March 2007 Archives

Should Freedom of Information Act request actually be necessary in order to get Public Authorities to actually re-publish stuff online which used to be public ?

From: [name] @ico.gsi.gov.uk
To: [email]
X-OriginalArrivalTime: 30 Mar 2007 15:00:36.
Ref: FOI/599

Dear [XXX]

Re: Your Request for Information

Further to your request for information dated 2nd March 2007.

A reply just within the 20 working days statutory maximum time period.

In response to points 1, 2 and 3 in your request. I write to confirm the Commissioner for the Metropolis are registered under the Data Protection Act 1998. The search criteria of 'Police' and 'London' would not have identified this record.

We specifically also tried "Commissioner", "Metropolis", "Metropolitan" and other keyword combinations, to no avail, until the entry magically re-appeared less than a week after the FOIA request.

See Metropolitan Police Service - Data Protection Register entry - Z4888193

As requested, a copy of the entry is available on the public register of data controllers which is published on our website. The registration number is Z4888193. The date registered is 9 September 2000 and the date of expiry is 8 September 2007. Notification is a general statement of the processing being carried out by the data controller. It is not intended, nor is it practicable for the register entry to contain very detailed information about a data controller's processing. The aim is to keep the content at a general level, with sufficient detail to give an overall picture of the processing, therefore data controllers are not required to list specific databases within their registration but register the purpose of the processing i.e Policing.

That is what we asked for, using the word "Policing":

"1) Whether or not the Metropolitan Police Service or the Metropolitan Police Commissioner currently have a valid Registration entry on the Register of Data Controllers, covering the Data Purpose of Policing, i.e."

In response to point 4 in your request. The recorded information held identifies that a standard letter regarding renewal confirmation in respect of Z4888193 was issued from this Office on 16 February 2007 to the data controller.

We wrote to the Commissioner of the Metropolitan Police and enquired of the Information Commissioner's Office via phone on 23rd January 2007.

Most of the other Police Forces also have Register of Data Controller entries stretching for 7 years back from 2000, to autumn of 2007, without any such problems.

Draw you own conclusions as to whether there has been an error, which they are not admitting to.

I hope this clarifies the questions raised. If you are dissatisfied with the response you have received and wish to request a review of our decision or make a complaint about how your request has been handled you should write to the Information Request Team at the address below or e-mail Informationrequestteam@ico.gsi.gov.uk.

Your request for internal review should be submitted to us within 40
working days of receipt by you of this response. Any such request
received after this time will only be considered at the discretion of
the Commissioner.

If having exhausted the review process you are not content that your
request or review has been dealt with correctly, you have a further
right of appeal to this office in our capacity as the statutory
complaint handler under the legislation. To make such an application,
please write to the Senior Complaints Resolution Manager, Complaints
Resolution Team at the address below or e-mail mail@ico.gsi.gov.uk.

A copy of our review procedure is attached along with details of our
enforcement powers and your rights of appeal.

Yours sincerely

[name]
Notification Manager

Yesterday, I managed to sit in on part of the Information Tribunal Hearing which was considering the appeal by the UK Government via Gordon Brown's Treasury agency, the Office of Government Commerce, against the Decision Notice by the Information Commissioner.

See this OGC Gateway Reviews of the Identity Cards Programme category archive for the lengthy saga stemming from my original Freedom of Information Act request in January 2005.

The Information Tribunal hearing sat for 4 days last week, from Monday to Friday, except for Thursday.

I managed to attend as a member of the public, for about two and a half hours on Friday afternoon, basically just to get a flavour of the proceedings, and to put some faces to the names I have seen in print and online over the last few months, since the appeal process was initiated.

Regular readers of this obscure blog may have noticed that our recent Freeedom of Information Act requests have not been for Government or Public Body documents or information which is confidential, but for things which have been promised to have already been claimed to have been published on a website , or for which there is a statutory duty to make public according to an Act of Parliament.

It should not require a Freedom of Information Act request to precipitate the publication of this sort of information !

Either our recent FOIA request to the Information Commissioner, or the independent pressure of enquiries by David Mery to the Metropolitan Police Service and th to the Metropolitan Police Authority, appears to have worked.

Thje Information Commissioner's search form for the Register of Data Controllers now shows an entry for Commissioner of the Metropolis, which it did not do so before e.g. through searching on the SW1H 0BG postcode or the wird Metropolis in the name field etc.

Technically, the title should be "Commissioner of Police for the Metropolis", which is what the Metropolitan Police Commissioner Sir Ian Blair is referred to in various bits of legislation e.g. the Serious Organised Crime and Police Act Section 133, whereby, controversially, demonstrators in the the Designated Area around Parliament Square have to apply to the holder of this public office, in writing, for prior permission.

Registration Number: Z4888193

Date Registered: 09 September 2000 Registration Expires: 08 September 2007

Data Controller: COMMISSIONER FOR THE METROPOLIS

Address:

METROPOLITAN POLICE SERVICE
NEW SCOTLAND YARD
BROADWAY
LONDON
SW1H 0BG

[...]

It seems peculiar to have to submit a Freedom of Information Act request to the actual Information Commissioner's Office itself, regarding one of their supposedly public systems, the Register of Data Controllers, as per the Data Protection Act.

Nevertheless, there seems to be either some bureaucratic mix up or some sort of power struggle going on regarding the currently missing Data Protection Register entry for the Metropolitan Police Service in London.

No such entry seems to exist, according to the public web search form, and, over a month ago, according to ICO office staff looking at their internal systems, including recent and pending registration requests.. It appears that there has not been such an entry for the Metropolitan Police Service, or the Metropolitan Police Commissioner, since sometime last year, which is far longer than any "pending" requests take to update the searchable database.

Every other UK regional and non-geographic Police Force has a valid entry on the Register of Data Controllers. The Metropolitan Police Authority has, like all the other Police Authorities which supervise the budgets and policies of their respective Police Forces, its own entry for its own internaluses, which do not cover the Met for the Data Purpose of Policing.

If it turns out that there is no current such valid entry for the Met, or that there has been a time gap, during which the old entry ran out and a new one was submitted, then this could have all sorts of effects on the criminal justice system, as most of the Metropolitan Police intelligence and criminal justice system databases will have been processing personal data illegally.

We doubt that the Information Commissioner will choose to prosecute the Metropolitan Police Service, in the public interest, but there could be all sorts of grounds for appeal, and some guilty criminals may escape justice as a result.