Your privacy #
- Who gets to see my email address? #
We will not disclose your email address to anyone unless we are obliged to by law, or you ask us to. This includes the public authority that you are sending a request to. They only get to see an email address @whatdotheyknow.com which is specific to that request.
If you send a message to another user on the site, then it will reveal your email address to them. You will be told that this is going to happen.
- Will you send nasty, brutish spam to my email address? #
- Nope. After you sign up to WhatDoTheyKnow we will only send you emails relating to a request you made, an email alert that you have signed up for, or for other reasons that you specifically authorise. We will never give or sell your email addresses to anyone else, unless we are obliged to by law, or you ask us to.
- Why will my name and my request appear publicly on the site? #
We publish your request on the Internet so that anybody can read it and make use of the information that you have found. We do not normally delete requests (more details).
Your name is tangled up with your request, so has to be published as well. It is only fair, as we're going to publish the name of the civil servant who writes the response to your request. Using your real name also helps people get in touch with you to assist you with your research or to campaign with you.
By law, you must use your real name for the request to be a valid Freedom of Information request. See the next question for alternatives if you do not want to publish your full name.
- Can I make an FOI request using a pseudonym? #
Technically, you must use your real name for your request to be a valid Freedom of Information request in law. See this guidance from the Information Commissioner (October 2007).
However, the same guidance also says it is good practice for the public authority to still consider a request made using an obvious pseudonym. You should refer to this if a public authority refuses a request because you used a pseudonym.
Be careful though, even if the authority follows this good practice, the pseudonym will probably make it impossible for you to complain to the Information Commissioner later about the handling of your request.
There are several good alternatives to using a pseudonym.
- Use a different form of your name. The guidance says that "Mr Arthur Thomas Roberts" can make a valid request as "Arthur Roberts", "A. T. Roberts", or "Mr Roberts", but not as "Arthur" or "A.T.R.".
- Women may use their maiden name.
- In most cases, you may use any name by which you are "widely known and/or is regularly used".
- Use the name of an organisation, the name of a company, the trading name of a company, or the trading name of a sole trader.
- Ask someone else to make the request on your behalf.
- You may, if you are really stuck, ask us to make the request on your behalf. Please contact us with a good reason why you cannot make the request yourself and cannot ask a friend to. We don't have the resources to do this for everyone.
Please do not try to impersonate someone else.
- Why are there anonymous requests on the site? #
- Some public authorities were using mySociety's FOI Register software in order to use WhatDoTheyKnow as a disclosure log for all their FOI activity. When people make requests to the authority their names will usually be withheld from publication just as they would in an authority disclosure log on an authority website.
- They've asked for my postal address! #
If a public authority asks you for your full, physical address, reply to them saying that section 8.1.b of the FOI Act asks for an "address for correspondence", and that the email address you are using is sufficient.
The Ministry of Justice has guidance on this– "As well as hard copy written correspondence, requests that are transmitted electronically (for example, in emails) are acceptable ... If a request is received by email and no postal address is given, the email address should be treated as the return address."
As if that isn't enough, the Information Commissioner's Hints for Practitioners say "A request must ... include an address for correspondence. This need not be the person's residential or work address - it can be any address at which you can write to them, including a postal address or email address;"
Paragraph 107 of the Information Commissioner's Guidance on recognising a request under the Freedom of Information Act now contains a section specifically on WhatDoTheyKnow which states:
With respect to the address for correspondence, we consider the
@whatdotheyknow.comemail address provided to authorities when requests are made through the site to be a valid contact address for the purposes of Section 8(1)(b).
- No no, they need a postal address to send a paper response! #
If an authority only has a paper copy of the information that you want, they may ask you for a postal address. To start with, try persuading them to scan in the documents for you. You can even offer to gift them a scanner, which in that particular case embarrassed the authority into finding one they had already.
If that doesn't work, and you want to provide your postal address privately in order to receive the documents, mark your request as "They are going to reply by post", and it will give you an email address to use for that purpose.
To make our service easier or more useful, we sometimes place small data files on your computer or mobile phone, known as cookies; many websites do this. We use this information to, for example, remember you have logged in so you don't need to do that on every page, or to measure how people use the website so we can improve it and make sure it works properly. Below, we list the cookies and services that this site can use.
