Jul 302015

Laurence Clark reckons that wheelchair users travel 4th class on Britain’s railways, somewhere below the catering trolley. I think I experienced this today.

I was traveling from York to London by Grand Central. I generally rate Grand Central, an open access operator providing a niche York to London non-stop service, also providing the Mackems with a link to civilisation in London :-) (actually, I suspect it may be the other way round!) Even if they have been bought by soul sapping über-giant Arriva.

Today was different, though. I dutifully bought my tickets and booked wheelchair space and assistance with them 48 hours in advance, as we are sadly forced to do, and duly turned up the requisite 30 minutes early to allow general pfaf time.

An excellent, solicitous young gentleman from VTEC set up the ramp onto the train a few minutes before it was due to board, but I discovered he’d set it up at the wrong door – which was not his fault because Grand Central had neglected to employ the RVAR mandated and widely used space hopper sign indicating the correct door for the wheelchair space.


Never mind, it’s a few minutes early, so still time to discover that there was a pushchair with baby and two suitcases in the wheelchair space. On I get, and it’s left to me to shout to get them moved – even though there was a sign stating the space was for a wheelchair, and even though I’d booked the space. The mother was noticeably sniffy and unpleasant at having to move.

Of course, I couldn’t even get to the wheelchair space, because passengers had left another buggy and two suitcases in the vestibule so I couldn’t pass, leaving me in the doorway area. Nobody arrived to claim these, even though I shouted down the carriage. I was tempted to offload them and call the police as unattended luggage, but in the end I sat in the doorway and refused to move to allow the train doors to shut until they were shifted.

Now I’m a firm believer in public transport and in it being available to all, and I know it’s difficult for parents with buggies. I’m up for adaptations for buggy users, and I don’t mind wheelchair spaces being used by buggy users, when they aren’t required for wheelchair users. But it’s the only space I can travel in! I booked the space. It wouldn’t be considered acceptable for somebody to leave their buggy on reserved chairs, so why is it OK in the wheelchair space? And when politely asked to move, why should I be subject to sniffy pissed-offness from the mother concerned, and exasperation from the guard for daring to refuse to move until I could get into the carriage?

Yeah, the guard. I’d booked the space, and I’d booked assistance. She knew I’d be getting on. So, the question arises, why did she not ask the woman to move her buggy BEFORE I got on? Being proactive would have made me feel a bit less like an inconvenient afterthought, reduced inter-passenger tension and been generally helpful. But maybe I’m asking too much. Et tu, Grand Central?

So I continue my journey as an afterthought, hemmed into the space by pushchairs and luggage blocking the aisle, when ten minutes before arriving into London, I decided to go to the loo before braving the Underground in my wheelchair. It was engaged, so I waited, and my trusty carer (the wonderful Mike) asked the buggy owners to move their charges so I could physically get to the toilet.

Then the upsetting incident happened. I’d coped with everything up to now, the shabby treatment, the huffiness, the accusing looks for daring to want to use the wheelchair space, but it was four tiny whispered words, so quiet I thought I had misheard, but then repeated. They emanated from a businessman in the seat opposite, who had been troubled to move his luggage out of the wheelchair space. These four, tiny, innocuous words?

Why don’t you wait?

That’s all it took to finally get to me, the idea that I should wait till I got off before going to the loo, that I was being unreasonable by wanting people to shift their buggies so I could get from the wheelchair space to the wheelchair accessible toilet on the train, to avoid having to navigate and find one on the station.

Mike was marvelous. I sat there in hurt silence, unable to cope with this small-minded berk shoving his nose in to a situation that didn’t involve him with his snidey sotto vice unhelpful comment; he asked what the problem was, and that all I wanted was to use the loo like 200 other train passengers. (He also got in an excellent jibe afterwards, by telling the guy that the loo was free when I’d left. Lol.)

I wonder: if Grand Central had treated me like a human being by e.g. affixing the wheelchair sign by the exterior door, ensuring the wheelchair space was free for me and keeping the entrance clear, would this guy have kept his trap shut? I wonder…

It’s amazing how it’s not the sign, the space or the corridor that got me (I’m used to those), it was those four whispered, snidey, demeaning words that brought home just how much of an unreasonable inconvenience I was perceived as. It’s these four seemingly innocuous words that will ring in my brain:

Why don’t you wait?

Jul 092015

This advert for a rehabilitation worker demonstrates how Leonard Cheshire underpay their staff.

It’s for a rehabilitation worker in a specialist acquired brain injury (ABI) unit. Think head injuries from motorbike accidents, severe strokes and so on. Pretty specialist and full on work, in my view. The responsibilities include giving out medication, handling challenging behaviour, undertaking clinical interventions as directed by senior staff and so on.

The weekday pay is £7.16 per hour, or £7.41 for people with a relevant NVQ. (There is a 20% uplift for night and weekend work.)

The Living Wage is £7.85.

How can it possibly be right that Leonard Cheshire pay carers taking on this amount of responsibility, this commitment and making such a difference to people with severe brain injuries less than the living wage?

Jun 182015

Twitter works well: Twitter handle kingqueen3065

My email address is doug.paulley@(this domain name). I’m trying to reduce spam; please replace (this domain name) with kingqueen.org.uk .

Should you wish to send encrypted mail, here’s my PGP public key as a file and in the following text:

Version: GnuPG v2



Otherwise fill in the form below and it will email me. Sorry, I hate CAPTCHA too, but I don’t want to be inundated with spam :/


Jun 122015

I went on a little rail jaunt today. As some people will know, I have been not doing too well recently and I needed this to go well. I was doing this fantastic rail tour – plus the trip from Wetherby and back. 5:20am set off…

This rail tour requires an unusual ticket: the Ffestiniog Round Robin. I have previously had difficulties buying this in Leeds station as the ticket office staff don’t know how to issue it (eventually resulting in apologies and compensation) So I thought I’d pre-empt this by tweeting  Northern Rail.

No prizes for guessing what happened when I arrived at the ticket window at 05:40. The woman behind the counter (who had zero customer service skills and a moribund attitude) was ineffectually pawing at the screen like a slack-jawed luddite. She had never heard of such a ticket. She went away and got the supervisor. The supervisor had never heard of such a ticket. It could not be found anywhere throughout the whole computer system. (I was SO glad I tweeted to make sure that they were well-prepared.) In the end, I suggested they tried “Ffestiniog Round Robin” as a destination as opposed to a ranger / rover. This worked, but they still couldn’t issue the ticket until I suggested setting the From station as Whitchurch. Finally they issued my ticket. 20 minutes later.

Throughout the whole thing, the woman behind the counter gave every impression that I was the problem; she never apologised once. (Her boss did, very briefly.)

To rub salt into the wounds, when I remonstrated with Northern Rail on Twitter:

Yeah thanks, that made everything feel better.

At Llandudno Junction, on getting on the train, this greeted me,

2015-06-12 10.25.302015-06-12 10.44.49

Ah right, it’s not a wheelchair space, it’s a wheelchair, buggy and cycle space. That’s why there isn’t any indication at all in the “omni-space” that it is, in fact, meant for wheelchair users. Obviously the Rail Vehicle Accessibility Regulations is irrelevant.

Where a train consists of a number of regulated rail vehicles shown in column A there shall be in that train not less than the number of wheelchair spaces shown in column B opposite that number of vehicles;

Wait, what’s this? They are wheelchair spaces? But there’s no signs!

a sign conforming to diagram C in the Schedule shall be marked on the fixed structure.

One has to wonder if “diagram C in the Schedule” creates an optical illusion by which the sign looks amazingly like a cupholder?

uksi_19982456_en_003Hmmm. Not terribly cupholderish.

