Select Committee on Public Administration Minutes of Evidence

Examination of Witnesses (Questions 1-19)




  1. Could I call the Committee to order and welcome our witnesses this morning. In particular, it is a pleasure to welcome Mrs France again. We have had some very constructive meetings with you over the years—not least when we were grappling with freedom of information issues. We were disappointed to learn that you are not going to be the Information Commissioner in the future, which I think everyone would have liked. However, we wish you well in your new pastures. Would you like to say anything by way of introduction?

  (Mrs France) First, let me welcome the opportunity you have provided to come and talk to you, particularly at this stage in the year when I have published my annual report. Perhaps I should introduce to you the two people who appear with me: Graham Smith is one of my Deputy Commissioners and takes the lead in my office on developing policy on freedom of information and David Smith is one of my Assistant Commissioners, who at the moment is specialising on Criminal Justice issues within my office but has a long history of dealing with all the data protection issues which my office deals with. Apart from that, I think that there is a broad range of issues that you might want to raise and I would not want to delay you further at this stage, and we will see, at the end of the questions you have, whether there is anything that we have not covered.

  2. Thank you for that. I know that one of the issues we have talked about with you before is the way in which there is not a routine Parliamentary occasion for you to come and talk about your data protection role, and that is a weakness on Parliament's side. I know that you would have valued that over the years, and we have just provided a paler substitute for that. However, because we are at the moment where you produce an annual report, I do notice (and it has been picked up in the report) that there has been this large increase in the caseload that you have been dealing with over this last year. Can you tell us how that is to be explained? Does it show that there are more problems out there? Or is it just that the nature of the beast is changing?
  (Mrs France) I do not think you can conclude that problems are greater out there from those figures. You have to read them with the other big increase, which is the increase in awareness of rights. Awareness of rights hovered in the teens for all my early years in posts—it went up and down but it always stayed just under the 20 per cent level—but it went up to 27 per cent last year and to 42 per cent in the year on which we are just reporting. These are the answers to a standard question asked in a large tracking survey for us by those who do this year in, year out. So you have to add that understanding to your understanding of the increase in casework, because if 42 per cent of the population are now aware that they have rights to see their information (which is the question we asked them) but rights in relation to their information, then more people are going to be prepared to exercise their right to come to us to allege that they believe there has been a breach of the Data Protection Act. So the package, really, is that over the years our office, I hope, has contributed to people being much more aware of their rights. At the same time, the nature of processing of personal data has become more visible to people in their everyday lives, and they have become therefore much more aware of the potential risk. We know that if we were to run an advertising campaign saying "Come and complain to us about alleged breaches" we would be swamped. My predecessor did that in 1993, I think—perhaps a little earlier, I cannot remember the year—and it took a long time for the office to recover. We actually design our advertising to encourage people to go out and exercise their rights themselves and only to come to us when things go wrong. Of course, not everybody heeds that advice, but I think looking at our complaints workload as an indicator of problems in the wider world in relation to data protection dangerous. It is more of a reflection of people's interface with processing and their awareness that they have rights.

  3. That is interesting. How do you explain the mismatch between that greater awareness on the data protection side, reflected in the casework that you do, and this dismal lack of awareness on the access to information side, the code, which the Ombudsman laments all the time?
  (Mrs France) I cannot easily explain that because I am only now beginning to look at how we raise awareness on freedom of information issues. We have done some baseline tracking research on that as well, and you will find it in the annual report—though not picked up because it is not a dramatic figure. We have had last year and this year an awareness figure where the percentage of members of the public aware that there are rights in relation to freedom of information has gone up from 11 per cent to 12 per cent, and the awareness within public authorities has gone up from 14 per cent to 23 per cent—so nearly a quarter of them know that they have to comply with their obligations in the months ahead. We have begun that as baseline tracking information, so we will, over the years, be able to monitor whether we can increase that awareness. Perhaps our remit is rather different from that which the Ombudsman has had, in that I do have a statutory duty to raise awareness. So I think it will be interesting. It is too early for us at the moment to go out there raising awareness in a dramatic way about rights that do not come on stream until 2005. What we have done this year, in consultation with the Ombudsman, is to change the fulfilment literature we provide in response to our advertising campaigns. We try to run an advertising campaign about rights each year and we are currently running a summer campaign in a number of magazines drawing people's attention to their right to see information about them. It is usually that right which we are advertising what I call the gateway right, because if you know what is held about you you know whether there are other problems. In conducting that campaign this year the headline statements in the advertisement encourage you to send for the fulfilment leaflet. That leaflet, for the first time, includes not only an explanation of how to make an application under the Data Protection Act but, also, how to use your right under the code of practice. So we have begun to move into the area of encouraging people to use their rights to know.

