Doing BCS (ISEB) Courses? Top Tips from a Successful Candidate

ANT ISEB WebsiteI have been asked to write a blog on what I had learned from recently taking – and thankfully passing – the ISEB/BCS courses in FOIA and DPA. Maybe I internalised the legislation too much, but for some reason I could only think of addressing it in terms of 8 principles:

1. Start from scratch

Whilst you may have a lot of knowledge and experience in FOI/DPA, try and go back to square one and approach the Acts like new legislation. You may find that, due to the demands of your sector and your role, you know different areas of the relevant Act much better than others. The syllabus leans towards no sector in particular so picking up the legislation again and starting from scratch can really help. Some of the areas I knew least about at the start of the course became the basis of my strongest essay answers.

2. The pen is mightier hard to write with than the keyboard

Writing legibly is one thing. Writing legibly for three hours is a whole different matter. If like me, you are so used to rattling away on a keyboard that you get cramp scrawling a shopping list, then it is time to do some training a good few weeks before your course starts. Start by trying to write a few pages of longhand, even if it is just copying some text. It is worth the effort. Investing in a couple of decent pens really helped my writing, which has never been the neatest.

3. Do your homework!

…as my mum used to shout! This is tough. You may feel inspired by the session and then find yourself back in a hectic day job, and suddenly training day comes round again. Try and find time for it, either over lunch at work or blocking time in the evenings. I knew people who wrote essays perfectly well on the tube – I don’t know how! The homework essay questions are essential to get back into that mode of constructing an argument and recalling facts. Avoid the ‘I did the essay in bullet points’ approach; presenting the argument in paragraphs and prose is as much part of the exercise as knowing the key points. It helps with principle 2 aswell.

4. Expand your mind

Many of us will make use of the ICO’s website or the JISC lists to pick up the latest information. For your exam and for your overall working knowledge it is really worth doing some ‘wider reading’. For matters FOI/DPA there is luckily a thriving blogosphere and twitterati (is that even a word?) to follow the latest developments. This is especially important for the DPA ISEB, where knowledge of the case law is vital. I found the following really useful (in no particular order) – there are many more:

Act Now Training

Information Rights and Wrongs


2040Information Law Blog


Data Protector

David Higgerson

Campaign for Freedom of Information

5. Enjoy the group

In both the DPA and FOI ISEBs, I have been really lucky to be in with a friendly and supportive group of co-students. The benefits of this go way beyond the practicalities of preparing for the exam. It is re-assuring to meet others who have faced the same challenges and problems. They may have tried different approaches to policy or procedural questions. Chat to the person next to you!

6. Don’t mock it

The mock exam is one of the most important parts of the whole course and invaluable in preparing you for the big day. You can do an essay question for homework under exam conditions but it won’t prepare you for starting the same question with only half an hour left on the clock and 25 pages of writing behind you. Treat it as much as possible like a real exam. Even going through the basics in the mock helped (e.g. how to fill out the multiple choice paper). It means that on the exam proper you can focus your stress on the questions themselves. I also learnt that eating an entire packet of mints in 3 hours would not necessarily enhance my exam performance.

7. Revise!

Forget DVD box sets or the football on TV for a few weeks – you have to make the revision count. Go for everything you can fit in: practice questions, podcasts, online seminars. I personally had a lot of difficulty with the Section B ‘bullet point’ questions, which rely on memorising information (e.g. the headings of the FOIA s45 Code of Practice). I found refuge in the humble index card to get the basics down and had friends or family test me. Make the time for yourself – you will reap the benefit come the exam.

8. Treat it as more than just a certificate

Education is becoming increasingly seen as a commodity, something you pay for and get a return from. Fair enough, the ISEB works like this. Work hard and get your certificate. And yet, like all education it does so much more than that. It fills you with ideas to take back to your workplace, makes you think about where you can take your new-found or rediscovered study skills (more part-time education or qualifications?) and develops contacts and networks with other practitioners.

Good luck!

