Feeds

ICO consultation: What should public bodies disclose?

Graham's office to push out code of practice by the end of the year

Mobile application security vulnerability report

The UK's data protection and Freedom of Information watchdog has launched a new consultation with a view to changing its guidance on what information public sector organisations should be forced to disclose and how.

Under Freedom of Information (FOI) laws public authorities must "adopt and maintain" a scheme of publishing information, which must be approved by the ICO. The scheme has to "specify classes of information which the public authority publishes or intends to publish, specify the manner in which information of each class is, or is intended to be, published, and specify whether the material is, or is intended to be, available to the public free of charge or on payment".

The Information Commissioner's Office (ICO), which is responsible for ensuring compliance with FOI laws, wants to update its model publication scheme "to increase the level and range of information proactively available, reflecting the public interest," the consultation (7-page/113KB PDF) said. The ICO's model publication scheme sets out what information public sector organisations must publish in accordance with its responsibilities under the FOI laws.

Currently the ICO's model publication scheme states that public organisations should generally make information available on their websites on what they do, what they spend and how they make decisions,.

Respondents to the consultation are asked "What further classes of information or further detail can be included in publication schemes?" and how publication schemes should "evolve in the light of Web 2.0?" Information Commissioner Christopher Graham said in a speech.

A spokesman for the ICO told Out-Law.com that this means the ICO is considering whether it is appropriate for public sector organisations to disclose information through new mediums, such as social networks.

The ICO plans to have amended its guidance on public sector publication schemes by the end of this year, Graham said.

Graham also said that there is "perhaps a good case" for the UK to have a "coordinated national information policy".

"What is needed is a joined-up and consistent approach to the different strands of transparency policy across government," he said.

The Freedom of Information Act and the Freedom of Information (Scotland) Act came into full force on 1 January 2005, giving individuals the right for the first time to see information held by government departments and public bodies.

Some information can be held back under qualified and absolute exemptions. However, where information can be withheld under a qualified exemption organisations are still obliged to conduct a "public interest test" to determine whether it is right for information to be disclosed.

Graham said that some organisations do not correctly balance the privacy rights of individuals with their requirements to disclose information.

"There is certainly a public interest in privacy for individuals as well as in transparency around public information but privacy should not always be claimed as a barrier to transparency, accountability or open data," Graham said.

The Information Commissioner said that the ICO is currently developing a new code of practice on anonymisation and that it will also "publish broader guidance on key privacy principles that apply to data set disclosures".

"The code of practice on anonymisation ... will look at the importance of successfully anonymising data prior to disclosure – particularly with regards to statistical data sets," the ICO's spokesperson said in a statement.

Earlier this year the ICO looked at the issue of anonymisation of data in detail when it hosted a seminar with industry, government and academic representatives.

One academic raised the difficulty of knowing what information should be published considering that there is the potential for "jigsaw identification, whereby data from a number of sources can be combined to enable identification of individuals".

"There is a demand for greater transparency, for example relating to health, education and court data, but we must ensure that transparency of government does not equal transparency of the citizen," the academic said, according to a report (13-page/113KB PDF) from the seminar.

The ICO's code of practice is expected to be announced by the end of the year, the ICO's spokesman said.

In his speech Christopher Graham also criticised some of the proposals announced in the Protection of Freedoms bill.

The bill orders the destruction of DNA material in most cases where a person is not charged or convicted of a crime.

For those whose samples were taken while detained under the Terrorism Act they must not be immediately destroyed, though. They can be kept for three years, or indefinitely in the case of people who have already committed a serious crime.

Samples taken from people in the investigation of other serious offences and from people who have been previously convicted of serious offences can also be retained, some for three years and some indefinitely, under the bill proposals.

The bill also contains provisions reforming the use of technology for surveillance, including CCTV systems and automatic number plate recognition (ANPR) systems.

The government said that the bill would rebalance the relationship between the state and individuals.

"It is important that the new laws deliver the promised benefits of strengths and safeguards for information rights," Graham said.

"The proposals to delete the DNA profile and fingerprints of those who have not been convicted and are of no ongoing interest to the police are welcome and meet long-standing concerns, but the associated information about these people held on the police national database should be deleted too," he said.

"Additional regulation of CCTV and ANPR is also welcome, but the current proposals are limited in coverage ... in a way that does not reflect how wide this surveillance technology is used and there [are] no new sanctions for non-compliance," he said.

Under UK data protection laws individuals have the right to access personal information held about them by an organisation.

Graham said that proposals in the bill could allow more employers to force job applicants to "exercise their rights as data subjects" to access data about themselves that is held by police in order to show the results to the employer.

"There is already a long-standing and urgent need to trigger provisions to make this practice unlawful," Graham said. "It is no good exempting citizens from [vetting] checks if employers can get round this by unfairly exploiting the citizens' own right to [gain] access to police information."

Copyright © 2011, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Mobile application security vulnerability report

More from The Register

next story
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
UK.gov's Open Source switch WON'T get rid of Microsoft, y'know
What do you mean, we've ditched Redmond in favour of IBM?!
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
US Social Security 'wasted $300 million on an IT BOONDOGGLE'
Scrutiny committee bods probe derailed database project
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Australia floats website blocks and ISP liability to stop copyright thieves
Big Content could get the right to order ISPs to stop traffic
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.