BACKDOOR ATTEMPT TO OBTAIN IRAQ WAR CABINET MINUTES FAILS

The minutes of the Cabinet meetings at which it was decided to go to war in Iraq have resurfaced for consideration by the Tribunal. First time round, the Tribunal agreed with the Commissioner that the minutes should be released, but the final word went to Jack Straw, by means of a ministerial veto – which was not subject to a judicial review challenge – issued under section 53 FOIA.

The requester in that case subsequently sought a backdoor route to the minutes, by requesting them under FOIA from the ICO itself. He also sought “background papers which show the processes of thought behind the Information Commissioner’s conclusion that the Cabinet minutes in question should be disclosed”. The ICO did not hold the minutes themselves, but it did hold some handwritten notes made by the then Commissioner, Richard Thomas, and by an ICO caseworker when visiting the Cabinet Office to inspect the minutes. It also held a confidential annex to the Decision Notice, which fell within the veto. All of these he refused to disclose.

The usual FOIA complaints and appeals process ensued, with the Commissioner issuing a decision notice in respect of his own refusal, and then defending that notice before the Tribunal in Lamb v IC (EA/2009/0108).

The basis of the refusal was section 44 FOIA, which provides that information is exempt if its disclosure is “prohibited by or under any enactment”. The Commissioner relied for the latter on section 59 of the DPA, which says that the Commissioner may not disclose information he obtained under the auspices of the Act “unless the disclosure is made with lawful authority”, which arises where “having regard to the rights and freedoms or legitimate interests of any person, the disclosure is necessary in the public interest”.

As the Tribunal accepted, this is a much higher threshold than the usual public interest test under FOIA: under section 59, there is effectively a presumption against disclosure.

The Tribunal was satisfied that this information was “obtained from” the Cabinet Office, notwithstanding the Appellant’s challenge on that point.

It also agreed with the Commissioner’s application of section 59. Much of the Appellant’s argument turned on the importance of the material he sought. This, said the Tribunal, overlooked the point that the Commissioner had already decided in the Appellant’s favour concerning the Cabinet minutes which he sought. The Tribunal also commented that:

“It is no part of the freedom of information regime to provide a mechanism by which a party who prosecuted a successful complaint to the Information Commissioner in the past may have his or her winning margin reassessed in the light of events subsequent to the date of the original victory”.

The Tribunal did not comment on whether the mere existence of the veto gave rise to the engagement or effectiveness of section 59. Nor did it speculate as to the circumstances in which reliance on section 59 could be defeated – although the wording of that section clearly envisaged this prospect.

COST OF COMPLYING WITH A REQUEST: NO DUTY TO SEARCH UP TO THE COST LIMIT

Cooksey v ICO and Chief Officer of Greater Manchester Police (EA/20100113) is the Information Tribunal’s latest application of the ‘cost of compliance’ “exemption” at section 12 of FOIA.

The case concerned a request in six severable parts for information concerning documents from a murder investigation undertaken between1992 and 1995. The material from that investigation was stored in entirely disorganised boxes – a state of affairs which the Tribunal found “astonishing”. This disorganisation gave rise to the engagement of section 12. Notably, the Commissioner had examined a sample of the material and produced his own cost estimate which was lower than that advanced by the public authority. The Tribunal was satisfied that section 12 was engaged on the basis of the Commissioner’s estimate – but not that of the public authority.

The Appellant argued that the boxes should have been searched up to the costs limit, given that any information found in relation to her request, even if only partial, would be useful. The Tribunal rejected this approach to section 12: if the costs limit is engaged, the effect of section 12 is to disapply altogether the duty to comply with the information request.

The Tribunal also found that the margin of difference between the compliance estimate and the costs limit is a relevant consideration “in these circumstances”.

Interestingly, the Tribunal further noted that the boxes had been numbered after receipt of the request for information, for purposes of transportation. This, the Tribunal suggested, constituted a change in the way that information was organised which might allow for differently constituted information requests to be made, relying on the box numbers as a way of targeting those requests.

STOLEN PRIVATE AND CONFIDENTIAL INFORMATION

In KJH v HGF [2010] EWHC 3064 (QB) Sharp J held that it was appropriate to continue an interim injunction and grant anonymity to protect the victim of blackmail which involved the threat of the revelation of stolen private and confidential information.  The evidence established to a high degree of probability that H was the victim of blackmail involving the threat of the revelation of stolen private and confidential information.  H was therefore likely to establish at trial that publication of the information should not be allowed.  There had also been no waiver of H’s privacy rights and there was no public interest justification for the publication of the information. The privacy interests engaged and the claim in breach of confidence were strong.  There was also a continuing risk that the private and confidential information stolen from H would be made public.  Strong public policy considerations which justified the protection of the identity of victims of blackmail arose in criminal and civil proceedings: such persons should not be deterred from seeking the courts’ protection for fear that the information which the blackmailer had threatened to reveal would be exposed or that their identity as the victim of blackmail would be made known.  A final determination of the matter had to await trial, granting anonymity at the interim stage served the interest of such an applicant in protecting his or her rights under ECHR Art 8 and the public interest in promoting the prevention and punishment of blackmail.  As a result it had also been necessary to derogate from the principle of open justice by holding the hearing in private and to anonymise the names of H and F.

