Avoidance of replying to request on WDTK site

The request was successful.

Dear Information Commissioner’s Office,

The PHSO recently sent a response to my personal email address, even though the request had been made through the WDTK site.

As this particular organisation has sent emails to my private email address In the past, to avoid giving, what appears to be an answer which could cause it some embarrassment, I am keen to discover whether or not the ICO supports a blatant misuse of a requester's personal address - to avoid responding on a public site.

Surely support of this kind would lead to accusations of avoidance of sending a proper reply to the request address and therefore cannot be within the spirit of the Act.

If indeed the request is applicant blind..how can an organisation 'personalise' it by sending the response to a personal address, which the requestee has used in the past and may not want the organisation to reply to?

And logically, what if the requestee has changed their personal email address in the interim?

Is it the ICO's policy that because an employee of an organisation thinks he/she knows an alternative personal address to the WDTK site that the response can be sent to this address, yet it may never be received? And that absolves the organisation of responding within the legal time frame?

Or is the implication that the ICO thinks that the WDTK site address is not a legal address according to the FOIA - and therefore can be safely ignored by any organisation which does not want to respond publically?

::::

For your information:

On 8 Jan 2015, at 11:14, [email address] wrote:

8th January 2015

Case Reference Number FS50525888

The role of the ICO is to determine whether a public authority has complied with the obligations imposed by the Freedom of Information Act.

In your case it was our view that the PHSO (public authority) had complied with the FOIA because they completed their internal review on 30/09/13. We took this view even although the outcome of the review had been sent to your personal e-mail address and not to whatdotheyknow.....

Because of our status as a non-departmental government body the regulator who would consider complaints about our actions is the PHSO.

The PHSO will not consider whether or not there has been compliance with the FOIA, it will adjudicate on how we have handled your complaint against the ICO.

I reiterate therefore that:

our view is that the PHSO has complied with the FOIA by completing their internal review and providing you with a copy of their decision;
we will not be pursuing the FOIA decision further so if you want to take your complaint against the ICO further, you will need to contact the PHSO.
Yours sincerely

Jim Dunn (01625 xxxxxxxx)
Case Officer
Information Commissioner’s

Yours faithfully,

Jt Oakley

AccessICOinformation, Information Commissioner’s Office

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

 

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit [1]http://ico.org.uk/about_us/how_we_comply

 

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

 

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

 

If you have requested advice - we aim to respond within 14 days.

 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

 

Copied correspondence - we do not respond to correspondence that has been
copied to us.

 

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

 

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

 

Yours sincerely

 

The Information Commissioner’s Office

 

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found at
[2]http://www.ico.org.uk/tools_and_resource...

 

Twitter

Find us on Twitter at [3]http://www.twitter.com/ICOnews

 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.org.uk

References

Visible links
1. http://ico.org.uk/about_us/how_we_comply
2. http://www.ico.org.uk/tools_and_resource...
3. http://www.twitter.com/ICOnews

Jt Oakley left an annotation ()

The question is :

Does the ICO allows the PHSO special privileges to send WDTK request replies to any address it chooses - simply because the PHSO regulates the ICO?

Or does the ICO apply the same policy to all organisations?

CA Purkis left an annotation ()

Why am I under the impression that if the request is made on WDTK, It has to be answered on WDTK? Write to them and ask them. I think its definitely worth it.

Jt Oakley left an annotation ()

Directions from the ICO to public authorities;

 Section 11 is relevant when a public authority is providing information to a requester in response to a FOIA request. If the public authority is not providing the information because of an exemption, it is not relevant.
 It places certain duties on a public authority as regards how they provide information in response to a FOIA request.
 The requester may express a preference for having the information communicated by a particular means, namely a copy of the information, an opportunity to inspect it or a digest or summary.
 The requester must express their preference at the time of
making the request.
 The preference may be for the information in a particular form eg electronic or hard copy, but not for a particular electronic format or type of hard copy document.
 If the requester prefers to inspect the information the public authority should make it available for inspection if it is reasonably practicable to do so.

Apparently asking a public authority not to use a personal address and only to use WDTK for response Is not covered by this direction.

Perhaps the Commissioner will make it plain why requesters are not allowed to determine their own address for response.

Tim Turner left an annotation ()

There is nothing in the FOI Act that mentions What Do They Know. If PHSO's response is not compliant with the Act, that's one thing, but which section of the FOI Act would they have breached if they respond via a personal email rather than the one allocated to you by WDTK? The ICO doesn't get to make the law, so if no specific section has been breached, that's probably the end of it.

Jt Oakley left an annotation ()

I'm asking if any organisation can decide to use a requesters personal address, without even checking that the address is still in use.

This is important especially when the requester has specifically stated to the organisation that a particular address is NOT to be used for WDTK responses..as I did.

Requesters change addresses....Don't tell me that you've never changed yours.

So what gives an organisation the right to ignore a requester's given address..even if it is WDTK.?

That needs clarification from the ICO.

::::

And 'that is probably the end of it?

Like the ' probably' weasel word....added when you realised that it might not be.

.....' Probably ' you should wait until there is a response from the ICO - before assuming such authority on the matter.

Tim Turner left an annotation ()

I used the word 'probably' because the ICO sometimes confuses its opinion with what the Act actually says, which always has the potential to stretch a situation out longer than necessary. If you can identify a section of the Act that the PHSO has been breached, my scepticism will be unjustified and I will happily admit that I am wrong. However, I note that you have not done that, and in the end, all that matters is what the Act says, and what the Code of Practice says. Where does it say in the Act or the Code that they *can't* use another email address? As long as you receive their response, which requirement have they breached, other than your preference for a wider audience which isn't mentioned in the Act?

The ICO cannot order an organisation to do something unless it's in the Act, and cannot recommend that they do something unless it's in the Code. There would likely be a problem if the email address had not been in use, but if you hadn't received a response, you would have said so. Even if the Commissioner tries to weasel their way out of that, they can't change the law.

Jonathan Baines left an annotation ()

I think I'm going to do something rarely seen, and disagree with my esteemed colleague Mr Turner. Section 11(1)(a) of FOIA provides that

"Where, on making his request for information, the applicant expresses a preference for communication by any one or more of the following means, namely—...the provision to the applicant of a copy of the information in permanent form or *in another form acceptable to the applicant*...the public authority shall so far as reasonably practicable give effect to that preference"

Since the decision of the Court of Appeal in Innes v Information Commissioner & Anor [2014] EWCA Civ 1086 I think this section has been given a much broader scope. That case was about whether an applicant could specify a software format, and the Court held that they could (and the public authority should so far as reasonably practicable give effect to that preference). In this instance the applicant has expressed a preference for communication via WhatDoTheyKnow and I think this is a distinct "form" from communication by email. If it would be reasonably practicable for PHSO to give effect to the preference of communication via WDTK they should do so, and if they fail to do so and it is reasonably practicable, then the ICO could find a breach of s11(1)(a).

Jt Oakley left an annotation ()

'As long as you receive their response, which requirement have they breached, other than your preference for a wider audience which isn't mentioned in the Act? ...'

:::::

My preference for a wider audience?

Are in stating that the information from FOIA requests should be only read by those that request it?

It's not simply 'my preference' ....It's public information and therefore should logically be available in the public domain.

Because isn't that rather the point of the Act?

Or have I missed something - and organisations can keep information secret from the general public by the strategy of refusing to divulge it openly when requested?

And despite firmly stating around three times that responses should come via WDTK....

(This is just one time...on the Executive Office request which the PHSO vexed, subsequently upheld by the ICO ( of course) but sensibly overturned by a Tribunal).

From: Jt Oakley

29 January 2014
Dear Brown Steve,

Please only reply via this website on all FoI requests.

Yours sincerely,

Jt Oakley

https://www.whatdotheyknow.com/request/e...

...The PHSO suddenly decides to use my personal address when it has made a mistake - or has to supply a potentially embarrassing answer?

...... And by a remarkable coincidence, that's usually to do with Dame Julie Mellor.

.

Paul Staples left an annotation ()

What about s8(1)(b) ? Does the Act imply that the response should be to the "address for correspondence"? Since such an address is required for a valid request is it sensible to suppose that a responder can ignore it?

Jt Oakley left an annotation ()

Good point Paul.

That's why the public need to know whether the responder can pick and chose what the return address is.

Besides that, it would just seem common courtesy not to ignore requesters wishes.

Jt Oakley left an annotation ()

So presumably this decision has now been been overturned?

https://ico.org.uk/media/action-weve-tak...

Jt Oakley left an annotation ()

And here's another request that the PHSO was unwilling to answer in WDTK .....and tried move to my personal address.

It involves the link between Dame Julie Mellor and Rosemary Jackson. A business acquaintance of Dame Julie Mellor, who was awarded £50k contract.

The contract was later investigated by the NAO.

From: Jt Oakley

29 January 2014
Dear Whiting Luke,

Please only reply via this website on all FoI requests.

Yours sincerely,

Jt Oakley

Link to this
https://www.whatdotheyknow.com/request/r...

Jonathan Baines left an annotation ()

I've just noticed that the complaint in the original posting here was in relation to an internal review sent to the requester's private email address. There are no statutory provisions specifically relating to internal reviews, so section 11 does not apply.

Jt Oakley left an annotation ()

But that's even more bizarre.

Why would someone who is reviewing a request .. Presumably at arms length from the originali responder .. specifically search out an address for a review request to be sent to - which was not on the request?

The question is can a responder use any address they wish to respond to...specifically against the wishes of the requester and still have been deemed to have responded.

If this is so, the reviewer could have chosen to send the response to Buckingham Palace.... and it would still have been deemed a legal response to a request posted on WDTK.

Which would be a very nice way of avoiding any request an authority did not want to answer.

Jt Oakley left an annotation ()

Consider this: I have asked the PHSO not to use my personal email address for FOIA requests.

I would therefore consider my email address data to be private, as I would from any other organisation ...from that point.

Under DPA, has a government organisation presume that I have no right to my privacy?

Because private companies, once told not to use a telephone number - for their own purposes,have to desist.
It constitutes harassment and invasion of privacy, using data which has been deemed private by an individual and specifically not for their own defined use.

Are government organisations exempt and allowed to act in a way that private companies are not - because government bodies are not subject to DPA in the same way?

Fiona Watts left an annotation ()

Very interesting reading.

I too have been the victim of the same activity by a public service. Thank you for progressing your enquiry and for the contributions made by others.

Due to the amount of PHSO maladministration that I am STILL reviewing, I was unable to start a similar FOI request.

I look forward to a best response from The Ombudsman.

J A Giggins left an annotation ()

Yes, extremely interesting reading. I too have encountered the practice of PAs choosing to respond offline to a personal email address which seems to me to contravene the underlying principle of the FOI Act being applicant & motive blind, as expressed in this ICO circular:
https://ico.org.uk/media/for-organisatio...

Summary of correct approach
As a general summary, the correct approach in considering requests for information and the application of the exemptions and exceptions should be on the basis that the application could have been made by anyone, anywhere in the world, for any (non vexatious) reason

By directing a reply - or internal review response - to a different address to that which it originated from, and irrespective of the other DPA and FOI considerations already stated, surely there is an argument that PA's have ignored this guideline?

