FOISA Practitioner Course: A Successful Candidate’s Observations

canstockphoto9881451_thumb.jpgDonald Maclean, Freedom of Information and Data Protection Officer at Perth College, recently successfully completed our certificated course; the Practitioner Certificate in the Freedom of Information (Scotland) Act 2002. Here Donald shares his experience and tips for future delegates:

I undertook this course in 2013, and was delighted to see a course that offered certification, and training days that were spread out over 5-6 weeks, which made it much more manageable in terms of my employer’s willingness to sign up for it.

The venue was lovely (overlooking Princes St Gardens in Edinburgh) and the quality of the training was first rate. The trainer (Tim Turner) had a plan, but was willing to take a tangent to address individual issues raised by participants. These tangents, and the highlighting of issues that arise in different types of public authorities, were amongst the most interesting aspects of the course. Examination of the law itself, and how it applies in reality, was detailed, accurate and certainly widened my understanding of the law. Information Commissioner decisions, related to individual aspects of the law, were particularly useful and enlightening.

The course helped me immensely in my job: in terms of added knowledge, procedural aspects, and confidence that decisions and replies would bear scrutiny if examined or challenged. Some aspects of FOISA procedure were altered after this course, to ensure that procedure would lead to the most appropriate and legally sound treatment of FOISA requests. I still keep course materials close to hand, and do still refer to them at times.

Feedback was supplied to my HR department and line manager, and I was able to report that I considered the course to be excellent value for money. Certification was useful in terms of acknowledgement of CPD activities, and also for my professional status.

I tended not to worry too much about the exam. It was made clear that if we did the required reading and familiarised ourselves with course materials and Information Commissioner decisions, we would have the knowledge necessary to pass the exam. So, I did the homework, read the course materials, and paid attention to the content of the Commissioner’s decisions. On the odd occasion during the exam when I drew a blank, I suspect it was due to age and failing memory. The only part of the course I struggled with was the interpretation of the case studies for the projects. I found it difficult to settle on an approach to the case studies, without getting so wide in scope that several scenarios would be required. Once I settled on a case study, and thought about the best approach, everything flowed fairly freely after that.

For future candidates I would recommend the following:

  • Do the homework.
  • Remain focussed during training sessions.
  • Read the course materials, particularly the procedural and exemptions materials.
  • Learn to pick up the key messages and facts being discussed, and note them briefly in your course materials.
  • Pay close attention to the reasoning included in Commissioner’s decisions, particularly when undertaking the project.
  • Ask questions. You usually get a pertinent and helpful reply, and it encourages group discussion.
  • Don’t worry about the exam. If you’ve listened, discussed and read course materials, you will be fine.
  • Enjoy the course and the access to expertise.

The Practitioner Certificate in the Freedom of Information (Scotland) Act 2002 is suitable for the FOISA novice as well as the experienced practitioner. Thus far we have had very strong candidates from a variety of backgrounds.

If you’re considering joining the course, what can you expect? Read what the tutor has to say and have a go at the FOISA test.

Act Now in Brunei

Act Now is pleased to announce that it has recently won a contract to deliver data protection consultancy services to the Government of Brunei.

Mosque canstockphoto4493457

Negara Brunei Darussalam, to give Brunei its full name, is a small country located in Southeast Asia. It is surrounded by Malaysia and has two parts physically separated by Malaysia. For those (like us) who have never been to Brunei, here is a quick guide.

Amongst other things, Act Now’s work for the Brunei Government will involve developing a Data Protection Audit manual based on the Data Protection Policy released by the Brunei Government. This will include guidance on DP audit planning, preparation and the use of DP audit templates. In time we hope to be training government officials on the developed Audit Manual and procedure.

Act Now has been delivering information governance consultancy services to the UK public sector for many years. This includes preparing for audits, designing standard documents and policies and carrying out DP and FOI health checks. We have also developed a number of off-the-shelf products.

The Brunei project will be led by Ibrahim Hasan and Tim Turner, well known experts and trainers in this field. Commenting on the award of the contract, Ibrahim Hasan said:

“I am very pleased that our good work in the UK has now been recognised internationally. This project will give us an opportunity to showcase our expertise to an international audience. As more countries enact data protection legislation, we hope to be at the forefront of developing products and services that will enable those working in this field to develop their skills.”

If you would like to know more about how Act Now can help you please get in touch by e mail.

Freedom of Information Caselaw Roundup

FOI3The Freedom of Information Act 2000 (FOI) applies to information held by a public authority or held on its behalf by another person (Section 3(2)). What of information about people working for a public authority but who are legally employed by a third party?

This question arose recently in an appeal to the First Tier Tribunal (Information Rights) (FTT). In Hackett v Information Commissioner (EA/2012/0265), the  (ULT), an education charity running 21 Academy schools, was asked for, amongst other things, details of senior staff members’ pay, pension contributions, other remuneration and expenses.  The request was refused on the basis that the information was not held by ULT, but by the United Church School Trust (UCST) who employed the staff and who, as a non-publicly funded charity, is not subject to FOI.

The appellant argued that the corporate structure of ULT and UCST was an accounting process set up to avoid disclosure of the requested information which was about the spending of public money. In addition he submitted that both companies were subsidiaries of the United Church Schools Company and as such were, in effect, both part of one company.

The FTT upheld the decision of the Information Commissioner that the information was not held by ULT, but by UCST, and so not subject to FOI.  It took account of the fact that the corporate structure had been urged on ULT by the Department for Education, the two charities had maintained a complete corporate separation and that the service agreement between ULT and UCST expressly referred to the senior staff being employed by UCST. Could this decision mean that more public bodies will adopt innovative structures to avoid public scrutiny of their finances?