Kit Good is University Records Manager and FOI Officer at the University of London. He has successfully completed both BCS (ISEB) courses with Act Now. Follow Kit on Twitter: @kit_urm and read his blog:

Our next BCS (ISEB) courses start in June.  Delegates can now make use of our online resources page  with exclusive access to guidance notes, quizzes and over four hours of videos.

More advice about BCS ISEB and how to pass here:

The £200 taxi and the 4 inch fish.

It was December. I’d spent a day training in Edinburgh and the following day was doing a morning in Reading. Bad planning I know but all I had to do was take a train from Edinburgh to London then on to Reading and I’d make the hotel in time for a pizza and a beer. I’d booked in advance and found a first class advance ticket from Edi to Lon for just £31. I was looking forward to a pleasant journey and maybe a quality snack or two.

Things started badly. There was flooding in the air. I know it’s usually on the ground but we live in interesting times.


The booked train was cancelled. I took the following one and settled down to a slightly delayed journey but ultimately a stuffed crust and a kronenbourg. Then we arrived at Darlington. The floods meant that we had to sit still for 3 hours. It wasn’t much fun. The relief train crew from Newcastle, contrary to all expectations, had forgotten to load the pies so first class refreshments were down to cans of speckled hen and Dolmen peanuts. They were free which did ease the pain.

Further delays as we were re routed meant a very late arrival in London. As the clock ticked round to midnight I started to get worried. Tubes would stop; most busses would stop; I suppose there would be taxis but would Paddington be open this late…

Out of the blue at 0115 in the morning as we crawled though north London an announcement came over the tannoy. “Passengers needing assistance for their onward journey should contact East Coast staff at Kings Cross who would help with taxis.”


I walked through the train to get to coach M so I was first off and strode boldly up to an East Coastie.

“Where are you going to sir?”


“Follow me sir”

Minutes later I was in a large taxi with 5 other fellow travellers sliding westwards through slick rain covered streets. My companions were  going to Ealing, Heathrow and other points west but I was the Marathon man so I snickered silently to myself.

Eventually at 3am we arrived at my hotel. For the last 30 minutes I chatted to the driver and he set out a wonderful life enjoyed by London mini cab drivers on the evenings when trains were delayed. They knew from experience and watching the media when the pickings would be rich. When they arrived at the terminus they would have no idea where they would end up but they knew it was a large guaranteed fare.

My driver said he’d done Kings Cross to Portsmouth; Victoria to Leeds, Kings Cross to Bath. The best nights were when Eurostar was delayed. He’d once has a trip to Edinburgh from St Pancras. He didn’t tell me the exact meter reading but the phrase “Four figures guv” said a lot. Some weeks in the winter he did two or three nights like this.

It had been a full train due to the earlier cancellations. There had been standing in first class. I estimated several hundred grumpy and tired passengers had disembarked at Kings Cross and been squeezed in to taxis to finish their journeys. Even with 5 in a taxi at least 100 taxis had been used on that train at £200 a taxi. I wonder how much that cost?

They also refunded the cost of the ticket as it was waaaaaaaaay over their expected arrival. I expect the other several hundred passengers had theirs refunded as well.

Contrast that with the 1703 north from Kings Cross on an equally cold and wet day in February. I’d done another day’s training and was looking forward to my first class offering. (Senior rail card otherwise I’d be in second err…standard class).

The complimentary glass of alcohol. OK. The complimentary peanuts. OK. The hot dish was a disappointment. Fish & Chips. Nonetheless I ordered it.

filetoWhat a disaster. When it arrived 5 minutes later as we crawled past Finsbury Park there it was on a small plate in front of me.

A four inch fish  and with 6 square cut chips beautifully arranged three on top of three others. I looked at it for too long before eating as the waiter asked if I was alright.

“A bit small isn’t it?”

“You can have another afterwards if you want Sir, we’re not busy today”

I declined. There was cheese & biscuits to follow or so I thought.

Wrong. Like the Filet ‘o’ Fish I had just eaten it was a load of pollocks.