And yes, I realise that it is only a guideline, and perhaps that is the problem. Maybe the legislation needs to be tightened to avoid flexibility of interpretation. But in the meantime a definitive answer from the ICO on wdtk as to their current interpretation would certainly help.

Thank you Jt Oakley for making the request.

Jt Oakley left an annotation ()

Thank you Jan.

Looking through the pattern of why the PHSO has suddenly decided to jump email address from WDTK to my private address, it seems to be in requests in which Dame Julie Mellor is involved.

Why this should be, I can only speculate.

But it should be remembered that the ICO is overseen by the PHSO - as can be seen from the ICO response above which advises me to take the complaint that the PHSO is using my private email address to avoid responding in public back...

...to the PHSO

Information Commissioner’s Office

15 January 2015

 

Case Reference Number IRQ0567738

 

Dear Mrs Oakley

 
Request for Information
 
Thank you for your correspondence dated 8 January 2015. You ask questions
of the ICO, as follows:
 
“Is it the ICO's policy that because an employee of an organisation thinks
he/she knows an alternative personal address to the WDTK site that the
response can be sent to this address, yet it may never be received? And
that absolves the organisation of responding within the legal time frame?

Or is the implication that the ICO thinks that the WDTK site address is
not a legal address according to the FOIA - and therefore can be safely
ignored by any organisation which does not want to respond publically?”
 
Your request is being dealt with in accordance with the Freedom of
Information Act 2000. We will respond promptly, and no later than 6
February which is 20 working days from the day after we received your
request.
 
Should you wish to reply to this email, please be careful not to amend the
information in the ‘subject’ field. This will ensure that the information
is added directly to your case.
 
Yours sincerely
 
Steven Dickinson                
Lead Information Access Officer
 
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 01625 545676  F. 01625 524510  [1]ico.org.uk  [2]twitter.com/iconews
Please consider the environment before printing this email
 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.org.uk

References

Visible links
1. http://ico.org.uk/
2. https://twitter.com/iconews

Jt Oakley left an annotation ()

The previous ICO's judgement seems to be that an FOIA request is not a legal request - unless it states a name and return address. And accepts the WDTK address to be a legal address.

Therefore the respondee must, to comply with the legislation, respond to the address provided.

However, if the ICO decides that I am wrong and the respondee can reply to any old address, it will certainly benefit any organisation that wants to avoid the reason for the Act..to provide information for the general public. The requestee just being the conduit. Maybe the legislation should be tightened if this is the case?

Wayne Pearsall left an annotation ()

The email that WDTK send to the FOI Teams states "Please respond to the address at the top of this email" this is citing preference of where to respond. I am sure Ganesh / Richard / Others who work on WDTK can confirm the actual email sent to the P.A., But I have seen some examples in some threads of replies previously.

Wayne Pearsall left an annotation ()

-----Original Message-----
From: Wayne Pearsall [mailto:[FOI #226131 email]]
Sent: 20 August 2014 16:46
To: DWP freedom-of-information-requests
Subject: Freedom of Information request - normal procedures for answering MPs / MEPs Correspondence

Dear Department for Work and Pensions,

Can you please provide me with a copy of your guidance / policy for normal procedures for answering MPs and MEPs Correspondence.

Please provide guidance which you store which outlines when MPs and MEPs correspondence may be considered a complaint, and the manner in which you handle this correspondence / complaint.

Yours faithfully,

Wayne Pearsall

-------------------------------------------------------------------

Please use this email address for all replies to this request:
[FOI #226131 email]

Is [DWP request email] the wrong address for Freedom of Information requests to Department for Work and Pensions? If so, please contact us using this form:
https://www.whatdotheyknow.com/change_re...

Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies:
https://www.whatdotheyknow.com/help/offi...

If you find this service useful as an FOI officer, please ask your web manager to link to us from your organisation's FOI page.

-------------------------------------------------------------------

Jt Oakley left an annotation ()

It does seem that, for any sensitive point in having to respond to a request, the organisation concerned baulks at having to do so and uses the requester's personal address instead.

There are other incidences if this on WDTK..

In fact, it seems to act as an indicator that the organisation wishes to hide something.

Tim Turner left an annotation ()

It is worth pointing out that the FOI Act does not have a stated purpose. The Information Commissioner at the time it was passed said that it should have a purpose clause explaining what it was for, and Parliament decided against it. It's also worth remembering that each ICO decision notice is a decision about an individual request - previous decisions about WDTK are not binding precedents on anyone, not even the ICO itself. However, I think one of the problems with previous WDTK cases is organisations refusing to respond to WDTK requests at all, which of course, they would have no way of doing.

Nevertheless, WDTK is not statutory and it is often used by applicants who want to find a wider audience for their personal concerns. There's nothing wrong with that, but the law wasn't written to take WDTK into account (and I don't think it should be). The case that Mr Baines cites above is about a different issue - the applicant's preference for a specific format, rather than a specific email address. I come back to the original point I made at the start; if the ICO wishes to say that an organisation must use WDTK to respond to an address, they have to find a section of the Act which the organisation has breached by using another address. I haven't seen any suggestions of which section that would be.

Jt Oakley left an annotation ()

It isn't about using the WDTK site ...in particular,

It's about replying to the contact address given on the request by the requester, legally required under the Act.

Here's the Act:( see b)

8 Request for information.

(1)In this Act any reference to a “request for information” is a reference to such a request which—
(a)is in writing,
(b)states the name of the applicant and an address for correspondence, and
(c)describes the information requested.
(2)For the purposes of subsection (1)(a), a request is to be treated as made in writing where the text of the request—
(a)is transmitted by electronic means,
(b)is received in legible form, and
(c)is capable of being used for subsequent reference.

Logically, why does the Act require a requester have to give a 'contact address for correspondence ' if an organisation can then determine that it it is NOT to be used?

And this is really about organisations wanting to keep secret embarrassing stuff which they are forced to supply ....by moving it out of the public domain - after having rifled through old private correspondence to find the requester's private email address - to do so.

::::

And as for the 'meaning' of the FOIA .. 'Non-specific Acts ' are defined over time by General public's understanding of their usage....Not just FOIA specialists.

So the converse of what the public have come to expect cannot be true....

That the Act's intention is to allow organisations deny the public information ( which has come into existence because the public have paid for it to be so) by allowing them to send responses to any old address that specific employees of that organisation deem to be acceptable only to themselves.

Paul Staples left an annotation ()

Unfortunately logic may have little to do with it - as is often the case with the law.
I think everyone agrees that an authority SHOULD respond to the address which has been supplied by the requester as legally required. ICO has said as much in several decisions. To do otherwise is certainly poor practice, bad customer care, and pointless, since even if the aim is to keep the response off the web, the requester can always publish it elsewhere.
However the combined effect of s1(1)(5) and s1(5) is clear. If the authority HAS in fact communicated the information requested to the requester by any means, then the authority has complied with its statutory duty. By not using the WDTK address the authority takes a risk, but no more than that, and where the requester accepts he has had the info then I believe any complaint is doomed to fail. I do not think the authority is caught by the desired 'format' point in this respect.

Jt Oakley left an annotation ()

I'm not arguing about 'desired formats'.

The organisation could send the information by pigeon post as far as I'm concerned.

I'm arguing that a publically funded organisation is represented by an individual, who cannot it trawl it's files to avoid sending an answer to the legally required address, given by the requester, simply to avoid what the individual considers to be an embarrassment to his/ her boss, organisation.

Otherwise..why would it be necessary? Why would a request suddenly be switched off WDTK at a certain point when there has been a notification to the address?

::::

Each publically funded organisation has a head.

And amongst other requirements, that head's job is to be responsive to reasonable public requests for information.

If individuals are screening Foi requests specifically concerning the head of the organisation and diverting answers from the public domain, it has to be carried out with the approval of that individual.

The implication is that the head of the organisation is instructing the Foi team to use this tactic to avoid the public 'freedom ' implicit (there's a clue in the title) in the Freedom of Information Act, by limiting a response to an lone individual.

Jonathan Baines left an annotation ()

Paul Staples said

"the combined effect of s1(1)(5) and s1(5) is clear. If the authority HAS in fact communicated the information requested to the requester by any means, then the authority has complied with its statutory duty"

Unless the Act has had an amendment of which I'm unaware, there is no section 1(1)(5) so I presume this was a slip and you meant either s1(1)(a) or s1(1)(b). Nonetheless it's important to look at what s1(5) actually says: it says that duty to confirm that information is held (s1(1)(a) will have been complied with if the information requested has been communicated to the applicant. In other words, if an authority is disclosing the requested information it doesn't have to say "we confirm we hold this information". s1(5) does no more than that.

As for Mr Turner's point, I maintain that s11(1)(a) applies. I think provision of a copy of the requested information by using the preferred means of the WTDK software is "communicating by... the provision to the applicant of a copy of the information in...another form acceptable to the applicant". Or, rather, I think it is arguable that it can apply, and given that the courts have stressed that, as one of the key (if unexpressed) purposes of FOIA is the provision of information, its provisions should be construed expansively, it might well be an argument that could succeed.

Paul Staples left an annotation ()

Yes - typo. I meant 1(1)(b).

The problem as I see it is that no matter how expansively one interprets s11, where the requester actually admits that he has had the information communicated to him, the duty in 1(1)(b) has been satisfied.

Jt Oakley left an annotation ()

Paul Staples:

Please note the request is NOT about a particular request.

It is entitled 'Avoidance of replying to a request on the WDTK site ' and asks the ICO if the legally supplied address is deemed to be the proper address for a request response, or not.

I have provided back up information on ONE request, as proof that responses are being diverted off WDTK.

Possibly if the responders think a response might be embarrassing to the organisation's public reputation.

So far, some of the 'switch' criteria adopted by the PHSO seems to be requests which mention the Ombudsman, Dame Julie Mellor.

:::

In addition, in court, surely the onus would be on the organisation concerned to prove that the information had been delivered to the requester.

How can a response be a legal reply on a barred, or old file address', as this can't be proved as being received - without access to the complainant's computer.

What's the difference in saying: 'I'm moving house, this is my new address, so don't post a hard copy to my old address' - but the organisation deliberately choosing to ignore the change of address? It cannot be logical for an organisation to determine the respondent's address, as it could be used as a delaying tactic, if the response was a time-sensitive public relations issue.

And on email, the equivalent is that if a personal email address is 'unsubscribed' to any organisation, any further incoming messages can be blocked at the same time, with subsequent messages from that organisation being automatically diverted to Trash, or Spam.

::::

It might be of interest to add that I now have been told by the PHSO that the ICO have now told it to put a message that was sent to my private address onto the WDTK site.

Unfortunately it appears to be a list of answers to requests on the one request. And it seems to be a reply that has already been provided on WDTK. So now I'm totally puzzled.

But it begs another question :

If an authority provides an answer to a request on WDTK - but not on the correct link to a request, is that still considered to be a reply to another request?

