FOI107

Written evidence from Tom Boyd About the author: FOI Officer to the British Council (June 2002 November 2003) FOI Officer to Bristol City Council (December 2003 July 2004) Subsequently and currently an occasional user of the Act, and provider of pro bono advice to other enquirers Summary Public Authorities (PAs) remain extremely hostile to the FOI Act and frequently breach the Act without suffering any adverse consequences. There is almost universal misunderstanding of the Act, e.g. regarding the rights it grants and the definition of a so-called FOI enquiry. PAs and the Information Commissioners Office are partly responsible for this situation. PAs have consistently taken a minimalist and evasive approach to implementation, resulting in the establishment of FOI-related practices that are often ineffective, grossly inefficient and unnecessarily expensive. An example of a more efficient approach is offered. Existing methods of monitoring the impact of the Act provide a distorted picture that exaggerates the burden of compliance and obscures the benefits of good practice (where such can be found). Hostility to the Act from PAs anecdotal evidence from personal experience 1) As FOI Officer to the British Council, I secured senior managers agreement that suitably-redacted versions of the annual Country Reports submitted to HQ by each Country Director should be included in the Councils Publication Scheme (PS). Thus these reports were included in the PS that was approved by the ICO and launched in November 2002, giving the Council a legal obligation to publish redacted versions proactively. I produced procedures for redaction, which were approved by my own managers, and distributed these to Country Directors, along with a standing offer of assistance with any transparency-related matters. In the event, not one of the Councils hundred-plus Country Directors either submitted a Country Report for inclusion in the PS or alerted me to any difficulties, though at least one did email senior managers to complain that it was unreasonable of HQ to expect compliance with the Act. When I raised the matter of Country Directors failure to supply these records with my line manager, he refused to take the issue up and accused me of endangering his ability to feed and clothe his child, on the grounds that my troublemaking might impact upon his annual performance assessment. To the best of my knowledge, the Councils commitment to publish these reports was never met, and not a single example was ever released. This was typical of my experience as FOI Officer to the British Council, so I eventually resigned out of frustration. 2) I met even more hostility to the Act in my next job of FOI Officer to Bristol City Council. I recall one of my own managers literally shouting at me This is bad law! and another telling me that the Council would rather accept a fine for non-compliance than adjust any existing practices. In order to comply with the Act it was absolutely necessary to undertake a full information audit, but only 40% of record-holding teams responded to the resultant attempt to survey the Councils information assets. When I flagged up this problem, I was summoned to the Monitoring Officers office for a dressing down, and told

FOI107
that I must choose between dropping the issue and making formal accusations of misconduct against each of those team leaders who had ignored the information audit. Being in my first six months of employment at the Council at this point, I was on probation, with confirmation of my position subject to satisfactory, monthly progress reports. I had previously received positive reports, but, in the wake of my aforementioned encounter with the Monitoring Officer, my next report described me as disruptive and my performance as unsatisfactory. I concluded that the Council was most unlikely to confirm me in post, so I resigned. 3) I made one more attempt to find work in the FOI field, and, in 2005, applied for an FOI Officer post at a university. In interview, I observed that, as always seems to be the case, corporate compliance with the Act was listed as a responsibility of the FOI Officer alone, and FOI-related responsibilities didnt appear on anyone elses job description. I suggested that this was unreasonable unless the FOI Officer also had power to instigate disciplinary proceedings against any other employee who deliberately chose to flout the Act. As a solution, I proposed that the FOI Officers job description be amended such that he/she had responsibility for providing colleagues with whatever advice or assistance was necessary to enable them to comply with the Act, and the interview panel agreed with me. They subsequently offered me the job, but when I reminded them of the above point, and asked them to make the proposed adjustment to the job description before I signed a contract, they withdrew the job offer. This left me even more convinced that, as far as PAs are concerned, an FOI Officer is there to carry the can for others non-compliance, and that such posts were, essentially, only created as a smokescreen, so that PAs could claim that they were making an effort to comply without actually adjusting existing practices. 4) In 2007, I twice attempted to submit a written request for access to CCTV footage to a Job Centre. The first Department for Work and Pensions officer I spoke to simply refused point blank to accept the request. On my second attempt to submit this request, I was directed to the security guard in charge of CCTV. I first asked him how long he kept such footage before deleting it, and was told he just deleted the footage whenever, i.e. that there was no retention schedule (an absolute requirement for compliance with the Act) for this recorded information. When I attempted to submit my written request, he grew extremely hostile and told me that if I wished to request, let alone receive, the information, then I would have to go away and come back with a legal representative. This was a gross breach of Section 16 of the Act: rather than provide advice and assistance, as he was legally obliged to do, this public employee attempted to intimidate me out of submitting my request by proffering misinformation regarding my legal rights. 5) Since turning my back on work in the FOI field, as a direct result of the refusal of PAs to make a sincere attempt to comply with the Act, I have assisted several others with their own enquiries. In each case, they had made a valid request to a PA, but disclosure had been refused, without any reference to the Act (eg, exemptions or the right to appeal) being made. In each case, I then drafted a scary email, demonstrating knowledge of the Act, whose submission to the relevant PAs FOI Officer resulted in disclosure of the data. This suggests that, with the exception of FOI professionals, public sector employees are either unaware of their legal obligations to enquirers, or habitually choose to disregard the Act entirely where it appears to them that an enquirer is unaware of their rights, i.e. whenever said public sector employees seem likely to get away with a breach of the Act. 6) Senior public sector employees frequently make misleading claims about the Act, and the burden it places on PAs, when commenting in public fora. Prime examples include the complaints of Ken Thornber, Leader of Hampshire County Council (Guardian Comment, 20 January 2010), who claimed, eg, that council staff had been tasked with identifying the number of biscuits supplied at council meetings. This could only have happened if it was already council practice actually to count out the number of biscuits supplied at meetings,