“Cheese is on the 1733 Sir”

So there you have it. Phenomenal customer service on a late running train at enormous expense. Very poor first class food on the 1703. Who decides how this train company spends its money? Whose money is it anyway? Would an FOI request elicit this information? If it was a public body we could find out.

Hang on a minute….


Trainer under Surveillance! – RIPA required or even obtainable?


About 5pm I arrive at a small hotel ready to deliver training the next day. There is no car park at the hotel so I park on the large pay and display opposite. I check the charges, and buy the minimum – one hour, while I go into the hotel to check-in and see about parking for the night. As I buy the ticket from the machine I hear the CCTV camera above as it moves like something from War of the Worlds, scanning the car park.

The receptionist is very helpful, and asks if I have parked on the pay and display car park. She goes on to say that unfortunately there is no car park at the hotel, but 6pm until 8am is only £2.50 pay and display. But beware, she says, you must be sure to have moved your car before 8am or paid more for the day rate, since during the night a council employee drives around this and other similar car parks, checking parking tickets displayed and recording vehicle registration numbers and the make and model, and exactly where they are parked. Then, during the morning the CCTV cameras are manned and used to check if each car has moved or if anyone has bought a day ticket. If not, a fine is posted to the address of the registered keeper. She knew this because of reports from previous customers who had been caught out by only a few minutes.

What do you think about this type of activity? Good use of resources? Is it directed surveillance that would require a RIPA if it met the recently introduced crime threshold. – Small wonder some generally law abiding citizens are even opposed to overt surveillance when we hear the purpose it is adapted to pursue

Don’t want the police and other public protection services to watch you because they care!

As I get older I make Victor Meldrew seem like a party animal. I object to anyone knowing anything about me, and I get very aggressive when I realise someone or some organisation who I have never communicated with knows something about me.

I hear lots of people ranting about the police or others that protect us from harm, breaching our right to privacy as they try to counter ever-more devious and resourceful individuals who would do us harm or cause us some loss. I deliver open source internet courses, and delegates learn how to find what others put about themselves or their family and friends on Facebook, or organisations and blogs and forums that provide contact and other information about those who contribute. This is scary enough for delegates who attend the courses and realise how vulnerable they are by virtue of what is posted publicly on the internet or uploaded in pictures they display to all and sundry.

But there is a far more sinister threat to our right to privacy than these public web pages and the on-line hackers and scammers. Every click, every place visited, and everything we do is recorded, analysed, and disseminated between the internet service providers, search engines such as Google, and other interested parties. This data is sold and re-sold, and used and re-used. Each of us on the internet is generating data and therefore income for businesses monitoring our activity for financial gain, and targeting our ‘type’ for some particular purpose.

Add to this the technical vulnerabilities that no one seems bothered to address. The ‘savvy’ users work hard on ensuring their privacy settings on social networking sites such as Facebook only ensure those allowed can see their private information, and details of friends and family etc. Then they use their device on public WiFi networks drinking coffee or eating a burger, smug that their accounts are actively communicating with others but they are too clever to let fraudsters see their information. However, there is at least one freely available add-on that can be downloaded legitimately, and the user can connect to the same coffee or burger shop WiFi network, and using the add-on, identify every single user account on devices connected to the WiFi network, and then focus on a particular account and see as much as the account user can – username, private messages – everything public and hidden by privacy settings. So as we walk blindly into a surveillance society with our data available to so many, either through the internet, or our own activity, or the techniques and equipment, surely, supported by checks and balances, public protection bodies should be allowed to at least catch up with the rest!

Come along to one of the internet research courses and see just what information is available and how to find it. And discuss these issues and many others with Steve Morris the trainer.

This article was written by Steve Morris who was formerly a detective with the West Midlands Police Force. Steve is now a full time trainer in relation to various law enforcement and investigation subjects to the public and private sector.

Disclosure of Staff Names under FOI


When considering request for information under the Freedom of Information Act 2000(FOI) public authorities often face a dilemma about disclosing names of staff.

