Information requests referred to the ICO

D Rapp made this Freedom of Information request to Parliamentary and Health Service Ombudsman

This request has been closed to new correspondence. Contact us if you think it should be reopened.

Waiting for an internal review by Parliamentary and Health Service Ombudsman of their handling of this request.

Dear Parliamentary and Health Service Ombudsman,

I would like to know how many times a request for information has been referred to the Information Commissioners Office following a complainant being unhappy with your response?

I would further like to know if following any of these referrals the ICO has made recommendations to you on how to improve your compliance with the relevant legislation?

I would then like to know how many times you have adjusted your policies and provided fresh guidance to staff to ensure adherence with relevant legislation?

I would also like to know if you have ever disagreed with the recommendations of the ICO and made this to known to them?

If you have disagreed with the recommendations I would like to receive all the information you hold regarding this disagreement?

Yours faithfully,

D Rapp

foiofficer, Parliamentary and Health Service Ombudsman

Thank you for your e-mail to the Parliamentary and Health Service
Ombudsman. This return e-mail shows that we have received your
correspondence.

show quoted sections

All email communications with PHSO pass through the Government Secure
Intranet, and may be automatically logged, monitored and/or recorded for
legal purposes.
The MessageLabs Anti Virus Service is the first managed service to achieve
the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK
Government quality mark initiative for information security products and
services. For more information about this please visit www.cctmark.gov.uk

foiofficer, Parliamentary and Health Service Ombudsman

Mr David Rapp

By email only

 

 

FDN-188399

 

 

8 May 2014

 

 

Dear Mr Rapp

 

RE:  Freedom of Information request - Information requests referred to the
ICO

 

I write in response to your email of 7 April 2014 requesting information
in the following terms (numbering added):

 

 1. I would like to know how many times a request for information has been
referred to the Information Commissioners Office following a
complainant being unhappy with your response?
 2. I would further like to know if following any of these referrals the
ICO has made recommendations to you on how to improve your compliance
with the relevant legislation?
 3. I would then like to know how many times you have adjusted your
policies and provided fresh guidance to staff to ensure adherence with
relevant legislation?
 4. I would also like to know if you have ever disagreed with the
recommendations of the ICO and made this to known to them?
 5. If you have disagreed with the recommendations I would like to receive
all the information you hold regarding this disagreement?

 

We only hold information about cases the Information Commissioner’s Office
(ICO) has contacted us about. I can tell you that the ICO advised the PHSO
of a matter being referred to them on 27 occasions in 2013/2014, and 5
times in 2014/2015 (until today’s date).  The Information Commissioner may
have record of other cases that they did not contact us about but you
would need to ask them for that information.

 

In relation to point 2 of your request, following an investigation, the
ICO usually makes findings (in respect of FOI requests) and gives a view
(in respect of DPA requests) rather than making specific recommendations.
The ICO has not made any recommendations to us in relation to our
compliance in relation to handling information requests more generally.
Instead, where the ICO has reached a decision on a case the PHSO has
considered their findings and decided what action, if any, is required in
the light of them.  For more information on decisions the ICO has taken
about PHSO you may like to consult
[1]http://search.ico.org.uk/ico/search/deci....

 

With reference to point 3 of your request, information requests are guided
by the relevant legislation, rather than by an internal policy. Where
specific guidance on the application of this legislation is required then
we would refer to the guidance notes published by the ICO on their
website. These can be found at
[2]http://ico.org.uk/for_organisations/guid....

 

I will respond to points 4 and 5 jointly. We do not hold any recorded
information that would answer your request. This is because where the ICO
has made a decision and delivered findings in relation to PHSO, the PHSO
has accepted those findings. In other words, the PHSO has not taken
further action (e.g. appealed a decision of the ICO) following a decision
of the ICO.

 

I hope that this information is helpful.  If you are unhappy with my
decision not to give you all the information you requested, you can ask
for a review by email to: complaints[3][email address].

 

If you still have concerns after that, you can ask the Information
Commissioner’s Office to look into your case.  Their contact details are
available on their website at: [4]www.ico.org.uk.

 

Yours sincerely

 

David Thomas

FOI/Data Protection Officer

Parliamentary and Health Service Ombudsman

E: [5][email address]

W: [6]www.ombudsman.org.uk

 

 

 

 

 

show quoted sections

E. Colville left an annotation ()

D. Rapp,

PHSO has stated: " | will respond to points 4 and 5 jointly. We do not hold any recorded information that would answer your request. This is because where the ICO has made a decision and delivered findings in relation to PHSO, the PHSO has accepted those findings. In other words, the PHSO has not taken further action (e.g. appealed a decision of the ICO) following a decision of the ICO."

