Spending Challenge Web Portal - Identity of Data Controller - section 21 DPA 1998

Dear Her Majesty's Treasury,

Concerning the web portal found at
http://spendingchallenge.hm-treasury.gov...

The Treasury have been contacted to establish the identity of the
Registered Data Controller (section 1 DPA 1998) responsible for
content.

The Treasury have been unable to provide this information.

It has been claimed that the Data Controller is The Department For
Work and Pensions and the the Web Portal is operated under a
Reciprocal Agreement under Direct.gov.uk.

Please provide;

1.) The identity, contact details and data protection registration
number of the Data Controller responsible for content.

2.) Confirmation of the involvement of any third party data
controller or contractor in the management of Personal Data
processed in relation to content visible and accessible via this
web portal.

3.) The number of complaints received as to content and operation
of the web portal.

In relation to the moderation facility and reporting of
inappropriate content;

a) the minimum time from report to action to address reported
inappropriate content,

b) the maximum time from report to action to address reported
inappropriate content

c) the mean time from report to action to address reported
inappropriate content

Should HM Treasury and LORD COMMISSIONER'S OF HM TREASURY not be
the data controller, kindly confirm by return who is the Data
Controller so that matters can be correctly addressed to them.

Yours faithfully,

White.m.a

Dear Her Majesty's Treasury,

I am concerned that the FOI request issued on 15 July 2010 has as
yet not been acknowledge as received.

Could you please acknowledge receipt.

Yours faithfully,

white.mark.a

Dear Her Majesty's Treasury,

I am concerned that the FOI request issued on 15 July 2010, one
week ago, has as yet not been acknowledge as received.

Could you please acknowledge receipt by return.

Yours faithfully,

white.mark.a

Dear LORD COMMISSIONER'S OF HM TREASURY

The FOI Request I made on 15 July 2010 has not been responded to.

Such requests are to be responded to "Promptly" and within 20
working days.

The Freedom of Information Act says:

A public authority must comply with section 1(1) promptly and in
any event not later than the twentieth working day following the
date of receipt.

This deadline has now passed.

Kindly provide the information requested by return.

I will also bring to your attention The Data Protection Act 1998
section 24 Duty of certain data controllers to make certain
information available.

I have asked for the relevant particulars of The "Data Controller"
and it is an offence under the Data Protection Act to fail to
provide these free of charge within 21 days.

Kindly provide the required information in response to my FOI
Request by return.

Yours sincerely,

white.mark.a

Dear Her Majesty's Treasury,

Please pass this on to the person who conducts Freedom of
Information reviews.

I am writing to request an internal review of Her Majesty's
Treasury's handling of my FOI request 'Spending Challenge Web
Portal - Identity of Data Controller - section 21 DPA 1998'.

I am surprised and shocked that you have such bad management and
audit of FOI requests that you should report that you did not know
of or receive my original request dated 15 July 2010 until 14
August.

Can you also confirm what happened to my requests for
acknowledgement made 21 July 2010 and 22 July and why these are
supposedly not known - and why the Acknowledgement issued by HM
Treasury of 26 July 2010 is not known?

I am surprised that an identical request issued by an other person
4 days after my own was responded to promptly and within time
limits.

Is there a failure of procedure and mixing up of data by the
treasury in dealing with FOI requests? I take great exception to
discovering that any Data Controller is so negligent with my
personal data.

I am most unhappy with this failure by LORD COMMISSIONER'S OF HM
TREASURY - the data controller and request that this whole matter
be reviewed and explained in full.

There seem to be a very large set of questions to answer concerning
the Treasuries compliance with FOI and the correct and lawful
processing of Individuals data in compliance with the Data
Protection Act 1998.

A full history of my FOI request and all correspondence is
available on the Internet at this address:
http://www.whatdotheyknow.com/request/sp...

I do expect this request for Internal Review to be acknowledged by
close of business on 18/08/2010.

Yours faithfully,

white.mark.a

Dear responses, FOI,

I am worried and alarmed by your response and require specific
matters to be clarified.

You state that all correspondence was received so this makes it
clear that there were gross errors as of;

1)15/16 July 2010
2)21/22 July 2010
3)22/23 July 2010
4)26 July 2010

At all of these time points/Way-stages basic best practice in
correspondence and Database/Data Management have not occurred. This
is a shocking admission after 26 years of Statutory Obligation.

Your response indicates that The Treasury has most severe
weaknesses in basic good business and office practice, handling
legal communications and are failing materially to comply with
Statutory Obligation under the Data Protection Act which has been
know, or reasonably aught to have been known, since 1984 - some 26
years.

You state;

"First I can confirm that your emails were all received, however
one request had not been logged on the correspondence database or
passed to the Information Rights Unit".

I will point out that The FOI request was sent to The Treasury. Any
internal administrative failures in it being passed to the
“Information Rights Unit” are irrelevant. The Legal Obligation for
The Treasury to reply promptly is highly relevant.