The section 40 exemption applies to personal data disclosure of which would breach one of the Data Protection Principles. This usually involves considering whether disclosure would be fair and lawful under Principle 1. Not all personal data will be exempt from disclosure. Sometimes there is a legitimate interest in the public knowing some personal data.

In Innes v Information Commissioner (EA/2013/0044) the FTT ruled that the reasons for a head teacher’s long-term sickness absence from his school did not have to be disclosed as they constituted personal data, but whether the head teacher was being paid a salary during his absence should be disclosed. As head teacher, the individual in question occupied a senior position of responsibility at the school. He was no longer performing an active function at the school and whether or not he was being paid from public funds during the period of absence and inactivity is a legitimate matter of public interest and one which outweighs his right to privacy.

Personal Data under section 40 has the same meaning as in Section 1 of the Data Protection Act i.e. it has to be information, which relates to a living identifiable individual. The requested information does not always have to include a name. Even job title information can be personal data according to the FTT decision in London Borough of Barnet v Information Commissioner and another (EA/2012/0261). Here the requestor wanted the job titles of council employees who had attended a meeting at a solicitor’s firm in respect of a major council outsourcing project. Referring to a Supreme Court decision (South Lanarkshire Council v The Scottish Information Commissioner [2013] UKSC 55), the FTT ruled that disclosing details of a job title held by more than one local authority official could constitute processing personal data if there was a chance of those individuals being identified. The test was whether the subjects could be identified, not just by an ordinary member of the public but, by a “motivated intruder” (including the requestor himself with all the other information at his disposal).

Continuing on the same theme, in Yiannis Voyias v Information Commissioner (EA/2013/0003), the FTT held that the London Borough of Camden was correct to refuse to disclose the number of hours its employees worked and how much overtime they were paid. It was satisfied that disclosure of this information would lead to the identification of individuals and would be unfair. Therefore section 40 applied.

Personal data in Building Regulations applications held by councils is not exempt under section 40 just because it relates to another person’s property. In James Henderson v IC EA/2013/0055), the appellant’s neighbour was carrying out renovations on the other side of their shared wall. This resulted in cracks on his side of the wall, followed by a steel beam coming through the wall. He asked Brentwood Council for details of the works, as a Building Control application had been made to them.

The FTT held that full details of a Building Regulations application was personal data; but disclosing this information would not contravene the First Data Protection Principle. Therefore, the exemption set out in section 40(2) did not apply and the information was ordered to be disclosed. The FTT disagreed with the Commissioner, who held that the data subject would have had a reasonable expectation of privacy in relation to the information. In doing so the FTT took account of the fact that (a) before starting any work the data subject was obliged to make a formal application to the local authority which meant that the property and the work would be subject to inspections by their officers, (b) the property was to be rented out rather than lived in by him; and (c) the work had a direct effect on his neighbour’s property.

The Freedom of Information (Scotland) Act 2002 has a specific exemption to cover a deceased person’s health record. There is no such exemption in the 2000 Act. Sometimes the section 41 exemption (Breach of Confidence) can be claimed.

Two recent Tribunal decisions again emphasise the importance of checking whether the requestor is the deceased’s appointed personal representative. In Webber v IC and Nottinghamshire Healthcare NHS Trust (GIA/4090/2012), the appellant had made an FOI request for information (including hospital records) about the death of her son in 1999. The Commissioner and the FTT upheld the decision to refuse on section 41 grounds. The Upper Tribunal also dismissed the appeal. It ruled that disclosure would entail a Breach of Confidence which was actionable after the patient’s death. The appellant was not the personal representative of the deceased even though she could have applied to become so.

The Upper Tribunal also found that there would not have been a public interest defence to the Breach of Confidence. It gave weight to the fact that some of the information sought would or could come into the public domain or be obtained in another way: a coroners’ inquest, or through an application under the Access to Health Records Act 1990. This allows for requests for access to information to be made by, amongst others, the patients’ personal representative.

When considering disclosure of a deceased person’s information, consideration has to be given to any wishes expressed by the deceased before their death. In Trott and Skinner v Information Commissioner (EA/2012/0195) (March 2013) the appellants requested information relating to the care records of their deceased sister. East Sussex County Council confirmed that it held a relevant care file but refused to disclose it on the basis that it was provided in confidence. The FTT and the Commissioner were satisfied that the section 41 exemption was engaged. The requested information was confidential, disclosure of which would be a Breach of Confidence. Amongst other things it took account of the fact that the deceased was given the opportunity to indicate (in her home care agreement) that she agreed to let the Council “share personal information on care with family members/friends listed below.” She did not sign her agreement or list anybody in the space provided. The Tribunal also heard that on several occasions she was given specific assurances that her information would be kept confidential.

Furthermore the FTT was satisfied that the Breach of Confidence would be actionable. This was despite the fact that the sisters were the next of kin of the deceased. They were not the personal representatives of the deceased though. Neither the council nor the Commissioner had enquired as to who was. On further inquiry by the Tribunal, it was discovered that there was a will and therefore an Executor who has standing to act as the deceased’s personal representative. There was no evidence of consent for disclosure under FOI from this Executor. Therefore section 41 was engaged and there was no public interest defence to the disclosure.

Give your career a boost in 2014 by gaining an internationally recognised qualification in FOI. Keep up to date with all the latest FOI decisions in 2014 by attending our FOI Update workshops.

%d bloggers like this: