final presentation slides

Report
Information Law & Governance
11 November 2014
Key contacts:
Simon Charlton / Associate
0121 200 8118
[email protected]
Emma Emery/Partner
0845 274 6888
[email protected]
www.emlawshare.co.uk
Contents
• Decision Notices and Case Law update
• FOIA/DPA update
• Enforcement Actions by the ICO including a case study on
Niebel v Information Commissioner
• Overview of the Information Rights Tribunal procedure
www.emlawshare.co.uk
Human Rights Act 1998
Direct Result:
• Data Protection Act 1998 – governs the storage of and the
access by individuals to personal information about themselves
held by any body (private or public). Protects personal data.
• Freedom Information Act 2000 – allows individuals access to
information held by Public Authorities of “recorded” non personal
information.
NB: Access is to information, not necessarily to documents.
www.emlawshare.co.uk
Freedom of Information Act –
Public Authorities’ Obligations
• Adopt and maintain a “publication scheme”.
• Respond to requests for information under the Freedom
Information Act 2000.
• Obligation to respond within 20 working days.
• Presumption is for disclosure – cultural change.
www.emlawshare.co.uk
Data Protection Act 1998
•
•
•
•
•
An individual is a data subject.
Records relating to LIVING PERSONS.
Came into force – 1 March 2000.
Disclose within 40 calendar days.
Strengthens and extends data protection regime created by Data
Protection Act 1984.
www.emlawshare.co.uk
Freedom of Information Act 2000
Requests for Information
Can be made by:• Any person – corporate or unincorporated body.
• Could be foreign applications via UK agents.
• For data held by or on behalf of the Public Authority.
• Request must be in writing (no statutory application form).
• Must provide name and address of correspondent ? (email?).
www.emlawshare.co.uk
Requests for Information
• Must describe information required.
• Must pay a fee.
• Respondent Authority duty bound to provide reasonable advice
and assistance.
• Authorities ( subject to exceptions) have to:
(i) State whether they hold such information.
(ii) Communicate actual information.
www.emlawshare.co.uk
Requests for Information
• Satisfy request within 20 working days once fee is
paid unless there is a need to consider public interest.
If so estimate of time for disclosure should be given to
applicant.
• Hence need for early decision making. Breach of 20
working days common ground for criticism and
sanctions from ICO.
• Need process to deal with complicated requests.
• Staff equipped to recognise exemptions.
• Staff equipped to consider public interest test.
www.emlawshare.co.uk
FOIA Exemptions
Absolute – do not require the test of prejudice or the
balance of public interest to be in the favour of non
disclosure.
• Section 36 – Prejudice to effective conduct of public
affairs (relating to information held by Parliament).
• Section 40 – Personal Information (disclosure may
contravene DPA 1998).
• Section 41 – Information provided in confidence.
• Section 44 – Prohibitions on disclosure.
www.emlawshare.co.uk
FOIA Exemptions
Qualified – public interest test to be applied to decide
whether exemption should be applied or not.
• Section 36 – Prejudice to effective conduct of public
affairs (excepting Parliament).
• Section 37 – Communications with Her Majesty etc.,
and Honours.
• Section 38 – Health and Safety.
• Section 39 – Environmental Information.
• Section 42 – Legal Professional privilege.
• Section 43 – Commercial interests.
www.emlawshare.co.uk
FOIA-Public Interest Test
• Does the public interest in withholding information outweigh the
public interest in releasing it?
• If information is exempt this does not mean the whole document
will be withheld.
www.emlawshare.co.uk
Section 40(2) Personal Data
• Halton Borough Council, ICO Decision Notice ref FS0524012 1
April 2014
• Governing Body of Reading School v (1) Information
Commissioner (2) James Coombs EA/2013/0227, 15 April 2014
• Jonathan Corke v Information Commissioner EA/2014/0012 3
June 2014
www.emlawshare.co.uk
Recent Cases
• Edem v Information Commissioner – Court of Appeal [2014]
EWCA Civ 92.
• Surrey Heath Borough Council v (1)Information Commissioner
(2) Morley [2014] UKUT 0339 (AAC)
• Farrand v (1)Information Commissioner (2) London Fire &
Emergency Planning Authority [2014] UKUT 0310 (AAC)
www.emlawshare.co.uk
FOI/EIR and Vexatious Requests
• Section 14 of the Freedom of Information Act 2000
– Section 1(1) does not oblige a public authority to comply with
a request for information if the request is vexatious
• Regulation 12 (4) (b) of the Environmental Information
Regulations 2004
– …a public authority may refuse to disclose information … to
the extent that the request for the information is manifestly
unreasonable.”
www.emlawshare.co.uk
Case Law
• Upper Tribunal considered what constitutes a vexatious request
in Information Commissioner v Devon CC and Dransfield
[2012] UKUT 440 (AAC)
• Judge Nicholas Wikeley described section 14 as a “get out of jail
free card” for public authorities
• Key factors
– the burden (on the public authority and its staff)
– the motive (of the requester)
– the value or serious purpose (of the request); and
– any harassment or distress (of and to staff).
www.emlawshare.co.uk
ICO Guidance
•
•
•
•
•
Revised guidance issued in May 2013
Authorities should address the four themes.