Could you please clarify what you mean by "Logged On The
Correspondence Database"?

Kindly provide a list of the "Operands" used to Log an FOI request
in that database.

I will also point out that there is nothing within Legislation that
mentions Logging or Databases, only receipt. The Treasury seem to
have not kept abreast of both the times and case law concerning
Electronic Communications and run a clear and evident risk of
facing litigation due to such negligence and thereby wasting Tax
Payers Money.

It is most “Ironic” that the FOI request involved relates to the
Treasury Spending Challenge Website which asks for suggestions on
how to save money.

I will also point out that the following suggestion was submitted
to that site:

"For Government Departments To Comply With The Law & Cut
Foreseeable Wastage On Legal Costs

July 15, 2010 at 07:30PM

This site has and is promoting Racism, Disability Discrimination
and is failing to comply with the Equality Duties wholly owned by
the Treasury, and set out in The Treasury Document “Single equality
scheme 2009-2011” - tinyurl.com/33pukgy

In particular, the site fails to meet Full legal Obligations under
section 5 of that document and failure to comply is subject to
Judicial Review and or Dealing with Compliance Notices issued by
the Equality And Human Rights Commission.

Given that it was foreseeable and avoidable the risk of wasted
public money is unforgivable. Private sector management protocols
for Litigation Risk Management do apply and should be applied.

It should also be noted that failure to correctly manage the site
has also raised issues under section 5 of The Public Order Act 1986
- tinyurl.com/25b46fn which again were foreseeable, and as such it
indicates that the managers of The Spending Challenge have been
liaise-faire and unprofessional both with risks to the Public Purse
and also to the Rights of those abused.

If the Staff of the treasury are not competent in dealing with such
matters, they should be sent out to pasture and more competent
people employed to protect the Public Purse for avoidable risk to
the Public Purse.

The same applies for all other Government Departments too! Cut the
cost of legal Services caused by Incompetence – and cut out the
Incompetent and get some better staff.

How the idea could be implemented

For Government Departments To Comply With The Law & Cut Foreseeable
Wastage On Legal Costs To Defend The Indefensible"

The original post was at URL
http://spendingchallenge.hm-treasury.gov...

It seems odd that such a suggestion has not made it to the second
round for The Public to vote on.

It seems that other suggestions concerning compliance with
Statutory Obligation and reduction of Litigation Risk and Cost
Risks have also been withheld from The Public.

It would appear that suggesting that Statutory Authorities comply
with The Law to avoid recklessly and wastefully endangering public
funds is not seen as a good suggestion for the public to consider.

It seems that this issue is not just a single one at the Treasury
concerning Statutory Equality Duties, but covers many Statutory
Obligations including Data Protection.

I am also surprised by the admission of lack of Audit and Tracking.
You state;

"You also asked for an explanation of what happened to your
requests for an acknowledgement on 21 and 22 July."

You acknowledge that these communication arrived. So I require you
to fully account for the failure to follow best minimal practice
and reconcile the arrival of queries, as to why original
correspondence has not been acknowledged, with the originating
correspondence. That has after all been best practice in Business
Administration long before the introduction of Information
Technology Systems and Computer Systems.

Is it that the Treasury believe they can make no error, so any
indication of error is ignored?

It would appear that there is an air of Data Compliance Hubris
towards best minimal practice in Audit, Checking and Compliance
with both Office and Business Practices and Data Protection.

Why would such basic good practice and minimal compliance with the
Data Protection Act 1998 not occur?

It is not rocket science to follow the embedded Hyperlinks in the
documents you received on 15-21-22 July to verify the On-line FOI
requests existence and check it against both The FOI's received and
the Correspondence Database you refer too. At those Way-points
correction of Data Error can occur and should have occurred as of
21-23 and 26 July 2010. Why were these Data Processing Way-points
missed in total disregard of minimal best practice?

I am also surprised that HM Treasury are not using Multiple layers
of audit to Track FOI requests issued via the website at
http://www.whatdotheyknow.com. The site provides a full RSS (Really
Simple Syndication ) feed to any and all FOI requests issued to HM
Treasury.

Should the Treasury Information Rights Unit be unfamiliar with this
widely known and used facility, which has an extant history since
1995, it may be discovered and used via the following URL
(Universal Resource Locator);

http://www.whatdotheyknow.com/feed/body/...

It can be seen that this URL leading to the relevant RSS feed
allows for all FOI requests to be studied, verified and known to
exist. I therefore have to wonder that it is claimed that the FOI
request of 15 July is claimed to have been missed when there are so
many ways for it to have been apprehended – audited and complied
with.

That FOI request is readily seen in the RSS feed itself as are the
requests for acknowledgement.

The RSS feed even helpfully states “Awaiting response” where The
Treasury have failed to respond.

Am I to take it that the Information Rights Unit – Treasury
Correspondence Unit and The Treasury as a whole lack the capacity
to read or use basic well known IT systems and facilities that have
been publicly available and known for at least 15 years?