  4. So it looks as though we are talking about a cultural change that will take some time to kick in, both in relation to the public and in relation to the organisations, but it seems, in your case, to have kicked in properly.
  (Mrs France) Yes, but it has taken time. The first Data Protection Act was passed in 1984, came fully into force in 1987 and I am really saying it took 15 years before we got above the 20 per cent mark in terms of awareness of rights. It is partly to do with how relevant the right is to people, and I do think the ubiquitous use of IT and awareness of processing has worked with our raising awareness, so that you have got a dual push.

  5. I know colleagues want to raise some of these issues with you, but just to continue for a moment, it is often said now that the fact that the Government has decided to postpone the introduction of access rights on the FOI side until 2005 when, as you know, it was promised that they would come in resolute and, therefore, there would be progressive learning and a culture change—is it your sense that this means that organisations will put this on the back burner again?
  (Mrs France) I think that some of them may believe they can. We shall certainly do our best to make sure that they do not do that because if they do they will store up problems for themselves in 2005. One of the key reasons the Government gave for pushing that date to 2005 was that procedures needed to be properly established and records management needed to be properly in place. That means there is a lot of work for public authorities to do by 2005, and of course we are pushing ahead now with publication schemes.

  6. I was going to ask you about those. Just on this initial point, though, when you read the latest Ombudsman reports and you see his cry of despair, really, about the failure of government departments to respond properly to his own work under access requests, does that lead you to think there is a real problem there?
  (Mrs France) Time will tell. If you recall, Chairman, when he and I appeared before you together and you asked us what the difference in the regimes would be and what the different effect would be, at that stage, the Ombudsman was able to say that his recommendations had always been heeded. I think, at that stage, there had been less use of the code provisions and, indeed, it is the publicity about freedom of information that seems to have led people to become aware and to begin to exercise their rights under the open government code. So that some more sensitive issues, perhaps, than had previously come to the Ombudsman have arrived on his desk and led to the difficulties that he has reported in his annual report. The only thing I can say about the difference in the regimes is that the FOI Act provides a formal enforcement framework so that it does not stop at a recommendation from the Commissioner. Indeed, it is not a recommendation at all. What the Act provides is the ability to make a decision. My successor will make a decision, if that decision is challenged by a government department then it will be appealed to the Information Tribunal. If the Information Tribunal confirms the decision is the appropriate one then the government department will be in breach of notice if they do not act on it. So there is a different framework.

  7. In a way, if we wanted final confirmation of the need to move from code to act, it required, in a sense, an Ombudsman recommendation not to be accepted and information not to be released because, as you say, under the act it would happen through you and through proper enforcement.
  (Mrs France) It is interesting that this refusal has come at the stage where the process will be changing and does, indeed, I think, assist us to appreciate the importance of the change in structure, but I would hope that before 2005 we will have achieved something of the culture change we all claim to be looking for so that these confrontations do not occur.

  8. Just tell us one thing, before I hand over, about publication schemes, because the one thing that has to happen now and is supposed to be happening is the production of these publication schemes by public bodies. I know the House of Commons has just produced its own publication scheme. Someone did tell me that it may be the first one. Is that right?
  (Mrs France) That is absolutely right.

  9. Is that not splendid!
  (Mrs France) We opened for business on 1 July. As I said, we have to have received publication schemes from all those who come under the auspices of the Ombudsman—the Parliamentary Commissioner. That is the first tranche of public authorities, and they have to have those with us over the summer period. We had a handful in the first days. They were encouraging, I have to say. My staff tell me—and it is Graham Smith who has been looking after this—that the first batch are, perhaps predictably, those who are confident that they can deliver a scheme and they have come in early with those schemes. We were very pleased with the quality of the one from the House of Commons. We have yet to agree with them what the review period will be, but that apart we have approved the scheme and hope it will be the first of many that we are able to approve over the summer.

  Chairman: As I say, I am sure colleagues will pick up some of these points.

Kevin Brennan

  10. You mentioned in your remarks the rapid growth now in the ubiquity of IT use in government departments and so on. I just wondered whether you had actually given any thought to some of the implications of the almost completely ubiquitous use of e-mail in government communications in your role?
  (Mrs France) Yes. We looked not just in government departments but at the use of e-mail generally. There are some big issues that, if we are talking about public authorities, the authorities have to look at, in terms of deciding whether an e-mail is actually part of a public record or whether it is ephemeral, so they have to look at their policies about how long they are retained and what they are going to do with the information. However, e-mails are not hugely different from any other sort of communication; you have to apply some sort of criteria, but the issues which arise are more issues of management, issues of not having thought through what your policy is in relation to e-mails, allowing some, perhaps, undisciplined use so that you are not as aware as you were with paper records about what the rules of the game are. I think some recent examples of e-mails that have come to light through people using their right to subject access under the Data Protection Act have been as good a lesson as any in telling government departments and others that they need to set policies within their organisations as quickly as they can. There are all sorts of other issues about "Have we really deleted e-mails?" I do not know whether you want to get into that, but there are issues around that.