Later, the next Arriva train: Porthmadog to Shrewsbury, a 3.15 hour epic. This train was ROASTING. It was so hot and hazy and uncomfortable that other passengers were stripping off to the waist. The air conditioning was broken. I don’t do well in the heat, partly because I’m fat, but also because of my impairment. It was most uncomfortable being stuck in an overheated carriage all that time.

What’s more, the interior door to the carriage wouldn’t shut. The conductor had opened the three postage-stamp sized windows by the fraction of an inch allowed by their mechanisms, so despite getting about as much fresh air as being coughed upon by an asthmatic field mouse, the noise was enough to resonate in my hearing aids and drive me crazy. Perfect.

Other passengers could move to the two delightfully quiet and frosty carriages with working air conditioning that joined us at Machynlleth. I obviously could not.

The pièce de résistance of the whole day is demonstrated by the following phone conversation.

I had a teensie bevvie or two on the way round; and some time after Shrewsbury’s platform staff helped me into the wheelchair space on the next train nature took its toll and I needed to pay a call. But the toilet was engaged. It had apparently been engaged for a very long time. I sent trusty 1:1 carer Mike to find the train guard, who went to see the driver to check if the toilet was out-of-order. It was; it turns out that the driver was aware of this fact but hadn’t bothered to tell the guard, the station staff or apparently anybody else.

The guard (who was excellent) unlocked the toilet. It was entirely clear why it had been locked out of use. (I won’t go into detail.) So what to do? Unlike other passengers, I couldn’t get to any other toilet. The only other option: to get off the train at the next stop and use the station toilet – but the guard told me the train would leave without me. No way. I’d already been travelling 14 hours at that point. I wasn’t going to catch a later train, thus missing my connection, have my oh-so-carefully booked assistance stuffed up.

This therefore resulted in the above gunfight in the OK corral.

In the end, common sense prevailed. Arriva Trains Wales‘ control room were still in a tizzy, but this wonderful guard had (ultra vires) contacted the next station, discovered that there were toilets directly outside where the train would stop (which weren’t fully accessible but that I could at least get in), had asked for help from the platform staff, and had decided to allow me to get off to rush to the loo and back. Which I did.

Other passengers congratulated me on my turn of speed; smoke was coming from my tyres; Mike did a Linford Christie impression, and the passengers commented that actually, I had taken less time than if there was a crowd trying to get on, or someone with a bicycle. We arrived in Manchester early.

Why should all this be necessary, though? All for a simple call of nature?!

Of course, as expected, to top it off the assistance staff didn’t turn up at Manchester to get me off that train or onto another. (Thanks, Network Rail.) Plus ça change, plus c’est la même chose – this is sady not uncommon, particularly at Manchester.

Jun 062015

I raised in blogs passim that Clare Pelham, Chief Executive of Leonard Cheshire Disability (salary: £150k+) had this to say in the Huff 9 months ago:

At the very least we should celebrate care as a wonderful career choice with great training; and nothing less than a living-wage should be acceptable.

rates-currentThe Eye picked up that pay rates in LCD’s job adverts are less than the Living Wage ( £9.15 in London, £7.85 in the rest of the UK). In fact, they’re still not paying it. Here’s a current advert for a carer at Leonard Cheshire Disability in rural Carmarthenshire (posted 1st April 2015 and valid until the end of June) – salary: £6.53 an hour.

In response to my previous complaint that they don’t pay the living wage, Leonard Cheshire Disability said that they would like to but they aren’t paid enough by councils for residents’ care, so they can’t pay their carers the living wage. I was suspicious, so in January, I sent freedom of information requests to every council with social services responsibilities in England, Wales and Scotland, and every health and social care trust in Northern Ireland, to ask them whether Leonard Cheshire had asked councils to pay more so they can pay their carers the living wage, and how much Leonard Cheshire charges the council for residential care for people with physical impairments under the age of 65 compared to how much other providers charge. Here are a few sample responses.

