I think you also need to consider the matter of reasonable expectation.
If you make a request it is reasonable to assume that your name will need to
be shared to some degree to check certain things, are you already known as a
vexatious complainant and so on and so forth. Is someone else already
dealing with your request etc etc.
A similar parallel is data sharing by lenders with debt collection agencies.
It may not always be explicit that a lender will share with a particular
debt collector but it is a reasonable expectation that if you owe a lender
£1000 and make no attempt to pay it back they will share data to try and get
their money.
-----Original Message-----
From: Hawley, Graeme [mailto:[log in to unmask]]
Sent: 30 May 2006 15:09
To: [log in to unmask]
Subject: Re: [data-protection] Anonymity when making FOI requests of your
own organisation
There have been some really useful (and different) angles on this. Just as
an brief aside, although this is about FOI, the main issue for me was the
fact that the applicant's details are personal data, which is why I posted
to this list. I sought advice from the Scottish Information Commissioner's
Office but the response indicated that there was nothing within the FOISA
legislation to indicate what to do. They felt that it was more about DPA.
Tim Trent's Fair Processing note seems a pretty sensible approach.
Graeme
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]]On Behalf Of Nick Landau
Sent: 30 May 2006 15:01
To: [log in to unmask]
Subject: Re: [data-protection] Anonymity when making FOI requests of your
own organisation
DCA "Procedural Guidance Chapter 4 What is a Request"
http://www.dca.gov.uk/foi/guidance/proguide/chap04.htm
"Requests for information may be in any form and, as indicated above, need
not have to mention the Freedom of Information Act. The only restrictions
are that they:
a.. must be in writing
b.. must give the applicant's name and a return address
c.. must describe the information that is requested."
This is expanded on:
"In writing
As well as hard-copy, written correspondence, this term includes requests
that are transmitted electronically (for example, in emails) - provided that
they are legible and can be used for subsequent reference (that is to say,
they are lasting in nature)."
"Return address
There is no obligation to comply with a request for information if it does
not give a return address. If a request is received by email and, although
no postal address is given, the email address of the sender is included,
then this should be treated as the return address."
Regarding "Your duty to provide advice and assistance - what does this mean
in practice?" it says:
"If you have to request more information from applicants as to the precise
nature of the information they are requesting, then you should consider the
most appropriate way of obtaining it. It may be quicker to e-mail or, __as a
matter of good customer service, telephone the applicant.__"
Clearly the less contact information the requester provides the less
customer information that can be provided.
But if I have been an irritant to an organisation (and I am aware of that
fact) I will be aware that the provider of the information will see red when
my request comes in.
I don't see why eg a journalist should provide their real name when working
on a story about an organisation. That is different from pretending to be
another individual - which I would think in certain circumstances could be
tantamount to fraud.
Nick Landau
NB All the above is about FoI.
----- Original Message -----
From: "Carter, Antoinette (MCS)" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Tuesday, May 30, 2006 2:12 PM
Subject: Re: [data-protection] Anonymity when making FOI requests of your
own organisation
Here, here Tim! I think this is the sort of balance that we should be
trying to achieve.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Tim Turner
Sent: 30 May 2006 13:55
To: [log in to unmask]
Subject: Re: [data-protection] Anonymity when making FOI requests of your
own organisation
Purely personal opinion here - not my employer's official view but what I
think when people ask me who has made a request.
It's an instinctive reaction is to ask who has made a request, and I do not
see that as illegitimate. The FOI officer has a responsibility for ensuring
that all requests are responded to properly, and without discrimination
against the applicant. However, this isn't the same thing as keeping the
applicant's identity a secret. I have dealt with instances where the
applicant has requested anonymity, especially where third parties are
concerned. I always respect this, and I also routinely avoid disclosing the
applicant's identity to third parties when consulting them.
