Freedom of Information: New Draft S.45 Code of Practice

FOI1_thumb.jpg

Amongst all the hype about GDPR it is easy to miss developments in other areas of information law.  In November 2017, the Cabinet Office published the revised code of practice (under section 45 of the Freedom of Information Act 2000) for consultation.

In July 2015 the Independent Commission on Freedom of Information was established by the Cabinet Office to examine FOI’s operation. In its report the Commission concluded that FOI was working well. It did though make twenty-one recommendations to enhance the Act and further the aims of transparency and openness.

In its response to the Commission’s report, the government agreed to update the S.45 Code of Practice. The draft code provides new, updated or expanded guidance on a variety of issues, including:

  • Transparency about public authorities’ FOI performance and senior pay and benefits, to mandate FOI Commission recommendations for greater openness in both areas.
  • The handling of vexatious and repeated requests. The FOI Commission specifically recommended the inclusion of guidance on vexatious requests.
  • Fundamental principles of FOI not currently included in the Code, e.g. generalprinciples about how to define “information” and that which is “held” for the purposes of the Act.

The code is not law but the Information Commissioner can issue Practice Recommendations where she considers that public authorities have not complied with the guidance set out in this Code. The Commissioner can also refer to non -compliance with the Code in Decision and Enforcement Notices.

As well as giving more guidance on advice ad assistance, costs, vexatious requests and consultation the code places new “burdens” on public authorities including the following:

  • Public authorities should produce a guide to their Publication Scheme.
  • Those authorities with over 100 Full Time Equivalent (FTE) employees should, as a matter of best practice, publish details of their performance on handling FOI requests.
  • Pay (salaries over £90,000), expenses and benefits of senior staff at director level and equivalents should be published at regular intervals. Of course local authorities are already required to publish some of this information by the Local Government Transparency Code.

  • The public interest test extension to the time limit for responding to an FOI request should normally be no more than 20 working days.
  • Internal reviews should normally be completed within 20 working days.

Furthermore, the other S.45 Code covering datasets will be merged with the main section 45 Code so that statutory guidance under section 45 can be found in one place. There will also be an annex explaining the link between the FOI dataset provisions and the Re-use of Public Sector Information Regulations 2015.

Public authorities need to consider the draft code carefully and decide whether the additional obligations are workable given pressures on resources, especially due to GDPR’s pending implementation.

The deadline for consultation responses is 2nd February 2018.

 

We will be discussing this and other recent FOI decisions in our forthcoming FOI workshops and webinars. For those wanting an internationally recognised qualification the BCS Certificate in Freedom of Information  starts in February 2018 in Manchester and London.

GDPR Training Courses in Dubai

dubai-architecture-beach-boat-buildings-hotel-nature-ocean-peaceful-sand-sea

Act Now Training is pleased to announce three forthcoming GDPR training workshops in Dubai (UAE).

The General Data Protection Regulation (GDPR) will not just have an impact on Data Controllers and Data Processors in the European Union (EU). It will also apply to organisations in the rest of world that are:

  • processing personal data of individuals living in the EU;
  • offering goods or services to individuals in the EU, even if there is no charge for such goods or services; or
  • engaging in monitoring or profiling activities of individuals in the EU (for example, the use of cookies/behavioural advertising).

Failure to comply with GDPR could lead to massive reputational damage and a fine of up to 20 million Euros or 4% of global annual turnover (whichever is higher).

Our Dubai workshops will examine the legal and practical impact of GDPR on Middle East/GCC based organisations. All the key issues for Data Controllers as well as Data Processors will be discussed including international transfers, contract clauses and guarantees, security and breach notification and when a Data Protection Officer needs to be appointed. Crucially we will discuss how GDPR is a business opportunity rather than a threat. By the end of the workshop delegates will be able to write their own action plan for GDPR compliance.

Ibrahim Hasan, solicitor and Director of Act Now Training, will deliver the first two workshops in Dubai. He said:

“I am really pleased to design and deliver this new GDPR workshop in Dubai. It will add to our growing experience of delivering data protection training abroad. Dubai is the latest addition to our increasing international portfolio. We plan to use it as a platform to showcase our other GDPR courses and consultancy services.”

More details and a course outline here

Our 2018 course programme contains many more GDPR courses and live webinars which are held in locations throughout the UK. Our GDPR Practitioner Certificate is proving very popular with those who need to get up to speed with GDPR as well as budding Data Protection Officers.  If you require these courses delivered at your premises, tailored to your needs, please get in touch.

Finally, we have sold over 350 copies of our GDPR handbook. We are donating £1 from each sale to the  DEC Rohingya Crisis Appeal.

Happy New Year!

RIPA Surveillance Oversight and Inspection Regime Changes

canstockphoto19424111

By Steve Morris

On 1st September 2017 Lord Justice Fulford commenced his new role as the Investigatory Powers Commissioner. Assisted by the Investigatory Powers Commissioner’s Office (IPCO), he will undertake the oversight functions of three previous Commissioners under the Regulation of Investigatory Powers Act 2000 namely the Chief Surveillance Commissioner, Interception of Communications Commissioner and the Intelligence Services Commissioner.

This marks a major milestone in establishing a new oversight regime set out in the Investigatory Powers Act, which was given Royal Assent in 2016. The Act, amongst other things, provides new powers for the police to access communications data e.g. telephone records, internet usage information etc. More on the Act in further blog posts.

Not only does the new commissioner take over the inspection and oversight functions carried out by the previous commissioners, he takes on responsibility for the pre-approval of certain police activities authorised under the Police Act 1997.

The Investigatory Powers Commissioner’s Office will consist of around 70 staff. This will be made up of:

  • Around 15 Judicial Commissioners, current and recently retired High Court, Court of Appeal and Supreme Court Judges;
  • A Technical Advisory Panel, of scientific experts; and
  • Almost 50 official staff, including inspectors, lawyers and communications experts.

Over the next 12 months Judicial Commissioners will start to take on their prior approval functions relating to the Investigatory Powers Act 2016, including interception, equipment interference, bulk personal datasets, bulk acquisition of communications data, national security notices, technical capability notices and communications data retention notices. The Judicial Commissioners will be supported in this work by the Technology Advisory Panel.

What impact will this new commissioner have on local authority inspections under Part 2 of RIPA carried out previously by the Office of the Surveillance Commissioners (OSC)? I suspect not a lot. The same issues will be considered as previously. The final OSC annual report once again highlights the recurring issue of investigations using social networks e.g. Facebook.

If you have an inspection coming up read our guide here.

Steve Morris is a former police officer who delivers our RIPA Courses as well as a course on Internet Investigations.

Now is the time to consider refresher training for RIPA investigators and authorisers. Please see our full program of RIPA Courses which have been revised to take account of all the latest developments. We can also deliver these courses at your premises, tailored to the audience. Finally, if you want to avoid re inventing the wheel, our RIPA Policy and Procedures Toolkit gives you a standard policy as well as forms (with detailed notes to assist completion) for authorising RIPA and non-RIPA surveillance. Over 200 different organisations have bought this document (available on CD as well).

%d bloggers like this: