Freedom of Information Act: more honoured in the breach…

You know there’s a serious cultural problem at the Information Commissioner’s Office when you read on their website: “The Information Commissioner will not respond to your service complaint personally, even if you write directly to her. She has delegated responsibility for reviewing our service in specific cases to managers.” If the CEO doesn’t want to hear about very lengthy delays, inconsistent/contradictory decisions or failures to apply the law to hold authorities to account, don’t expect much from the subordinates to whom she delegates.

We all know Tony Blair’s thoughts on having introduced the Freedom of Information Act:

Freedom of Information. Three harmless words. I look at those words as I write them, and feel like shaking my head till it drops off my shoulders. You idiot. You naive, foolish, irresponsible nincompoop. There is really no description of stupidity, no matter how vivid, that is adequate. I quake at the imbecility of it.

(Blair, A journey, 2010, p. 516: you know there’s a serious literary problem when a writer starts talking about “a journey”.)

Unfortunately that view is shared not only by the legion of “information officers” now employed by countless public sector bodies who fall under FOIA, but even by staff at the ICO itself. If you’ve ever used the Act to try to obtain information, you will be familiar with some of the tactics. This post would reach intolerable length if I recited all those I encountered in my recent attempts to obtain information about damage to pictures, which you may recall from an earlier post (last November) I tried to obtain last year in preparation for a lecture I gave in September 2017. A year on and I still haven’t received the information I should have. This is a short guide to the behaviour of those who control your information and don’t think you should have it (yes I do know the proper meaning of the Hamlet words in the title).

The first tactic is attrition. The Act says authorities should respond promptly, with a backstop of 20 business days (effectively a month). Rule 1: always wait the full 20 days before responding, even when the information is at your finger tips. The ICO will never sanction any delay within the 20 day limit. One ICO officer actually wrote to me to say–

It is not the Commissioner’s practice to consider whether a response has been responded to ‘promptly’ and in relation to section 10, she will only consider whether a request has been answered within the statutory time frame of 20 working days.

This is a clear failure to enforce the law, against ICO guidance as well as Tribunal rulings. The officer corrected the statement when I pointed this out – but of course wouldn’t admit that any breach had occurred on the facts. One of the problems about complaints considered on paper is that you can type “two plus two equals five” just easily as a correct sentence – although your better tactic is to embed such logic in letters of at least a dozen pages (don’t worry: the cut-and-paste function within Word will let you do that painlessly, if pointlessly, using lengthy quotations or just recycling the last decision you wrote whatever the facts).

It’s worth noting too the cultural issue at ICO illustrated by the habit of referring to “the Commissioner” and to “her” view of specific facts in cases which she almost certainly hasn’t read. It’s part of a pretence that the individual officer speaks with the full authority of the ICO. And maintaining this pretence requires bad decisions to be upheld on appeal – so there’s no point in questioning anything these people decide, however poor the logic or however ill-grounded in law. That part of the culture is shared with the Financial Ombudsman Service – a point to which I return below.

The second tactic (which can be used to maximum effect when linked to the first) is: use the exemptions. Any exemption will do. The Act as you know allows authorities not to provide certain information if it falls within one of a number of specific categories. You still (in most cases) have to answer the original question within the 20 days – but here’s the magic: if you reply on day 20 claiming exemption under section X of the act, then you’ve gained another 20 days, plus however long it takes the punter to come back and point out the exemption isn’t valid. Then just claim another. Only if the punter insists on your completing the internal review stage (possibly months later) do you need to nominate a valid exemption. And the ICO won’t criticise you for breach of the 20 day response time – even when you blatantly have breached it. Chances are that the punter will have given up by then anyway. Indeed the brilliance of the combined one–two tactic is that the only punters who will continue to appeal are obviously loonies, so no one will take them seriously.

Let me mention just some of the silly exemptions that have been thrown up against my applications. Last July I asked a curator at one of our national museums to share the transport protocol used for moving pastels. I was told it was confidential. I reminded the curator that their organisation was covered by FOIA. The information officer responded claiming exemptions under Section 31(1)(a) (information is exempt “if its disclosure … would, or would be likely to prejudice the prevention or detection of crime”) and Section 41(1) (information is exempt if its disclosure would constitute an “actionable…breach of confidence”). Both these exemptions were evidently absurd, and indeed the museum conceded this on internal review – as it happens I had by that stage received the information from another source.

As you will recall from last November’s blog post, much of my time was spent investigating the Government Indemnity Scheme which I hoped would provide information about how damage arose when objects are lent. I expected to find details about packaging and handling by logistics companies. I knew this was potentially embarrassing, but that’s exactly why Parliament introduced FOIA. I didn’t need (and accepted that they would be redacted) the names of private owners etc. But what emerged quite rapidly is that even the information which the Secretary of State is obliged to lay before parliament (total values at risk etc.) was hard to find. The scheme is administered by Arts Council England on behalf of DCMS, but neither body holds complete sets of the statutory returns. Personally I found that so jaw-droppingly incompetent that I repeated my question to ensure that it hadn’t been misunderstood – whereupon I was accused of having questioned their integrity.

A year later there are nearly 100 emails in my files, and I still don’t have all the information I wanted. I won’t attempt to give a proper summary. Since an essential part of my interest was in finding out which of DCMS and ACE held specific information, when I referred the matter to ICO for failure to respond properly to my request, I was shocked to find myself unable to convince the ICO officer to handle this as a single case. What I didn’t appreciate at that stage was that each ICO officer’s principal objective is to close cases efficiently, not to help the public obtain information to which they are entitled. So the first ICO case officer dealt only with my DCMS question. It wasn’t for many months that the separate file (consisting of ACE’s responses to essentially the same questions) was assigned, to a different officer: of that more later. (I shall pass over the issue of how the ICO can conduct an investigation into the government department which “sponsors” it, i.e. to which it reports, without conflict of interest.)

DCMS naturally responded after the ritual period claiming various exemptions – starting with a denial that they held certain documents, followed by misleading directions as to where I might find them, justifying a failure to provide this immediately by an over-literal interpretation of my request which I regarded as disingenuous. They eventually provided some of the information I sought, but claimed further exemptions under sections 40(2) (personal data, relevant only if individuals are named) and section 41. Once more I pointed out that these simply didn’t apply to the description of transport protocols or how damage had occurred in specific incidents (and that I was content for information such as owners’ names to be redacted), and the ICO wrote to DCMS and reported to me that DCMS had dropped the claimed exemptions and would provide specific information I might request. But when I did so new exemptions were claimed: but when I went back to ICO for support I was told the “case is closed” and they told me I’d have to make a new complaint.

This brings me to the third major hurdle for applicants. It’s easy enough to describe broadly what we are interested in, but almost impossible to provide the exact title or file name of the document in which that information is included. Without the latter the authority can simply claim that your request hasn’t been properly formulated. (Section 16 of the Act is there for precisely that reason. This imposes an obligation on the authority to assist applicants in formulating requests. But ICO never enforce this, as authorities know, so it’s of very little help.)

When finally the ACE case was considered by ACE (for reasons never satisfactorily explained, it took five months for ICO to appoint a case officer against their 30 day target), exemptions under sections 31(a)(1) and 40(2) were initially claimed. As before I appealed, and ACE conceded that s.31 did not apply; but then (and not before) a new exemption under section 41 was claimed.

Given how ICO responded to those claims when made by DCMS, it was rather surprising to find that the ICO decision when it finally appeared decided to uphold exemption under section 41 – ignoring completely (and failing to explain why) its own position on the DCMS case, its own published guidance on the need for probable success in litigation to meet the “actionable” damage point, and my various arguments that the information I sought could be redacted to any required point.

I won’t take you through all the permutations that need to be analysed in each situation, but what remains is the general fog around claims under the GIS which the authorities may not want to uncover (in short, the very “embarrassment” which Parliament set out to overcome), but which do not actually amount to actionable loss (the specific hurdle Parliament set). I have no doubt that a particular museum might not want disclosure, but this a matter which the public, who pay, are entitled to scrutinise.

A few words here on information asymmetry between applicant and authority. The Act itself recognises the problem – I’ve mentioned section 16 above, but there’s a broader issue. Because the applicant can’t be shown the information the authority claims is exempt, the discussions between the authority and ICO are necessarily kept secret from the applicant. There’s a real danger that ICO staff during that process hear more from the authority than from the applicant and absorb their point of view – a variant on Stockholm syndrome. The applicant is dependent too on the intellectual calibre of ICO staff to refute the arguments of authorities’ legal teams; you may form your own views on that balance.

This one-sided exchange means that ICO’s role isn’t quasi-judicial, and in that respect is quite different from an ombudsman, as the rules of natural justice require each side to hear the other’s argument (although you’ll have to ask the Financial Ombudsman before you’re accorded your right). It also means that for the Act to work, the ICO needs to stop behaving like an ombudsman and recognise that the law has set it up as a champion of applicants’ rights to information – acting on their behalf to obtain that information up to the limit allowed by the law:

47. It shall be the duty of the Commissioner to promote the following of good practice by public authorities and, in particular, so to perform his functions under this Act as to promote the observance by public authorities of… the requirements of this Act &c.

That is not how the ICO sees it or how they currently behave.

Postscript: When I complained to ICO along the lines set out above (but in rather more tedious detail), I got a response (a) drafted by one of the officers complained about; (b) explaining that two separate investigations would be set up into my complaints. The irony did not escape me. The two independent investigations will doubtless conclude that each reached the correct view of s.41. When will these organisations learn joined-up thinking?

Advertisement