with 'high-falutin' objectives it ended up "listening" very intently. The result was that Jack Straw produced a mighty mouse of an extension to FOI (see my blog of 23/07/2009; “The Freedom of Information equivalent of ‘not tonight Josephine’?”).

Something similar could still happen in Scotland. As I said, don’t get too excited – it could just be politics.

Note: we are thinking of putting together some FOI/EIR courses based on Scottish law but we are not sure of the demand. If interested, please contact us (info@amberhawk.com).

Cartoon

 
©Chris Slane 

Prime Minister speaks: more FOI, more re-use and, by inference, less ID Card

There are three consequences arising from the Prime Minister’s speech today. The first is that more information is to be made public and the publication scheme might be the vehicle for this enhancement; the second is that the reuse of public information is to be expanded considerably and reuse is likely to be free (i.e. no licence fee); the third relates to the ID Card project (which might be in trouble).

In relation to more access to information, the PM said “I can announce today that we will actively publish all public services performance data online during 2010 completing the process by 2011. Crime data, hospital costs and parts of the national pupil database will go on line in 2010. We will use this data to benchmark the best and the worst and drive better value for money".

All I would say is that the public has to know where to find such stuff – hence the publication scheme might assume increased importance for FOI practitioners. and their respective public authorities.

In relation to the re-use of public sector information, the Gordon Brown said: “Releasing data can and must unleash the innovation and entrepreneurship at which Britain excels - one of the most powerful forces of change we can harness”. He continued “All of this will be available for free commercial re-use, enabling people for the first time to take the material and easily turn it into applications, like fix my street or the postcode paper” and “we will also release public transport data hitherto inaccessible or expensive and release significant underlying data for weather forecasts for free download and re-use”. So there you have it – more reuse and for free.

In relation to the demise of the ID Card system, my observation starts from what the PM said about Transformational Government. He said that “Switching transactions to online channels also frees up staff to provide personal support and advice. ... So during the next year we will set out service by service how transactions with government will move online as rapidly as possible, starting with student loans, jobseekers allowance, working tax credits and then child benefit. In 2011 we will move to exclusive online vat returns and employer tax returns”.

He added “Our aim is - within the next five years - to shift the great majority of our large transactional services to become online only - and this has the potential to save as a first step 400 million pounds but as transaction after transaction goes on line billions more”.

Now, transformational government needs an Identity Management system and that system is NOT the centralised ID Card if the next 5 year deadline is to be realised. In any event, submitting tax returns on-line does not need to have my 10 fingerprints taken! So will the Government have two or more ID management systems? I think not. The conclusion is to divest yourself of ID Card shares quickly or expect that project to be mothballed or the passport system to take its place!

Reference: full speech on http://www.number10.gov.uk/Page21633

Indefinite retention produces a DNA database that spans the population.

Most citizens in the UK should expect to be linked to the proposed DNA database. This is the conclusion I have reached when considering a policy that permits indefinite retention of DNA data of those who have committed “recordable criminal offences” (as defined by the Home Secretary, see this week’s blogs).

To show that this prospect is inevitable let’s go back to some official statistics. The first one is: “Research recently carried out on men born in 1953 revealed that one in three had a conviction before they were 46 years old”. The second statistic is: “Across England and Wales, the rate of men aged 18 or over found guilty of offences in 2005 was four times higher than that of women aged 18 and over (55 men per 1,000 population compared with 12 for women)”. So, if one in three males has an offence, and this is four times the women offenders’ ratio, we can roughly assume that one in twelve women has a conviction.

Other statistics state that in 2008, the population in England and Wales was about 54.5 million. A statement to Parliament in November 2008, revealed that in March of that year there were “857,366 people on the NDNAD who had been sampled by England and Wales police forces did not have a current criminal record on PNC” (Hansard, 4 Nov 2008 : Column 358W). A simple division tells us that around 1.6% of a random population will have no criminal record but will be on the DNA database.

Because of the proposed six year retention period (instead of indefinite retention), this means we have to treat the 1.6% as an upper-limit. However, at least we have a number: Ministers for some reason can’t even do the calculation above. They repeatedly claim in Parliament that “It is not possible to say how many people on the NDNAD (the DNA database) have not been convicted” (Hansard, 15 Sep 2008, Column 2070W) so it is nice for Hawktalk to be of assistance.

Now imagine decades of indefinite retention of criminal records (which is the policy of all main political parties). For every group of 1000 individuals equally divided into 500 men and 500 women, there will 167 male criminals (one third of males) and 42 female criminals (one twelfth of women) and up to 16 “non criminals” (1.6% of 1000) with a DNA sample on the database. This means that between 209 and 225 individuals (or 21%- 22.5% of the population) will be on the DNA database.