....As the requester may not have the old request on Follow, and be totally unaware that the request has been answered.

Jonathan Baines left an annotation ()

Paul Staples said

"The problem as I see it is that no matter how expansively one interprets s11, where the requester actually admits that he has had the information communicated to him, the duty in 1(1)(b) has been satisfied".

Section 1(5) has nothing to do with section 11. It merely says that if you have communicated the information to the applicant you don't have to go through what would be an arid exercise of saying "I confirm we hold the information".

Paul Staples left an annotation ()

I think Jonathan and Jt Oakley have misunderstood my point.

The general position is clear. If authority supplies info to given WDTK address he as complied. If he supplies to another address he may have complied, but takes a risk and will need to prove compliance if challenged. In any event it is poor practice.

On this specific request on WDTK authority appears to have complied as requester accepts he has received the info. If we ignore the form / format point, which I concede is at least arguable, then it is no different from the following scenario. Employee makes written FOI request, using his home address for purposes of s8(1)(b). Employer hands all the info to employee in his office to save a stamp. Employer has accordingly fully complied with both duties in s1(1) and arguments that he has not sent the info to the s8 address are otiose.

Expecting ICO to give an opinion (which would be no more than that - just as mine and every other commenter's) via annotation correspondence in a completed request is not really the way to go.

Paul Staples left an annotation ()

Oops. Mea culpa. I thought we were still on the original request. Legal points still valid though and I still do not think an FOI request is the right place to, in effect, ask for an opinion.

In due course if ICO does this properly he will simply refere to his existing guidance, policies, LTT's etc, for which he could if he wants use s21 and we will be no further forward.

Jt Oakley left an annotation ()

One small note of correction Paul Staples

You state: :

'If authority supplies info to given WDTK address he as complied. If he supplies to another address he may have complied, but takes a risk and will need to prove compliance if challenged. In any event it is poor practice'.

::::

Authorities have no gender.

They therefore cannot be 'he's'

In addition, if you are referring to FOIA officers, my belief is that nowadays many authorities actually allow women to answer FOIA requests.

Jt Oakley left an annotation ()

39.
Such a reading fits, as Mr Innes says, with the apparent philosophy of the Act. Citizens are given the right of access to public information at least in part so that they can make use of such information. A construction of the Act which makes it easier for them to do so effectively is to be preferred.

67.

To my mind the words of section 11(1) of the 2000 Act are not intended to give the person requesting information only a choice between being provided with the information in permanent form or being provided with the information in another (non-permanent) form. That would be a restriction on the requester's ability to say what was or was not acceptable which would be surprising to find a statute intended to open up channels of information in bureaucracies which had hitherto been closed. The protection afforded to the public authority is that it is only required to give effect to that preference "so far as reasonably practicable"

http://www.bailii.org/ew/cases/EWCA/Civ/...

Ganesh Sittampalam left an annotation ()

Francis Irving challenged a public authority (the House of Commons) on the "address for correspondence" point some years back and got a decision notice from the Commissioner confirming that they had to use the address chosen by the requester:
http://www.ico.gov.uk/upload/documents/d...

https://www.whatdotheyknow.com/request/o...

Jt Oakley left an annotation ()

Thank you Ganesh.

Most interesting. Such a struggle for a sensible answer.

If FOIA information is available to the public, why withhold it from being in a public place? The alternative is for requestee to pass it to all interested parties, which could take some time .....as it is logically world wide access.
It would be interesting to know if other countries governments have such a reluctant stance.

Nb The ICO address given is now void - but it then just goes to the website with an illustrative pic of Christopher Graham. So presume that you would have to search the new ICO site?

Paul Staples left an annotation ()

Ganesh
fs_50276715 did not consider the point under discussion and says no more than that the authority SHOULD use the address provided under s8, not that it legally must if an alternative is known.

The issues in fs_50276715 were whether the wdtk address was valid in the first place, and as to copyright, both decided in favour of requester. There was no consideration of whether the authority could use another address if it had one. It clearly did not as it was refusing to supply until one was provided - a different issue.

Information Commissioner’s Office

2 Attachments

19 January 2015

 

Case Reference Number IRQ0567738

 

Dear Jt Oakley
 
I am writing further to our 15 January acknowledgement of your
correspondence dated 8 January 2015. As you know, we have dealt with your
request in accordance with the Freedom of Information Act 2000. We are now
in a position to provide our response.
 
You asked the following questions of the ICO,:
 
“Is it the ICO's policy that because an employee of an organisation thinks
he/she knows an alternative personal address to the WDTK site that the
response can be sent to this address, yet it may never be received? And
that absolves the organisation of responding within the legal time frame?

Or is the implication that the ICO thinks that the WDTK site address is
not a legal address according to the FOIA - and therefore can be safely
ignored by any organisation which does not want to respond publically?”
 
The ICO does hold some information which relates to the questions put
above. The information held is, for the most part, already published on
the ICO website and therefore, under the provisions of section 21 of FOIA,
we are not providing copies in this response because it is reasonably
accessible to you by downloading from the links below.
 
The ICO has previously served a decision notice about making responses to
What DoTheyKnow.com (WDTK). From your remarks, it appears you may already
be aware of this, but for completeness, it is available at the following
link:
 
[1]https://ico.org.uk/media/action-weve-tak...
 
The decision led to the creation of internal FOI policy guidance (LTT217)
which is not published on the ICO website, a copy is therefore attached.
The guidance on intellectual property rights referred to in the text of
this document is available on the ICO website at the following link:
 
[2]https://ico.org.uk/media/for-organisatio...
 
The ICO’s position in relation to requests made via WDTK is, as you say,
set out in the guidance on recognising a request made under FOI:
 
[3]https://ico.org.uk/media/for-organisatio...
(see, in particular, page 22 of the guidance).
 
The matter was initially considered in the context of FOI requests sent
via Twitter. While not directly relevant to your request, the policy
considerations are contained in a document, attached for completeness.
 
This is all the information held by the ICO which addresses the questions
asked and concludes our response to your request.
 
By way of advice and assistance, and because this may be relevant in some
instances, we would like to add that occasionally requesters mistakenly or
inadvertently use WDTK to submit requests, for information which turns out
to be their own personal data. These requests require dealing with under
the Data Protection Act 1998 (DPA) and not FOIA, and the disclosure of
personal data into a public forum such as WDTK would, as a rule, be
unlikely to be compatible with the first data protection principle,
particularly if it is considered likely that the requester has not
appreciated the implications of submitting a subject access request (SAR)
via WDTK.
 
In these circumstances, the ICO would always seek the requester’s
agreement to respond to the SAR more privately, either by post, or to an
agreed private email address. If no agreement to respond privately can be
reached, it is possible that the only alternative will be a refusal of the
request under section 40(1) of FOIA, even if the requester has apparently
consented to the disclosure. This is because the requester, at this stage,
does not know what the information to be disclosed may contain, and
therefore cannot make an informed decision regarding his consent to make
the information public via a website such as WDTK. We anticipate that
other public authorities may adopt a similar approach, if a response
involves disclosure of the requester’s personal data.
 
Yours sincerely
 
Steven Dickinson                
Lead Information Access Officer
 
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 01625 545676  F. 01625 524510  [4]ico.org.uk  [5]twitter.com/iconews
Please consider the environment before printing this email
 
 
If you are dissatisfied with the response you have received and wish to
request a review of our decision or make a complaint about how your
request has been handled you should write to the Information Access team
at the address above or e-mail [6][ICO request email]
 
Your request for internal review should be submitted to us within 40
working days of receipt by you of this response.  Any such request
received after this time will only be considered at the discretion of the
Commissioner.
 
If having exhausted the review process you are not content that your
request or review has been dealt with correctly, you have a further right
of appeal to this office in our capacity as the statutory complaint
handler under the legislation. To make such an application, please write
to the Customer Contact department, at the address above or visit the
‘Complaints’ section of our website to make a Freedom of Information Act
or Environmental Information Regulations complaint online.
 
A copy of our review procedure is available [7]here.
 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.org.uk

References

Visible links
1. https://ico.org.uk/media/action-weve-tak...
2. https://ico.org.uk/media/for-organisatio...
3. https://ico.org.uk/media/for-organisatio...
4. http://ico.org.uk/
5. https://twitter.com/iconews
6. mailto:[ICO request email]
7. https://ico.org.uk/media/about-the-ico/p...

Jt Oakley left an annotation ()

Legally known?

How would an authority establish that an address was legally known?

Through the courts?

Dear Information Commissioner’s Office,

Thank you.

As you state, I am now appraised if the situation as regarding the legitimacy of responses on WDTK.

And, as a retired newspaper editor, I have some knowledge of copyright. But thank you anyway.

I am also aware that some requesters may use WDTK initially to make SAR's. And clearly support the correct use of private information.

:::

However, this request asks specifically about organisations which tend to bridle at responding via WDTK ..sometimes mid-request - seemingly if the organisation suddenly wishes to avoid giving a publically accessible FOIA answer.

This is an AVOIDANCE of replying to the legally given address - as the request title states - and not only if the organisation should respond to the given address..such as WDTK, or Twitter, which the ICO guidance notes cover.

So as the response doesn't seem to cover the central issue, perhaps the ICO will now consider if it should have guidance notes which protect requesters from this mid-request switch from the legally given address, particularly since the PHSO has, in the past, used my old computer address ( kept as an archive and which I look at perhaps twice a year) in answer to a new request.

Granted there was an apology, (when I chased the response), but having ironed that problem out, the PHSO then went on to use another address - mid WDTK request, twice - after being specifically asked NOT to do so.

Seemingly, the ICO did not support this request not to use my private email address , by stating that I had received the response - even if the PHSO had flouted my request for the privacy of my personal email address- when making WDTK requests - and therefore it had complied with the Act.

Therefore:

DPA: I can it find anything in your reply relating to the requested privacy of my personal address with regard to WDTK requests.

Have I the right to privacy from government organisations - as I would with commercial companies - or not?

Have government organisation a special privileges to ignore the FOIA legally given address and use those which can be said to be 'unsubscribed', as - and when - they wish?

So I would be grateful if you would respond to this aspect of the request.

Yours faithfully,

Jt Oakley

casework, Information Commissioner’s Office

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

 

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

 

Please note that if you are concerned about the way an organisation is
handling your personal information, we will not usually look into it
unless you have raised it with the organisation first. For more
information please see our webpage ‘[1]raising a concern with an
organisation’ (go to our homepage and follow the link ‘for the public’).
You can also call the number below.

 

If you want an internet search provider to remove a link to information
about you – it will be a little longer before we can respond. We are
currently considering the implications of the recent decision by the Court
of Justice of the European Union and will contact you again in the next
six weeks.

 

Please note that we will not look at requests to remove internet search
results unless you have first asked the search provider. You should also
send us copies of all related correspondence.

 

If you have requested advice - we aim to respond within 14 days.

 

If you have made a request for information held by the ICO - we will
contact you as soon as possible if we need any more information to answer
your request. If we don't need any more information we will respond to you
within our published, and statutory, service levels. For more information
please see our webpage [2]'access information about the ICO' (go to our
homepage and follow the link for ‘about the ICO’).