Nevertheless, to refuse to tell my colleagues or manager who has made a
request, particularly when they are more likely to deal with the
consequences of a disclosure than me, seems unnecessarily prim and lacking
in trust. Some colleagues like to know the background, and I cannot see any
reason why they shouldn't. In DP terms, I think it should be within the
applicant's reasonable expectations that their identity will be known to
staff within the organisation. I am happy to work for an organisation where
officers have knowingly disclosed information to their most awkward
correspondents - if the only way I could ensure consistency was to refuse to
tell my colleagues who applicants were, I would be worried.
Tim Turner
Data Protection / FOI Officer
Legal and Property Services
Wigan Council
-----Original Message-----
From: Lawrence Serewicz [mailto:[log in to unmask]]
Sent: 30 May 2006 12:24
To: [log in to unmask]
Subject: Re: [data-protection] Anonymity when making FOI requests of your
ownorganisation
While I accept that such a view about openness and transparency can be put
forward, I am not convinced that human nature supports it. If the government
were about openness and transparency, in its dealings with the public, would
we need to protect whistleblowers?
More to the point, the question is not whether the applicant must give an
identity, it is whether that identity should be shared widely within an
organisation. The two are related, but they are different.
When I first started to discuss FOI requests, I was surprised to find that
the first questions asked were "Why do they want to know that?"
The next question is then "Who is asking". Neither of these are material to
answering 99% of the FOI requests.
Is it fair processing that Mr. Smith's request for information about paper
purchases is known by senior managers? Does Mr. Smith's identity change
anything about the content of the response? We have strict limits about
sending someone's housing claims around an authority's internal e-mail, why
should someone's FOI request be handled differently? An applicant's
identity should be shared on a need to know basis otherwise is that fair
processing?
Lawrence
Lawrence W. Serewicz
Scrutiny Manager
Management Support Unit
Wear Valley District Council
01388-761-985
"Carter, Antoinette (MCS)" <[log in to unmask]>
Sent by: This list is for those interested in Data Protection issues
<[log in to unmask]>
30/05/2006 12:07
Please respond to
"Carter, Antoinette (MCS)" <[log in to unmask]>
To
[log in to unmask]
cc
Subject
Re: [data-protection] Anonymity when making FOI requests of your
ownorganisation
I take the view, and it is my personal view, that FOI is about openness and
transparency, and that if you expect that of the government department you
are dealing with, you should be equally open in your dealings with them.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Lawrence Serewicz
Sent: 30 May 2006 11:41
To: [log in to unmask]
Subject: Re: [data-protection] Anonymity when making FOI requests of your
ownorganisation
I was under the impression, although happy to be corrected, that the
applicant's identity was not something that should be shared unless
necessary. For example, pace the IC's Birmingham decision, identity may be
needed to determine whether a request is vexatious. If the request is for
potentially personal data, which would shift the request into data
protection.
I fear that requests will dry up if senior managers can know who is making a
request and on what topics. Knowing human nature, I would be seriously
surprised if senior managers want to know the identity for benign purposes.
Even if the person has not made the request anonymously, there is an
expectation that their request is what matters not who they are.
I recall reading a background article that pointed out that it would be good
practice to keep the applicant's identity as confidential as possible. (I
cannot find the article, but the case remains in my mind.) The article cited
a case in Japan where the government agency was taken to court by the
applicant because his application was being treated differently because
people knew he was making the request. The Japanese agency was told not to
refer to applications by the person's name and to keep knowledge of that
information to those that needed to know. Would we be processing mr.
smith's information fairly if we circulated the identity of his requests
throughout the organisation?
As I said earlier, I am quite willing to be educated on this issue.
