Name of the 'Historical Society'

P. John made this Freedom of Information request to Information Commissioner's Office

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was refused by Information Commissioner's Office.

Dear Information Commissioner’s Office,

you recently published a press release naming two rogues who have been convicted, and fined a pittance by the ICO for DPA s55 offences. The press release includes their names, details of their location, and career history (*).

The DPA Section 2 defines as sensitive personal information details of "any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings". I don't like that one bit, it allows police & regulators to conceal details of criminals from the public. But sadly it is UK law.

So I was disappointed to learn from another similar press release (concerning a comparable enforcement action against an organisation rather than an individual) you omitted the identity of an "historical society" that had been fined, despite the "serious nature" of their offence (**)

If I understand correctly, the DPA gives privacy rights to individuals, not organisations. And individuals enjoy the right to seek compensation from organisations that misuse personal information.

Please disclose to me the name of the historical society who were fined in the course of the second action, and the basis for identifying the offenders in the first action.

Yours faithfully,

P. John

(*) https://ico.org.uk/action-weve-taken/enf...
(**) https://ico.org.uk/about-the-ico/news-an...

AccessICOinformation, Information Commissioner's Office

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

 

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit [1]http://ico.org.uk/about_us/how_we_comply

 

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

 

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

 

If you have requested advice - we aim to respond within 14 days.

 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

 

Copied correspondence - we do not respond to correspondence that has been
copied to us.

 

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

 

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

 

Yours sincerely

 

The Information Commissioner’s Office

 

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found at
[2]http://www.ico.org.uk/tools_and_resource...

 

Twitter

Find us on Twitter at [3]http://www.twitter.com/ICOnews

 

The ICO's mission is to uphold information rights in the public interest.
To find out more about our work please visit our website, or subscribe to
our e-newsletter at ico.org.uk/newsletter.

If you are not the intended recipient of this email (and any attachment),
please inform the sender by return email and destroy all copies without
passing to any third parties.

If you'd like us to communicate with you in a particular way please do let
us know, or for more information about things to consider when
communicating with us by email, visit ico.org.uk/email

References

Visible links
1. http://ico.org.uk/about_us/how_we_comply
2. http://www.ico.org.uk/tools_and_resource...
3. http://www.twitter.com/ICOnews

Tim Turner left an annotation ()

The ICO does not issue fines for S55 offences. The fines are applied by the Court. It's misleading to suggest otherwise.

Information Commissioner's Office

12 December 2016

 

Case Reference Number IRQ0655532

 
 

Dear P John
 
Request for Information
 
Thank you for your correspondence dated 15 November 2016, in which you
have asked:
 
" You recently published a press release naming two rogues who have been
convicted, and fined a pittance by the ICO for DPA s55 offences. The press
release includes their names, details of their location, and career
history (*).

The DPA Section 2 defines as sensitive personal information details of
"any proceedings for any offence committed or alleged to have been
committed by him, the disposal of such proceedings or the sentence of any
court in such proceedings". I don't like that one bit, it allows police &
regulators to conceal details of criminals from the public. But sadly it
is UK law.

So I was disappointed to learn from another similar press release
(concerning a comparable enforcement action against an organisation rather
than an individual) you omitted the identity of an "historical society"
that had been fined, despite the "serious nature" of their offence (**)

If I understand correctly, the DPA gives privacy rights to individuals,
not organisations. And individuals enjoy the right to seek compensation
from organisations that misuse personal information.

Please disclose to me the name of the historical society who were fined in
the course of the second action, and the basis for identifying the
offenders in the first action. "
 
We have considered your request in accordance with the requirements of the
Freedom of Information Act 2000. This entitles you to information held by
a public authority
 
Response
 
I can confirm that we do hold the information you have requested.
 
However, the information is exempt, please see our explanation below.
 
Before we go on to explain why the information is exempt in FOI terms, it
is important that we acknowledge that this was an unusual step and not one
we would usually take. The decision to withhold the name of the
organisation was considered carefully at the time of the publication. We
are committed to being open and transparent about the outcomes of the work
that we do and the action we take which is why we published the notice at
all. However, in this particular case, we were alert to the fact that
there are, potentially, serious damaging consequences to individuals of
disclosing many of the details of the case and it is imperative that we do
not trigger any of those consequences. This potential has not lessened any
in the passage of time since publication, and is unlikely to lessen in the
short to medium term. 
 
It is our view that Section 38(1)(a) and (b) of the FOIA applies to this
information.
 
Section 38(1) states;
“Information is exempt information if its disclosure under this Act would,
or would be likely to-
 

 1. endanger the physical or mental health of any individual, or
 2. endanger the safety of any individual.”

However, this exemption is not absolute.  When considering whether to
apply it in response to a request for information, there is a ‘public
interest test’.  That is, we must consider whether the public interest
favours withholding or disclosing the information.
   
In this case the public interest factors in disclosing the information are

 
 

* increased transparency about which organisations have been determined
to have breached the Data Protection Act (DPA) and the details of the
case.
* promoting accountability and transparency by organisations for
decisions and actions taken by them
* increased transparency about the way in which we make decisions and
the facts on which we base those decisions.