  11. I think we are very interested in this, actually, because we have recently been doing an inquiry into Government information and communication and so on, particularly in relation to the DTLR affair recently and the role that e-mail played in that. That is not the major thrust of our inquiry but it has come along as an incidental element of that. It just occurred to me that Joseph Kennedy once said "Never write anything down you would not like to see on the front page of The New York Times", yet e-mail and the manner in which it is used, particularly if you like by a new generation of users, for whom it is almost a natural form of communication, like idle chat in the corridor, consists of all sorts of things. You used the word "ephemeral". Presumably that has got some technical meaning?
  (Mrs France) Just as you rightly say, I was brought up and trained in public service in the days when we were only talking about paper files and we were certainly always told only to write down things we were prepared to see published. If you had early experience, as I did, of having your files subject to judicial review, it teaches you at an early stage that that is very important. The trouble is it is this learning curve; we all knew that if we wrote a brief note on the front of a file, entirely meant simply to say something which was chat, it did not get recorded, it did not go on the file. We have another issue on freedom of information where people have been worried about notes of that kind disappearing that should not disappear, but you have to get the balance between what is part of the public record and what genuinely is of short-term interest and relevance and should not be kept. We have done some work not just in looking at public authorities but more generally. It has come up in a code of practice we are producing for employers as well, and David Smith has done quite a bit of work on that.
  (Mr David Smith) Yes, the only thing I would add is that when we do this work producing an employment code probably the hottest topic in that code about employers' access to work is e-mail.


  12. You are getting a bit of a battering, are you not?
  (Mr David Smith) Yes, we are. That is fair comment. I will come back to that, or perhaps Mrs France can deal with that. I think one of the problems we face with e-mail is that everyone says it is like the post in one way or it is like a telephone call in another way, and actually it is like nothing else; it is something different, it is a different medium of communication. Some aspects of e-mail have similarities to the post, some are much more akin to telephone calls, some are even more akin to just a private conversation, and it is when these things come together in one system that the issues come. We have been very much keen to say "Look, this is a new medium, you have got to approach it differently and not just say `Oh, it is like the post that we have always dealt with in the past.'"

Kevin Brennan

  13. I am still not clear in my mind what you are saying in terms of what one could write in an e-mail or not write in an e-mail and expect to be regarded as part of the public record. What is your message?
  (Mrs France) It has to be an issue for the management to establish how it wants to conduct its business. Just as public servants have always been disciplined, or should have been, as to what should be written on files that are going to be kept as part of the public record, they have to distinguish, when they are using those e-mails in the sense of something that is contributing to the decision-making process and to the public record, and when what they are doing is actually having the equivalent of a conversation that would have disappeared into the ether once it had been completed. However, you need the rules of the game, and you need policies within departments about retention periods for different types of records. I think what we have failed to do is to address this new medium in the way we should have done. A lot of work has been done in the field of records management for the public sector on this, and that, again, will be picked up when we look at freedom of information and the records management code.

  14. Are you issuing guidance on this? Is that part of your statutory responsibility?
  (Mrs France) Part of our statutory responsibility is certainly to look at guidance on any of these areas because I have a general duty to offer best practice guidance in any of the areas covered by either of the acts. On records management and record keeping there is a code of practice which is a code of practice produced by the Lord Chancellor and owned by the Keeper of the Public Record. That is actually part of the formal structure of the Freedom of Information Act. I will enforce it, but in consultation with the Keeper of the Public Record.

  15. If I rather rashly sent you an e-mail which contained a remark in bad taste about September 11, for example, or something like that, should that be regarded as part of the public record?
  (Mrs France) That you cannot answer in that way because it depends on how you sent it to me and whether you sent it to me in a document that was also progressing policy in a way that required it to be recorded. You could be doing that simply because you wanted to send an e-mail about that which had no relevance to public business at all, or you could be sending me something which was designed to take forward a decision-making process, and if it is an element of the decision-making process it needs to be recorded.

