During my first
full year as Information Commissioner, people have Frequently
Asked me Questions. Here are my end-of-year
Answers.
What do you do?
I am the champion of both open government and data protection.
I do this by leading an independent office which regulates
the handling of information. We are a wholly independent body,
answerable to Parliament, given two basic tasks by law:
promoting access to official information; and
protecting
personal information.
My office is small, but growing
in size, profile and influence. I can do nothing without
my committed, expert staff who recognise
the importance of our responsibilities and who want to do
a good job.
What are your responsibilities?
Last year I announced a strategic review of our aims and
objectives. This was carried out – under the banner of our Home Improvement
Project (HIP) - over the second half of 2003. It involved extensive
external and internal discussion, culminating in the work of
six Task Forces looking at different aspects of our work. The
most tangible outcome has been the Corporate Plan for 2004 – 2007
which was published in March 2004. This sets out re-defined
Aims and Objectives, (see panel) summarising our responsibilities
in terms of:
educator – promoting good practice for organisations
and communicating helpful information to the public
remedy
provider – providing solutions within our
powers where there are legitimate grievances
enforcer – taking
firm, but fair, regulatory action where necessary.
The HIP Project confirmed the importance
of clarifying and
making sense of our various functions, identifying priorities
and committing to the changes we need to make.
What are your
top priorities?
We need to be selective. We cannot do everything. I believe
we will be seen as a successful and well-respected organisation
if we focus on three priorities between now and 2007:
top priority for our freedom of information responsibilities – deciding
cases in ways which command public and organisational confidence
and getting well down the road towards a genuine “open
government” culture;
taking a practical, down-to-earth
approach to our data protection activities – simplifying
and making it easier for the majority of organisations
who seek to handle personal
information
well, and tougher for the minority who do not;
aiming to
be a “top-of-the class” office, with
clear Values, of which we are all proud – influential,
well-run, outward-looking and delivering real service to
society.
What will all this mean in practice?
We need to break our various responsibilities (new and existing)
into manageable tasks, articulating what we can and cannot
do and making sure we concentrate on important concerns where
we are especially well-placed to make a real impact. This
needs a new organisational structure, new policies and procedures
and more active performance management. With greater clarity
about “What and How?”, our plans spell out our
intention to:
become more proactive and maximise our influence,
targeting issues and cases where detriment is greatest;
become
more customer-focused and better at communicating with
target audiences and working with other organisations;
shift
attention away from those complaints where we cannot provide
remedies in favour of activities which promote
good practice;
transform our internal working methods, especially to
enable us to demonstrate success;
ensure a reputation for
helpfulness and effectiveness;
ensure that we get the best
from all those working here; and
get the best out of new
technology and our new regional structure.
We still have
plenty to do to turn the plans into reality, but we are
on track.
Non-executive
Board Members
Dr
Robert (Bob) Chilton
After a career in local government, Bob Chilton served
as Director of Local Government Studies at the Audit
Commission, and is currently Vice-Chairman of the
National Consumer Council and undertakes project
consultancy
for the Audit Commission.
David Clarke
After a career in marketing including working for
Scottish Power, David currently serves as a non-executive
adviser
to the think-tank Demos.
Sir Alistair Graham
Previously Parades Commissioner for Northern Ireland
and Chief Executive of two TEC’s, Sir Alistair
Graham is the Northern and Yorkshire Regional Commissioner
for the NHS Appointments Commission, as well as being
a member of the Employment Appeals Tribunal and Chairman
of the Committee on Standards in Public Life.
Clare
Tickell
Is the Chief Executive of Stonham Housing Association,
providing housing and care to some of the most socially
excluded and disenfranchised, including homeless
people, victims of violence, substance misusers and
people with
health problems.
Who leads the process?
As Commissioner, I must take ultimate responsibility for
our activities. But staff at all levels deserve the credit
for
an astonishing range of work and achievements and must be
heavily involved in the process of refreshment and modernisation.
I
reformed the corporate governance of the office during the
year so that an Executive Team shares with me the internal
leadership of the office. Strategic direction and leadership
now come from a re-constituted Management Board. I was delighted
that (from a very wide field) I was able to recruit four
excellent non-executive members to this Board. All four new
members arrived
in January, but are already making significant contribution
as objective and questioning supporters of the office.
Why
have you separated the freedom of information and data
protection functions?
Parliament has superimposed the FoI responsibilities onto
a mature data protection organisation. Both functions demand
good information-handling practices and both are heavily
concerned
with access to information. But there are differences and
sometimes tensions. These are best resolved inside the same
organisation.
freedom of information will raise very sensitive, complex
and high profile individual cases. The entire organisation
will
be judged on how well we handle these cases. We need the
focus of a dedicated FoI team which can ensure that we develop
the
right organisational and cultural approach outside the shadow
of on-going data protection activities.
Will you be ready
for freedom of information?