FOI107
and to keep a record of this information. Personally, I think this most improbable far more likely that the council merely records, eg, the amount spent whenever it purchases a batch of biscuits. If I am correct on this point, then the council could simply have told the enquirer that it does not hold the information requested, for the Act does not require PAs to start collecting new kinds of information in response to enquiries. If I am wrong, and Hampshire County Council does actually count each biscuit as it is handed out, then it is surely a matter of public interest that resources are being devoted to that task Misunderstanding of the Act 7) There is an almost universal assumption that an FOI request is a particular type of written or emailed enquiry, e.g. one that mentions the Act or is submitted to an FOI Officer, with others being business as usual enquiries. Journalists and public sector employees, including FOI professionals, exhibit this misapprehension almost every time they discuss the Act, e.g. in the press and during discussions on the JISCMAIL FOI email list. Under the Act, of course, every single request for information that is both made in a permanent form and contains an enquirers name and contact details is actually an FOI request, even if it is for non-controversial information that was routinely published prior to the Acts implementation. The great problem this causes is that the Act is frequently ignored by public sector employees dealing with enquiries that are sent directly to the teams holding the relevant information, and that do not refer to the Act, because said public sector employees do not regard FOI as any part of their jobs. 8) The Act has often been described as granting members of the public the right to request information [my italics], with this suggestion appearing not only on numerous PAs websites, but also in supposedly explanatory leaflets issued by the ICO. This is grossly misleading, for we have always enjoyed the right to request information. What summaries of the Act ought to state most prominently is that it grants us the right to receive any nonexempt information we request. The difference is hugely important, for our having the right merely to request information does not imply any obligation at all on the part of PAs even to read or acknowledge enquiries, let alone respond to them by releasing data. This misrepresentation of the Act has no doubt hampered efforts to get PAs to comply, and it is particularly disappointing that such misinformation regarding the Act should emanate from the ICO. Minimalist and evasive responses to the Act on the part of PAs 9) In absolutely every case of which I am aware, PAs have chosen to treat efforts to comply with the Act as discreet areas of activity, undertaken separately to existing activities relating to records management and the provision of information to the public. Rather than adjust existing information management and publication practices to take account of the Act, and distribute responsibility for compliance throughout their teams, PAs typically employ one or a handful of FOI specialists, who are treated as responsible for corporate compliance, while the rest of the organisation carries on creating and managing information as though the Act had never been passed. As a result, the following scenario is typical: 9.1) PA Employee A, who is not an FOI specialist, creates an electronic record, stores it internally (eg on an intranet or internal database), and moves on to their next task, without ever thinking of the Act. 9.2) In the event that a member of the public seeks non-exempt information contained within said record, they follow the PAs published advice and submit an enquiry to the PAs FOI Officer.