 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

 

Copied correspondence - we do not respond to correspondence that has been
copied to us.

 

For more information about our services, please see our webpage
‘[3]service standards and what to expect’ (go to our homepage and follow
the links for ‘Report a concern’ and ‘Service standards and what to
expect'). You can also call the number below.

 

If you have a matter you would like to discuss with us, please call our
helpline on 0303 123 1113 (local rate).

 

Yours faithfully

 

The Information Commissioner’s Office

 

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found at
[4]http://www.ico.org.uk/tools_and_resource...

 

Twitter

Find us on Twitter at [5]http://www.twitter.com/ICOnews

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.org.uk

References

Visible links
1. http://ico.org.uk/for_the_public/raising...
2. http://ico.org.uk/about_us/how_we_comply
3. http://ico.org.uk/about_us/how_we_work/s...
4. http://www.ico.org.uk/tools_and_resource...
5. http://www.twitter.com/ICOnews

Information Commissioner’s Office

19 January 2015

 

Case Reference Number IRQ0567738

 

Dear Jt Oakley

You say "I would be grateful if you would respond to this aspect of the
request".

For the avoidance of doubt, no further information is held. Please
understand that the FOIA does not oblige a public authority to create new
information, or to answer questions and queries unless it already holds
information in its records which answers those questions.

In responding to your questions, we located and disclosed all the
information held by the ICO which has a bearing on the issues raised by
your questions. No further information is held.

Yours sincerely

Steven Dickinson                
Lead Information Access Officer
 
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 01625 545676  F. 01625 524510  [1]ico.org.uk  [2]twitter.com/iconews
Please consider the environment before printing this email
 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.org.uk

References

Visible links
1. http://ico.org.uk/
2. https://twitter.com/iconews

Dear Information Commissioner’s Office,

Thank you.

But please could you answer the part it the request relating to the Data Protection Act.

Have I any control over who uses my private email address....when I have specifically asked an organisation not to use it?

Does the DPA only apply to harassment by private companies, who continue to use private email addresses - or not?

Perhaps there is some information on file, relating to private companies which continue to spam private email addresses, when a member of the public has them to refrain?

Or is this not something the ICO does not oversee - and would come under some other public body?

Yours faithfully,

Jt Oakley

casework, Information Commissioner’s Office

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

 

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

 

Please note that if you are concerned about the way an organisation is
handling your personal information, we will not usually look into it
unless you have raised it with the organisation first. For more
information please see our webpage ‘[1]raising a concern with an
organisation’ (go to our homepage and follow the link ‘for the public’).
You can also call the number below.

 

If you want an internet search provider to remove a link to information
about you – it will be a little longer before we can respond. We are
currently considering the implications of the recent decision by the Court
of Justice of the European Union and will contact you again in the next
six weeks.

 

Please note that we will not look at requests to remove internet search
results unless you have first asked the search provider. You should also
send us copies of all related correspondence.

 

If you have requested advice - we aim to respond within 14 days.

 

If you have made a request for information held by the ICO - we will
contact you as soon as possible if we need any more information to answer
your request. If we don't need any more information we will respond to you
within our published, and statutory, service levels. For more information
please see our webpage [2]'access information about the ICO' (go to our
homepage and follow the link for ‘about the ICO’).

 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

 

Copied correspondence - we do not respond to correspondence that has been
copied to us.

 

For more information about our services, please see our webpage
‘[3]service standards and what to expect’ (go to our homepage and follow
the links for ‘Report a concern’ and ‘Service standards and what to
expect'). You can also call the number below.

 

If you have a matter you would like to discuss with us, please call our
helpline on 0303 123 1113 (local rate).

 

Yours faithfully

 

The Information Commissioner’s Office

 

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found at
[4]http://www.ico.org.uk/tools_and_resource...

 

Twitter

Find us on Twitter at [5]http://www.twitter.com/ICOnews

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.org.uk

References

Visible links
1. http://ico.org.uk/for_the_public/raising...
2. http://ico.org.uk/about_us/how_we_comply
3. http://ico.org.uk/about_us/how_we_work/s...
4. http://www.ico.org.uk/tools_and_resource...
5. http://www.twitter.com/ICOnews

Mr Cross left an annotation ()

In the case Francis took to the ICO, the public authority only had one email address (as far as I know) so it is a slightly different scenario.

Jt Oakley left an annotation ()

Jt Oakley left an annotation (20 January 2015)

Thank you Mr Cross.

You're right.

It's about ' Switching' addresses mid-request - not refusing to answer to the legally given address on the request.

I think that's maybe where the Data Protection Act comes in, so I'd like to find out.

This is just one example of what the PHSO has done to my requests:

https://www.whatdotheyknow.com/request/e...

...Starts to respond via WDTK then,when it looks like it's problematical , switches to my personal email address, which I have previously asked then not to do. Particularly since the response could then be in a file - which can't be transferred- and that I may have to re-type to put on WDTK.

Other requesters state that they have had the same ' Switch' problem.

::::

Nb.

You can see that after the PHSO had 'vexed' this request I had to ( after the ICO had rubber-stamped the vexation - the PHSO is the Ombudsman of the ICO's work ) attend a Tribunal. It was very clear that the request wasn't vexatious. Personally I couldn't see how the ICO could had read the request - and come to the vexatious conclusion that it did, particularly as it had cited the Dransfield case in its summary.

So I would say that it is very worthwhile attending an Information tribunal, as the judges are genuinely independent of the PHSO / ICO . It is also free, unless the judges feel that your case is capricious.

The Tribunal ( the QC ) had some very pertinent points to make about the PHSO's handling of the case. ( thus following on from Minister of Health Jeremy Hunt and the Patient's Association in the condemnation ).

The judgement is not on the website yet- but it is case: EA/2014/0093

J A Giggins left an annotation ()

Completely agree with you Jan that the DPA issue has not been addressed. If an internal review is sent to a different email address than the one the request originated from and the requestor designated as the address for correspondence, then surely that is not a reasonable use of personal information as it would have entailed review of previous contact.

It also,as I said above, goes against the spirit of the FOI Act which is supposedly applicant and motive blind, although this underlying principle seems to have largely been forgotten 'post Dransfield'.

I think the fact that the review response request should go to the same address as that used to make the request and used for the initial response is implicit in the existing FOI Act, but for avoidance of doubt maybe it should be suggested as an Amendment. No idea how to go about that though.....

J A Giggins left an annotation ()

Here is another example of where an internal review was taken "off site".

https://www.whatdotheyknow.com/request/p...

I didn't refer it on to the Information Commissioner though, so I don't know what his view would have been.

Information Commissioner’s Office

20 January 2015

 

Case Reference Number IRQ0568260

 

Dear Jt Oakley

  
Request for Information
 
Thank you for your correspondence dated 19 January. You have submitted a
new request for information, which will be dealt with under the new case
reference above. You asked:
 
“Have I the right to privacy from government organisations - as I would
with commercial companies - or not?

Have government organisation a special privileges to ignore the FOIA
legally given address and use those which can be said to be
'unsubscribed', as - and when - they wish?

[also]

Have I any control over who uses my private email address....when I have
specifically asked an organisation not to use it?

Does the DPA only apply to harassment by private companies, who continue
to use private email addresses - or not?

Perhaps there is some information on file, relating to private companies
which continue to spam private email addresses, when a member of the
public has them to refrain?

Or is this not something the ICO does not oversee - and would come under
some other public body?”
 
As before, this is not necessarily a request for recorded information, but
is instead an enquiry or question. It is being dealt with in accordance
with the Freedom of Information Act 2000 and if information which
addresses this question is located, it will be considered for disclosure
in response to your request. We will respond promptly, and no later than
16 February which is 20 working days from the day after we received your
request.
 
Should you wish to reply to this email, please be careful not to amend the
information in the ‘subject’ field. This will ensure that the information
is added directly to your case.
 
Yours sincerely
 
Steven Dickinson                
Lead Information Access Officer
 
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 01625 545676  F. 01625 524510  [1]ico.org.uk  [2]twitter.com/iconews
Please consider the environment before printing this email
For secure emails over GSI please use [3][email address]
 
 
 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.org.uk

References

Visible links
1. http://ico.org.uk/
2. https://twitter.com/iconews
3. mailto:[email address]

Dear Information Commissioner’s Office,

Please note that I have not made a new request to ask if the DPA affects the use of my personal information on an FOIA request. My understanding was always that the ICO is also responsible for the use of DPA on an FOIA request and that is why I presumed that the ICO would provide an authoritative answer to it.

Therefore the clarification which you have filed as a new request is cannot be so because the original request asks if the respondee has a right to use my personal information when replying to a FOIA request......therefore the use of DPA is already encompassed within it.

I would also remind you that if you did not understand the term 'personal email address' , or could not understand the request was, it would have been appropriate to provide help at that point, under Section 16.

Please therefore retread my request and respond to the clarification.

If you cannot accept the clarification, please respond straight away and I will put the request into review.

This is the request:

The PHSO recently sent a response to my personal email address,
even though the request had been made through the WDTK site.

As this particular organisation has sent emails to my private email
address In the past, to avoid giving, what appears to be an answer
which could cause it some embarrassment, I am keen to discover
whether or not the ICO supports a blatant misuse of a requester's
personal address - to avoid responding on a public site.

Surely support of this kind would lead to accusations of avoidance
of sending a proper reply to the request address and therefore
cannot be within the spirit of the Act.

If indeed the request is applicant blind..how can an organisation
'personalise' it by sending the response to a personal address,
which the requestee has used in the past and may not want the
organisation to reply to?

And logically, what if the requestee has changed their personal
email address in the interim?

Is it the ICO's policy that because an employee of an organisation
thinks he/she knows an alternative personal address to the WDTK
site that the response can be sent to this address, yet it may
never be received? And that absolves the organisation of responding
within the legal time frame?

Or is the implication that the ICO thinks that the WDTK site
address is not a legal address according to the FOIA - and
therefore can be safely ignored by any organisation which does not
want to respond publically?

::::

For your information:

On 8 Jan 2015, at 11:14, [email address] wrote:

8th January 2015

Case Reference Number FS50525888

The role of the ICO is to determine whether a public authority has
complied with the obligations imposed by the Freedom of Information
Act.

In your case it was our view that the PHSO (public authority) had
complied with the FOIA because they completed their internal review
on 30/09/13. We took this view even although the outcome of the
review had been sent to your personal e-mail address and not to
whatdotheyknow.....

Because of our status as a non-departmental government body the
regulator who would consider complaints about our actions is the
PHSO.

The PHSO will not consider whether or not there has been compliance
with the FOIA, it will adjudicate on how we have handled your
complaint against the ICO.

I reiterate therefore that:

our view is that the PHSO has complied with the FOIA by completing
their internal review and providing you with a copy of their
decision;
we will not be pursuing the FOIA decision further so if you want to
take your complaint against the ICO further, you will need to
contact the PHSO.
Yours sincerely

Jim Dunn (01625 xxxxxxxx)
Case Officer
Information Commissioner’s

Yours faithfully,

Jt Oakley

Information Commissioner’s Office

20 January 2015

 

Case Reference Number IRQ0568260

 
Dear Jt Oakley,
 
I note your comments that you have not submitted a new request.
 