We have already approved Publication Schemes – setting
out how information is made available without waiting for
requests – for
almost all public sector bodies. We are on course to complete
the programme by July 2004. We have made good progress in
implementing a project plan to make sure we are ready for
the introduction
of the Right to Know in January 2005. Our plan tackles such
varied issues as casework systems, staff expansion, training
and publishing guidance for public bodies. The National Audit
Office has reviewed our preparations and we have benefited
from their contribution. We know that we will receive difficult
and demanding cases. The major unknown at the moment is the
volume of casework. I also have serious concerns that – unless
I am given freedom by the government to find ways to pay
my staff in line with local market conditions – we
will encounter increasing difficulty in recruiting and retaining
staff of the right calibre to handle the FOI work.
Will government
be ready for freedom of information?
There has been a long waiting period since the law was passed
in 2000. This should have allowed plenty of time for government
departments and all other parts of the public sector to get
ready, but the preparation time may have been used by some
as a breathing space. Many public bodies are very well aware
of what is coming; others are waking up late in the day.
Some may get some unwelcome surprises when their first requests
arrive – with only 20 working days to respond – because
they have not thought ahead. I will not be able to accept “Not
yet ready” as an excuse for failing to disclose information
under the Act.
Why is freedom of information important?
I see freedom of information as central to the democratic
process. People are entitled to know what government – in
the widest sense – is doing in their name and with
their money. Freedom of information serves as a reminder
that government should not be a secretive machine, locked
away from the view
of the citizens who elect those who govern us. Most of the
public sector delivers public services or provides public
benefit. The rhetoric of recent years has been all about
transparency
and improved delivery. FoI is a means of demonstrating the
reality. There are many exemptions to cover situations where
there is a legitimate need for secrecy. The public interest
test will cut both ways according to circumstance, but the
presumption must be in favour of disclosure. I hope that
Ministers will be very slow to use the so-called veto to
over-rule public
interest decisions in favour of disclosure. Whenever they
do, I will need to explain the circumstances in a Special
Report
to Parliament.
Why is data protection important?
Individuals need rights that they can rely on as a
counter-balance to some of the excesses or risks
of the information society.
More generally, privacy is recognised as a fundamental human
right and the protection of personal information is essential
to our integrity as individuals. Our research shows how much
people care about their privacy and the safeguarding of their
information – especially after encountering a real
threat. Businesses have taken these issues increasingly seriously
in
recent years, not least recognising the risks to corporate
reputation if they get it wrong. This chimes well with my
approach of promoting good data protection practice as enlightened
self-interest,
concentrating on aspects – such as mistaken identity
- causing greatest actual or potential detriment.
What is
your approach?
The data protection principles are widely seen as sensible
common sense. Sadly, some of the detailed requirements of
the law, intended to bring these principles to life, are
excessively
complicated and perhaps unduly prescriptive. My task has
to be to de-mystify the law, explaining things as clearly
as possible
and exploring the scope for simplification. We must make
it as easy as possible for organisations and individuals
to understand
what to do and expect. There is still much to be done.
Does
data protection do more harm than good?
No, of course not. Data protection has a mixed reputation,
not just for its complexity. Too often there are perceptions
that it stops people doing sensible things – such as
responsible information-sharing about vulnerable children
and adults. These perceptions are nearly always mistaken,
but they
are real. It has become too easy to blame data protection.
We need to show how data protection regulates flows of information
in the interests of individuals, only stopping them altogether
for good reason. This is a major challenge requiring more
guidance, codes of practice and other initiatives. We must – and
will – challenge the myths. Changes to the law are
also needed, not least to make it clearer that privacy and
data
protection are not absolutes and that personal information
can be processed or disclosed where that is necessary for
public protection, rights and freedoms.
Was data protection
responsible for the deletion of police records?
Myths, misconceptions and misinformation rose to a crescendo
when data protection was initially, and wrongly, blamed for
the destruction of police records about previous contacts
with Ian Huntley. It became clear during the subsequent Inquiry
that deletion or loss of these records had nothing whatever
to do with data protection law or any advice from my Offices.
In his recent Report, Sir Michael Bichard explicitly rejected
the suggestion that the legislation was the reason for the
lack of searchable records. I entirely welcome the findings
of the Inquiry; they will go a long way to restore public
confidence
in data protection. At the same time, I remain committed
to a constructive relationship with the police and will contribute
to a new Code of Practice in line with the Inquiry’s
recommendations.
What have been your main achievements during
the last year?
All achievements are those of my office as a whole. They
are recorded in this report. Highlights include:
Home Improvement Project, culminating in the new
corporate plan
for 2004 - 2007
very positive response to our Employment
Code, dealing with surveillance in the workplace;
innovative advertising campaign to communicate rights to
target groups;
Make Data Protection Simpler Initiative;
strong articulation of the need for maximum safeguards
if and when ID cards are introduced;
successful implementation, with well-received guidance,
of new Privacy & Electronic Communications Regulations;
resolving the problem of third party disclosures by credit
reference agencies;
smooth and timely approval of FoI Publication Schemes;
establishing offices in Belfast, Cardiff and Edinburgh;
Belfast conference to launch our regional office and FoI
in Northern Ireland;
approaching the end of a Change Programme to introduce
electronic case-handling;
significantly higher media profile to articulate the benefits
of data protection and freedom of information;
working with international colleagues to pursue a pragmatic
approach to data protection and freedom of information
issues.
