Feeds

Undelete those deleted emails, FOIA ruling tells Government

But only if it's not too much trouble...

Intelligent flash storage arrays

'Deleted' Government records needn't necessarily be treated as deleted after all, according to a ruling by the Information Tribunal, which deals with appeals against rulings under the Freedom of Information Act. But don't get too excited - although in theory this means that data that can be undeleted, restored from backups or reconstructed by specialists can still be supplied in response to FOIA requests, in practice the whole show will still collapse when it encounters the haphazard shambles that UK Government backup regimes amount to.

Information Tribunal chairman John Angel indulges in a substantial philosophical digression on the nature of deleted in this recent adjudication, which involved a request to the Royal Mail for personnel data which had been 'deleted'. The Tribunal's conclusion in this case was that the data really had been deleted anyway (so it couldn't be handed over, anyway), but the ruling also tries to nail down the extent to which deleted data can still be counted as "held".

First, the good news: "The Tribunal understands that information which is held electronically and then deleted (and even emptied later from a 'recycle bin' or 'trash can') is still in fact retained in its original form on the computer system until it is subsequently and actually overwritten by other information." In view of this "it may be incumbent on a Public Authority to make attempts to retrieve deleted information. Accordingly the authority should establish whether information is completely eliminated, or merely deleted."

The Tribunal's setting down of this obligation is certainly progress, because it means that authorities subject to FOIA requests can't simply say that, as the data no longer exists on a live system, it doesn't exist, full stop. The Tribunal doesn't philosophise on the extent to which backups are archive data or deleted data (bit of both, depends, right?) but here it doesn't really need to, because for the purposes of the Act it's effectively deeming all backup data as archived until it is completely deleted.

This overturns guidance from both the Information Commissioner and the Department of Constitutional Affairs. The Commissioner has regarded information on backups as not being "held by a public authority for the purposes of FOI", and that "information sent to the back-up server is no longer readily retrievable for business purposes" (ah, but see below...). The DCA, meanwhile, humorously tells us "where it is the intention that data should be permanently deleted, and this is not achieved only because the technology will not permit it, authorities may regard such data as having been permanently deleted."

But you'll have noted the Tribunal said "it may be incumbent..." That "may" is the catch. "If information has been deleted but can be recovered by various technical means, is that information still held by the public authority? The Tribunal finds that the answer to this question will be a matter of fact and degree depending on the circumstances of the individual case... Simple restoration from a 'trash can' or 'recycle bin' folder, or from a back-up tape, should normally be attempted, as the Tribunal considers that such information continues to be held." But beyond that, attempted restoration involving "the use of specialist staff time" would be subject to the cost exemptions in the Act. A local authority can refuse a request if the retrieval cost would be more than £450, while for a Government department the limit is £600.

So if it costs more than a few hundred pounds to undelete the data, you can be legally told to push off anyway. When it talks airily of restoring backups, one suspects that the Tribunal is not entirely in tune with the real world here. Even in a well run network restoration will often be a non-trivial task involving specialist staff (which, actually, it should be), and it seems perfectly feasible that an authority could successfully argue that simple restoration from a backup tape might in some cases exceed the cost limit. The Tribunal also suggests that "the Restore facility in Windows will restore the system to the way it existed on a previous date chosen by the operator" - we presume they've never been foolish enough to try this.

We should note an unpleasant little truth that springs from the Tribunal's conclusions. If there are no coherent groundrules or minimum standards governing public authority retention and archive policies (there aren't), then the worse the IT system is at dealing with retention, archive and backup, the less likely it is to have to respond positively to FOIA requests. There's a pay-off for bad IT strategy; 'I've deleted it' or 'It might be in there somewhere but it'll cost thousands to retrieve it' are deemed valid excuses, rather offences punishable by large fines, so that's all right then, and no, you can't have the information. ®

Internet Security Threat Report 2014

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Yes, yes, Steve Jobs. Look what I'VE done for you lately – Tim Cook
New iPhone biz baron points to Apple's (his) greatest successes
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.