In the circumstances it would seem that the most appropriate way to
progress this matter will be to treat your emails of 19 and 20 January as
an expression of dissatisfaction with the response provided to your 8
January request, and conduct an internal review. The internal review may
consider whether or not the supplementary questions you submitted on 19
January are implicit in the 8 January requests and ought therefore to have
been addressed in our response.
 
Kindly confirm your agreement to this approach and I will make the
necessary arrangements.
 
Yours sincerely
 
Steven Dickinson                
Lead Information Access Officer
 
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 01625 545676  F. 01625 524510  [1]ico.org.uk  [2]twitter.com/iconews
Please consider the environment before printing this email
 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.org.uk

References

Visible links
1. http://ico.org.uk/
2. https://twitter.com/iconews

Dear Information Commissioner’s Office,

Please pass this on to the person who conducts Freedom of Information reviews.

I am writing to request an internal review of Information Commissioner’s Office's handling of my FOI request 'Avoidance of replying to request on WDTK site'.

The response received so far does not really address the avoidance part of request, in that it ignores the DPA aspects inherent in it.... My personal information.

And how it can be used, or otherwise - by a government organisation- to avoid completing a WDTK request, which has already been acknowledged at the legally given address on the request.

Can a government organisation choose to switch its response to a requester's email address - to avoid replying to a WDTK request?

If you need any more clarification please read the request, responses and annotations in the WDTK website.

I would obviously be grateful if you would not switch your response to my private email address, as the ICO has it on file.

A full history of my FOI request and all correspondence is available on the Internet at this address: https://www.whatdotheyknow.com/request/a...

Yours faithfully,

Jt Oakley

AccessICOinformation, Information Commissioner’s Office

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

 

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit [1]http://ico.org.uk/about_us/how_we_comply

 

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

 

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

 

If you have requested advice - we aim to respond within 14 days.

 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

 

Copied correspondence - we do not respond to correspondence that has been
copied to us.

 

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

 

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

 

Yours sincerely

 

The Information Commissioner’s Office

 

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found at
[2]http://www.ico.org.uk/tools_and_resource...

 

Twitter

Find us on Twitter at [3]http://www.twitter.com/ICOnews

 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.org.uk

References

Visible links
1. http://ico.org.uk/about_us/how_we_comply
2. http://www.ico.org.uk/tools_and_resource...
3. http://www.twitter.com/ICOnews

Jt Oakley left an annotation ()

Thank you Jan Giggins.

It cannot be a total fluke that it's only in contentious issues that replies are switched to private addresses mid- response.

So thank you for another example of this sudden avoidance of answering on WDTK.

Information Commissioner’s Office

20 January 2015

 

Case Reference Number RCC0568368

 

Dear Jt Oakley

Thank you for your correspondence dated 19 and 20 January 2015.
 
This correspondence will now be treated as a request for an internal
review of the response we provided to your recent request for information
under the Freedom of Information Act 2000.
 
We will aim to respond by 16 February which is 20 working days from the
day after we received your recent correspondence. This is in accordance
with our internal review procedures which were provided with our response.
 
Yours sincerely
 
Steven Dickinson                
Lead Information Access Officer
 
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 01625 545676  F. 01625 524510  [1]ico.org.uk  [2]twitter.com/iconews
Please consider the environment before printing this email
 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.org.uk

References

Visible links
1. http://ico.org.uk/
2. https://twitter.com/iconews

Information Commissioner’s Office

20 January 2015

 

Case Reference Number IRQ0568260

 

Dear Jt Oakley

Following my acknowledgement of your internal review request, which will
be dealt with using our reference RCC0568368, this email is to inform you
that the case opened under reference IRQ0568260 will now be closed, and
the matters you raised will be dealt with in the internal review case
instead.

Yours sincerely

Steven Dickinson                
Lead Information Access Officer
 
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 01625 545676  F. 01625 524510  [1]ico.org.uk  [2]twitter.com/iconews
Please consider the environment before printing this email
 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.org.uk

References

Visible links
1. http://ico.org.uk/
2. https://twitter.com/iconews

Jt Oakley left an annotation ()

If you state that it IS another request then please proceed with it, although I can't see how it can be.

Please feel free to provide even more information that you thought was due to me on my initial request. otherwise I have a feeling that the issue will drag on and on, if I have to make yet another request, using more public money to do so.

Jt Oakley left an annotation ()

This is the GRC Tribunal Vex decision on a request that the PHSO tried to 'Switch' to my personal email address.

The ICO just accepted information fed to it by the PHSO, seemingly without checking the thread in WDTK,although reference was given. Which is worrying...

Tribunal overturned ICO's vex decision, with the QC making some pertinent points.

http://www.informationtribunal.gov.uk/DB...

Jt Oakley left an annotation ()

Sorry.. Link above will not work - WDTK asked for assistance.

Jt Oakley left an annotation ()

Data protection - the use of a personal addres that I have stated I do not wish the PHSO to use:

This is the first data protection principle. .. For organisations

In practice, it means that you must:

have legitimate grounds for collecting and using the personal data;
not use the data in ways that have unjustified adverse effects on the individuals concerned;
be transparent about how you intend to use the data, and give individuals appropriate privacy notices when collecting their personal data;
handle people’s personal data only in ways they would reasonably expect; and
make sure you do not do anything unlawful with the data.

So can I 'reasonably expect' to have my instruction about the use of my data ignored?

Paul Staples left an annotation ()

If have said not to use a particular email address, then yes, any subsequent use of the address is a possible breach of DP principle 1. That does not however mean that the FOI duty has not been satisfied if requester accepts the information has been disclosed. In fact the raising of a DP complaint may perversely be evidence of FOI compliance since it implies requester has received email.

PS Here is an alternative link to the Oakley case - which may or may not work. http://tinyurl.com/pyacxe8

Jt Oakley left an annotation ()

Thank you Paul Staples.

I've typed it out - roughly in case links don't work:

Background to the Appeal :

The relevant background to this appeal set out in the confidential annex to the DN and has been disclosed the Appellant and is adopted for the purposes of this appeal.

Essentially the Appellant made complaints to the Parliamentary and Health Service Ombudsman(PHSO) the public authority in question about the service received from PHSO are so including how staff have dealt with her concerns when dealing with her complaint about the Respondent herein.

The issues that arise in this appeal include requests made by the appellant where she claimed that she experienced difficulties in identifying where she should direct a complaint about the way her case had been dealt with and the member of staff concerned.

The nature and extent of the requests are set out fully in the DN the grounds of the Appellant and the Respondent's formal response.

The response specifically to these appellants request 18th of November 2013 PHSO for telephone extension numbers later, identified further clarified by the appellant to be telephone numbers of the executive office staff,( the requested information). PHSO provided a further response on February 4 stating that the requested information was still exempt by virtue of section 14 (1) FOIA were the reasons previously provided. It is noted that the PHSO did provide a central number for the Executive Office which could be used as a point of contact.

The Decision Notice

Section 14 (1) FOIA stated that a public authority is not obliged to comply with a request for information if the request is vexatious. There is no public interest test.

The Respondent properly identifies the criteria to be considered in the issue of vexatious requests and refers to the Dransfield decision wherein the Upper Tribunal commented that vexatious could be defined as 'manifestly unjustified inappropriate or improper use of a formal procedure' and refers to instructive identification examples such as the burden imposed by the request, the motive of the requester, harassment or distress to public authority employees while reminding us that these were not exhaustive tests.

As in any case before these courts and Tribunals, each case must be decided on its merits.

Proportionality and justification a important aspects also and again in Dransfield the Upper Tribunal helpfully identifies the importance of adopting a holistic and broad approach to the determination of whether a request is vexatious or not.

We note and have noted in many of these cases the significance of the previous course of dealings as there in the facts of this case.

In the DN his response to the grounds of an Appeal,the Respondent sets out carefully his reasoning his decision find that this case crosses the fine line between being 'obsessive rather than a persistent' request.

This tribunal heard at length from the Appellant at the oral hearing of this appeal and while we agreed request has most of the ingredients of a vexatious request and borders on the obsessive we are satisfied, having heard the Appellant, and considered all the evidence, that the request while certainly persistent, falls short of being obsessive and, in all the circumstances, we do not find the request vexatious.

Reasons

We do not accept that it was designed to cause disruption and annoyance to staff at the PHSO and while we accept it may well have done so we are convinced beyond doubt about the bona fide design behind the request, which arose out of frustration pursuant to her dealings with the PHSO in getting answers to important and genuine issues she required assistance with.

Again we do not accept that the appellant used her request as a means to vent anger at any particular decision or to harass and annoy the public authority.

We have considered carefully you respond to this suggestion in her Grounds of Appeal and the detailed evidence before us and I'll satisfied there were reasonable grounds for her request and there was reason to be dissatisfied with the service she was being given by the public authority

Having considered the evidence and on hearing the Appellant on what were clearly had genuine concerns, we find that the backdrop of other correspondence and complaints only exacerbated her grounds for concerns and the frustration she felt in all the circumstances of the case.

The Appellant clearly was not getting satisfaction nor the meaningful response she deserved.

This Tribunal reminds itself that every is the duty on Public Authorities to assist members of the public in formulating and processing their requests.

On hearing the appellant on the facts of this case we are all the view that more could have been done to assist the processing of this request.

That this was a request with a genuine purpose was acknowledged by the Respondent but this Tribunal adds that the Appellant has satisfied that the need for her persistence, in its various forms as it transpired on the facts is justified by the failure of the Public Authority to respond more comprehensively, effectively, efficiently or adequately.

This is despite the assertion that the value of this particular request maybe or even might be regarded as limited. We have no doubt ( and it seems to be common case) that the motive for the Appellant's request is to generally seek information that would enable her to contact the relevant person, in order to challenge the Review team's decision as they were not answering complaints.

That is what the case is all about.

This failure to act properly or adequately respond to this request led to confusion and frustration and a breakdown in communications such that the Appellant did not seek or deserve.

We are of the view that it is wrong to suggest that she deliberately sought to all set out to harass or distress the public authorities staff and on hearing the Appellant at length we find on balance this case has not been established.

We note that the Respondent also accepts to a degree these findings of fact but decided that the effect of the request was such to cause harassment or distress.

We do not accept this as proven on balance on the papers and have heard no evidence in support of these assertions.

Further if there were any perceived harassment or such distress then the burden for such, in our considered view, cannot be placed entirely on the Applicant or her request.

.....

We are satisfied that a more constructive and helpful response from the public authority would have averted the resulting persistence that evolved through the Appellant by a failure to provide appropriate assistance and answers in an unnecessarily long and drawn out process of dealing with the Appellant.

The evidence of impact of any burden on the authority is not, in our view, a burden which should be placed solely on the Appellant,on the facts of the case.