There are 172 councils with social care responsibility and Northern Irish health and social care trusts in the UK. 168 have responded (four are with the Information Commissioner.) Of those, 123 councils hold contracts with Leonard Cheshire. 2 have lost their correspondence with Leonard Cheshire; that leaves 121 who hold correspondence from Leonard Cheshire about their fees levels. (The full data are available in this spreadsheet.)

Of those 121, how many councils do you think Leonard Cheshire asked to increase their payments so that Leonard Cheshire could pay the living wage?


Not one single one. As of January, LCD had not asked any council to increase their fees so they could pay the living wage. 0%.

Leonard Cheshire had written to the councils asking for increases, but cited inflationary increase only – here’s an example letter.

So let’s see; maybe Leonard Cheshire charge less than their competitors, and that’s why they have to pay less. This is less clear-cut: councils generally agree the fees paid to residential care service providers based on the needs of each client. 72 councils provided usable comparative details of fees paid to both LCD and other providers for residential care for adults under 65 whose primary need is physical impairment (other councils had few clients and thus either couldn’t give scientifically significant data or couldn’t give information without risking identifying residents and so on.)  Of these 72 councils, 8 councils paid LCD less per client than other providers; 7 paid roughly the same to LCD and to other providers; and 56 councils paid more to Leonard Cheshire Disability than other providers.

78% of councils pay LCD more than other providers.

Okay; so LCD say that “nothing less than a living wage should be acceptable” for care workers; but they haven’t and still don’t pay it. They say it’s because they don’t get enough money from councils, but in 78% of councils they get paid more than other care providers, and they haven’t asked ANY council for more money so that they could pay their carers the living wage.

My Dad confronted Leonard Cheshire about this.

Vicky Hemming, People Director at Leonard Cheshire, said this in this letter of 22nd May:

“We remain in regular dialogue with commissioners, and have in fact recently written to all local authorities who commission our services about our desire to pay the living wage.

Oh, really? I thought I would check. I put in further Freedom of Information Requests to 21 councils who had been particularly helpful the first time round.

Anglesey: (nearest LCD service: Carmarthen, whose job advert I quote above)

I have summarised your request as: “any representation Leonard Cheshire Disability (LCD) has made to your council to increase fees paid by yourselves to LCD in order to enable LCD to pay its carers the Living Wage”.

I have discussed your request with the relevant Senior Manager who provided me with copies of communications between LCD and the Isle of Anglesey County Council and the North Wales Commissioning Hub (NWCH) response. As a result I can confirm that the correspondence related to fees, but had no mention of Living wage.

East Yorkshire’s response:

We have been in correspondence with LCD about fees levels but this has not being regarding the living wage.


Monmouthshire County Council has received further correspondence from Leonard Cheshire Disability about fees but no mention has been made of the Living Wage.

How can Leonard Cheshire claim to have “written to all local authorities who commission our services about our desire to pay the living wage” and yet three councils (so far, many are yet to respond) have had NO correspondence whatsoever about the living wage from LCD? Is there a fit of collective amnesia, or some careful manipulation of the truth?

The truth is straightforward and totally borne out by all the above research.

  1. Leonard Cheshire Disability claim that “nothing less than the living wage is acceptable” for carers.
  2. Leonard Cheshire Disability comprehensively pay less than the living wage to its carers.
  3. Leonard Cheshire Disability have lied about the reasons they don’t pay their carers the living wage.
  4. Leonard Cheshire Disability have lied about their supposed actions taken to enable them to pay their carers the living wage.

The implications:

  • Leonard Cheshire Disability’s claim to value their carers is obviously complete rubbish, as they don’t pay their carers a living wage.
  • Whilst they want the good PR of appearing to support the Living Wage, the reality is that they don’t and that they use illegitimate excuses for not doing so.
  • Leonard Cheshire Disability have lied about the actions they have taken to enable them to pay the Living Wage. In reality, they have done VERY little.
  • This is a sad indictment of Leonard Cheshire Disability’s treatment of its staff, and – by proxy – its service users.
  • Leonard Cheshire Disability can’t be trusted in their public pronouncements.

When are they going to actually start paying the living wage?


Since publishing this post, so far the following councils have responded about whether they have had LCD’s supposed recent missive on the Living Wage.


I can confirm that Torfaen Social Care Service has not received the correspondence you refer to below.


Brighton & Hove Commissioning & Contracts Team have not received correspondence from Leonard Cheshire Foundation regarding the Living Wage.

West Lothian:

 I can confirm that West Lothian Council has received no further correspondence from Leonard Cheshire Disability in relation to increase in fees for services.

Kensington and Chelsea:

We received correspondence from Leonard Cheshire but there was no reference to the Living Wage.


We have not received any request from Leonard Cheshire Disability about their desire to pay the living wage to their carers.


I can confirm that we have received letters from LCD requesting an increase in fees to reflect inflation, but have no record of any correspondence referring to the living wage.

Milton Keynes:

we are not aware that the Joint Commissioning Team has received any correspondence from The Leonard Cheshire Disability regarding the living wage.

Barnet: (Hallelujia! Blimey! We’ve struck gold! A council that has actually had correspondence from LCD on the living wage! This is better than nothing, but hardly hard talking to the Council to make it happen, in my view.)

We fully support the recommendation of both commissions that social care should become a living wage sector.
While we recognise that this relies on a sustainable funding settlement from central government, I would welcome an opportunity to discuss this further with you, including ways in which we can work together to address this important issue for the sector.

Devon: (back to reality)

Devon County Council are not aware of having received any correspondence from Leonard Cheshire Disability (LCD) in relation to the living wage.


I have been informed that the Authority received a letter from LCD dated 19 December 2014 (copy attached). (aside: letter does not mention the Living Wage.) Since then the Authority has only received an email from LCD asking for a decision on the matter

Leeds: (Will wonders never cease? Another council that has had the same letter as Barnet.)

Leeds City Council Adult Social Care can confirm that we have received correspondence from Leonard Cheshire Disability (LCD) which refers to a living wage for the care sector

Southern Health and Social Care Trust (Northern Ireland):

The Trust has not received the correspondence you have referred to.

Birmingham: At the point that Leonard Cheshire claimed it had recently written to all commissioning authorities about the Living Wage (22nd May), Birmingham Council had not received any such letter. They have since received a letter about the living wage (dated 16th June) referring to the previous letter. LCD’s 2nd letter says: “In recent months we have sought to highlight this issue” – I wonder what prompted them to do that?! They further request a meeting to “discuss ways in which we can work together to address this.”
If my exposure of LCD’s duplicity has contributed in any way to forcing them to start to address the Living Wage, then I am pleased, even if they’re just going through the motions. Carers deserve better pay.

The Authority did not receive the letter which preceded this

Cumbria: Had not received any letter from LCD at the time LCD claimed it had written to all commissioning authorities.

Leonard Cheshire Disability wrote to the Interim Director for Health and Care Services at Cumbria County Council on 16th June 2015. The letter goes on to state that…LCD wrote to CCC on 25th March…

Jun 022015

Many will know that I generally don’t like disability charities, in particular Leonard Cheshire Disability, as you may guess from various pages on my blog. The big disability charities institutionalise us, take our voice, consume our resources and use our language whilst oppressing us. As disabled people, we get portrayed as powerless objects of pity, charity recipients with no rights – the constant refrains being “Rights Not Charity” and “Piss On Pity“.

charities03-ungratefulCartoon courtesy of the excellent Crippen

So many will be surprised that I am fundraising for a disability charity.

The difference is that it’s the Calvert Trust Kielder, and they are…. different. Amazingly, wonderfully different. Of course, as a disability charity they have to do some of the supercrip” publicity, the “make a difference to some disadvantaged person’s life” and so on which grates so terribly; sadly this is necessary for funding. But in reality these are people who do their utmost to make stays with them as comfortable, entertaining and (should guests want it) challenging as possible, with the minimum of fuss. Nothing is too much effort for them.