This statement is materially inaccurate as the information I am setting out below establishes. The extracts are taken from my supplemntary written evidence submission to the Public Administration Select Committee Inquiry: Parliament's Ombudsman Service (2013)

7 Mar 11 - From ICO: "Thank you for your data protection complaint about the Parliamentary and Health Service Ombudsman (the PHSO).

What we have done

We have written to the PHSO, to ask:

· what happened in this case;

· what it has done (or intends to do) to put the matter right; and

· what safeguards it has in place to help ensure it handles personal data properly.

Our decision

We wrote to the PHSO about this matter and have now received its response. On the basis of all of the information provided by you and the PHSO, we have decided that it is unlikely that the PHSO has complied with the requirements of the DPA in this case. They explained that they had seen no evidence to question the validity of the information DfID sent to them at the time of their consideration of your complaint. It appears this may contain your personal data as it relates to your complaint about the DfID. They have now AGREED that they can add a note to the file indicating that you dispute the accuracy of the information provided by DfID. As the PHSO have now AGREED that they will add a note to the file, it appears that they are taking appropriate remedial action in this case. Because of this, the Information Commissioner has decided that further regulatory action is not required at this time. When deciding whether regulatory action is appropriate, we take into account the organisation’s general record of compliance with the DPA (including any previous assessments we have made) and any other information that is in our possession (including information given during the course of those assessments). Having carefully considered all the information that we hold about the PHSO, we are satisfied that it takes its obligations under the DPA seriously and that we need take no further regulatory action at this point…..We will keep a record of your complaint and take this assessment into account if we receive further complaints about the PHSO. The information we gather from complaints may form the basis for action in the future. Thank you for bringing this matter to our attention". (emphasis mine)

1 Jun 11 - A private meeting took place between ICO and PHSO staff to APPEAL the ICO's DPA "compliance unlikely" decision - which PHSO had already "AGREED" with the ICO. I did not learn about this private meeting until almost two years later in MARCH 2013 . The inferences are not good. On the face of it, it would appear the Ombudsman is able to influence the reversal of ICO decisions that are unfavourable to her "in camera" without following a formal procedure that applies to all other complainants who have to appeal decisions.

20 Jun 11 - In an email to my MP I wrote: " At our meeting last Friday you questioned a statement I had written in my e-mail to you dated 29 April 2011 to the effect " ...the Information Commissioner has also recently found against the Parliamentary Ombudsman for a failure under the DPA correctly to process data in relation to my dispute with DfID". The statement refers to DfID's unsubstantiated claims, per a letter to me dated 14 June 2010, that DFID has "fully investigated" my allegations [against the World Bank Group]… "

4 Jul 11 - Unaware the PHSO was actively appealling the ICO 'compliance unlikely" decision which I had already been "AGREED" by the PHSO, I wrote in an email to Ann Abraham, Ombudsman as follows:

" Reasons for decisions I have received from organs of State in respect of matters I raised with you ..are neither legally reasonable nor correct. Decisive grounds for reaching this conclusion are found in the International Law Commission's (ILC) Articles on State Responsibility for Internationally Wrongful Acts (ASR) (2001) [1] and the ILC's Draft Articles on Responsibility of International Organisations (DARIO) (currently at second reading) [2] and commentaries thereto …. State responsibility, as codified by the ASR and DARIO, will be invoked where there is evidence that an organ of State has knowledge of and/or has acquiesced in breaches of international law and other law standards, including the “internal law” (lex specialis) of an international organization. Original responsibility flows from acts committed by, or with authorization of, the government of a State; vicarious responsibility flows from unauthorised acts of the agents of the State.

It is generally recognized that an act or omission which produces a result which is on its face a breach of a legal obligation gives rise to responsibility in international law, whether the obligation rests on treaty, custom, or some other basis. The allegations I have raised now also concern State neglect, advertence, failure of duty to control and breach of standards of due diligence under international law. Amongst others, DARIO articles 57 and 58 would appear to be engaged. …

The "assessment" conducted by your Office of my complaint of April 2008 against DfID, and resultant Decision issued on 22 January 2009 not to conduct an investigation of ministerial failure to act in breach of international law obligations, and all subsequent replies from your Office in relation thereto, failed to address the principal allegations which were at all material times clearly established. This is proven by the correspondence trail, relevant parts of which I attach in the original for ease of reference. Incorporated also is e-mailed correspondence with the [World Bank Group] President copied to the Board of Executive Directors over the crucial period February to April 2008. It is worth noting that on 28 February 2008 the Cabinet Office announced that Nemat Shafik, a Vice President on secondment to DfID from the WBG from 2004 had been appointed DfID's new Permanent Secretary (effective 3 March 2008). Ms Shafik resigned from DfID in February 2011 when appointed a new deputy managing director of the IMF (see my email to her dated 25.12.10). In a letter e-mailed to me dated 3 November 2010 from the World Bank Group (WBG) Board Ethics Committee, copied to the 24 executive directors who represent the 187 member States who own and govern the WBG, in response to mine dated 4 October 2010 (attached), my allegations of "felonious" acts committed by WBG officials were again disregarded in the institutional and political self-interest. I consider that the discovery of the ASR and DARIO articles provides grounds for "fresh action" by your Office as intimated in [xxx's] email to me of 5.10.10 (attached). …. I await your response in due course".