  16. Perhaps the real answer is that people should not be sending the sorts of e-mails which are quite common in workplaces these days, which are really nothing to do with their work.
  (Mrs France) That is what I say is a management issue, and the FOI Act covers all recorded information and the Data Protection Act covers any information which is held in—and in structured manual files as well—any automated process. But, if you have a policy—not one retrofitted, but a clear policy—about which sorts of pieces of recorded information are retained and which sorts of pieces of recorded information could be deleted, then you will not be breaching either Act if that information is not available at the time that it is requested. However, you must not be retrofitting that policy; you have to think ahead. So what it requires is managers who take this seriously, and public authorities to decide what their policy is; whether they allow private e-mails and, if they do, where they are to be stored, where they are to be handled and whether they build in deletions for those. That is really in the hands of what we, in technical terms under the Data Protection Act, call the data controller.

  17. Can I take the opportunity of asking you one question on which, maybe, I will write to you if it is not the right time to ask you? In your view, if somebody had had a Benefits Agency medical service report on them and they gained access to that information but believed that the report was sub-standard and had not been conducted correctly, should they have access or be given access to the report on the report, if you like—the assessment of the doctor's report on them?
  (Mrs France) I would have to look at the particular case, but if the assessment of the doctor's report constitutes personal data about the individual and is maintained either in electronic format or in a structured manual file, then the starting point would be that they had access. There could be exemptions because, in relation to medical information, there may be a decision to withhold if it would be in the interests of the patient. So I would have to look at the individual case.

  Kevin Brennan: I may write to you about that.


  18. Just before we leave you on that, lest we miss the moment, you seem to be talking about different categories of e-mails. I do not want to pin you down about this, but is it not just a common-sense case that the Jo Moore e-mail would sit in one of those categories—that is, that it falls directly into some kind of policy position about what the department might do—as opposed to what you might call a Dan Corry e-mail, which simply says "Who are these people?" Are these not different kinds of species?
  (Mrs France) One always has to look at the context very carefully and I would not want to comment on these particular e-mails. I think my point is that if something is part of the decision-making process which, in traditional form, we would have expected to find on the file when we looked back to see how a decision was arrived at, then regardless of whether it was written with a fountain pen on a piece of paper or written in an e-mail it should find its way into the record of the development of policy. If it is something which in the past we would have expected, as I say, to have been part of a conversation that did not need recording, then we would still not expect to see it recorded. In neither of those cases, though, does that decide what the limit on retaining should be, and even where something contributes to policy there will be decisions about which policy papers are kept forever, which are kept for only a brief period and which are kept for the medium term. That, again, applies to all forms of public records. We do not keep everything forever. Talking to the Keeper of the Public Record, she is very anxious to make sure that we implemented new guidance on records management, to make sure that we are discriminating in what we keep for the purpose of the long-term public record.

Mr Prentice

  19. Mrs France, I am interested in how well you get on with government departments. I have been reading your annual report and in your foreword you say that your objective as Information Commissioner has been "to ensure that policy makers consider data protection and freedom of information compliance issues at an early stage". Then, later in that paragraph, you say ". . . there remain cases where there is a reluctance to consult on legislative proposals at an early stage, despite a high level commitment to work closely with us." When you wrote that, what did you have in mind?
  (Mrs France) There are a variety of responses we get from different departments at different times, and I accept that sometimes their drivers for policy change lead them to forget that there are personal data implications and they may not come to us as soon as they ought. However, there are occasions where we have been involved very early on in discussing the sorts of issues that departments are considering. I am trying to think of examples now, and I cannot recall which ones we put in the report, so I will come back in a moment, perhaps, and ask David Smith to add to this. Generally speaking, however, we have been involved at early stages and we can then contribute to the way the legislation is drafted or the way codes of practice are drafted instead of coming in late and having to object to what is being proposed and asking people to re-think. If I can give you an example of where we, perhaps, had an early opportunity to comment, it was on the Social Security Administration Fraud Act—the last one—where we were involved with officials from a very early stage and where we still, in the end, had to go in, but were welcome to go in, and talk to ministers and did get an amendment to the legislation as it went through. At the other extreme and for understandable political reasons, the emergency legislation which the Home Secretary introduced post-September 11 was one where there was little time for consultation—and I entirely accept that—but where there was no opportunity for us to express views on differences in drafting which might, in our view, have made all the difference to the balance of rights. However, late in the process of the Bill it was agreed there would be a code of practice which my office will contribute to the drafting of. I would have preferred, had it been possible, for that to have been agreed at the legislation drafting stage and for it to be done in a slightly different way.


previous page contents next page

House of Commons home page Parliament home page House of Lords home page search page enquiries index

© Parliamentary copyright 2002
Prepared 29 July 2002