You may also wish to consider that it is standard best practice to
draw data and information from RSS feeds for business practice,
monitoring and audit – and has been for many years.

It would appear that such basic good practice and audit practice is
missing. Explain why.

There is evidently a most odd discrepancy in that you state you did
acknowledge receipt of the FOI request on 26 July, and yet still
the Correspondence Database was not updated. A “Third” Data
Protection Way-point is missed and ignored. Why?

Data Protection Principle 4 comes into play - "Personal data shall
be accurate and, where necessary, kept up to date.".

You admit that as of 26 July the Treasury were aware of error and
did not correct this. Why was the correction not made?

You indicate that it's not possible to be certain why this error
occurred and that raises most serious implications under the Data
Protection Act 1998 Principles 3, 4 and 7.

Principle 7 reads;

"Appropriate technical and organisational measures shall be taken
against unauthorised or unlawful processing of personal data and
against accidental loss or destruction of, or damage to, personal
data."

Such Technical and Organisation measures include receiving,
apprehending, acknowledging and acting upon data and information
that shows that failures have occurred and that Personal Data that
is in the possession of The Data Controller, or should reasonably
be in the possession of the Data Controller is Inaccurate.

The WhatDoTheyKnow RSS feeds for all FOI Requests to The Treasury
allow for checking of Extant and Awaited FOI requests and it a
basic Technical matter to use the feeds for Audit – and even best
practice in all Organisational areas to do so. Why has this basic
step in compliance with Data Protection Principle 7 not been acted
upon by HM Treasury?

Why have HM Treasury not implemented basic organisation measures to
verify RSS feed against Database so as to apprehend Inaccuracy in
Data?

It is not rocket science – and the audit can even be made by a
Human who is after all supposedly more intelligent than a machine,
and can apprehend the existence and nature of inaccurate data more
readily.

The Data Protection defines “inaccurate” thus;

"For the purposes of this Act data are inaccurate if they are
incorrect or misleading as to any matter of fact."

If the Treasury Correspondence Database did not correctly or
accurately record the receipt of FOI requests then the Personal
Data held is Inaccurate - and caused by failures in Organisational
and Technical failures.

Failure to audit against RSS feed makes the failure even more
inexplicable and even negligent.

You therefore acknowledge that you were knowingly in a position to
correct any errors as of 26 July 2010 and failed to do so -
following best practice in Audit and in compliance with the Data
Protection Act 1998 Principle 4 which again reads:

"Personal data shall be accurate and, where necessary, kept up to
date."

It is irrelevant that the Correspondence Database was inaccurate as
the Original FOI request is itself Personal Data and by the
admission of the Treasury received and therefore held in a
"Relevant Filing System".

The Data Protection Act 1998 states;

"“relevant filing system” means any set of information relating to
individuals to the extent that, although the information is not
processed by means of equipment operating automatically in response
to instructions given for that purpose, the set is structured,
either by reference to individuals or by reference to criteria
relating to individuals, in such a way that specific information
relating to a particular individual is readily accessible. "

Therefore the lack of recording of correspondence in a database is
something of a Red Herring, since the originating FOI request was
held in a "Relevant Filling System" and should have been acted upon
and lawfully processed as both an FOI request and "Personal Data".

Please explain exactly why my Personal Data was not processed
correctly in line with Principle 4 - given that you admit that you
had the opportunity on or before 21 -22- 26 July 2010 to correct
your own errors and ensure that you complied both with the Data
protection Act 1998 and the Freedom Of Information Act. It should
also be considered that as the RSS feed was available from the
moment the FOI request was issued – in reality The Treasury have no
excuse for claiming lack of Knowledge from 15 July to 14 August or
failing to comply fully with the FOI request in a timely and prompt
manner.

As you have not explained the errors and not accounted for failures
which should not have occurred under both best practice and
statutory obligation, I am advised that The Treasury have failed to
exhaust the Complaints Procedures involved.

Kindly have a full and valid explanation provided by return. I
suggest a maximum of five working days.

I am obliged to consider that the failure to provide a valid
response so far is obstruction of the process and procedure which
will allow the Information Commissioner to address defects under
two differing and highly applicable Statutory Powers – Both FOI and
Data Protection.

Kindly

1) log this correspondence in the Treasury Correspondence Database,
2) confirm by return that this has occurred,
3) confirm that it has been linked to the Original correspondence
as received,
4) confirm the date check (Cron) reference for when a full response
will be provided at the latest.

Should the Treasury not understand how to comply with The Data
Protection At 1998, you can seek advice from the Information
Commissioner's Office;

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Tel: 0303 123 1113
Fax: 01625 524510

https://www.ico.gov.uk/Global/contact_us...

The full text of the Data Protection Act 1998 can be found
http://www.opsi.gov.uk/acts/acts1998/ukp...

Yours sincerely,

white.mark.a