People who know me will know that because I’m a gobby git life can be difficult for me, particularly where I live. I have been victimised so many times, in so many ways, both overt and covert, for daring to challenge organisations. I have had intense mental health crises, faced eviction, big safeguarding investigations etc. etc. etc. Throughout all this, the Calvert Trust Kielder have been an incredible oasis of togetherness and “can do” attitude. They have changed my life so much. I’ve been going there 14 years now, and I can’t wait until I can go again. (Once those bastard midges have buggered off for the year…)

So: I’m doing the Great North Run in aid of them. People who know me will know that I am about as un-sporty as they come; rotund, unfit, and generally loathe physical activity! So you’ll appreciate just how much this commitment is.

I know that many of my friends, co-campaigners and so on don’t have much or any money, so please don’t feel obligated – but should you wish to sponsor me, you can do so here:

JustGiving - Sponsor me now!

Or by text:


Thank you!!!!

May 252015

I recently requested the Information Commissioner’s Office (ICO)’s current (up-to-date) Freedom of Information Lines to Take (LTT) documents. The ICO responded by directing me to an archive of the LTTs from 2012, a list of the LTTs that have been withdrawn since then, and updated LTTs where they have changed since 2012. (There have been no new FOI LTTs.) I have indexed and summarised them below. These constitute current copies of all the LTTs; results from the Government’s archive website are confirmed as current. Where a FOI number has a * that indicates that this LTT has been updated since 2012 and the link is therefore to a PDF or a .DOCX. Where a LTT number is missing, that LTT has been withdrawn.

NB: LTT 146 and LTT 215 as supplied to me originally had formatting errors that made them unreadable; the ICO has since provided a readable copy on 2nd June and so I have updated this page.