As can be seen from our deliberation above, this was an unfortunate case of poor communication that led to persistent conduct by the Appellant which bordered on the oppressive( sic) obsessive but did not in our view on a holistic and broad view of the facts of this particular case become either oppressive (sic) obsessive or vexatious.

Accordingly we allow the Appeal and reverse the finding of the DN under Appeal.

Brian Kennedy QC

http://www.informationtribunal.gov.uk/DB...

Paul Staples left an annotation ()

I do not think I can add anything to my views on the legal situation. But you may like to consider if PHSO is adhering to his own values : http://bit.ly/1CXN7bF

Jt Oakley left an annotation ()

Thank you Paul.

Plainly it isn't.

I've now had an external investigation on my case plus the court case upheld. And apologies - which of course mean precisely nothing - galore.

But the switching of FOIA responses mid-request ( which can be in non-text -copyable letter with a password) is annoying.

A one-off mistake could understand. But this seems to becoming a constant pattern to avoid replying online to WDTK requests. And that is why I am seeking guidance as to whether or not the ICO has any control of this switch strategy. Particularly as there is evidence on site that I have had to ask the PHSO to stop doing it,

Jt Oakley left an annotation ()

No consent:

I did not consent to my personal email address being used for the purpose of replying to WDTK requests.

In fact, I specifically asked the PHSO not to use my old address, or my more up -to -date email address.

Therefore I'm asking can an organisation override a specific instruction not to use my data in this way?

Data Protection Act

What is meant by “consent”?

One of the conditions for processing is that the individual has consented to their personal data being collected and used in the manner and for the purposes in question.

You will need to examine the circumstances of each case to decide whether consent has been given. In some cases this will be obvious, but in others the particular circumstances will need to be examined closely to decide whether they amount to an adequate consent.

::::

Consent is not defined in the Data Protection Act. However, the European Data Protection Directive (to which the Act gives effect) defines an individual’s consent as:

…any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.

The fact that an individual must “signify” their agreement means that there must be some active communication between the parties. An individual may “signify” agreement other than in writing, but organisations should not infer consent if an individual does not respond to a communication – for example, from a customer’s failure to return a form or respond to a leaflet.

https://ico.org.uk/for-organisations/gui...

Steven King left an annotation ()

Hi,
Not read all on this request, but buried somewhere deep in the ICO dungeons is guidance stating the requestor can expect the respondent to respond to the source of the request, and if they fail to do so can request the respondent to provide their response and any review decision to this website if the original request was submitted here.
Maybe I am repeating what others have said, but when asking to put a written response sent to my home without my asking them to on to the WDTK website, the public authority ' took advice ' and responded here.

Jt Oakley left an annotation ()

Thank you.

This is the latest from the ICO ...

'Your complaint has been accepted as eligible for further consideration and will be allocated to a case officer as soon as possible.

The concerns you raise, about what impact the handling of your request for information by the PHSO might have had on your rights under the Data Protection Act, are recognised and will be considered as part of the further investigation'.

This is after I made a formal complaint - so that the data protection aspect had to be covered.

Although I must say I'm a tad confused about what response relates to which request at this point.

But I've sent the ICO copies of the WDTK requests and screenshots where I'm asking the PHSO not to continue to send replies to my private email address, if requests are placed in WDTK. And only to answer via WDTK.

Information Commissioner’s Office

17 February 2015

Case Reference RCC0568368

Dear Jt Oakley 
 
Thank you for your internal review request of 20 January.
 
It has been passed to me to complete. I have considered your original
request, our response and your request for review.
 
I understand that you are not questioning the information we provided in
response to your original request. For completeness, I have considered the
searches we did and agree this is all we hold.
 
You question whether consideration of any data protection elements of your
query/request should have been dealt with in our original response. I
think a reasonable reading of your request is that it is confined to
consideration of responding to FOIA requests via whatdotheyknow which is
how we responded to it. There was the potential to explore possible data
protection elements of the scenario but in response to your queries.
Therefore, I am not upholding your complaint.
 
However, in an effort to be helpful, we have addressed the issues you have
raised below.
 
The last aspect of your correspondence, although you did refer to it as a
request, is a query about the data protection implications of the
circumstances you describe where an authority uses a personal email
address to continue a thread of correspondence begun on whatdotheyknow.
We’ve tried to address your main points in the following and hope it
helps.
 
As I think has been established, there is no particular freedom of
information issue with this – if section 1(1) is satisfied – i.e. the
information is provided to the requester within the statutory timeframe
then nothing is breached by changing email address. However, as suggested
by others, it would be good practice and sensible customer service to
respond to the address the requester used to make the request, unless it’s
agreed otherwise. It has been long established that an automatically
generated email address is a valid address for the purpose of section 8
FOIA.
 
It might also be worth noting that if a requester receives an FOI response
they are generally free to do with that response what they wish – which
might include posting it on whatdotheyknow or another publicly available
website. A disclosure under FOIA is a disclosure to the world at large and
once an authority is satisfied their disclosure is legitimate it accepts
that the information is in the public domain and might be used for other
purposes or in other forums, regardless of the address it is sent to.
 
Your entitlements under data protection law in this area remain the same
whether the organisation you are dealing with is public or private.
The potential issue in the circumstance you describe is one of fair
processing, and a clash with the purpose for which the personal email
address was originally provided to the authority. However, it seems
unlikely that responding to a request for information would be
incompatible with that purpose or that any detriment would arise from an
authority doing this. 
 
The other point is that if an individual had requested an authority to
stop using a particular address for contact because it was out of date/no
longer accurate then the authority should update their records and use any
newly provided address. However, if the requester is expressing a
preference that an authority use different addresses for different types
of contact but they are all valid and up to date, you would expect the
authority to take that into account when considering their response but
the law doesn’t necessarily require that they follow the preference every
time.
 
We have addressed this final point as an enquiry and not a request for
information.
 
I do hope this is of some assistance. I understand the issue you raised in
your PHSO case has been answered by our case officer. If you have other
specific queries or concerns with a particular organisation please raise
them with us via the concern section on our website –
[1]www.ico.org.uk/concerns. We try to use whatdotheyknow for its purpose
which is responding to FOI/EIR requests. We try to do the rest of our
business – dealing with concerns, enquiries or subject access requests,
via other channels.
 
Yours sincerely
 
 
Helen Ward
Information Access Manager
 
 
Next steps
 
If you are dissatisfied with the outcome of this internal review you can
complain to the ICO in its capacity as regulator of the Freedom of
Information Act 2000. You can do this on our website –
[2]www.ico.gov.uk/concerns.

If you wish to pursue the points you are raising as queries please do this
separately and also via our website. 
 
 
 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.org.uk

References

Visible links
1. http://www.ico.org.uk/concerns
2. http://www.ico.gov.uk/concerns

Dear Information Commissioner’s Office,

Thank you but I am more confused than ever...

You state:

......Therefore, I am not upholding your complaint.

I have not made a complaint via WDTK.

Surely that would be a personal matter - which would be covered under DPA ...unless I release the information.

So are you providing a review of my request on WDTK?

Or are you stating that a request for a review is now a complaint?
.

Yours faithfully,

Jt Oakley

casework, Information Commissioner’s Office

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

 

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

 

Please note that if you are concerned about the way an organisation is
handling your personal information, we will not usually look into it
unless you have raised it with the organisation first. For more
information please see our webpage ‘[1]raising a concern with an
organisation’ (go to our homepage and follow the link ‘for the public’).
You can also call the number below.

 

If you want an internet search provider to remove a link to information
about you – it will be a little longer before we can respond. We are
currently considering the implications of the recent decision by the Court
of Justice of the European Union and will contact you again in the next
six weeks.

 

Please note that we will not look at requests to remove internet search
results unless you have first asked the search provider. You should also
send us copies of all related correspondence.

 

If you have requested advice - we aim to respond within 14 days.

 

If you have made a request for information held by the ICO - we will
contact you as soon as possible if we need any more information to answer
your request. If we don't need any more information we will respond to you
within our published, and statutory, service levels. For more information
please see our webpage [2]'access information about the ICO' (go to our
homepage and follow the link for ‘about the ICO’).

 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

 

Copied correspondence - we do not respond to correspondence that has been
copied to us.

 

For more information about our services, please see our webpage
‘[3]service standards and what to expect’ (go to our homepage and follow
the links for ‘Report a concern’ and ‘Service standards and what to
expect'). You can also call the number below.

 

If you have a matter you would like to discuss with us, please call our
helpline on 0303 123 1113 (local rate).

 

Yours faithfully

 

The Information Commissioner’s Office

 

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found at
[4]http://www.ico.org.uk/tools_and_resource...

 

Twitter

Find us on Twitter at [5]http://www.twitter.com/ICOnews

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.org.uk

References

Visible links
1. http://ico.org.uk/for_the_public/raising...
2. http://ico.org.uk/about_us/how_we_comply
3. http://ico.org.uk/about_us/how_we_work/s...
4. http://www.ico.org.uk/tools_and_resource...
5. http://www.twitter.com/ICOnews

Jt Oakley left an annotation ()

Your entitlements under data protection law in this area remain the same whether the organisation you are dealing with is public or private.
The potential issue in the circumstance you describe is one of fair
processing, and a clash with the purpose for which the personal email
address was originally provided to the authority. However, it seems
unlikely that responding to a request for information would be
incompatible with that purpose or that any detriment would arise from an authority doing this.

:::::::::

::

I'm puzzled by the above response as the ICO doesn't seem to be able to differentiate between my personal circumstances - in which the PHSO has diverted FOIA responses away from WDTK - and the above request about the handling of ANY FOIA in a supposedly 'applicant blind' request.

It seems to boils down to ..' No harm done in your case' and therefore all 'switch' cases are the same.

However, inherent in the ICO response seems to be a belief that all public authorities 'purposes' are pure - and therefore there is no detriment to the requester in them switching an FOIA responses off a public site - when a response may be a something of an embarrassment to the authority - to an out-of date email address..which may, or may not, belong to the requester.

For instance, if someone called JSmith makes a request on WDTK can the organisation concerned trawl through the email addresses of all the JSmiths it has in record ....pick one ...and provide an answer to the email address of that chosen JSmith?

The ICO response seems to state so.

Surely an assumption on an email address cannot be an applicant- blind response?

...In fact, it's applicant-highly-scrutinised.

But the ICO has judged that this deviance from WDTK site response is 'not incompatible with that purpose or that no detriment would arise from an authority doing this'.

So, logically, any government organisation can choose any old email address it feels like responding to.

'The law doesn’t necessarily require that they follow the preference everytime' says the ICO.

Alternatively the law doesn't say that an authority has the right to pick and choose either.

So can ' the switch' comply with the FOIA?

What if the response to a request is time- sensitive?

These are government bodies which are supposed to comply with the Act by responding within the Act's time-frame.

Could a requestee who needed a response by a certain date ... and lost money as a result ( for example tender information) - complain, or even sue the organisation concerned, if the response had been sent to the wrong email address, or indeed the wrong person, whose address has been plucked out erroneously from a government file?