Names are generally considered to be personal data, being information relating to living identifiable individuals (as defined by the Data Protection Act 1998 (DPA)). (Although one Information Tribunal (as it was known then) decision, Harcup v Information Commissioner and Yorkshire Forward (EA/2007/0058), ruled they are not. (See episode 11 of my FOI Podcasts for a full discussion of this decision). Therefore the exemption under section 40(2) (third party personal data) will have to be considered.

For this exemption to be engaged a public authority must show that disclosure of the name(s) would breach one of theData Protection Principles. Most cases in this area focus on First Principle and so public authorities have to ask, would disclosure be fair and lawful? They also have to justify the disclosure by reference to one of the conditions in Schedule 2 of the DPA (as well as Schedule 3  in the case of sensitive personal data). In the absence of consent, most authorities end up considering whether disclosure is necessary for the applicant to pursue a legitimate interest and, even if it is, whether the disclosure is unwarranted due to the harm caused to the subject(s) (condition 6 of Schedule 2)?

The seniority of the staff, whose names are being requested, will of course be a key factor in deciding whether disclosure is fair. The first Information Tribunal decision on this issue, back in 2007, (Ministry of Defence v Information Commissioner and Rob Evans (EA/2006/0027)) concerned a request made by a journalist for a staff directory which included the names and contact details of individuals working for the Defence Exports Services Organisation. The MoD refused to disclose the information citing, amongst others, the exemption under section 40(2).

The Tribunal ruled that that the MoD could only withhold names of staff if they are particularly junior (below Civil Service B2 Level), not immediately responsible for the requested information and their name is not already available elsewhere (or would be expected to be through their performing a public-facing duty); or there is a clear and demonstrable threat to that individual’s health and safety if their name is made public.

As is clear from the MoD decision, seniority is just one factor to be taken into account. Public authorities should avoid the blanket non-disclosure of the names of all officers below a certain level of seniority. When it comes to the disclosure of names, what matters is what work the individuals are doing, rather than their seniority or grade. If a person is in a front facing role and his/her name is already in the public domain, then it will be difficult to withhold it.

In 2008 another Tribunal decision (The Department for Business, Enterprise and Regulatory Reform v Information Commissioner and Friend of the Earth (EA/2007/0072) examined whether names of private sector employees attending a meeting should be disclosed as well as those of civil servants. The request was for information about meetings and correspondence between Ministers and senior civil servants in the Department of Business, Enterprise and Regulatory Reform and employees from the Confederation of British Industry. Some of the documents relevant to the request included references to individuals who had attended such meetings as spokespersons or as note takers or bystanders. The Tribunal summarised the position as follows:

a. Senior officials of both the government department and lobbyist attending meetings and communicating with each other can have no expectation of privacy. The officials to whom this principle applies should not be restricted to the senior spokesperson for the organisation. It should also relate to any spokesperson.

b. Recorded comments attributed to such officials at meetings should similarly carry no expectation of privacy.

d. In contrast junior officials, who are not spokespersons for their organisations or merely attend meetings as observers or stand-ins for more senior officials, do have an expectation of privacy. This means that there may be circumstances where junior officials who act as spokespersons for their organisations are unable to rely on an expectation of privacy;

e. The question as to whether a person is acting in a senior or junior capacity or as a spokesperson is one to be determined on the facts of each case.

f. The extent of the disclosure of additional information in relation to a named official will be subject to usual test i.e. is disclosure necessary for the applicant to pursue a legitimate interest, and, even if it is, is the disclosure unwarranted due to the harm caused to the individuals by disclosure? This will largely depend on whether the additional information relates to the person’s business or professional capacity or is of a personal nature unrelated to business.

In January 2011, the First Tier Tribunal (Information Rights) considered disclosure of names in Dun v IC and National Audit Office (EA/2010/0060). The disputed information concerned the NAO’s enquiry into the FCO’s handling of employee grievances of a whistleblowing variety. The Tribunal was clear that no blanket policy should apply, and that fairness depends on the particular responsibilities and information with which the case is concerned. This decision is discussed in detail in episode 21 of my FOI Podcasts.