 
The factors in withholding the information are –
 

* Risk to the physical or mental health of individuals as a consequence
of the disclosure.
* Risk to the safety of individuals as a consequence of the disclosure.
The disclosure of the information may well provide a traceable thread
allowing individuals to be identified and targeted.

 
We consider that the exemption at section 31(1)(g) of the FOIA also
applies to this information. This refers to circumstances where the
disclosure of information “would, or would be likely to, prejudice – … the
exercise by any public authority of its functions for any of the purposes
specified in subsection (2).” 

The purposes referred to in sections 31(2)(a) and (c) are –
“(a) the purpose of ascertaining whether any person has failed to comply
with the law” and
 “(c) the purpose of ascertaining whether circumstances which would
justify regulatory action in pursuance of any enactment exist or may arise
…”    

Clearly, these purposes apply when the Information Commissioner is
considering whether or not an organisation has breached the DPA.
However, this exemption is also subject to a public interest test.
In this case the public interest factors in disclosing the information are

 

* increased transparency about which organisations have been determined
to have breached the DPA.

 
The factors in withholding the information are –
 

* the public interest in meeting the organisations’ expectations having
ascertained their views on the disclosure of the information and
taking into account their serious concerns;

Having considered all of these factors we have taken the decision that the
public interest in withholding the information outweighs the public
interest in disclosing it.  I am sorry, therefore, that in this instance
we are unable to provide you with the information you have requested.
 
In response to the second part of your request, the individuals you
referred to were prosecuted for a criminal rather than civil breach of the
act in a court of law. As with all criminal prosecutions, the information
is publicly available.
 
Review Procedure

If you are dissatisfied with this response and wish to request a review of
our decision or make a complaint about how your request has been handled
you should write to the Information Access Team at the address below or
e-mail [1][ICO request email].
 
Your request for internal review should be submitted to us within 40
working days of receipt by you of this response.  Any such request
received after this time will only be considered at the discretion of the
Commissioner.
 
If having exhausted the review process you are not content that your
request or review has been dealt with correctly, you have a further right
of appeal to this office in our capacity as the statutory complaint
handler under the legislation.  To make such an application, please write
to our Customer Contact Team at the address given or visit our website if
you wish to make a complaint under either the Freedom of Information Act
or Environmental Information Regulations.
 
A copy of our review procedure can be accessed from our website
[2]here.
 
Yours sincerely
 
Ashley Duffy
Information Access Service Manager
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 01625 545625  F. 01625 524510  [3]ico.org.uk  [4]twitter.com/iconews
Please consider the environment before printing this email
 
 
 

The ICO's mission is to uphold information rights in the public interest.
To find out more about our work please visit our website, or subscribe to
our e-newsletter at ico.org.uk/newsletter.

If you are not the intended recipient of this email (and any attachment),
please inform the sender by return email and destroy all copies without
passing to any third parties.

If you'd like us to communicate with you in a particular way please do let
us know, or for more information about things to consider when
communicating with us by email, visit ico.org.uk/email

References

Visible links
1. mailto:[ICO request email]
2. https://ico.org.uk/media/about-the-ico/p...
3. http://ico.org.uk/
4. https://twitter.com/iconews

Dear Information Commissioner’s Office,

thank you for your response to my request, I am naturally disappointed it has been rejected.

If an organisation commits a "serious" breach of the Data Protection Act - one that is so wide ranging and so profound that it places a large number of people at great risk - then it should be named & shamed, and if it cannot, it must be forced to close down.

The alternative... Allowing an organisation to continue trading without being identified or forced to close, denies the public the right to choose an alternative service provider who can be trusted with their personal information.

In effect you are protecting DPA offenders - once again - from all commercial & legal consequences of their offending. And indirectly penalising those businesses that invest substantially in best practice data protection, yet lose market share to rogues.

Which is, in my view, simply corrupt, wrong, and unjust.

Yours faithfully,

P. John

AccessICOinformation, Information Commissioner's Office

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

 

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit [1]http://ico.org.uk/about_us/how_we_comply

 

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

 

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

 

If you have requested advice - we aim to respond within 14 days.

 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

 

Copied correspondence - we do not respond to correspondence that has been
copied to us.

 

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

 

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

 

Yours sincerely

 

The Information Commissioner’s Office

 

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found at
[2]http://www.ico.org.uk/tools_and_resource...

 

Twitter

Find us on Twitter at [3]http://www.twitter.com/ICOnews

 

The ICO's mission is to uphold information rights in the public interest.
To find out more about our work please visit our website, or subscribe to
our e-newsletter at ico.org.uk/newsletter.

If you are not the intended recipient of this email (and any attachment),
please inform the sender by return email and destroy all copies without
passing to any third parties.

If you'd like us to communicate with you in a particular way please do let
us know, or for more information about things to consider when
communicating with us by email, visit ico.org.uk/email

References

Visible links
1. http://ico.org.uk/about_us/how_we_comply
2. http://www.ico.org.uk/tools_and_resource...
3. http://www.twitter.com/ICOnews