Redaction and Information Rights

The request was successful.

Dear Information Commissioner’s Office,

Please provide copies of any internal guidance, policies, procedures or training materials that are given to staff regarding redaction of personal data for SAR, S40 FOI disclosures or disclosures that are made to other requesters such as S29 requests from the Police etc.

Please provide copies of any policies or procedures regarding handling information rights requests (rights of the data subject) as defined under Sections 7 through 14 of the Data Protection Act 1998.

Please provide copies of any policies or procedures regarding handling information rights requests (rights of the data subject) as defined under Articles 12 through 22 of the forthcoming GDPR.

Yours faithfully,

Robb Stark

AccessICOinformation, Information Commissioner's Office

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

 

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit [1]http://ico.org.uk/about_us/how_we_comply

 

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

 

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

 

If you have requested advice - we aim to respond within 14 days.

 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

 

Copied correspondence - we do not respond to correspondence that has been
copied to us.

 

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

 

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

 

Yours sincerely

 

The Information Commissioner’s Office

 

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found at
[2]http://www.ico.org.uk/tools_and_resource...

 

Twitter

Find us on Twitter at [3]http://www.twitter.com/ICOnews

 

The ICO's mission is to uphold information rights in the public interest.
To find out more about our work please visit our website, or subscribe to
our e-newsletter at ico.org.uk/newsletter.

If you are not the intended recipient of this email (and any attachment),
please inform the sender by return email and destroy all copies without
passing to any third parties.

If you'd like us to communicate with you in a particular way please do let
us know, or for more information about things to consider when
communicating with us by email, visit ico.org.uk/email

References

Visible links
1. http://ico.org.uk/about_us/how_we_comply
2. http://www.ico.org.uk/tools_and_resource...
3. http://www.twitter.com/ICOnews

Information Commissioner's Office

8 Attachments

3 January 2018

 

Case Reference Number IRQ0714006

 

Dear Mr Stark

Request for Information
 
Thank you for your correspondence dated 29 November 2017, in which you
have asked:
 
"Please provide copies of any internal guidance, policies, procedures or
training materials that are given to staff regarding redaction of personal
data for SAR, S40 FOI disclosures or disclosures that are made to other
requesters such as S29 requests from the Police etc.
 
Please provide copies of any policies or procedures regarding handling
information rights requests (rights of the data subject) as defined under
Sections 7 through 14 of the Data Protection Act 1998.
 
Please provide copies of any policies or procedures regarding handling
information rights requests (rights of the data subject) as defined under
Articles 12 through 22 of the forthcoming GDPR."
 
We have considered your request in accordance with the requirements of the
Freedom of Information Act 2000. This entitles you to information held by
a public authority
 
Response
 
In response to the first part of your request please find attached the
following document:
 
How to Guide – Creating CSV Files – This explains how to publish datasets
and how we ensure that we don’t accidentally disclose personal data.
 
We have also considered a further document called the E-Redact User Manual
which is used to train staff to use our redaction software.
 
This document was provided to the ICO by Footprint Solutions for internal
use only as a supplement to the training course which we purchased and is
therefore considered to be commercially sensitive. Section 43(2) of the
FOIA states:
 
‘Information is exempt information if its disclosure under this Act would,
or would be likely to; prejudice the commercial interests of any person
(including the public authority holding it).’ 
 
ICO guidance states that Section 43 is engaged when there is “sufficient
likelihood to prejudice interests” and that “a commercial interest relates
to a person’s ability to participate competitively in a commercial
activity”.
 
This is a qualified exemption and requires that we carry out a public
interest test. Where a public authority like the ICO is satisfied that the
release of the information requested would prejudice their own and/or
another party’s commercial interests, it can only refuse to provide the
information if it is satisfied that the public interest in withholding the
information outweighs the public interest in disclosing it.

In this particular case we consider that the factors in favour of
disclosing this information are:
 

* The public interest in ensuring that ICO staff have the correct
training to use the software.

The factors for maintaining the exemption and withholding the information
are:  
 
 

* The public interest in the ICO protecting the legitimate commercial
interests of parties it does business with.
* The disclosure of the manual into the public domain could affect the
ability of Footprint Solutions to sell training courses to other
organisations. Restricting the ability of companies to act profitably
is not in the public interest.
* Organisations could be discouraged from providing services to the ICO.
This could lead to the ICO receiving fewer, less competitive or less
effective tenders than would otherwise be the case, which would harm
its ability to obtain the most effective services for the best use of
public funds.

We consider that in all the circumstances the public interest in
maintaining the exemption outweighs the public interest in disclosing this
information.

In response to the second part of your request please find attached the
following documents:
 
ICO Information Request Handling Procedures – This is our guidance for the
information access team on how to handle information requests.
 
Information Request Procedures – A Guide for all staff – This is more
general guidance for staff in other parts of the organisation.
 
Information Requests – CMEH Procedures - This explains how we set up and
handle information requests on our electronic case management system.
 
Guidance for Information Access teams on dealing with SARs and FOI/EIR
requests for legally privileged material – This explains how we handle
requests for legally privileged information.
 
Domestic CCTV Enquiries – This is a guidance note about how to handle
requests relating to domestic CCTV.
 
Subject Access Request Procedure for The Consulting Association (TCA) –
This is guidance about how to handle requests from individuals who believe
their information is held in the information seized from The Consulting
Association.
 
Motorman Enquiries - This is a guidance note about how to handle requests
relating to [1]Operation Motorman.
 
We also refer to our guidance on Disclosure of Information about ICO
Employees and Data Protection Act 1998 Section 10 – Guidance for staff.
 
Under section 21 of the FOIA we are not required to provide information in
response to a request if it is already reasonably accessible to you from
another source.  The information you have requested is available via the
following links on our website:

[2]https://ico.org.uk/media/about-the-ico/p...
 
[3]https://ico.org.uk/media/about-the-ico/p...
 
In response to the third part of your request we do not currently hold any
information that falls within scope. This work will be completed as part
of our project to prepare for GDPR and is due to be done this quarter.
 
Review Procedure

If you are dissatisfied with this response and wish to request a review of
our decision or make a complaint about how your request has been handled
you should write to the Information Access Team at the address below or
e-mail [4][ICO request email].
 
Your request for internal review should be submitted to us within 40
working days of receipt by you of this response.  Any such request
received after this time will only be considered at the discretion of the
Commissioner.
 
If having exhausted the review process you are not content that your
request or review has been dealt with correctly, you have a further right
of appeal to this office in our capacity as the statutory complaint
handler under the legislation.  To make such an application, please write
to our Customer Contact Team at the address given or visit our website if
you wish to make a complaint under either the Freedom of Information Act
or Environmental Information Regulations.
 
A copy of our review procedure can be accessed from our website
[5]here.
 
Yours sincerely
 
Ashley Duffy
Information Access Service Manager
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 01625 545625  F. 01625 524510  [6]ico.org.uk  [7]twitter.com/iconews
Please consider the environment before printing this email
 
 

References

Visible links
1. https://ico.org.uk/for-the-public/operat...
2. https://ico.org.uk/media/about-the-ico/p...
3. https://ico.org.uk/media/about-the-ico/p...
4. mailto:[ICO request email]
5. https://ico.org.uk/media/about-the-ico/p...
6. http://ico.org.uk/
7. https://twitter.com/iconews