The Scottish government has recently published a consultation paper on certain draft identity management and privacy principles. The draft principles have been developed with a view to ensuring that public services in Scotland are better placed to manage the process of proving identity (e.g. in the case of benefit claims) in a way that protects individual privacy. The deadline for responses is 23 November 2009
Reforming the Information Tribunal
August 5th, 2009 by Timothy Pitt-Payne QCA letter was circulated yesterday (4th August) to “stakeholders” of the Information Tribunal, giving information about the implications for the Information Tribunal of the new unified tribunal structure.
The new structure involves a system of First Tier tribunals and Upper Tribunals. The Information Tribunal will be one of a number of tribunals that transfer into the General Regulatory Chamber (GRC), one of the First Tier tribunals.
According to the letter, from January 2010 information rights cases will generally be heard in the GRC, with an appeal to the Administrative Appeals Chambers of the Upper Tribunal on a point of law. However, in some circumstances cases will be heard in the first instance in the Upper Tribunal. This will be where the appeal is complex, unusual, or particularly important. In additional national security appeals (under section 28 of the Data Protection Act 1998 or section 60 of the Freedom of Information Act 2000) will go straight to the Upper Tribunal.
The procedural rules for those tribunals moving into the GRC in September 2009 have now been finalised and laid before Parliament. This includes the Charity Tribunal, the Estate Agents Appeals Panel and the Consumer Credit Appeals Tribunal. For those jurisdictions moving to the GRC in January 2010 – including the Information Tribunal – any further specific procedural rules will be added by amendment once Parliament has approved the transfer. Approval is expected later this year.
Podcast on employment vetting
July 2nd, 2009 by Timothy Pitt-Payne QCThanks to CPDcast, I have recently recorded a podcast on the subject of employment vetting. It deals with various subjects, including CRB checks and the new ISA barring regime. If you want to listen, it’s available here. I hope to be able to post a code here in a few days (with the agreement of CPDcast) which will enable readers of this blog to listen for free. It’s also worth looking at the rest of the site; they are very strong on information law subjects.
Disclosing Disciplinary Records Under FOIA
June 16th, 2009 by Anya ProopsThe Information Tribunal has recently handed down a decision in which it upheld the Commissioner’s conclusion that information as to judges’ serious misconduct was exempt from disclosure under the personal data exemption provided for under s. 40(2)(c) FOIA – Guardian Newspapers v IC (EA/2008/0084). The decision is interesting not least because it highlights the Tribunal’s continuing reluctance to treat personal data concerning disciplinary matters as being disclosable under FOIA (see further on this point the earlier cases of Waugh v IC & Doncaster College (EA/2007/0060) and Roger Salmon v IC & King’s College (EA/2007/0135)). Notably, the Tribunal also held that the information in question was exempt under s. 31(1)(c) FOIA (administration of justice exemption).
The central issue in the appeal was whether disclosure of the information would contravene the first data protection principle (DPP1) contained in Schedule 1 to the Data Protection Act 1998 (DPA) and, hence, render the information absolutely exempt from disclosure under s. 40(2)(c) FOIA. The Tribunal held that DPP1 would be contravened. In reaching this conclusion, the Tribunal took into account in particular the facts that:
· the DPA contained an exclusion which prevented judicial office holders themselves gaining access to data which revealed assessments of their ‘suitability to hold judicial office’ and it would be an odd result if third parties could access such data under FOIA but the data subjects themselves could not (para. 91);
· some of the information would amount to sensitive personal data which would require that one of the stringent conditions contained in Schedule 3 be met in order for the disclosure to be in accordance with DPP1 (para. 92);
· some information was already in the public domain as to the fact and scope of reprimands or serious actions (para. 93);
· the judges themselves would have a reasonable expectation that their disciplinary record would be kept confidential (para. 96);
· there would a risk that judges would suffer great distress if the information were to be disclosed and, further, that their future authority and their future employment prospects would be jeopardised (para. 97).
In addition the Tribunal held that s. 31(1)(c) FOIA was engaged in respect of the information and that the public interest weighed in favour of maintaining that exemption. In reaching this conclusion, the Tribunal took into account in particular the fact that, in its view, disclosure of the information would undermine a judge’s authority while carrying out his or her judicial function and would otherwise disrupt the judicial process by encouraging legal representatives to seek adjournments by reason of alleged concerns about the judge’s good standing (para. 106). 11KBW’s Karen Steyn appeared on behalf of the Ministry of Justice.