James Goudie QC

WATER UTILITY COMPANIES NOT ‘PUBLIC AUTHORITIES’ UNDER THE EIR

The Upper Tribunal has this week handed down an important decision on the question of whether privatised water utility companies are ‘public authorities’ for the purpose of the Environmental Information Regulations 2004 (EIR): Smartsource v IC & 19 Water Companies (case no. GI/2458/2010). The background to the appeal was that Smartsource had submitted near identical requests for disclosure of information to some 19 water utility companies. It was not in dispute that the requests fell to be addressed under the EIR. The companies refused to provide the requested information on the basis that they were not ‘public authorities’ for the purposes of r. 2(2) EIR and, hence, were not subject to the disclosure obligations provided for in r. 5 EIR. The Commissioner rejected Smartsource’s complaint about the refusal on the basis that he accepted that the companies were not public authorities under r. 2(2). Smartsource appealed the Commissioner’s decision to the tribunal. The importance of the issues at stake in the case resulted in the appeal being transferred to the Upper Tribunal. The central issues which the Upper Tribunal was called upon to determine were as follows: (1) did the companies ‘carry out functions of public administration’ such that they fell within limb 2(2)(c) of the r. 2 definition of public authority; (2) alternatively, were they ‘under the control’ of a relevant public authority such that they fell within limb 2(2)(d) of the r. 2 definition.

With respect to the first issue, the Tribunal held that the companies did not carry out functions of public administration. It reached this conclusion applying a multifactoral approach akin to the approach adopted in the earlier cases of Network Rail v IC (EA/2006/0061) and Port of London Authority v IC & Hibbert (EA/2006/0083). Notably, the Tribunal rejected arguments advanced by Smartsource that the companies fell within limb 2(2)(d) of the definition because they: were appointed as statutory undertakers; were subject to a range of conditions imposed under statute; were subject to a comprehensive regulatory regime; were unable to choose their own customers or set their own prices; were obliged to provide a universal service; and would be subject to State intervention in the event that they failed. With respect to the second issue, the Tribunal held that that the companies were not ‘under the control’ of a relevant public authority for the purposes of r. 2(2)(d). In reaching this conclusion, the Tribunal accepted arguments advanced on behalf of the Commissioner and the companies that: the concept of ‘control’ in this context meant something more than that the body in question was merely subject to a stringent regime of statutory regulation; the aim of r. 2(2)(d) was to capture State/Executive functions in all their various guises and not the activities of privatised companies of the sort which were in issue in the instant case.

Importantly, the Tribunal also rejected ‘hybridity’ arguments to the effect that a body can be a public authority under the EIR for some purposes but not for others. According to the Tribunal, the way in which r. 2 was formulated meant that the body either was or was not a public authority (cf. the approach adopted in Port of London v IC).

COMMISSIONER HANDS DOWN FIRST MONETARY PENALTIES FOR DPA BREACHES

Up to now, the Commissioner has not exercised his powers under sections 55A-E of the Data Protection Act 1998 to impose monetary penalties on data controllers for breaches of the Act. Today, he imposed his first two financial penalties.

Hertfordshire County Council has been handed a penalty of £100,000 for twice sending faxes containing sensitive personal data to members of the public in error. The first fax, which is the subject of an injunction preventing further details being disclosed, was intended for a barrister but sent to a member of the public. The second fax, which concerned child protection matters, was intended for a County Court. The errors both occurred in June 2010, and were both reported to the Commissioner by the Council itself.

Secondly, the employment services company A4e has been fined £60,000 after an unencrypted laptop containing personal details of 24,000 users of community law centres was stolen from an employee’s home. This too was reported to the Commissioner by A4e itself.

THE FREEDOM OF INFORMATION (TIME FOR COMPLIANCE WITH REQUEST) REGULATIONS 2010

These Regulations are made under FOIA and extend the time limit for Academies to respond to requests for information. The normal time limit for responding is twenty working days of date of receipt of the request. However, where the information is requested from an Academy, then any working day which is not a school day for that Academy is disregarded (subject to a long stop of sixty working days). These are  the same timeframes as apply to schools covered by The Freedom of Information (Time for Compliance with Request) Regulations 2004 (S.I. 2004/3364) and The Freedom of Information (Time for Compliance with Request) Regulations 2009 (S.I. 2009/1369).

This post is also on 11KBW’s education blog: https://www.education11kbw.com/.