LTT FOI/EIR Section / Regulation Title
1 EIR reg 8(3), reg 8(4) Reasonable amount of charges under the EIRs
3 FOI S1 Information deleted after request
7 EIR Reg 2 Town and Country Planning Act 1990
9 FOI S16 S50 Issues not raised by complainant
11 FOI & EIR S3 reg 2 District Auditors
16 FOI S43 Prejudice to contractual relations
18 FOI S44 Financial Services and Markets Act 2000
19 FOI S30 Applicability of section 30(1)
20 FOI S2, S30(1) Public interest factors for s30
21 FOI & EIR S50 reg 18 Exemptions and exceptions not claimed by a public authority
22 FOI S21, S32 Accessibility of court records
23 FOI S44 Police Act 1996
24 FOI S44 Public Contract Regulations 2006
*25 FOI S22, S19 Inspection as a form of publication
26 FOI S21 Reasonably accessible information and publication schemes
27 FOI S21 Audit Commission Act 1998
29 FOI S1, S10, S17, S50(4) Finding in breach of sections 1, 10 or 17
30 FOI S31 Disclosure of vehicle identification numbers
33 EIR r12(6), r12(5)(a) Duty to confirm or deny in the EIR
*37 FOI S21, S41, S44 Access to medical and social care records of the deceased
40 FOI S41 Contracts between public authorities and third parties
41 FOI S41 Public interest in confidence
45 FOI S1 Disclosure to public
55 FOI S43 Evidence from third parties
61 FOI & EIR s2(1)(b), r12(1)(b), s35, s36, r12(4)(e) Advice to Decision Makers
63 FOI & EIR s17(1)(b), reg 14(3) Failure to specify an exemption/ exception on which the PA later relies
64 FOI s24, s27, 30, s31 Neither confirm nor deny
66 FOI & EIR s35, s36, Reg 12(4)(e) Minutes & agendas
67 FOI s30(1), s31 Public interest in protecting information acquired during investigations
68 FOI s24 Required for purposes of national security
70 FOI s31(1)(a) Public interest in preventing crime against individuals
71 FOI s40(2), Reg13(2) Addresses of properties
74 FOI s41 Consistent treatment of confidential information
80 EIR Reg 2(1) Defining environmental information
81 FOI s31 Parking enforcement
82 EIR Reg 2(1) Any information on
83 EIR Reg 2(1) Future likely effects
84 EIR Reg 2(1) Threshold of likely to affect and may be affected
87 FOI S16, S45, Code of Practice Limits of s16
88 FOI s16, S45, code of practice Clarifying requests
*92 FOI All Time at which to apply provisions of the Act
93 FOI S41 Test of confidence
94 FOI S41 Necessary quality of confidence
95 FOI / EIR s41, Reg 12(5)(e) Obligation of confidence
96 FOI s41 Public interest in favour of maintaining a confidence
97 FO s41 Detriment to the confider
100 FOI & EIR s30, Reg 12(5)(b) Information pre-dating an investigation
109 FOI s41 Information “obtained from” any other person
112 s41 FOI The law of confidence & Human Rights Act 1998
114 FOI & EIR s1(1)(a) and (b), Reg 5(1) and Reg 14(1) Assessing whether information has been communicated or made available
119 FOI & EIR s11, s21, s39, Reg2(1), Reg6, Reg12, Reg14 Inter-relation between s21 & s39 FOIA and the EIRs
122 FOI s1, Reg 2(1) Documents containing both environmental & other information
*130 FOI & EIR s35, s36, Reg 12(4)(e) ‘Chilling effect’ arguments
131 FOI & EIR s35, s36, Reg12(4)(e) Risk to the role and integrity of the Civil Service
134 FOI & EIR s27(2)&(3),Reg 12(5)(a) Realistic expectation of confidentiality under s27(2) and (3)
135 FOI & EIR s27(2), Reg 12(5)(a) Confidentiality and information “obtained from” under s27(2)
136 FOI & EIR s27(1), Reg 12(5)(a) Nature of prejudice to international relations under s27(1) (and potentially applicable to Regulation 12(5)(a))
139 FOI s30 Extent to which information referred to in court (in criminal proceedings) is in the public domain
142 FOI s16 Specifying steps in relation to advice and assistance
143 FOI & EIR s.21(1), 21(2)(a)&(b), Reg 6(1)(b) Reasonably accessible information
*146 FOI & EIR s35, s36, 12(4)(e) Public Interest Test for “raw notes” and “aide memoire notes”
150 FOI & EIR s1, s36, s40, Reg 12(4)(d) “Meta-requests” (requests about requests)
151 FOI s21 Examples where information is accepted as reasonably accessible to the applicant.
155 FOI s33, s35 Gateway Reviews are an audit function
157 EIR Reg 2 Listed Buildings
158 FOI s31(1)(g), s31(2) Functions exercised for specified purposes under section 31
162 FOI & EIR s40(2) & reg 13 Anonymising postcodes
172 FOI s41 Meaning of the term “actionable” in section 41 cases
178 EIR Reg 8(2)(b) A public authority shall not charge for allowing an applicant to inspect information
179 FOI s22 s22 only applies to information clearly intended for publication
180 FOI s38 The endangerment test under s38
181 FOI s30 Information / Documents post-dating an investigation
183 FOI & EIR s50, Reg 18 Discretion to order no steps in a DN
184 FOI s44 Functions and statutory bars
187 FOI & EIR s.1(1), s.10, s.17, reg. 5(1), 5(2), 11, 14 Finding procedural breaches: gateway line
188 FOI & EIR s.10, reg.5(2) Issuing a DN in relation to information already disclosed
189 FOI & EIR s.10 / reg.5(2) Non-response cases
*190 FOI & EIR n/a Decision notices ordering the PA to reconsider the request
191 EIR Reg 11 Internal review under the EIR – issuing a DN requiring an internal review
192 FOI & EIR s.1, s.12, s.14, reg.12(4)(a),(b) and (c) Rejecting procedural exemptions / exceptions
193 FOI s1 Finding that further information is held:approach to decision notices
194 FOI s32 Applying section 32: gateway line
195 FOI s32 What is a ‘document’ for the purposes of s32
196 FOI s32 Using a dominant purpose test under sections 32(1)(c) and 32(2)(b)
197 FOI s32 Effect of the source and the use of information on engaging s32
198 FOI S32(1) and (2) Applying s32 beyond the end of litigation / an inquiry
206 FOI & EIR s1, s3, Reg 3(1), reg 5(1) Should an executive agency be regarded as a separate public authority?
207 EIR Regs 8(1) & 8(8) Charging for environmental information: a schedule of charges is a prerequisite
208 FOI s37(1)(b) Nature of the Honours Nomination Process and the Public Interests Inherent in s37(1)(b)
210 FOI s10, s17 Time extension for public interest test – procedural breaches
*215 FOI s44 Ombudsman’s or regulator’s statutory barshttps://www.whatdotheyknow.com/request/264512/response/659278/attach/3/LTT215.pdf
*216 FOI & EIR s3, reg 2(2) Investigating whether a body is a public authority
*217 FOI & EIR s8, s11, s43 Does a public authority have to respond to a request that would result in automatic publication of copyright material?
*225 FOI s21 Public domain: section 21 arguments
*227 FOI s41 Public domain: section 41 arguments
*229 FOI & EIR s35, s36(2), r12(4)(e) Record keeping arguments
*230 EIR Regs 2(2)(b)(i), 2(2)(c), 3(3) and 3(4) Coverage of the Houses of Parliament by the EIR
*233 FOI & EIR s2, s40, reg 12, 13 Effect of other means of scrutiny or regulation or access to information on the PI in disclosure
*234 FOI & EIR s2, Part II exemptions (except s23, s32, s43), reg 12, reg 13 Mosaic arguments
May 242015