“Significant burden” becomes one factor rather than a first test.
Well reasoned evidence is needed.
Authorities should engage with applicants to help them
understand why they consider a request to be vexatious.
www.emlawshare.co.uk
EIR
• ICO Guidance on dealing with “manifestly unreasonable
requests” issued in March 2013
• may relate to the request being vexatious or the cost of
compliance being too great
• “there is no material difference between a request that us
vexatious under section 14(1) of FOIA and a request that is
manifestly unreasonable on vexatious grounds under the EIR”
• “the exception is subject to the public interest test. In practice
however, many of the issues relevant to the public interest test
will already have been considered when deciding if the exception
is engaged.
www.emlawshare.co.uk
Cases since Dransfield
• Cain v Information Commissioner (EA/2012/0226)
• Sivier v Information Commissioner (EA/2013/0277)
• Department of Education v (1) ICO (2) L.McInerney
(EA/2013/0270)
• NS Chadha v IC EA/2013/260
www.emlawshare.co.uk
Section 3 (2) Information held by
public authority
• Hackett v (1) IC (2) United Learning Trust EA/2012/265
• Sandwell MBC FS50527537
• Innes v (1) IC (2) Buckinghamshire County Council 2014 EWCA
Civ 1086
www.emlawshare.co.uk
Section 43 Prejudice to
Commercial Interests
• Hugh Mills v IC EA/2013/0263 2 May 2014
www.emlawshare.co.uk
Publications/Guidance
• Local Government Transparency Code
• ICO Audit of 16 Local Authorities
• ICO Publication : Definition Documents & Templates Guides for
Model Publication Schemes
• ICO Publication: CCTV Code of Practice
www.emlawshare.co.uk
News
• Privacy by Design
• Beacon Technology
www.emlawshare.co.uk
Information Law and
Governance
Enforcement action by the ICO
www.emlawshare.co.uk
Enforcement action by the ICO
• Information Notice (section 43 DPA)
– Grounds
– Content
– Failure to comply
– Defence
– Privilege and self incrimination
www.emlawshare.co.uk
Enforcement action by the ICO
• Enforcement Notice (section 40 DPA)
– Grounds
– Content
– Failure to comply, defence
– Recent cases:
• Wolverhampton City Council 15 May 2014
• Glasgow City Council 4 June 2013
www.emlawshare.co.uk
Enforcement action by the ICO
• Assessment Notice (sections 41A – C DPA)
– Audit
– Grounds
– Content
– Code of Practice
– Failure to comply – Schedule 9
– Undertakings
www.emlawshare.co.uk
Enforcement action by the ICO
• Monetary Penalty Notice (section 55 DPA)
– Very high threshold
• Deliberate
• Knew or ought to have known
• Significant damage or distress
– Maximum penalty £500,000
– Notice of intent and representations
www.emlawshare.co.uk
Enforcement action by the ICO
• Monetary Penalty Notice (section 55 DPA)
– Aggravating and mitigating circumstances
• Effect of contravention
• Behavioural issues
• Impact on Data Controller
– Right of Appeal
– Enforcement
– Guidance
www.emlawshare.co.uk
Enforcement action by the ICO
• Monetary Penalty Notice (section 55 DPA)
– Recent cases
• Ministry of Justice August 2014 - £100,000
• Department of Justice Northern Ireland
Jan 2014 - £185,000
www.emlawshare.co.uk
Enforcement action by the ICO
• Criminal Prosecution
– Failure to notify (ss 17(1), 21(1))
– Failure to notify of changes (ss 20(1), 21(2)
and (3)
• Jayesh Shah
– Unlawful obtaining of personal data (s55)
• Dalvinder Singh
– Penalties
www.emlawshare.co.uk
Case Study: Niebel v
Information Commissioner
• Appeal against MPN
• Breach of PECR but appeal against section 55A
not PECR breach
• Central London Community Healthcare NHS Trust
– Failed to properly exercise discretion
– Self reported so barred
– Unlawful not to extend discount period
– Amount unsustainably high
www.emlawshare.co.uk
Case Study: Niebel v
Information Commissioner
• Notice and representations
• Grounds for challenge
– Serious contravention
– of a kind likely to cause significant damage and
significant distress
– Deliberate
– Knew or ought to have known
• Serious contravention would occur
• Likely to cause significant damage or
distress
www.emlawshare.co.uk
Case Study: Niebel v
Information Commissioner
• Request for particulars/statement of the
contravention
• Evidence
• Tactics
www.emlawshare.co.uk
Information Tribunal Procedure
www.emlawshare.co.uk

similar documents