5 Jul 11 - Email from Nicki Smith, Executive Assistant to the Ombudsman: " I acknowledge receipt of your emails of 4 July 2011"

11 Jul 11 - Email to Ann Abraham, Ombudsman: " In my e-mailed letter dated 6.9.10 to you I quoted certain statements in a TSol letter of 2.9.10. At paragraph 2 of page 3 of that letter (attached) lawyer also wrote: "It is DfID's case that Gareth Thomas' decision was rational and lawful based on DfID officials' assessment of your allegations and that there was no need to take legal advice before taking that decision" That statement directly contradicts the statement you continue to uphold in your decision letter of 22.01.09 that DfID took legal advice from TSol before issuing the decision of 01.02.08. It was that decision, and all matters relevant thereto, that I asked your office to investigate. Based on your decision, DfID clearly lied to a parliamentary regulator. Is that conduct you are willing to condone with impunity?"

12 Jul 11 - Email from Nicki Smith: "I acknowledge receipt of your email" .

N.B. My questions remain unanswered at May 2014.

22 Nov 11 - An unexpected ICO letter issued: "We wrote to you earlier this year with regard to a complaint you made under the Data Protection Act 1998 (the DPA) about the Parliamentary and Health Service Ombudsman (the PHSO). The PHSO DID NOT AGREE with our assessment decision in respect of your complaint and therefore, in line with our case review and service complaints policy, it asked us to review the decision at a more senior level. I conducted the review, as Miss [xxx's] line manager. I am writing to you to explain that I have revised Miss[xxx's] assessment decision, and concluded that it was likely the PHSO complied with the DPA in respect of your complaint...I appreciate that you may be disappointed with my decision to reverse the assessment". (emphasis mine)
22 Mar 13 - To ICO manager: "Thank you for your email of 15 March 2013 providing electronic copies of the ICO's DPA assessment letters about the PHSO of 7 March 2011 and reassessment letter of 22 November 2011. I would be grateful if you would let me know on what date the PHSO formally requested a reassessment of the ICO's original decision of 7 March and whether I may have a copy of that letter to enable me to more fully understand the grounds and arguments relied on to overturn the original decision that had already received ICO management clearance"

COMMENT - The manager responded during a telephone conversation later the same day.

22 Mar 13 - To ICO manager: "To maintain an accurate record of our conversation I would be grateful if you would confirm and/or correct and clarify any aspect of what I noted you told me, namely that -

1. The PHSO did not submit a formal written request to the ICO for reassessment.

2. It was, on your belief and understanding, in a general meeting on 1 June 2011 between the Commissioner and PHSO (and/or their staff) that decision [xxx] came up and was discussed pursuant to which a decision was taken that the original ICO 'compliance unlikely' decision issued on 7 March 2011 should be reassessed.

3. The PHSO did not submit written grounds or arguments for the ICO reassessment

4. You wrote to the PHSO on 4th September 2011 outlining your understanding of what you believed the grounds of complaint were.

5. The PHSO replied in a letter dated 27th September 2011 clarifying the grounds for reassessment.

6. The reassessment was issued a new case complaint reference (details not given to me)

7. You sent a draft decision (date not specified) to the PHSO for her review.

8. You obtained feedback from the PHSO on the draft review before you issued the reassessment decision letter dated 22nd November 2011.

25 Mar 13 - From ICO manager: "We spoke on 22 March 2013 regarding the above complaint. You have asked me to clarify a number of the points we discussed. Maintaining your original numbering:

1. There were two emails sent to the case officer by the Parliamentary and Health Service Ombudsman (PHSO) seeking clarification on the decision reached; however, there was nothing I would consider to be a request for a case review.

2. As far as I am aware, the request for a case review was made at a meeting between staff of the ICO and PHSO on 1 June 2011. I did not attend the meeting.

3. Again, as far as I am aware, the PHSO did not submit formal grounds for reassessment in written form.

4. I did not write to the PHSO on 4 September.

5. I wrote to the PHSO on 27 September with the outcome of the case review on the basis of what I understood the request to be. I sought clarification from the PHSO that I had correctly understood the scope of the review.