Where there is a risk to staff safety if their names are disclosed, then the public authority will be right to err on the side of caution. In Wild v IC and Chief Constable of Hampshire Constabulary (EA/2010/0132) the Appellant requested the dates of pre-hunt meetings in the last five years and the names of police officers attending pre-hunt meetings with organisers of the Isle of Wight Hunt. The Police responded, providing dates, but refusing to disclose the names of the officers in attendance.

The Commissioner considered the section 40(2) exemption and concluded that the disclosure would result in a breach of the First Data Protection principle.  He accepted that the disclosure may lead to the harassment of the officers identified and consequently the disclosure would be unfair to those officers. The Tribunal upheld the Commissioner’s decision.

Don’t forget condition 6 of schedule 2 of the DPA. A public authority will have to consider whether disclosure of a name is necessary for the applicant to pursue a legitimate interest, and, even if it is, whether the disclosure is unwarranted due to the harm caused to the individual by the disclosure.

A more recent Tribunal decision (January 2013), McFerran v IC (EA/2012/0030) involved a police search of a property owned by Shropshire County Council. At the police’s request, two junior council officers were present, but they had not been involved in any of the decision-making. The requester wanted the names of the council officers as well as their immediate superior. The council refused, relying on s. 40(2).

The Commissioner ordered disclosure of the name of the more senior officer, but not of the two juniors. The Tribunal agreed with this decision and dismissed the requester’s appeal, observing that:

“although… there is clearly a legitimate public interest in transparency of activity by public authorities, which impinges on the personal freedom of householders, there is insufficient information provided to add significant weight to the general public interest in transparency in public affairs. The Appellant has not satisfied us, either, that his attempts to have the matter investigated are being thwarted by the absence of the names of the individuals in question. If there is sufficient information about the event to interest those responsible for an investigation the absence of names will not deter them.”

This decision illustrates that, when it comes to junior officials, the requestor will have to show that there is legitimate interest in knowing the names of officers where they are junior. A general argument about openness and transparency will not suffice.

In Armit v IC and Home Office (EA/2012/0041) the UKBA redacted the names of the officials in a document entitled ‘Tourist Selection Indicators and Selection Techniques’ which fell within the scope of the request. The Tribunal agreed with this approach, taking account of the requester’s failure to identify a legitimate interest in public disclosure of the names of those officials:

“We do not accept the argument that the officials would not have expected their names within the document to be made public and were not given compelling evidence of this. We were given no information as to their specific grading but they were described in the document as ‘lead contributer’ and ‘lead postholder’. They clearly have some responsibility in relation to the work.  We were given no compelling evidence that disclosing their names would result in victimisation, insult or any form of danger.  However, we do accept that the officials would prefer not to have their names identified and that might in itself represent a certain right and freedom or legitimate interests in itself. In any event, to process personal data, it needs to be necessary to pursue the purposes of legitimate interests pursued by others.  In this case, we do not find that the Appellant has shown any legitimate interest in the names of the officials being disclosed to the public under FOIA. We conclude that the information is therefore exempt from disclosure.”

Another recent Tribunal decision on the disclosure of names is Roberts v IC and Dyfed Powys Police Authority (EA/2012/0032).

The issue of disclosure of names pursuant to an FOI request is a difficult one. As can be seen from this discussion of Tribunal decisions, a number of different factors have to be weighed in the balance. A blanket approach will not work.

Whilst on the subject of names, does an FOI requestor have to give his/her real name? Read the answer here  as well as a really bad joke!

Ibrahim Hasan will be discussing this and other recent FOI decisions in the FOI Update workshop  on 13th March 2013.

Do you want an international recognised qualification in FOI?                           The ISEB Certificate in Freedom of Information  starts in Birmingham on 26th March 2013.

%d bloggers like this: