Presentation on theme: "Information Law & Governance 11 November 2014 Key contacts: Simon Charlton / Associate 0121 200 8118"— Presentation transcript:
Information Law & Governance 11 November 2014 Key contacts: Simon Charlton / Associate Emma Emery/Partner
Contents Decision Notices and Case Law update FOIA/DPA update Enforcement Actions by the ICO including a case study on Niebel v Information Commissioner Overview of the Information Rights Tribunal procedure
Human Rights Act 1998 Direct Result: Data Protection Act 1998 – governs the storage of and the access by individuals to personal information about themselves held by any body (private or public). Protects personal data. Freedom Information Act 2000 – allows individuals access to information held by Public Authorities of “recorded” non personal information. NB: Access is to information, not necessarily to documents.
Freedom of Information Act – Public Authorities’ Obligations Adopt and maintain a “publication scheme”. Respond to requests for information under the Freedom Information Act Obligation to respond within 20 working days. Presumption is for disclosure – cultural change.
Data Protection Act 1998 An individual is a data subject. Records relating to LIVING PERSONS. Came into force – 1 March Disclose within 40 calendar days. Strengthens and extends data protection regime created by Data Protection Act 1984.
Freedom of Information Act 2000 Requests for Information Can be made by:- Any person – corporate or unincorporated body. Could be foreign applications via UK agents. For data held by or on behalf of the Public Authority. Request must be in writing (no statutory application form). Must provide name and address of correspondent ? ( ?).
Requests for Information Must describe information required. Must pay a fee. Respondent Authority duty bound to provide reasonable advice and assistance. Authorities ( subject to exceptions) have to: (i)State whether they hold such information. (ii)Communicate actual information.
Requests for Information Satisfy request within 20 working days once fee is paid unless there is a need to consider public interest. If so estimate of time for disclosure should be given to applicant. Hence need for early decision making. Breach of 20 working days common ground for criticism and sanctions from ICO. Need process to deal with complicated requests. Staff equipped to recognise exemptions. Staff equipped to consider public interest test.
FOIA Exemptions Absolute – do not require the test of prejudice or the balance of public interest to be in the favour of non disclosure. Section 36 – Prejudice to effective conduct of public affairs (relating to information held by Parliament). Section 40 – Personal Information (disclosure may contravene DPA 1998). Section 41 – Information provided in confidence. Section 44 – Prohibitions on disclosure.
FOIA Exemptions Qualified – public interest test to be applied to decide whether exemption should be applied or not. Section 36 – Prejudice to effective conduct of public affairs (excepting Parliament). Section 37 – Communications with Her Majesty etc., and Honours. Section 38 – Health and Safety. Section 39 – Environmental Information. Section 42 – Legal Professional privilege. Section 43 – Commercial interests.
FOIA-Public Interest Test Does the public interest in withholding information outweigh the public interest in releasing it? If information is exempt this does not mean the whole document will be withheld.
Section 40(2) Personal Data Halton Borough Council, ICO Decision Notice ref FS April 2014 Governing Body of Reading School v (1) Information Commissioner (2) James Coombs EA/2013/0227, 15 April 2014 Jonathan Corke v Information Commissioner EA/2014/ June 2014
Recent Cases Edem v Information Commissioner – Court of Appeal  EWCA Civ 92. Surrey Heath Borough Council v (1)Information Commissioner (2) Morley  UKUT 0339 (AAC) Farrand v (1)Information Commissioner (2) London Fire & Emergency Planning Authority  UKUT 0310 (AAC)
FOI/EIR and Vexatious Requests Section 14 of the Freedom of Information Act 2000 –Section 1(1) does not oblige a public authority to comply with a request for information if the request is vexatious Regulation 12 (4) (b) of the Environmental Information Regulations 2004 –…a public authority may refuse to disclose information … to the extent that the request for the information is manifestly unreasonable.”
Case Law Upper Tribunal considered what constitutes a vexatious request in Information Commissioner v Devon CC and Dransfield  UKUT 440 (AAC) Judge Nicholas Wikeley described section 14 as a “get out of jail free card” for public authorities Key factors –the burden (on the public authority and its staff) –the motive (of the requester) –the value or serious purpose (of the request); and –any harassment or distress (of and to staff).
ICO Guidance Revised guidance issued in May 2013 Authorities should address the four themes. “Significant burden” becomes one factor rather than a first test. Well reasoned evidence is needed. Authorities should engage with applicants to help them understand why they consider a request to be vexatious.
EIR ICO Guidance on dealing with “manifestly unreasonable requests” issued in March 2013 may relate to the request being vexatious or the cost of compliance being too great “there is no material difference between a request that us vexatious under section 14(1) of FOIA and a request that is manifestly unreasonable on vexatious grounds under the EIR” “the exception is subject to the public interest test. In practice however, many of the issues relevant to the public interest test will already have been considered when deciding if the exception is engaged.
Cases since Dransfield Cain v Information Commissioner (EA/2012/0226) Sivier v Information Commissioner (EA/2013/0277) Department of Education v (1) ICO (2) L.McInerney (EA/2013/0270) NS Chadha v IC EA/2013/260
Section 3 (2) Information held by public authority Hackett v (1) IC (2) United Learning Trust EA/2012/265 Sandwell MBC FS Innes v (1) IC (2) Buckinghamshire County Council 2014 EWCA Civ 1086
Section 43 Prejudice to Commercial Interests Hugh Mills v IC EA/2013/ May 2014
Publications/Guidance Local Government Transparency Code ICO Audit of 16 Local Authorities ICO Publication : Definition Documents & Templates Guides for Model Publication Schemes ICO Publication: CCTV Code of Practice
News Privacy by Design Beacon Technology
Information Law and Governance Enforcement action by the ICO
Enforcement action by the ICO Information Notice (section 43 DPA) –Grounds –Content –Failure to comply –Defence –Privilege and self incrimination
Enforcement action by the ICO Enforcement Notice (section 40 DPA) –Grounds –Content –Failure to comply, defence –Recent cases: Wolverhampton City Council 15 May 2014 Glasgow City Council 4 June 2013
Enforcement action by the ICO Assessment Notice (sections 41A – C DPA) –Audit –Grounds –Content –Code of Practice –Failure to comply – Schedule 9 –Undertakings
Enforcement action by the ICO Monetary Penalty Notice (section 55 DPA) –Very high threshold Deliberate Knew or ought to have known Significant damage or distress –Maximum penalty £500,000 –Notice of intent and representations
Enforcement action by the ICO Monetary Penalty Notice (section 55 DPA) –Aggravating and mitigating circumstances Effect of contravention Behavioural issues Impact on Data Controller –Right of Appeal –Enforcement –Guidance
Enforcement action by the ICO Monetary Penalty Notice (section 55 DPA) –Recent cases Ministry of Justice August £100,000 Department of Justice Northern Ireland Jan £185,000
Enforcement action by the ICO Criminal Prosecution –Failure to notify (ss 17(1), 21(1)) –Failure to notify of changes (ss 20(1), 21(2) and (3) Jayesh Shah –Unlawful obtaining of personal data (s55) Dalvinder Singh –Penalties
Case Study: Niebel v Information Commissioner Appeal against MPN Breach of PECR but appeal against section 55A not PECR breach Central London Community Healthcare NHS Trust –Failed to properly exercise discretion –Self reported so barred –Unlawful not to extend discount period –Amount unsustainably high
Case Study: Niebel v Information Commissioner Notice and representations Grounds for challenge –Serious contravention –of a kind likely to cause significant damage and significant distress –Deliberate –Knew or ought to have known Serious contravention would occur Likely to cause significant damage or distress
Case Study: Niebel v Information Commissioner Request for particulars/statement of the contravention Evidence Tactics