Name Typical Content Expires _wdtk_cookie_session A random unique identifier When web browser is closed, or 1 month if 'Remember me' is used seen_foi2 The number 1 if you have seen a notice 7 days last_request_id A number, identifying the last FOI request you looked at on the site When web browser is closed last_body_id A number, identifying the last public authority you looked at on the site When web browser is closed
Measuring website usage (Google Analytics)
We use Google Analytics to collect information about how people use this site. We do this to make sure it’s meeting its users’ needs and to understand how we could do it better. Google Analytics stores information such as what pages you visit, how long you are on the site, how you got here, what you click on, and information about your web browser. IP addresses are masked (only a portion is stored) and personal information is only reported in aggregate. We do not allow Google to use or share our analytics data for any purpose besides providing us with analytics information, and we recommend that any user of Google Analytics does the same.
If you’re unhappy with data about your visit to be used in this way, you can install the official browser plugin for blocking Google Analytics.
The cookies set by Google Analytics are as follows:
Name Typical Content Expires __utma Unique anonymous visitor ID 2 years __utmb Unique anonymous session ID 30 minutes __utmz Information on how the site was reached (e.g. direct or via a link/search/advertisement) 6 months __utmx Which variation of a page you are seeing if we are testing different versions to see which is best 2 years
Google’s Official Statement about Analytics Data
Measuring website performance (New Relic)WhatDoTheyKnow uses New Relic to collect data on the performance of the site - how quickly it sends pages and how much memory and processing power it takes on the computers that run it. We do this to ensure that the site runs quickly and efficiently. New Relic stores information on:
- What pages are visited on the site, and how long they take to load.
- The structure, not the content, of database queries made in order to run the site and how long they take to run.
- Memory and CPU usage on the servers that run the site.
Sample data about database queries, individual requests for pages is stored by New Relic for 7 days, aggregate data is stored for a maximum of 90 days.
Our own logging
In addition to the information you give us about yourself in order to use the site (e.g. your name and email address), we collect and log some additional information in order to analyse and fix problems with the site. Our webserver logs maintain a history of page requests. This includes information about requests, including the client IP address, data submitted (which might include your email address when you log on to the site), request date and time, page requested, browser version and referrer. We routinely keep this information for 28 days.
Bits of wording taken from the gov.uk cookies page (under the Open Government Licence).
- Can you delete my requests, or alter my name? #
WhatDoTheyKnow is a permanent, public archive of Freedom of Information requests. Even though you may not find the response to a request useful any more, it may be of interest to others. For this reason, we will not delete requests.
Under exceptional circumstances we may remove or change your name on the website, see the next question. Similarly, we may also remove other personal information.
If you're worried about this before you make your request, see the section on pseudonyms.
- Can you take down personal information about me? #
If you see any personal information about you on the site which you'd like us to remove or hide, then please let us know. Specify exactly what information you believe to be problematic and why, and where it appears on the site.
If it is sensitive personal information that has been accidentally posted, then we will usually remove it. Normally we will only consider requests to remove personal information which come from the individual concerned, but for sensitive information we would appreciate anyone pointing out anything they see.
You have the right under section 10 of the Data Protection Act to request that we remove your personal information on the grounds that it is causing you substantial and unwarranted damage or distress. We will consider any such notice, which does not need to explicitly mention the Act, and balance it against any public interest in publishing the material. There is some guidance on these notices on the ICO’s website.
- I’m a public servant - can you take down personal information about me? #
Whilst we have a general presumption that more openness is better, we will consider requests to remove the names of public servants when it seems unlikely that the public interest will be harmed by doing so.
This means that:
- If you are a decision maker of any seniority, or if you are responding to an FOI request, we will not normally remove your details from documents and emails sent by a public body. Accountability of decision-making is at the heart of good government.
- If you hold a junior, non-decision making post we will consider requests to remove your details. Removing these details is difficult for our volunteers to do, so please let us know why this really matters to you. If we agree to remove your details we will take reasonable steps to do so but in some cases may not be able to for technical reasons.
Learn more from the help for FOI officers -->