Rachel Kamm – Page 5

PERSONAL DATA, REPEAT AND VEXATIOUS REQUESTS AND INVESTIGATIONS

Posted on 7th June 2011 | by Rachel Kamm

In Jeffery Lampert v IC and Financial Services Authority EA/2010/0203, the appellant was involved in a long running dispute with a bank, which had called on his guarantee of a loan and commenced bankruptcy proceedings against him. His MP had raised the matter with the FSA and the appellant believed that this had led to at least one investigation of the bank. The appellant subsequently made a freedom of information request for information held by the FSA recording the outcome of investigations into the bank about the matter and the calculation of the bank’s loss. The Information Commissioner found that any information falling within the scope of the request was the appllant’s personal data and therefore absolutely exempt from disclosure under FOIA. The First-Tier Tribunal found that:

there had been no investigation by the FSA of the bank and there was no document in existence which contained a calculation of the bank’s loss;
any information falling within the scope of the request would not have been the appellant’s personal data; applying Durant, the Commissioner was wrong to decide, in effect, that, merely because the information requested arose from the appellant’s complaints, it all constituted his personal data;
the FSA was entitled to rely on section 14(1) FOIA, in that this was a repeat request and a reasonable interval had not elapsed since the previous substantially similar request; and, further
there was ample material from which it could be found that the appellant’s request was vexatious.

In Public Prosecution Service for Northern Ireland v IC and John Collins EA/2010/0109, Mr Collins requested the PPS documentation (excluding names and addresses) relating to a particular criminal damage case. It was not in dispute that section 30(1) FOIA was engaged and the only issue for the First-Tier Tribunal was whether the public interest in maintaining the exemption outweighed the public interest in disclosure. The Tribunal accepted that it had to take into account the need for prosecutors to have a safe space in which to decide whether or not a case met the threshold for pursuing a prosecution, without fear of frank assessments being publicised after the event. Eroding this safe space would undermine the independence of prosecution authorities, compromise the quality of decision making, potentially deter witnesses from co-operating and undermine (without good reason) public confidence in those authorities. The Tribunal held that these factors attracted very substantial weight. The Tribunal found, having considered the disputed information, that there was no reason to suspect that the prosecuting authority had made substantial mistakes in this case. The public interest in maintaining the exemption therefore clearly outweighed the public interest in disclosure.

COOKIE MONSTER

Posted on 5th June 2011 | by Rachel Kamm

The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 came into force on 26 May 2011 and amend the Privacy and Electronic Communications (EC Directive) Regulations 2003, which cover direct marketing by electronic means and the use of cookies.

The amendments give the Information Commissioner new powers to serve a monetary penalty on an organisation when very serious breaches of the 2003 Regulations occur and to investigate breaches of the 2003 Regulations by obtaining information from certain third party organisations.

They also introduce an additional requirement where a website uses ‘cookies’, which are small files of letters and numbers downloaded on to a device when the user accesses certain websites, which allow the website to recognise the device. Except where a ‘cookie’ is strictly necessary, websites will now have to obtain the consent of the user or subscriber before ‘cookies’ can be placed on machines. The Information Commissioner has published guidance on the change to the rules. Organisations have 12 months from 26 May 2011 to make sure they comply with the new rules.

The Information Commissioner has issued this statement about how he intends to approach enforcing the new rules and using the new powers.

WISE MEN, ANGELS AND SHEPHERDS

Posted on 8th December 2010 | by Rachel Kamm

The Information Commissioner has produced a Good Practice Note on the taking of photographs in schools. The ICO press notice gives a seasonal example: “Having a child perform at a school play or a festive concert is a very proud moment for parents and is understandably a memory that many want to capture on camera. It is disappointing to hear that the myth that such photos are forbidden by the Data Protection Act still prevails in some schools. A common sense approach is needed – clearly, photographs simply taken for a family album are exempt from data protection laws. Armed with our guidance, parents should feel free to snap away this Christmas and stand ready to challenge any schools or councils that say ‘Bah, Humbug’ to a bit of festive fun.” The guidance states that the Data Protection Act is unlikely to apply in most situations where photographs are taken by parents in schools, although it does apply when photographs of children are taken for official use by a school or college (such as for issuing identification passes). The ICO advises that in the other small number of instances where the Data Protection Act 1998 does apply, it will usually be sufficient for the photographer to obtain permission from the parent or individual to take a photograph. The guidance is available here: https://www.ico.gov.uk/upload/documents/library/data_protection/practical_application/taking_photos.pdf.

This post is also available on 11KBW’s education law blog: https://www.education11kbw.com/.

THE FREEDOM OF INFORMATION (TIME FOR COMPLIANCE WITH REQUEST) REGULATIONS 2010

Posted on 24th November 2010 | by Rachel Kamm

These Regulations are made under FOIA and extend the time limit for Academies to respond to requests for information. The normal time limit for responding is twenty working days of date of receipt of the request. However, where the information is requested from an Academy, then any working day which is not a school day for that Academy is disregarded (subject to a long stop of sixty working days). These are the same timeframes as apply to schools covered by The Freedom of Information (Time for Compliance with Request) Regulations 2004 (S.I. 2004/3364) and The Freedom of Information (Time for Compliance with Request) Regulations 2009 (S.I. 2009/1369).

This post is also on 11KBW’s education blog: https://www.education11kbw.com/.

DRAFT DATA SHARING CODE OF PRACTICE

Posted on 11th October 2010 | by Rachel Kamm

The Information Commissioner is currently consulting on a draft Data Sharing Code of Practice. Subject to consultation and obtaining the Secretary of State’s approval, this will be a statutory code of practice issued under sections 52A and 52D of the Data Protection Act 1998 which can be used as evidence in any legal proceedings. The draft code is relatively short (less than 40 pages) and does not include as much practical detail as perhaps might have been expected. It is available on the Information Commissioner’s website (ww.ico.gov.uk) and the consultation period closes on 5 January 2011.

INTERNATIONAL RIGHT TO KNOW DAY

Posted on 30th September 2010 | by Rachel Kamm

28 September 2010 was International Right to Know Day. The Information Commissioner published a press notice to mark the day, making the topical point that “Freedom of Information shines a torch into the dark corners of public service, identifying wasted money and duplication of effort“. The Ministry of Justice took the opportunity to remind people that it is currently looking at extending the scope of the Freedom of Information Act.

WordPress + Bootstrap

Author: Rachel Kamm