6. The request for a case review was given a new reference number for administrative purposes. This was not given to you as it related to the case review request from PHSO. If you had requested a case review you would have been given a reference number for this; similarly, this would not have been provided to the PHSO (instead correspondence would have continued under reference [xxx]).

7. I did not send a draft decision to the PHSO for review. I sent my decision on the basis of the review request as I understood it at the time, on 27 September. I asked the PHSO to confirm that I had understood the scope correctly; had I not, I would have extended the review to cover any new points arising.

8. I received a response from the PHSO prior to writing to you with the reassessment.

9. As you have not previously been party to the correspondence between the ICO and the PHSO in relation to this matter, you should submit a subject access request if you wish to obtain copies.

I trust this information is helpful"

Dear foiofficer,

I would like to request a review of this information request. I do not believe Mr Thomas has been accurate or honest in his response as information previously unknown to me seems to establish that his answer in response to points 4 and 5 is disingenuous.

Please can you explain why a personal account has been made on the WDTK website that contradicts Mr Thomas' statement and give a full explanation.

Yours sincerely,

D Rapp

foiofficer, Parliamentary and Health Service Ombudsman

Thank you for your e-mail to the Parliamentary and Health Service
Ombudsman. This return e-mail shows that we have received your
correspondence.

show quoted sections

All email communications with PHSO pass through the Government Secure
Intranet, and may be automatically logged, monitored and/or recorded for
legal purposes.
The MessageLabs Anti Virus Service is the first managed service to achieve
the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK
Government quality mark initiative for information security products and
services. For more information about this please visit www.cctmark.gov.uk

Jackson Tanya, Parliamentary and Health Service Ombudsman

PROTECT

Dear Mr Rapp

We are writing in response to your email of 13 May 2014. We are sorry that you are dissatisfied with our handling of your information request entitled ‘Information requests referred to the ICO’.

Under our internal complaints procedure, your complaint has been passed to our Head of Risk, Assurance and Programme Management Office, Mr Steve Brown.

Mr Steve Brown will consider your concerns and will send you a full reply once his review is complete. This review of your complaint is the only review that we will undertake.

We aim to reply to such complaints within 40 working days.

Yours sincerely

Review Team
Parliamentary and Health Service Ombudsman

show quoted sections

Brown Steve, Parliamentary and Health Service Ombudsman

4 Attachments

 

 

Steve Brown

Head of Risk and Assurance

Parliamentary and Health Service Ombudsman

E: [email address]

W: [1]www.ombudsman.org.uk

 

Follow us on

[2]fb  [3]twitter  [4]linkedin

 

show quoted sections

All email communications with PHSO pass through the Government Secure
Intranet, and may be automatically logged, monitored and/or recorded for
legal purposes.
The MessageLabs Anti Virus Service is the first managed service to achieve
the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK
Government quality mark initiative for information security products and
services. For more information about this please visit www.cctmark.gov.uk

References

Visible links
1. http://www.ombudsman.org.uk/
http://www.ombudsman.org.uk/
2. http://www.facebook.com/phsombudsman
3. http://www.twitter.com/PHSOmbudsman
4. http://www.linkedin.com/company/parliame...

Brown Steve, Parliamentary and Health Service Ombudsman

4 Attachments

 

 

Steve Brown

Head of Risk and Assurance

Parliamentary and Health Service Ombudsman

E: [email address]

W: [1]www.ombudsman.org.uk

 

Follow us on

[2]fb  [3]twitter  [4]linkedin

 

show quoted sections

All email communications with PHSO pass through the Government Secure
Intranet, and may be automatically logged, monitored and/or recorded for
legal purposes.
The MessageLabs Anti Virus Service is the first managed service to achieve
the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK
Government quality mark initiative for information security products and
services. For more information about this please visit www.cctmark.gov.uk

References

Visible links
1. http://www.ombudsman.org.uk/
http://www.ombudsman.org.uk/
2. http://www.facebook.com/phsombudsman
3. http://www.twitter.com/PHSOmbudsman
4. http://www.linkedin.com/company/parliame...

Brown Steve, Parliamentary and Health Service Ombudsman

4 Attachments

 

 

Steve Brown

Head of Risk and Assurance

Parliamentary and Health Service Ombudsman

E: [email address]

W: [1]www.ombudsman.org.uk

 

Follow us on

[2]fb  [3]twitter  [4]linkedin

 

show quoted sections

All email communications with PHSO pass through the Government Secure
Intranet, and may be automatically logged, monitored and/or recorded for
legal purposes.
The MessageLabs Anti Virus Service is the first managed service to achieve
the CSIA Claims Tested Mark (CCTM Certificate Number 2006/04/0007), the UK
Government quality mark initiative for information security products and
services. For more information about this please visit www.cctmark.gov.uk

References

Visible links
1. http://www.ombudsman.org.uk/
http://www.ombudsman.org.uk/
2. http://www.facebook.com/phsombudsman
3. http://www.twitter.com/PHSOmbudsman
4. http://www.linkedin.com/company/parliame...

Dear Brown Steve,

This was the annotation posted:

D. Rapp,

PHSO has stated: " | will respond to points 4 and 5 jointly. We do not hold any recorded information that would answer your request. This is because where the ICO has made a decision and delivered findings in relation to PHSO, the PHSO has accepted those findings. In other words, the PHSO has not taken further action (e.g. appealed a decision of the ICO) following a decision of the ICO."

This statement is materially inaccurate as the information I am setting out below establishes. The extracts are taken from my supplemntary written evidence submission to the Public Administration Select Committee Inquiry: Parliament's Ombudsman Service (2013)

7 Mar 11 - From ICO: "Thank you for your data protection complaint about the Parliamentary and Health Service Ombudsman (the PHSO).

What we have done

We have written to the PHSO, to ask:

· what happened in this case;

· what it has done (or intends to do) to put the matter right; and

· what safeguards it has in place to help ensure it handles personal data properly.

Our decision

We wrote to the PHSO about this matter and have now received its response. On the basis of all of the information provided by you and the PHSO, we have decided that it is unlikely that the PHSO has complied with the requirements of the DPA in this case. They explained that they had seen no evidence to question the validity of the information DfID sent to them at the time of their consideration of your complaint. It appears this may contain your personal data as it relates to your complaint about the DfID. They have now AGREED that they can add a note to the file indicating that you dispute the accuracy of the information provided by DfID. As the PHSO have now AGREED that they will add a note to the file, it appears that they are taking appropriate remedial action in this case. Because of this, the Information Commissioner has decided that further regulatory action is not required at this time. When deciding whether regulatory action is appropriate, we take into account the organisation’s general record of compliance with the DPA (including any previous assessments we have made) and any other information that is in our possession (including information given during the course of those assessments). Having carefully considered all the information that we hold about the PHSO, we are satisfied that it takes its obligations under the DPA seriously and that we need take no further regulatory action at this point…..We will keep a record of your complaint and take this assessment into account if we receive further complaints about the PHSO. The information we gather from complaints may form the basis for action in the future. Thank you for bringing this matter to our attention". (emphasis mine)

1 Jun 11 - A private meeting took place between ICO and PHSO staff to APPEAL the ICO's DPA "compliance unlikely" decision - which PHSO had already "AGREED" with the ICO. I did not learn about this private meeting until almost two years later in MARCH 2013 . The inferences are not good. On the face of it, it would appear the Ombudsman is able to influence the reversal of ICO decisions that are unfavourable to her "in camera" without following a formal procedure that applies to all other complainants who have to appeal decisions.

20 Jun 11 - In an email to my MP I wrote: " At our meeting last Friday you questioned a statement I had written in my e-mail to you dated 29 April 2011 to the effect " ...the Information Commissioner has also recently found against the Parliamentary Ombudsman for a failure under the DPA correctly to process data in relation to my dispute with DfID". The statement refers to DfID's unsubstantiated claims, per a letter to me dated 14 June 2010, that DFID has "fully investigated" my allegations [against the World Bank Group]… "

4 Jul 11 - Unaware the PHSO was actively appealling the ICO 'compliance unlikely" decision which I had already been "AGREED" by the PHSO, I wrote in an email to Ann Abraham, Ombudsman as follows:

" Reasons for decisions I have received from organs of State in respect of matters I raised with you ..are neither legally reasonable nor correct. Decisive grounds for reaching this conclusion are found in the International Law Commission's (ILC) Articles on State Responsibility for Internationally Wrongful Acts (ASR) (2001) [1] and the ILC's Draft Articles on Responsibility of International Organisations (DARIO) (currently at second reading) [2] and commentaries thereto …. State responsibility, as codified by the ASR and DARIO, will be invoked where there is evidence that an organ of State has knowledge of and/or has acquiesced in breaches of international law and other law standards, including the “internal law” (lex specialis) of an international organization. Original responsibility flows from acts committed by, or with authorization of, the government of a State; vicarious responsibility flows from unauthorised acts of the agents of the State.