FOI107
9.3) The FOI Officer then identifies Employee A as the person who holds the information, and forwards the request to them. 9.4) Employee A receives the request, but has moved on from the task at hand when they created the record, so has to interrupt their workflow in order to recall/establish which particular record contains the information requested and retrieve that record. 9.5) If the record contains potentially exempt information, in addition to the nonexempt data that have been requested, Employee A must recall or re-establish in his/her mind the factors that determine whether or not any information in the record is actually exempt. Crucially, this is more difficult and time-consuming for Employee A than would have been the case had the question of the informations sensitivity been addressed at the time of the records creation, when said factors were fresh in their mind. 9.6) Employee A then either redacts the record or extracts the non-exempt information requested, and sends the FOI Officer either the redacted record or just the information requested. 9.7) The FOI Officer then sends the enquirer the data they sought.

Clearly, such a process is hugely inefficient, and therefore expensive, and particularly difficult for Employee A. Moreover, it must be noted that the example outlined above is very much a best case scenario, in which, eg, neither the FOI Officer nor Employee A is absent from work, and there is no disagreement between the two as to whether or not any relevant information is actually exempt. 10) Herewith an example of an alternative system, of the sort that PAs might have established over the course of the five years that passed between 2000, when the Act was passed, and 2005, when the general right of access came into being, let alone the further seven years that have passed since. 10.1) Employee A creates an electronic record, and considers the question of whether or not any of the data contained therein are exempt while all relevant factors are fresh in their mind, ie when it is easiest for them to address said question. If necessary, they seek advice from an FOI Officer or other expert. 10.2) If all the information in the record is exempt, Employee A adds a short note to the record to this effect, stores the record internally, and moves on to their next task. In the event that the exempt data are ever requested by an enquirer, an appropriate refusal to disclose can be produced quickly and easily. 10.3) If the record contains no exempt data, Employee A then stores it on a public web page, where the PAs employees can access it (for professional purposes) just as easily as if it had been stored internally. Immediately, the information becomes absolutely exempt under S.21 of the Act. Thereafter, the FOI Officer, Employee A, or any of their colleagues at all can deal with a request for data contained within the record in a matter of moments, at virtually no cost, by referring the enquirer to the PAs website, thereby fulfilling their duty to provide advice and assistance. If an enquirer really has no web access, eg because they really cant visit a public library, then any employee of the PA can offer to print off and supply a hard copy. Moreover, the burden of extracting whatever information is actually sought from the range of records published falls on the enquirer, rather than on any employee of the PA.

FOI107
10.4) If the record does contain some exempt data, but there is no apparent public demand for the non-exempt remainder, Employee A adds a short note to the record (eg Sensitive Personal Data) and stores the record internally. Should any request for the records non-exempt content be received subsequently, when Employee A has moved on to other tasks, the aforementioned note should make redaction of the record much easier for them or any of their colleagues than would be the case if the informations sensitivity was only considered at a later date, in response to said enquiry. 10.5) If the record contains a mixture of: a) exempt data and b) non-exempt data for which there is an apparent public demand,

then Employee A stores the full record internally, but also produces a redacted version (with a note outlining the legal reasons for redaction) and stores this on a public web page. The non-exempt data thereby become absolutely exempt, as described at (10.3), while requests for the exempt data can be refused quickly and easily, as described at (10.2). 10.6) Where a record contains a mixture of exempt and non-exempt information, Employee A could be left to choose whether to follow the procedures outlined at (10.4), or those outlined at (10.5), according to their own judgement as to which would make their own life easier in the future. A further advantage of the system outlined above would be that difficult and time-consuming aspects of compliance, such as discussions between Employee A and a true FOI expert, or consideration of the Public Interest, could be undertaken when it was easier and more convenient to do so than when the twenty day clock had started ticking. 11) The approach proposed above would not, of course, help PAs deal with requests for information that is only held in hard copy, but the proportion of data held by PAs that does exist in electronic form is already very significant, and is only going to increase in the future. 12) Moving from the sort of system outlined as (9) to the sort recommended at (10) would be neither difficult nor expensive. It would, however, require the sort of sincere intention to comply with the Act that has proved singularly lacking amongst PAs to date. Monitoring the impact of the Act 13) PAs failure to treat so-called business as usual enquiries as the FOI enquiries that they actually are in law means that only problematic/expensive enquiries are considered when the costs of compliance are calculated. This drastically increases the reported average cost of dealing with an enquiry covered by the Act. 14) Current methods of monitoring the Acts impact do not take into account the advantages of pro-active publication, and should be adjusted accordingly. Eg, if a PA puts a suitably-redacted version of an internal meetings minutes on its website as a downloadable document, and ten people subsequently download that document, then that PA should be given the same credit for compliance as if it had satisfactorily answered an additional ten enquiries. February 2012