The point being made is that if current criminal trends remain constant and the Government’s indefinite retention proposals are enacted into law, it reasonable to assume that the DNA database entries will eventually accumulate to around 21%–22.5% of the UK population.

Note that this estimate ignores the impact of the retention of DNA data relating to those who have died. One of the statutory functions of the DNA database is to identify deceased persons – so this means dead persons DNA are retained (indefinitely if they had a recordable criminal record).

Now ask yourself two questions:

(1) where does your DNA profile come from and who have you given your DNA to? Answer from your parents (2 of them) and to your children (2.3 of them!), so 50% your DNA is closely linked to about 4.3 individuals.

(2) Will the police aim to develop techniques that map the DNA data that they can legally keep (e.g. individuals committing recordable offences) onto those whose DNA they haven’t got? Obviously yes.

Now assume that such a technique has been developed. A DNA database that maps 21%-22.5% of the criminal population really has a multiplier of around 4.3 attached (i.e. 90%-97% of the population) and this is not taking into account of the indefinite retention of DNA data on dead criminals. The better the technique the more coverage is achieved (e.g. a technique that maps your DNA to DNA from grandparents or grandchildren would imply a multiplier of over 8).

This explains why I think that the DNA database, even though it is limited to data relating to recordable offence criminals, will eventually span most of the UK population. It is not a question of whether, it is a question of when; this prospect needs only the passage of time and a technical innovation. In other words, the policies of all political parties is for a universal DNA database to arise, by default, in the UK. 

So I conclude that the real question with respect to DNA retention policy is whether to keep DNA data on everyone for a policing purpose. If not, let us have some sensible retention criteria? If yes, why stop at DNA? Why not to keep telecommunications data, or banking records, or anything else indefinitely for the police?

Statistics references:  Men http://www.statistics.gov.uk/STATBASE/ssdataset.asp?vlnk=4480&More=Y: Women http://www.statistics.gov.uk/cci/nugget.asp?id=1968. UK population: http://www.statistics.gov.uk/cci/nugget.asp?ID=6

Information Commissioner is the regulator for the DNA database.

The Government has decided not to have a specific “DNA Commissioner”. This means that because DNA data are personal data, the Information Commissioner will become the prime regulator in relation to the Government’s DNA retention provisions. However, as will be discovered, the Commissioner will have his hands tied behind his back by the legislation as currently drafted.

For example, the intention is that DNA data will be retained for specific periods of time (e.g. those convicted of a recordable offence have indefinite retention - see yesterday’s blog). This means that the Information Commissioner cannot enforce the Fifth Data Protection Principle dealing with retention, as the law has specified the lawful retention period. Neither can the Commissioner effectively regulate DNA data that relate to individuals who have died, because those data are not personal data.

Note the Data Protection Act cannot balance the interests of the police in retention of DNA data versus the interests of the data subjects in having DNA data deleted. It is the Home Secretary who determines where that balance of interests lies, even though the Home Secretary has political responsibility for the police and a vested interest in the outcome of any DNA retention policy.

The Home Secretary argues that he is protecting individuals. In a written statement, he says under the heading “Destruction of DNA and fingerprints profiles before the end of retention period” that “Currently, Chief Officers may consider the exceptional destruction of DNA and fingerprints under the exceptional case procedure. We propose to introduce greater transparency by setting out in statute more clearly defined criteria where deletion would be appropriate. This should bring greater clarity to the public and also the police”.

This, frankly, is a load of tosh. If you look at the Crime and Security Bill, a Chief Constable must delete DNA data if its collection was unlawful. Hang on a second - this is not a protection - it is a statement of the bleeding obvious! What would you say if someone argued thus: “I know the personal data were collected unlawfully, but I will continue processing in any event”.

Then there is a condition that requires deletion of DNA if there is mistaken identity. This is also very limited: for example, if a police officer misinterprets the evidence and makes an arrest of the wrong person, then this is not a case of mistaken identity. He has arrested the right person but on false grounds.

Finally the Chief Constable can determine whether it is “appropriate” to remove the DNA data depending on the circumstances of the case. It is with this latter provision, the Government has deliberately reduced the protection afforded to data subjects by the right to object granted by Data Protection Act.

The Act’s right to object would allow a data subject to argue that although the police have processed the DNA data in accordance with its statutory needs, the processing has caused substantial unwarranted distress or substantial unwarranted damage.  Note that this right to object balances the various interests, has an independent umpire (the Commissioner) and an accessible appeal process (The Tribunal) to determine whether or not DNA should be retained or not.

By contrast the Government’s “greater clarity” procedure lets the data controller who is responsible for the processing of the DNA data in the first place (the police) decide whether the data should be deleted or not.

In short, the kind of  “balance”  that is achieved by letting Count Dracula decide whether patients or vampires should receive blood transfusions from the NHS.

Cartoon

©Chris Slane