Feeds

Watchdog: Gov bods should rummage through BINS for FOI data

Files sitting in electronic trash cans fair game for disclosure – ICO

The Power of One Infographic

Public sector bodies will generally be required to disclose information even if it is stored in computer 'recycle bins', the Information Commissioner's Office (ICO) has said. The watchdog has issued new guidance (25-page/350KB PDF) to help public bodies which are subject to the UK freedom of information (FOI) or environmental information laws to determine whether they hold information that should be disclosed when requested.

Under UK FOI laws and the Environmental Information Regulations (EIR) individuals have a right to ask for and, generally, be provided with certain information held by government departments and public bodies.

The ICO said that, notwithstanding some exceptions to this general rule on disclosure, public sector bodies will have to disclose information that is held in a computer "recycle bin". It said, though, that whilst information that is deleted from recycle bins can "technically be recovered until it has been overwritten", public bodies will not generally be said to 'hold' the information for the purposes of disclosure.

If information is deleted from a computer recycle bin unintentionally, however, public bodies could still have to disclose it under FOI or EIR, the watchdog said.

"There are situations where information that is still required for a business purpose is mistakenly deleted through user error, virus or disaster," the ICO said in its guidance. "In these circumstances, the public authority will intend to recover the information for its own purposes and so the information should still be regarded as held by the public authority. As a general rule, information that is capable of being overwritten and has been intentionally deleted will not be held."

The ICO said that it "recognises" that its view differs from that taken in a ruling by the Information Rights Tribunal in 2005. It said that deciding whether public bodies hold deleted information should be determined by public authority's intentions, and not on the "practicalities of restoring the information".

"Public authorities are entitled to delete information they no longer require, and indeed they should do so in accordance with good records management practice," it said. "If information was still said to be held when it had been intentionally deleted in line with the public authority’s disposal schedule it would undermine the principle of good records management."

The ICO said that, generally, public bodies will not be said to hold information that is subject to disclosure under the FOI or EIR regimes if it is merely stored on "backup" systems. This, it admitted, contrasts with the view of the Lord Chancellor in his code of practice issued to public bodies, under the terms of the FOI Act, on the management of records.

"As a general rule, the Commissioner considers that information contained on a backup is not held," the ICO said. "This is because, generally, the public authority will have no intention of accessing the information on the backup. Again the Commissioner’s focus is on the intention of the public authority rather than whether the records can actually be recovered."

"There are, as always, exceptions. Where data has been lost from the main computer and the public authority intends to use the backup to restore that data, the Commissioner considers that the information is held. There have also been situations where, in the absence of a proper records management policy, the backup has been used for all intents and purposes as an archive," it added.

In its guidance the ICO also said that 'metadata' and "style settings" associated with documents will only be disclosable under FOI or EIR if the information is specifically requested. The watchdog described metadata as "information on the properties of electronic documents" that includes details about the "author, dates, editing history, size, file paths, security settings and any email routing history".

"If an applicant specifically requests information on the properties of an electronic document, public authorities will be obliged to provide it, subject to other provisions in the relevant legislation," the ICO said. "However, if it is not requested there is no expectation that public authorities will provide it."

The ICO said that it will determine "on the balance of probabilities" whether public bodies hold information but have not disclosed it when they ought to have under the FOI and EIR regime. It said it would "consider the scope, quality, thoroughness and results of the searches" that public sector bodies conducted for the information requested, and/or any "other explanations offered as to why the information is not held".

If public authorities can show that there was not a "business need" for them to store information that is sought under the FOI or EIR laws, then the ICO may be "persuaded that no information is held," it said.

The ICO's guidance also outlined that in circumstances where public bodies are asked to provide "lists or schedules" of information that they have not themselves compiled, they could still be said to hold the information and have, generally, to disclose it.

"If the public authority had already produced a list for its own business needs, the information is clearly held," the ICO said. "However, usually the public authority will not hold an actual list. It will hold the correspondence referred to in the request and the information required to produce the schedule will be contained in that correspondence. It is simply a case of extracting the relevant information (the individual building blocks) from the correspondence and organising them into a schedule. The extraction of existing information and presenting it as a schedule is not the creation of new information."

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.