That is what I am asking ..NOT the specific outcome of any personal complaint I may, or may not have made about an authority that suddenly jumps off WDTK to my personal private address when given a request about a senior member of its own organisation.

Otherwise it could be assumed that it is the organisation's prerogative not to answer to a request about a matter of pure purpose in the public interest..say MP's expenses ...by sending the required legal response into potential oblivion.

Personally I would find it quite easy to assume that that the 'purpose' of any authority which tries to avoid giving responses to tricky requests on WDTK cannot be as pure as the ICO response suggests in its response.

However, I would think that an action like this would certainly be against the government policy of being,'open, transparent and acting with candour'.

Presumably the requirement to ensure that public authorities give their FOIA information ' openly, transparently ..and with candour' to the public - albeit they be WDTK requesters - isn't a concern of the ICO, with its 'pure purpose' suppositions safely guiding what public authorities are entitled to do?

Perhaps a political, or legal determination on the ICO's rrsponse on the 'pure purpose 'imbalance of requester/ responder ' needs clarification.

J A Giggins left an annotation ()

"We have addressed this final point as an enquiry and not a request for
information."

Perhaps one of the commentators to this request could advise on how to phrase the question so that it is treated as a request for information?

Jt Oakley left an annotation ()

Yes.. Beats me.

To me it's simple.

If the Act requires the requester to give a legal address at the time of request, (WDTK is legally accepted)then at what point can it be legally dismissed by the responder?

Granted the lawmakers didn't seem to predict that The Switch couid be used as a strategy at the time. But then the above responses seem to imply I have no control over my personal information, having specifically advised that my private email address is not to be used for WDTK requests.... When I thought use of personal information had to be 'agreed' between an organisation and a member of the public. Clearly the ICO thinks that the DP requirement doesn't apply to WDTK requesters - and that is worrying.

:::::

Irony Central:

It's the PHSO that 'switches' mid-request.

Yet the ICO is stating above that I have to complain to the PHSO that I am not happy with the ICO response on WDTK.

That's because the PHSO oversees the ICO.

The PHSO has now given me at least five apologies- including one from the Ombudsman and £500 for botching up my case - which ironically was about ......the ICO .

The PHSO then drove me to court - through misinforming the ICO that my complaint case was finished- therefore request vexatious (appeal upheld) ), so I'm rather reluctant to spend another year or so with the consistently blundering PHSO.

Especially since the PHSO and ICO seem to do nothing but uphold whatever the other does.

Jt Oakley left an annotation ()

(3) Where the public authority determines that it is not reasonably practicable to comply with any preference expressed by the applicant in making his request, the authority shall notify the applicant of the reasons for its determination.

::::

And did they?

Nope.

But I'd be interested to read any notified reasons why it is essential to switch mid request.

Fiona Watts left an annotation ()

Very well said here J.T Oakley!

Your tenacious spirit and strong sense of ethics raises an applause from East Anglia!

I quote the summary of your experiences with two regulation authorities here;

"Especially since the PHSO and ICO seem to do nothing but uphold whatever the other does."

Regulation of public services and management in the UK? What "regulation"?

Jt Oakley left an annotation ()

Thank you Fiona.... Very kind

The thing that always puzzles me is that the PHSO's complainants are those who have struggled through one complaints system, yet the PHSO determines that the huge majority have no complaint to answer.

Case closed.

That either means that the Ombudsman has a ridiculously high malaministration criteria, or the public are wrong in what they believe maladministration is.

The public votes for what it expects its government to do ( given its election promises), so its a strong message that the complaining public don't think that the governance of say..the NHS ..is right - and that maladministration has occurred. Yet so many are dismissed.

Yet they believe that the organisation is not complying with what the elected government is directing them to do - with the public money allotted to it, on behalf of themselves.

:::

Logically, the PHSO was saying that the Mid- Staffs and Morecambe Bay administrations were exactly what the government wanted the NHS to do. There was no maladministration.. Which boils down to bad administration.

So clearly there is a huge gap in what the public thinks of as being maladministration - and that which the PHSO defines as being so.

Or it can be surmised that the government - at at the time - had directed that there was no NHS malaministration in putting so many patients at risk and so directing the PHSO to uphold its governance, for political reasons.

The other alternative was that the PHSO was inept and not fit for the public purpose then ...and, as there seems to be no improvement, not fit for it now.

:::

The more sensible New South Wales Ombudsman seems to define maladministration on the same terms that the public does:

‘It is clearly wrong’

...New South Wales Ombudsman who note the term maladministration has been defined in their Protected Disclosures Act 1994.

https://www.whatdotheyknow.com/request/m...

Jt Oakley left an annotation ()

19th March 2015

Case Reference Number FS50525888

Dear Mrs TO

Your case has now been allocated to me for consideration. I have reviewed all of the correspondence on the case file and I am unclear as to the substance of your complaint.

Could you firstly confirm it is your request dated 14 August 2013 you wish to complain about? If it is could you also confirm whether your complaint relates to your issue with the fact that the PHSO did not provide the internal review response via WDTK or do you now require an investigation into the application of section 12 to this request as the PHSO has said it would exceed the cost limit to respond?

Please provide this clarification within the next 10 working days, that is by 2 April 2015, to enable me to proceed with this investigation.

Yours sincerely

Gemma Garvey
Senior Case Officer

:::::

According to WDTK this is the only request made in that date.

Is this the request to which you are referring?

Dame Julie's signed letters to members of the public and MP's

https://www.whatdotheyknow.com/request/d...

::::

Thank you but, as a courtesy, could you please use my file reference -which is the title of the request in communications, as well as your own file reference.

Otherwise - especially in this case where there are three strands - it is difficult to determine which request you are referring to.

Or is this my reference, to which you are referring?

Avoidance of replying to request on WDTK site

https://www.whatdotheyknow.com/request/a...

In which I am asking whether an organisation which has to comply with the FOIA, can:

1. Ignore the legally demanded address ( and name ) of the person who has provided name and address under a specific stipulation of the Act.

2. Or can choose a similar name and this a possible address that it may have in file - even now that address may be incorrect.

You may have noted that my request on WDTK is named as JtOakley and not Janet Treharne Oakley.

The PHSO cannot assume that the requestee is the same person of which it may hold personal data, simply because the name has similarities.

It would be the incorrect use of the personal data. And I believe the PHSO has done so.

The second point is that permission for the use of data held has not been given to be used in this way. The permission is inherent in the request.

Say .. A FOIA requester is called JSmith.. Can an organisation trawl it's files , decide which JSmith might be making a request and reply via a personal address from which a James Smith once contacted it?
The requester may be John Smith.

That is why I believe the Act is specific in asking a requester to supply a name and address and with which it must be comply.

To construe anything else ...by using the private data of individuals cannot be correct and can only lead to confusion.

Jt Oakley

Steven King left an annotation ()

Hi Jt Oakley,

What a great request - and full of so much useful information.

I have now established that in certain cases ( but I dont know which ones !! ) FOI requests are no longer applicant blind .

Another interesting points, two FOIA requests ive made here to the ICO and other public bodies have been moved to a private section of the whatdotheyknow website that cannot be seen by the public.

Interestingly - one request made to the ICO was immediately moved to the 'private area ' by whatdotheyknow - maybe at the request of the ICO - i dont know ?? - but the ICO is responding to that hidden request under ANOTHER request I have outstanding with the ICO - so their responses to both requests will appear on the wdtk website - but not the request for the information ?? Confusing me !

I know WDTK can sometimes be put under considerable pressure when public bodies maybe go over the top to protect their reputation and maybe covering up the truth - in my opinion an abuse of power by the public body - by maybe covering up the truth of matters asked about within a request that they need to respond to.
A certain major NHS body emailed whatdotheyknow threatening Legal action by 3pm that day if a specific request was not edited as it MAY note ' MAY ' be damaging to them , so the request was moderated .

Naturally WDTK did what they thought was best.

I have since found out a very senior staff member did not follow policy regarding some VERY serious matters - something they could and should have made me aware of in their response to my request .

Two of my requests have been moved to the private section of WDTK in the past 6 months or so, the first request to an NHS body has since been ignored by the public authority since my request was made last October - out of sight now, so no need for them to comply with my request even though they have sent 4+ emails confirming receipt and apologising for delay up to the end of last year - but no information ! Damage limitation at its best - for them ,

Damage at its worst for me !

Jt Oakley left an annotation ()

(3) Where the public authority determines that it is not reasonably practicable to comply with any preference expressed by the applicant in making his request, the authority shall notify the applicant of the reasons for its determination.

::::
Again..it gets back to the above.

It doesn't say anything about format of the response ..... WDTK, private email computer formats or pigeon post.

What is says is that the PHSO has to state why replying via the legally required address given - WDTK)- is inappropriate via a notification to me, on WDTK.

Then, having made the notification, can follow through by asking for an alternative address - which the requester then provides to the PHSO via the PHSO's own email address.

No notifications are ever given.

What the PHSO seems to be doing is to switch to a private email address when answering the request, ( responses to the the Act are logically for public consumption ). But the PHSO has construed that to do so is the difficult option, as it could prove embarrassing.....seemingly mostly to requests about Ombudsman Dame Julie Mellor.

That is PR - not FOIA.

As it is not within the guidance of the Act, which specifically sets down a 'notification for its determination' - and certainly not in the spirit of openess and transparency.

Yet the ICO continues to interpret the instruction as the PHSO not having to follow this prerequisite .... and strangely burbles on about computer formats. Which is refusing the point.

.....But then, the PHSO investigates complaints about the ICO.

So you cannot complain to the PHSO that the ICO it is not following the Act, if the ICO will not support its own instruction. Because you know the result of doing so.

D. Speers left an annotation ()

Thank you ALL....for a very interesting and informative FOI request!

Jt Oakley left an annotation ()

To be valid under Section 8 a request must: o be in writing;

o include the requester’s name and an address for correspondence; and,

The Act is plain - 'address for correspondence'

Yet the ICO says that this 'address for correspondence' need not be used at all.

...Presumably the requester's name need not be used in any response either.

Jt Oakley left an annotation ()

As predicted, the ICO has stated that the PHSO is perfectiy entitled to use an email address that I specifically asked the PHSO not to use.

So the request has been answered:

A citizen cannot therefore bar a government department from using their personal information in any way they wish. Even if the personal infirmatiin - the email address - is out of date,

And what's more this request vexatious.

So I am not even allowed to ASK the ICO how the Act and this system - which has been a matter of interest and discussion to others with the same problem - works in relation to the use of my information via DPA .

::::

But I think this is now a clear demonstration of the relationship been the ICO - and it's legal scrutineers, the PHSO .

Because the ICO tells me - by post - ( ignoring this WDTK link of course ) that I can now complain to.....the PHSO.

So the ICO has deliberately chosen not to reply via WDTK despite the address given and I am to complain back to the organisation which I consider is misusing my personal information.

You really couldn't make it up.

::::

But sorry WDTK... That's the ruling and therefore WDTK's days may be numbered if other government authorities now follow on, quoting this Decision - which supports avoidance replying via WDTK - as a precedent.

