Feeds

Watchdog: Gov bods should rummage through BINS for FOI data

Files sitting in electronic trash cans fair game for disclosure – ICO

Next gen security for virtualised datacentres

Public sector bodies will generally be required to disclose information even if it is stored in computer 'recycle bins', the Information Commissioner's Office (ICO) has said. The watchdog has issued new guidance (25-page/350KB PDF) to help public bodies which are subject to the UK freedom of information (FOI) or environmental information laws to determine whether they hold information that should be disclosed when requested.

Under UK FOI laws and the Environmental Information Regulations (EIR) individuals have a right to ask for and, generally, be provided with certain information held by government departments and public bodies.

The ICO said that, notwithstanding some exceptions to this general rule on disclosure, public sector bodies will have to disclose information that is held in a computer "recycle bin". It said, though, that whilst information that is deleted from recycle bins can "technically be recovered until it has been overwritten", public bodies will not generally be said to 'hold' the information for the purposes of disclosure.

If information is deleted from a computer recycle bin unintentionally, however, public bodies could still have to disclose it under FOI or EIR, the watchdog said.

"There are situations where information that is still required for a business purpose is mistakenly deleted through user error, virus or disaster," the ICO said in its guidance. "In these circumstances, the public authority will intend to recover the information for its own purposes and so the information should still be regarded as held by the public authority. As a general rule, information that is capable of being overwritten and has been intentionally deleted will not be held."

The ICO said that it "recognises" that its view differs from that taken in a ruling by the Information Rights Tribunal in 2005. It said that deciding whether public bodies hold deleted information should be determined by public authority's intentions, and not on the "practicalities of restoring the information".

"Public authorities are entitled to delete information they no longer require, and indeed they should do so in accordance with good records management practice," it said. "If information was still said to be held when it had been intentionally deleted in line with the public authority’s disposal schedule it would undermine the principle of good records management."

The ICO said that, generally, public bodies will not be said to hold information that is subject to disclosure under the FOI or EIR regimes if it is merely stored on "backup" systems. This, it admitted, contrasts with the view of the Lord Chancellor in his code of practice issued to public bodies, under the terms of the FOI Act, on the management of records.

"As a general rule, the Commissioner considers that information contained on a backup is not held," the ICO said. "This is because, generally, the public authority will have no intention of accessing the information on the backup. Again the Commissioner’s focus is on the intention of the public authority rather than whether the records can actually be recovered."

"There are, as always, exceptions. Where data has been lost from the main computer and the public authority intends to use the backup to restore that data, the Commissioner considers that the information is held. There have also been situations where, in the absence of a proper records management policy, the backup has been used for all intents and purposes as an archive," it added.

In its guidance the ICO also said that 'metadata' and "style settings" associated with documents will only be disclosable under FOI or EIR if the information is specifically requested. The watchdog described metadata as "information on the properties of electronic documents" that includes details about the "author, dates, editing history, size, file paths, security settings and any email routing history".

"If an applicant specifically requests information on the properties of an electronic document, public authorities will be obliged to provide it, subject to other provisions in the relevant legislation," the ICO said. "However, if it is not requested there is no expectation that public authorities will provide it."

The ICO said that it will determine "on the balance of probabilities" whether public bodies hold information but have not disclosed it when they ought to have under the FOI and EIR regime. It said it would "consider the scope, quality, thoroughness and results of the searches" that public sector bodies conducted for the information requested, and/or any "other explanations offered as to why the information is not held".

If public authorities can show that there was not a "business need" for them to store information that is sought under the FOI or EIR laws, then the ICO may be "persuaded that no information is held," it said.

The ICO's guidance also outlined that in circumstances where public bodies are asked to provide "lists or schedules" of information that they have not themselves compiled, they could still be said to hold the information and have, generally, to disclose it.

"If the public authority had already produced a list for its own business needs, the information is clearly held," the ICO said. "However, usually the public authority will not hold an actual list. It will hold the correspondence referred to in the request and the information required to produce the schedule will be contained in that correspondence. It is simply a case of extracting the relevant information (the individual building blocks) from the correspondence and organising them into a schedule. The extraction of existing information and presenting it as a schedule is not the creation of new information."

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

The essential guide to IT transformation

More from The Register

next story
GCHQ protesters stick it to British spooks ... by drinking urine
Activists told NOT to snap pics of staff at the concrete doughnut
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Redmond resists order to hand over overseas email
Court wanted peek as related to US investigation
What do you mean, I have to POST a PHYSICAL CHEQUE to get my gun licence?
Stop bitching about firearms fees - we need computerisation
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?