Lawrence
Lawrence W. Serewicz
Scrutiny Manager
Management Support Unit
Wear Valley District Council
01388-761-985
"Carter, Antoinette (MCS)" <[log in to unmask]>
Sent by: This list is for those interested in Data Protection issues
<[log in to unmask]>
30/05/2006 11:03
Please respond to
"Carter, Antoinette (MCS)" <[log in to unmask]>
To
[log in to unmask]
cc
Subject
Re: [data-protection] Anonymity when making FOI requests of your own
organisation
The member of staff could have submitted their request anonymously but has
chosen not to. I therefore think that it is perfectly reasonable for you to
identify the requester to whoever you need to contact in order to answer the
request irrespective of any "awkwardness" it may cause. I'm sure managers
have worse to deal with...?
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Graeme Hawley
Sent: 30 May 2006 10:56
To: [log in to unmask]
Subject: [data-protection] Anonymity when making FOI requests of your own
organisation
Hi,
What is the score when an employee makes an FOI request of their own
organisation? I am the FOI officer at our organisation, and have received a
request for info from a member of staff. They have supplied their name and
email address. I am pretty sure that in gathering the information for this,
senior management will ask who this has come from.
There isn't usually a problem when it is external, and I can say something
like "a jounalist from the Telegraph", but it will be clear from the nature
of the question that this has come from inside. Despite being the FOI
officer, a request made for information isn't made personally to me, but
rather to the organisation. I am just the guy that handles them. However,
in order to satisfy the request, there is no need for anyone else to know
the identity of the applicant. On the other hand, the organisation itself
has received this request, so who am I to say who else in the organisation
should or shouldn't know? I feel that if the management knew the identity
of the applicant it may cause awkwardness for them (damage and distress).
Does anyone have any suggestions. In order to withhold the member of
staff's name I think I need some sort of refernece from the DPA. FOISA
doesn't say anything about this.
Cheers
Graeme
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*******************************************************************
Visit the National Library of Scotland online at www.nls.uk
*******************************************************************
This communication is intended for the addressee(s) only. If you are not the
intended recipient, please notify the ICT Helpdesk on
+44 131 623 3789 or [log in to unmask] and delete this e-mail. The
statements and opinions expressed in this message are those of the author
and do not necessarily reflect those of the National Library of Scotland.
This message is subject to the Data Protection Act 1998 and Freedom of
Information (Scotland) Act 2002 and has been scanned by MessageLabs.
*******************************************************************
This message is for the use of the intended recipient(s) only.
If you have received this message in error, please notify the sender and
delete it.The British Council accepts no liability for loss or damage caused
by software viruses and you are advised to carry out a virus check on any
attachments contained in this message. Our purpose is to build mutually
beneficial relationships between people in the UK and other countries and to
increase appreciation of the UK's creative ideas and achievements. The
British Council is registered in England as a charity.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This message is for the use of the intended recipient(s) only.
If you have received this message in error, please notify the sender and
delete it.The British Council accepts no liability for loss or damage caused
by software viruses and you are advised to carry out a virus check on any
attachments contained in this message. Our purpose is to build mutually
beneficial relationships between people in the UK and other countries and to
increase appreciation of the UK's creative ideas and achievements. The
British Council is registered in England as a charity.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**********************************************************************
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses using Sophos anti-virus
software.
www.mimesweeper.com
www.sophos.com
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This message is for the use of the intended recipient(s) only.
If you have received this message in error, please notify the sender and
delete it.The British Council accepts no liability for loss or damage caused
by software viruses and you are advised to carry out a virus check on any
attachments contained in this message. Our purpose is to build mutually
beneficial relationships between people in the UK and other countries and to
increase appreciation of the UK's creative ideas and achievements. The
British Council is registered in England as a charity.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*******************************************************************
Visit the National Library of Scotland online at www.nls.uk
*******************************************************************
This communication is intended for the addressee(s) only. If you are not the
intended recipient, please notify the ICT Helpdesk on
+44 131 623 3789 or [log in to unmask] and delete this e-mail. The
statements and opinions expressed in this message are those of the author
and do not necessarily reflect those of the National Library of Scotland.
This message is subject to the Data Protection Act 1998 and Freedom of
Information (Scotland) Act 2002 and has been scanned by MessageLabs.
*******************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|