Lock up your data
June 5th, 2009 by Timothy Pitt-Payne QCThe importance of ensuring the security of personal data has been highlighted in a recent press release from the ICO dated 4 June 2009. The ICO has found Salford Royal NHS Foundation Trust in breach of the Data Protection Act, after a desktop computer containing sensitive personal information relating to around 3,500 patients was stolen. Although the computer was password protected, it was not encrypted or secured to a desk.
A formal undertaking has been signed by the Trust. It will ensure that: appropriate security measures are in place to restrict access to areas where personal information is stored; desktop computers are secured to desks to prevent easy removal; any personal data required to be held on a portable device is suitably encrypted; and personal details are not retained on any computer for longer than is required.
Mick Gorrill, Assistant Information Commissioner at the ICO, emphasised that the worrying trend of personal data losses must be rectified. He said:
“I am increasingly concerned about the way some NHS organisations are failing to securely hold people’s health and personal information. Organisations must implement appropriate safeguards to ensure personal details about patients do not fall into the wrong hands.”
Many thanks to Andrew Smith, currently a pupil at 11KBW, for preparing a first draft of this post.
Doing it by the book
June 5th, 2009 by Timothy Pitt-Payne QCThe Information Commissioner’s Office has today announced the latest version of the Privacy Impact Assessment Handbook. As the title indicates, its purpose is to help organisations to identify and address the privacy risks of their activities.
Following the HMRC data breach in November 2007, the Cabinet Office introduced a requiring for all central Government departments and their agencies to conduct Privacy Impact Assessments (PIAs) when developing new systems. The ICO encourages all organisations to incorporate data protection safeguards into any new project involving personal information.
The handbook is in two parts: Part I (the first two chapters) gives an overview of the PIA process, with detailed information about privacy, common risks, and possible solutions; Part II then gives a practical guide to conducing a PIA. There are also four appendices, with examples of screening questions, checklist templates, and privacy strategies.
The handbook should help organisations to make reasoned judgments about the privacy implications of new projects or technological innovations. Some of the recommendations may overlap with privacy work already being done by organisations. A PIA does not have to be conducted as a totally separate exercise; indeed, it may be helpful to look at privacy issues in a broader policy context.
Many thanks to Andrew Smith, currently a pupil at 11KBW, for researching this post and preparing a first draft.
High Court Judgment on Inspection of Personal Data
May 29th, 2009 by Anya ProopsThe High Court has recently handed down an interesting judgment on the extent to which redacted personal data contained in documents disclosed in the course of litigation was vulnerable to inspection. The judgment also highlights some of the limits which may be placed on parties seeking inspection of databases containing personal data. In Webster & Ors v Ridgeway Foundation School Governors [2009] EWHC 1140 (QB), the claimants had brought claims against the governors of a school on the basis that they had suffered racially motivated assaults on school property. They alleged that the governors had caused or contributed to the injury by negligently failing to maintain proper disciplinary standards or otherwise taking proper care with respect to pupil security, particularly by allowing racial tensions to develop. During the course of standard disclosure, the governors disclosed a log of investigations into racist incidents, bullying and aggression in the school. Moreover, one of their witness statements disclosed the existence of a computerized system used to record pupil behaviour. The governors allowed inspection of the disclosed documents but redacted the names of purported victims of racism, bullying and aggression. The claimants sought disclosure of the redacted names and, further, of the computerized system. They argued that they needed to access this information in order to assess whether there were other pupils who might be able to provide useful evidence and that they had a right to inspect that information given that its existence had been disclosed by the governors.
Nicol J refused the claimants’ application for inspection of the redacted information and the computerized system. He held that that the mere fact that a document had been disclosed did not mean that there was an automatic right of inspection in respect of all of the information it contained, not least this was because some of the information in the disclosed document may not be relevant to the matters in issue. On the facts of the instant case, Nicol J found that inspection of the redacted names could and should be refused on the basis that: (a) it would amount to an interference with the privacy rights of the individual children named in the documents; and (b) that interference was not necessary in the instant case as the claimants did not need to know the identities of the purported victims in order to have a fair trial or for the fair disposal of the litigation (Science Research Council v Nasse [1980] AC 1028 HL applied). With respect to the computerized system, Nicol J accepted that mention of a document in a witness statement could be equated with inclusion of a document in a disclosure list and, hence, prima facie it would give rise to an obligation to permit inspection. However, he also held that that general proposition was subject to the qualifications contained in CPR 31.3, which included the right to object to disclosure on grounds of proportionality. Nicol J went on to find that permitting inspection of the computerized database would be disproportionate, particularly because: (a) the governors would have to redact the entire database to ensure that any private information relating to individual pupils and, further, any irrelevant information was not disclosed, which was a very substantial task and (b) undertaking this task was disproportionate having regard to any possible benefit for the claimants and the issues in the case.
