Feeds

ICO consultation: What should public bodies disclose?

Graham's office to push out code of practice by the end of the year

5 things you didn’t know about cloud backup

The UK's data protection and Freedom of Information watchdog has launched a new consultation with a view to changing its guidance on what information public sector organisations should be forced to disclose and how.

Under Freedom of Information (FOI) laws public authorities must "adopt and maintain" a scheme of publishing information, which must be approved by the ICO. The scheme has to "specify classes of information which the public authority publishes or intends to publish, specify the manner in which information of each class is, or is intended to be, published, and specify whether the material is, or is intended to be, available to the public free of charge or on payment".

The Information Commissioner's Office (ICO), which is responsible for ensuring compliance with FOI laws, wants to update its model publication scheme "to increase the level and range of information proactively available, reflecting the public interest," the consultation (7-page/113KB PDF) said. The ICO's model publication scheme sets out what information public sector organisations must publish in accordance with its responsibilities under the FOI laws.

Currently the ICO's model publication scheme states that public organisations should generally make information available on their websites on what they do, what they spend and how they make decisions,.

Respondents to the consultation are asked "What further classes of information or further detail can be included in publication schemes?" and how publication schemes should "evolve in the light of Web 2.0?" Information Commissioner Christopher Graham said in a speech.

A spokesman for the ICO told Out-Law.com that this means the ICO is considering whether it is appropriate for public sector organisations to disclose information through new mediums, such as social networks.

The ICO plans to have amended its guidance on public sector publication schemes by the end of this year, Graham said.

Graham also said that there is "perhaps a good case" for the UK to have a "coordinated national information policy".

"What is needed is a joined-up and consistent approach to the different strands of transparency policy across government," he said.

The Freedom of Information Act and the Freedom of Information (Scotland) Act came into full force on 1 January 2005, giving individuals the right for the first time to see information held by government departments and public bodies.

Some information can be held back under qualified and absolute exemptions. However, where information can be withheld under a qualified exemption organisations are still obliged to conduct a "public interest test" to determine whether it is right for information to be disclosed.

Graham said that some organisations do not correctly balance the privacy rights of individuals with their requirements to disclose information.

"There is certainly a public interest in privacy for individuals as well as in transparency around public information but privacy should not always be claimed as a barrier to transparency, accountability or open data," Graham said.

The Information Commissioner said that the ICO is currently developing a new code of practice on anonymisation and that it will also "publish broader guidance on key privacy principles that apply to data set disclosures".

"The code of practice on anonymisation ... will look at the importance of successfully anonymising data prior to disclosure – particularly with regards to statistical data sets," the ICO's spokesperson said in a statement.

Earlier this year the ICO looked at the issue of anonymisation of data in detail when it hosted a seminar with industry, government and academic representatives.

One academic raised the difficulty of knowing what information should be published considering that there is the potential for "jigsaw identification, whereby data from a number of sources can be combined to enable identification of individuals".

"There is a demand for greater transparency, for example relating to health, education and court data, but we must ensure that transparency of government does not equal transparency of the citizen," the academic said, according to a report (13-page/113KB PDF) from the seminar.

The ICO's code of practice is expected to be announced by the end of the year, the ICO's spokesman said.

In his speech Christopher Graham also criticised some of the proposals announced in the Protection of Freedoms bill.

The bill orders the destruction of DNA material in most cases where a person is not charged or convicted of a crime.

For those whose samples were taken while detained under the Terrorism Act they must not be immediately destroyed, though. They can be kept for three years, or indefinitely in the case of people who have already committed a serious crime.

Samples taken from people in the investigation of other serious offences and from people who have been previously convicted of serious offences can also be retained, some for three years and some indefinitely, under the bill proposals.

The bill also contains provisions reforming the use of technology for surveillance, including CCTV systems and automatic number plate recognition (ANPR) systems.

The government said that the bill would rebalance the relationship between the state and individuals.

"It is important that the new laws deliver the promised benefits of strengths and safeguards for information rights," Graham said.

"The proposals to delete the DNA profile and fingerprints of those who have not been convicted and are of no ongoing interest to the police are welcome and meet long-standing concerns, but the associated information about these people held on the police national database should be deleted too," he said.

"Additional regulation of CCTV and ANPR is also welcome, but the current proposals are limited in coverage ... in a way that does not reflect how wide this surveillance technology is used and there [are] no new sanctions for non-compliance," he said.

Under UK data protection laws individuals have the right to access personal information held about them by an organisation.

Graham said that proposals in the bill could allow more employers to force job applicants to "exercise their rights as data subjects" to access data about themselves that is held by police in order to show the results to the employer.

"There is already a long-standing and urgent need to trigger provisions to make this practice unlawful," Graham said. "It is no good exempting citizens from [vetting] checks if employers can get round this by unfairly exploiting the citizens' own right to [gain] access to police information."

Copyright © 2011, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

The essential guide to IT transformation

More from The Register

next story
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
GCHQ protesters stick it to British spooks ... by drinking urine
Activists told NOT to snap pics of staff at the concrete doughnut
What do you mean, I have to POST a PHYSICAL CHEQUE to get my gun licence?
Stop bitching about firearms fees - we need computerisation
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
Oz biz regulator discovers shared servers in EPIC FACEPALM
'Not aware' that one IP can hold more than one Website
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.