A Trottlebank left an annotation ()

There is no guarantee that an email address will continue to be accessible to an individual. There are many circumstances in which an email address may become owned by a different person, with the original owner having no access. For example after a domain transfer or a change of job.

It is therefore the case that if an organization continues to respond to an email address that it has been requested not to use, there is no guarantee that the intended recipient is able to receive the communication.

Such communication could easily be seen as a misuse of personal data by the sender. Whilst a response to FOI is public, is it necessarily the case that the details of the requester are public information?

Furthermore, knowingly sending such unwanted communication is clearly 'spamming' the new owner of the email address.

Jt Oakley left an annotation ()

Thank you.. That was the point that I made.

The fact that the PHSO's response email got to me is neither here nor there.

The request was devised to ask whether or not the PHSO had a choice in the matter - being particularly asked NOT to use my private address. And whether a gvt organisation had more rights to do this than a commercial spammer.

According to the ICO - it has.

Jt Oakley left an annotation ()

....And here's another organisation that moves the responses to WDTK requests to my private address:

The Welsh Assembly

From: Jt Oakley

21 July 2014

Dear Assembly.Info,

Please reply only via this address.

Yours sincerely,

Jt Oakley

https://www.whatdotheyknow.com/request/s...

J Roberts left an annotation ()

"You really couldn't make it up."

Oh well, knowing that the PHSO will now consider the matter must fill you with confidence. With one of the country's most experience complaint handler's on the case - completely fair and impartial too - what could possibly go wrong!

Jt Oakley left an annotation ()

I've written to the ICO, since appealing to the PHSO will be fruitless.

Even if they bung me another £500, it just takes up too much of my time.

* At the moment the ICO has refused to send me the letter by email.

This is the letter:

Frivolous determination...

On a WDTK request made as to whether - or not, private information - covered by DPA, can be used by PA's in order to avoid replying to requests on WDTK site.

::::

*Please supply this decision on the case by email, as requested.

And please courteously state my WDTK reference, as well as your own, for which I have previously asked - for clarity.

::::

A brief synopsis if my objection as to why the case should not be closed.

I wish to know exactly what was 'frivolous' about it, as an accusation of this kind requires some sort of measured proof and cannot simply be used by a caseworker who thinks the adjective 'might' apply.

There is no legal application of this term to the text contained within the request.

Public interest

This request was clearly not frivolous and was of interest ( as demonstrated both on WDTK and Twitter, to other interested parties...particularly those who have had the data of their email addresses used in the same manner).

Example

The PHSO was given as an example of an PA that switches a WDTK request into private by using personal information held on file.

The PHSO response was unusual in that I had specifically asked the PHSO not to use my private data in this way and that was why the its switch response was quoted. It was not just a mistake.

If I had asked another PA not to use my data, then I would have quoted that example.

:::

My understanding is that there are more PA's that undertake this switch strategy, though may not have been asked not to flout DPA by using a personal address to answer requests.

That is the provable distinction, evidenced on the WDTK site - and therefore hardly frivolous.

In addition, I gave the ICO two PHSO examples to which to refer to as an illustration that the Switch was not just a one-off.

Yet the ICO response only covered one, within a specific situation.

The request is generic, not specific - a point which seems to have been consistently missed.

Because, by recollection, one of the Welsh government WDTK responses suddenly went to my private address too.
( see above)

Therefore, it is a data protection matter which should be decided by the ICO.

Can personal data be used in this way, without permission, or notification? ...And especially when a PA has been asked NOT to use my personal data in this way.

Notification:

My understanding is now that a PA that wishes to make the switch of address from WDTK to a private data email address has to provide a notification to the requester.

Section 16

Secondly, very little Section 16 help and advice was given to this request.

As stated, there is a reference to notifications on mode of communication and guidance which were not provided.

Thanks to the other interested parties on WDTK, I was given the information. But the ICO must surely have known it's own guidance on this notification?

Therefore, the Section 16 response was clearly not adequate. If the ICO is not intent on providing the information on file relating to the request, then I cannot be accused of making a 'frivolous' request if I ask for more information.

Request not fully read

Also,the entire link to the WDTK site also does not appear to have been read - as requested.

Annoyingly, this is a duplication on my recent vexed request, which was overturned by the court as the some points of the request seemed to have been missed entirely, or misinterpreted in favour of the PHSO.

::
GRC
Perhaps you would also inform me as to whether I can take the case closed decision on my request straight to the grc, where I found the Tribunal members solidly apply themselves to a request and uses both the law and common sense.

[Answer -no.]

MP

If it is not the case, I will be asking my newly elected MP to write to the ICO head Christopher Graham, in order to clarify the ICO's response to this 'frivolous' request.

Paul Staples left an annotation ()

A couple of points:

"The fact that the PHSO's response email got to me is neither here nor there. "
Actually it is, since it means they have met their obligation to respond to you. Trottlebank points out that "There is no guarantee that an email address will continue to be accessible to an individual. " That is correct and it is a risk the authority takes. If they switch from using WDTK to a defunct private email address then they have not met their statutory duty.

"Can personal data be used in this way, without permission, or notification? ...And especially when a PA has been asked NOT to use my personal data in this way."
Yes it can as DPA does not always require consent. That is just one of the six conditions. They might claim several other conditions permit this. Condition 6 is a prime example. However to argue this with ICO you need to be specific and precise rather than resorting to matters of 'principle'. Ask which condition permits the use of the private email address in the absence of consent. If he (or PHSO) try to come up with one rebut it on the basis that they cannot establish the 'necessity' test in whichever condition they choose as necessity requires consideration of alternative options and they clearly have one - WDTK. Also do not confuse with irrelevancies such as spammers. Entirely different as that is marketing, this is not.
And if this genuinely distresses you, as opposed to merely being an annoyance, don't just ask (irrelevant if they are not using the consent condition) but serve a section 10 notice.

Jt Oakley left an annotation ()

Thanks Paul.

I didn't really bother me until I realised that there was a link.

If it was a potentially embarrassing request - especially one mentioning anything to to with Dame Julie Mellor- it went off WDTK to my private email address.

So before, where I thought it was just a mistake and coincidence, I started to form an opinion that it was avoidance...particularly since it wasn't the first time that I had asked the PHSO to reply only on WDTK.

So that is why I wanted to know why the PHSO could use an address that I had specifically stated that should not be used for requests. I've since discovered that other respondees jump off WDTK on the answers requests that they would rather not be made public. It's not just the PHSO.

Data protection either covers anyone handling data or not. Both spammers and government organisations, or not.
To me, it doesnt matter whether the user of my data is asking me if I had a car accident recently, or responding to a request. If I don't want data used in that way,and as it technically belongs to me, don't I have a say in it?

And the law doesn't seem to pick and choose intent, otherwise unwanted 'marketing' would be enshrined in the Act. So I don't see your argument that spammers have their own data misuse category.

It also seems from your annotation that you are stating that my personal data does not belong to me but the PHSO. And therefore I cannot stop it from using it as it wishes?

The logical conclusion is that the PHSO could filter out anything potentially reputationally embarrassing to its own organisation when responding to my SAR too.

In fact, the PHSO witheld material from my recent court case- thinking it could privately present it to the Tribunal panel. The ICO lawyer was the hero here - and wrote to the PHSO stating that I must be given the evidential information too.

Which I was then able to present to the panel, leading to my 'vexing' being overturned by the Tribunal.
So you will forgive me if you were previously thinking I was just a little paranoid?

:::

Plus the ICO guidance seems to state that the respondee has to notify the requester if there is a change in communication method.

Which is a sensible, logical - and courteous thing to do.

The question is why didn't the PHSO just make a note on WDTK stating that it was changing the response address to my personal address? That would have covered the required notification.

::::

The second thing is that it was previously possible to copy the responses onto WDTK from a private email address.

And to be able to quote text to state any objection. Now the PHSO seems to have put a block on this.

Certainly a PHSO review response now seems to be becoming uncopyable, without re- typing.

...as WDTK's Richard Taylor points out:

::::::

Richard Taylor left an annotation ( 2 April 2015)
We've been sent a proposed replacement response which is in the form of an image of the text of the material requested. The original response was in digital text which could be searched, copied etc. We have noted it would be disappointing if the replacement was presented as an image.

--

Richard - WhatDoTheyKnow.com volunteer

https://www.whatdotheyknow.com/request/c...

:::

You may think that the reputationally-embattled PHSO is now deliberately making life for WDTK requesters difficult.

I couldn't possibly comment.

Jt Oakley left an annotation ()

Substantive Procedural Matters
Section 8: Request for information
24. The Commissioner has considered whether the complainant’s request constitutes a valid request for the purposes of section 8 of the Act.
25. Section 8(1) provides that –
“In this Act any reference to a “request for information” is a reference to such a request which –
(a) is in writing,
(b) states the name of the applicant and an address for correspondence, and
(c) describes the information requested.”
26. The www.whatdotheyknow.com website1 works by the user setting up an account and making an FOI request from the website. The website then sends the request by email to the public authority. The website automatically generates an email address e.g 5555@whatdotheyknow.com, which is unique to that request. When a public authority sends a response to that email address, the website automatically processes that response and publishes it to the website.
27. The Commissioner considers that, for the purposes of section 8(1)(b), the email address that was generated from the website and used for sending the request constitutes ‘an address for correspondence’ and that by making his request from this address, the implication was that the House should provide its response to it.

https://ico.org.uk/media/action-weve-tak...

Jt Oakley left an annotation ()

So the fourth principle seems to mean that the PHSO can it use an old email address, without checking it's still relevant, to avoid giving a response in WDTK.

https://ico.org.uk/for-organisations/gui...

J Roberts left an annotation ()

It does indeed, and it doesn't seem right.

If a person uses a spam filter that blocks incoming emails, could they complain on the grounds that the authority did not respond to their request?

J Roberts left an annotation ()

From a recent ICO Decision:

"89. The Commissioner considers that as the complainant made his request to the Council by email, it was implicit that he would expect a response in the same format. The Council has not explained to the Commissioner why it decided to respond to the complainant by letter rather than by email."

https://ico.org.uk/media/action-weve-tak...

Is the same not true if the request is made via Whatdotheyknow?

Jt Oakley left an annotation ()

Thank you JRoberts.

So the ICO has changed its stance and actually seems to be taking the public into consideration - rather than just supporting the organisations concerned.

Because it was OBVIOUS why this tactic was used. Especially annoying was that someone with the same name
( eg JP Roberts) could get the response by mistake. Additionally , he organisation must have spent time rifling its files to find a name and addresss ( only similar in some cases) and then spending public money on stationary and postage.

So could this ICO sensible turnabout be the new head of the ICO's influence?

:::

The amusing thing is that if an organisation uses this off-line tactic, it's a good indicator that it IS trying to hide something.

Almost felt like writing back and stating:

'Thanks for the tip. I'll redouble my efforts of trying to find out just what you are hiding, now that you are using this silly tactic', when the PHSO and Land Registry did it to me.

Looking for an EU Authority?

You can request documents directly from EU Institutions at our sister site AskTheEU.org . Find out more .

AskTheEU.org