NHS SPINE – PERMISSION TO DELETE CARE RECORDS
May 27th, 2009 by Anya ProopsThe creation of electronic summary patient records which can readily be accessed by medical teams on the NHS broadband computer system, known as the Spine, is one which has met with approval in many quarters. This is unsurprising given the potential health benefits resulting from clinicians being able to access such records. However, this approval has been tempered by concerns that the NHS, in common with other large-scale public authorities, may not be able to maintain appropriate levels of security with respect to this manifestly sensitive personal data. Yesterday the Guardian reported that, following talks between the ICO and Connecting for Health (CfH), the agency responsible for implementing the records scheme, CfH has now yielded to calls for NHS patients be given the right to have their summary care records deleted from the system (although deletion would not occur if the records had already been used, in which case they would be archived for medic-legal reasons). The right to have records deleted will be additional to the right already granted to patients to opt out of the scheme before a record is created for them. CfH’s decision to permit patients to have their record deleted represents a move away from earlier proposals that, where objections were made, the record would simply be ‘masked’ within the system. Notably, the news over changes to the care records scheme comes only days after it was revealed that records revealing personal data relating to tens of thousands of MOD personnel, which were lost last year, had contained not merely financial information but also highly sensitive vetting information. The revelations have been controversial because, whilst the loss was announced last year, neither Parliament nor the ICO were informed that the lost data included sensitive vetting data.
ABORTION STATISTICS AND PERSONAL DATA
May 27th, 2009 by Anya Proops
The Information Tribunal will this week begin hearing an important appeal against a decision of the Information Commissioner that certain abortion statistics relating to ground (e) abortions (abortions in cases of disability) were disclosable under section 1 FOIA. The appeal concerns in particular the interesting and difficult question of whether and to what extent ostensibly anonymous, statistical information can nonetheless constitute ‘personal data’ for the purposes of the personal data exemption provided for under section 40 FOIA. Before the Commissioner, the DH argued that, whilst the information in the abortion statistics does not per se identify any particular individual, because the statistics themselves relate to a relatively small number of cases, it would still be possible to identify particular patients and/or doctors who have carried out the abortions, particularly if the statistics were married either with other information held by the DH or already in the public domain. The Commissioner was not persuaded by that argument. He held that the statistical information was so far removed from the information on the Abortion Notification forms from which the information was derived that it no longer retained the attributes of personal data. The proposition that proximity to identifying information should be the barometer of whether particular anonymous information constitutes ‘personal data’ is likely to be hotly contested before the Tribunal. Watch this space for further news! Tim Pitt-Payne will be appearing on behalf of the Commissioner.
CCTV In the Dock
May 18th, 2009 by Anya ProopsA Home Office funded review on the effectiveness of CCTV cameras in the fight against crime has found that it has only a ‘modest impact on crime’. The review, undertaken by the Campbell Collaboration found that the use of CCTV was not effective in cutting vehicle crime in car parks, especially when used alongside improved lighting and the introduction of security guards. The review’s conclusions are likely to prompt further debate not only on the cost effectiveness of using CCTV as a weapon to cut crime (CCTV is now the single most heavily funded crime prevention measure operating outside the criminal justice system) but also on whether the pervasive use of CCTV within our society can be justified, particularly given its potential to interfere with the right to privacy. Notably, The Home Office cited the review in the context of its response to the House of Lords Comittee on the Constitution Inquiry into ‘Surveillance: Citizens and the State’ (and see my earlier post on the Committee’s report). In its response, the Home Office stated that: ‘In reviewing existing policies and processes, the Government will seek to ensure that due consideration is given to the following key principles: Are robust safeguards in place to protect the information and indiviudal liberties? Are our plans and actions proportionate to the damage and the threat they are seeking to prevent? Are we being as transparent as possible? Are citizens being given the right amount of choice?‘ The Home Office’s response should be read in conjunction with the Information Commissioner’s response to the Committee’s report which was published in 15 April 2009.