It is generally recognized that an act or omission which produces a result which is on its face a breach of a legal obligation gives rise to responsibility in international law, whether the obligation rests on treaty, custom, or some other basis. The allegations I have raised now also concern State neglect, advertence, failure of duty to control and breach of standards of due diligence under international law. Amongst others, DARIO articles 57 and 58 would appear to be engaged. …

The "assessment" conducted by your Office of my complaint of April 2008 against DfID, and resultant Decision issued on 22 January 2009 not to conduct an investigation of ministerial failure to act in breach of international law obligations, and all subsequent replies from your Office in relation thereto, failed to address the principal allegations which were at all material times clearly established. This is proven by the correspondence trail, relevant parts of which I attach in the original for ease of reference. Incorporated also is e-mailed correspondence with the [World Bank Group] President copied to the Board of Executive Directors over the crucial period February to April 2008. It is worth noting that on 28 February 2008 the Cabinet Office announced that Nemat Shafik, a Vice President on secondment to DfID from the WBG from 2004 had been appointed DfID's new Permanent Secretary (effective 3 March 2008). Ms Shafik resigned from DfID in February 2011 when appointed a new deputy managing director of the IMF (see my email to her dated 25.12.10). In a letter e-mailed to me dated 3 November 2010 from the World Bank Group (WBG) Board Ethics Committee, copied to the 24 executive directors who represent the 187 member States who own and govern the WBG, in response to mine dated 4 October 2010 (attached), my allegations of "felonious" acts committed by WBG officials were again disregarded in the institutional and political self-interest. I consider that the discovery of the ASR and DARIO articles provides grounds for "fresh action" by your Office as intimated in [xxx's] email to me of 5.10.10 (attached). …. I await your response in due course".

5 Jul 11 - Email from Nicki Smith, Executive Assistant to the Ombudsman: " I acknowledge receipt of your emails of 4 July 2011"

11 Jul 11 - Email to Ann Abraham, Ombudsman: " In my e-mailed letter dated 6.9.10 to you I quoted certain statements in a TSol letter of 2.9.10. At paragraph 2 of page 3 of that letter (attached) lawyer also wrote: "It is DfID's case that Gareth Thomas' decision was rational and lawful based on DfID officials' assessment of your allegations and that there was no need to take legal advice before taking that decision" That statement directly contradicts the statement you continue to uphold in your decision letter of 22.01.09 that DfID took legal advice from TSol before issuing the decision of 01.02.08. It was that decision, and all matters relevant thereto, that I asked your office to investigate. Based on your decision, DfID clearly lied to a parliamentary regulator. Is that conduct you are willing to condone with impunity?"

12 Jul 11 - Email from Nicki Smith: "I acknowledge receipt of your email" .

N.B. My questions remain unanswered at May 2014.

22 Nov 11 - An unexpected ICO letter issued: "We wrote to you earlier this year with regard to a complaint you made under the Data Protection Act 1998 (the DPA) about the Parliamentary and Health Service Ombudsman (the PHSO). The PHSO DID NOT AGREE with our assessment decision in respect of your complaint and therefore, in line with our case review and service complaints policy, it asked us to review the decision at a more senior level. I conducted the review, as Miss [xxx's] line manager. I am writing to you to explain that I have revised Miss[xxx's] assessment decision, and concluded that it was likely the PHSO complied with the DPA in respect of your complaint...I appreciate that you may be disappointed with my decision to reverse the assessment". (emphasis mine)
22 Mar 13 - To ICO manager: "Thank you for your email of 15 March 2013 providing electronic copies of the ICO's DPA assessment letters about the PHSO of 7 March 2011 and reassessment letter of 22 November 2011. I would be grateful if you would let me know on what date the PHSO formally requested a reassessment of the ICO's original decision of 7 March and whether I may have a copy of that letter to enable me to more fully understand the grounds and arguments relied on to overturn the original decision that had already received ICO management clearance"

COMMENT - The manager responded during a telephone conversation later the same day.

22 Mar 13 - To ICO manager: "To maintain an accurate record of our conversation I would be grateful if you would confirm and/or correct and clarify any aspect of what I noted you told me, namely that -

1. The PHSO did not submit a formal written request to the ICO for reassessment.

2. It was, on your belief and understanding, in a general meeting on 1 June 2011 between the Commissioner and PHSO (and/or their staff) that decision [xxx] came up and was discussed pursuant to which a decision was taken that the original ICO 'compliance unlikely' decision issued on 7 March 2011 should be reassessed.

3. The PHSO did not submit written grounds or arguments for the ICO reassessment

4. You wrote to the PHSO on 4th September 2011 outlining your understanding of what you believed the grounds of complaint were.

5. The PHSO replied in a letter dated 27th September 2011 clarifying the grounds for reassessment.

6. The reassessment was issued a new case complaint reference (details not given to me)

7. You sent a draft decision (date not specified) to the PHSO for her review.

8. You obtained feedback from the PHSO on the draft review before you issued the reassessment decision letter dated 22nd November 2011.

25 Mar 13 - From ICO manager: "We spoke on 22 March 2013 regarding the above complaint. You have asked me to clarify a number of the points we discussed. Maintaining your original numbering:

1. There were two emails sent to the case officer by the Parliamentary and Health Service Ombudsman (PHSO) seeking clarification on the decision reached; however, there was nothing I would consider to be a request for a case review.

2. As far as I am aware, the request for a case review was made at a meeting between staff of the ICO and PHSO on 1 June 2011. I did not attend the meeting.

3. Again, as far as I am aware, the PHSO did not submit formal grounds for reassessment in written form.

4. I did not write to the PHSO on 4 September.

5. I wrote to the PHSO on 27 September with the outcome of the case review on the basis of what I understood the request to be. I sought clarification from the PHSO that I had correctly understood the scope of the review.

6. The request for a case review was given a new reference number for administrative purposes. This was not given to you as it related to the case review request from PHSO. If you had requested a case review you would have been given a reference number for this; similarly, this would not have been provided to the PHSO (instead correspondence would have continued under reference [xxx]).

7. I did not send a draft decision to the PHSO for review. I sent my decision on the basis of the review request as I understood it at the time, on 27 September. I asked the PHSO to confirm that I had understood the scope correctly; had I not, I would have extended the review to cover any new points arising.

8. I received a response from the PHSO prior to writing to you with the reassessment.

9. As you have not previously been party to the correspondence between the ICO and the PHSO in relation to this matter, you should submit a subject access request if you wish to obtain copies.

I trust this information is helpful"

This account which was shared with me, shows that either Mr Thomas did not know that the Ombudsman has in the past disagreed with the ICO or that this account is false.

I also do not see how the answer to points four and five could be or would be personal data. Point four is a simple yes or no answer. Point five may include some information that might constitute personal data, but details of why you disagreed or what you were in disagreement about would surely not be personal to any individual.

Can you confirm that you are saying that the account given to me by Elaine Colville, repeated above, is false and that she is in fact lying? That you did not disagree with an assessment by the ICO in respect of the matter she raised and did not ask for it to be reviewed at a senior level?

Yours sincerely,

D Rapp

E. Colville left an annotation ()

D, Rapp: See PHSO FOI response of yesterday, 09.07.14 at:
https://www.whatdotheyknow.com/request/r...

PHSO stated in their 2013-14 Q3 board report : Information Governance Compliance Programme Report as follows:

"4.4.3 Finally, in my Q2 report, I said that the ICO had upheld a data protection complaint [....] . Having gone back strongly to the ICO on this issue, explaining the legality of our actions, the ICO recently retracted this finding and issued an amended decision notice. This is a relief as the ICO's initial findings could have had considerable impact on our ways of working"

This "retraction" and "amended decision notice", as mine before it, could, and should have been disclosed to you by PHSO when answering your FOI request.

Dear Brown Steve,

I would also like to know why in the Quarter 3 board report Luke Whiting wrote

"4.4.3 Finally, in my Q2 report, I said that the ICO had upheld a data protection complaint [....] . Having gone back strongly to the ICO on this issue, explaining the legality of our actions, the ICO recently retracted this finding and issued an amended decision notice. This is a relief as the ICO's initial findings could have had considerable impact on our ways of working"

This is a statement that is completely at odds with Mr Thomas' statement regarding this issue "This is because where the ICO has made a decision and delivered findings in relation to PHSO, the PHSO has accepted those findings. In other words, the PHSO has not taken
further action (e.g. appealed a decision of the ICO) following a decision of the ICO."

I would like to register a strong complaint that Mr Thomas gave deliberately misleading information and that you also intentionally lied to me. I feel I should remind you that it is a criminal offence to block the release of information.

Yours sincerely,

D Rapp

E. Colville left an annotation ()

PHSO's response to this request is all the more bizarre in the light of the following:

In his internal review letter of 08.07.14 re. PHSO documents classified as Historical Interest or Wider Application (HIWA) available at -
https://www.whatdotheyknow.com/request/h... , Steve Brown has confirmed that:

" [...] we are [underlined in original] able to identify "HIWA classified documents through our electronic casework management system as those documents will have a specific folder created for them when they are classified"

Based on PHSO definition of HIWA it must be reasonably assumed that PHSO retains and ultimately archives FOI/DPA decisions which have been reviewed by the Information Commissioner at PHSO's request. This is predicated on PHSO policy which states that:

PHSO has defined documents of historical interest or wider application (HIWA) as being:
• Legal advice (including any Counsel's opinion received or obtained whether on jurisdiction or on the subject matter of the complaint
• Any other significant professional advice taken into account where such advice has wider application than the case itself
[....]

