Feeds

ICO consultation: What should public bodies disclose?

Graham's office to push out code of practice by the end of the year

Next gen security for virtualised datacentres

The UK's data protection and Freedom of Information watchdog has launched a new consultation with a view to changing its guidance on what information public sector organisations should be forced to disclose and how.

Under Freedom of Information (FOI) laws public authorities must "adopt and maintain" a scheme of publishing information, which must be approved by the ICO. The scheme has to "specify classes of information which the public authority publishes or intends to publish, specify the manner in which information of each class is, or is intended to be, published, and specify whether the material is, or is intended to be, available to the public free of charge or on payment".

The Information Commissioner's Office (ICO), which is responsible for ensuring compliance with FOI laws, wants to update its model publication scheme "to increase the level and range of information proactively available, reflecting the public interest," the consultation (7-page/113KB PDF) said. The ICO's model publication scheme sets out what information public sector organisations must publish in accordance with its responsibilities under the FOI laws.

Currently the ICO's model publication scheme states that public organisations should generally make information available on their websites on what they do, what they spend and how they make decisions,.

Respondents to the consultation are asked "What further classes of information or further detail can be included in publication schemes?" and how publication schemes should "evolve in the light of Web 2.0?" Information Commissioner Christopher Graham said in a speech.

A spokesman for the ICO told Out-Law.com that this means the ICO is considering whether it is appropriate for public sector organisations to disclose information through new mediums, such as social networks.

The ICO plans to have amended its guidance on public sector publication schemes by the end of this year, Graham said.

Graham also said that there is "perhaps a good case" for the UK to have a "coordinated national information policy".

"What is needed is a joined-up and consistent approach to the different strands of transparency policy across government," he said.

The Freedom of Information Act and the Freedom of Information (Scotland) Act came into full force on 1 January 2005, giving individuals the right for the first time to see information held by government departments and public bodies.

Some information can be held back under qualified and absolute exemptions. However, where information can be withheld under a qualified exemption organisations are still obliged to conduct a "public interest test" to determine whether it is right for information to be disclosed.

Graham said that some organisations do not correctly balance the privacy rights of individuals with their requirements to disclose information.

"There is certainly a public interest in privacy for individuals as well as in transparency around public information but privacy should not always be claimed as a barrier to transparency, accountability or open data," Graham said.

The Information Commissioner said that the ICO is currently developing a new code of practice on anonymisation and that it will also "publish broader guidance on key privacy principles that apply to data set disclosures".

"The code of practice on anonymisation ... will look at the importance of successfully anonymising data prior to disclosure – particularly with regards to statistical data sets," the ICO's spokesperson said in a statement.

Earlier this year the ICO looked at the issue of anonymisation of data in detail when it hosted a seminar with industry, government and academic representatives.

One academic raised the difficulty of knowing what information should be published considering that there is the potential for "jigsaw identification, whereby data from a number of sources can be combined to enable identification of individuals".

"There is a demand for greater transparency, for example relating to health, education and court data, but we must ensure that transparency of government does not equal transparency of the citizen," the academic said, according to a report (13-page/113KB PDF) from the seminar.

The ICO's code of practice is expected to be announced by the end of the year, the ICO's spokesman said.

In his speech Christopher Graham also criticised some of the proposals announced in the Protection of Freedoms bill.

The bill orders the destruction of DNA material in most cases where a person is not charged or convicted of a crime.

For those whose samples were taken while detained under the Terrorism Act they must not be immediately destroyed, though. They can be kept for three years, or indefinitely in the case of people who have already committed a serious crime.

Samples taken from people in the investigation of other serious offences and from people who have been previously convicted of serious offences can also be retained, some for three years and some indefinitely, under the bill proposals.

The bill also contains provisions reforming the use of technology for surveillance, including CCTV systems and automatic number plate recognition (ANPR) systems.

The government said that the bill would rebalance the relationship between the state and individuals.

"It is important that the new laws deliver the promised benefits of strengths and safeguards for information rights," Graham said.

"The proposals to delete the DNA profile and fingerprints of those who have not been convicted and are of no ongoing interest to the police are welcome and meet long-standing concerns, but the associated information about these people held on the police national database should be deleted too," he said.

"Additional regulation of CCTV and ANPR is also welcome, but the current proposals are limited in coverage ... in a way that does not reflect how wide this surveillance technology is used and there [are] no new sanctions for non-compliance," he said.

Under UK data protection laws individuals have the right to access personal information held about them by an organisation.

Graham said that proposals in the bill could allow more employers to force job applicants to "exercise their rights as data subjects" to access data about themselves that is held by police in order to show the results to the employer.

"There is already a long-standing and urgent need to trigger provisions to make this practice unlawful," Graham said. "It is no good exempting citizens from [vetting] checks if employers can get round this by unfairly exploiting the citizens' own right to [gain] access to police information."

Copyright © 2011, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.