• ANY SIGNIFICANT CORRESPONDENCE OR OTHER FINAL DOCUMENTS RELEVANT TO ANY SUBSEQUENT REVIEW.
[....]

FIRST REVIEW: TWO YEARS FROM THE LAST SUBSTANTIVE ACTION
[....]
REVIEW INSTRUCTION: REMOVE THE FOLLOWING DOCUMENTS (KNOWN AS 'RETAINED MATERIAL') FROM THE PAPER CASE FILE: ....[..] HIWA DOCUMENTS (SEE ABOVE)
Scan the 'retained material' documents into Meridio, section 4.10 and apply the second review disposal schedule.[....]

"SECOND REVIEW: SEVEN YEARS FROM THE LAST SUBSTANTIVE ACTION
[...] ACQUISITION [....] HIWA MATERIAL INTO THE PHSO ARCHIVE

Application of the HIWA policy in respect of PHSO's appeal of 1 June 2011 for a review of the IC's DPA 'compliance unlikely' assessment of my complaint, which the IC did retract in November 2011 by issuing a new assessment decision that PHSO was now "compliance likely" (without explaining why) implies that all "significant correspondence or other final documents relevant to [that] subsequent review" should have been classified as a HIWA record two years later on or about 1 June 2013. Yet, in October 2013, under a DPA SAR request I made, PHSO did not disclose any such records to me. When I queried this omission PHSO summarily told me that my case file had been "destroyed" in April 2012 - i.e. implementing the HIWA policy in the breach.

There is clearly a need for legal certainty in respect of the contraditory and misleading statements being made by PHSO in their responses to D. Rapp and other requesters both on this public forum and privately.

Della left an annotation ()

If PHSO keep lying to the public then they will get caught out - as in this instance and a number of others listed on this site. Once you have a reputation that you lie in order to cover up and collude with other organisations to mask your own malpractice then public confidence hits the floor. Tick, tick, tick, - it's only a matter of time.

E. Colville left an annotation ()

More misleading information surfaces:

"PHSO appeal cases currently held by ICO would be reviewed"

http://www.ombudsmanwatchers.org.uk/clae...

D. Speers left an annotation ()

Looks like many need legal training (or ethics) upgrade.

D Rapp left an annotation ()

Because of the conflicting accounts given I've sent in a concern to the ICO.

Hopefully they might be able to provide some clarification to this.

When the ICO get back to me I will post up their response as annotations.

[Name Removed] (Account suspended) left an annotation ()

"4.4.3 Finally, in my Q2 report, I said that the ICO had upheld a
data protection complaint [....] . Having gone back strongly to the
ICO on this issue, explaining the legality of our actions, the ICO
recently retracted this finding and issued an amended decision
notice. This is a relief as the ICO's initial findings could have
had considerable impact on our ways of working"

::::::

You could ask for the files between the PHSO and the ICO on this case under FoI - to see exactly what went on.

The PHSO and the ICO seem to have a very cosy working relationship. It would be interesting to see if that is the case.

E. Colville left an annotation ()

This matter should surely fall under the responsibility of board members. See:
https://www.whatdotheyknow.com/request/1... which states in Annex 1 -

" The Board members have a specific responsibility to act if they believe that the Ombudsman is acting illegally or in gross violation of her duties. This responsibility is intended to provide an explicit and transparent assurance to Parliament and the public that the high standards of the office will be protected."

What we're looking at here is knowingly providing false information under the FOIA ("acting illegally") and lying to the public ("in gross violation of her duties").

Where is the Board to protect "the high standards of the office"?

[Name Removed] (Account suspended) left an annotation ()

From : James Titcombe to the Ombudsman.

2) Interactions between Ann Abraham and Cynthia Bower

The decision not to investigate was made after at least two meetings between Ann Abraham and Cynthia Bower. Kathryn Hudson gave evidence to the Grant Thornton investigation relating to a conversation she had with Ann Abraham relating to one of these meetings. Kathryn Hudson’s evidence(confirmed by other documents), referred to a ‘meeting’ in which Joshua’s case was discussed whereby a ‘suggestion’ was made that PHSO ‘might not investigate’ if CQC would take ‘robust’ action. Despite this, when I asked for an explanation, I was told in writing by PHSO that such a conversation did not take place.This letter was written when Kathryn Hudson was still working at PHSO. During our meeting on Friday 4th July, you informed me that Kathryn Hudson was involved in the preparation of this letter.

So what happened to the file on the 'meeting' in which Kathryn Hudson says that she was present ?

And why do the crucial files always go missing?

I've had three cases upheld by the Ombudsman... and, in each case, it took request after request to get them.