The Freedom of Information Act 2000 section 10(1) says:

a public authority must comply with section 1(1) promptly and in any event not later than the twentieth working day following the date of receipt.

In their guidance on time limits for compliance with the Freedom of information Act, the Information Commissioner’s Office maintains that the requirement to respond “promptly” is separate and additional to the duty to respond “not later than the twentieth working day”:

21. The obligation to respond promptly means that an authority should comply with a request as soon as is reasonably practicable.
22. Whilst this is linked to the obligation to respond within 20 working days, it should be treated as a separate requirement.
23. An authority will therefore need to both respond promptly and within 20 working days in order to comply with section 10(1).
24. Authorities should regard the 20 working day limit as a ‘long stop’, in other words the latest possible date on which they may issue a response.
25. It also follows that an authority which provides its response close to, or on, the final day of the 20 working day limit ought to be able to both account for, and justify, the length of time taken to comply with the request.

Fine and dandy so far; “promptly” and “not later than the 20th working day” are separate.
The Data Protection Act section 7(8) says:

a data controller shall comply with a request under this section promptly and in any event before the end of the prescribed period beginning with the relevant day.

Ah, “promptly and in any event“, that phraseology is familiar. So I guess that these are two separate requirements, yes? Authorities should respond to simple / easy Subject Access Requests under the Data Protection Act “promptly” and thus well before the “prescribed period” (40 days) long stop, yes?
Here’s what the Information Commissioner’s Office has to say in their Subject Access Code of Practice.

The duty to comply promptly with a SAR clearly implies an obligation to act without unreasonable delay but, equally clearly, it does not oblige you to prioritise compliance over everything else. The 40-day long-stop period is generally accepted as striking the right balance in most cases between the rights of individuals to prompt access to their personal data and the need to accommodate the resource constraints of organisations to which SARs are made. Provided that you deal with the request in your normal course of business, without unreasonable delay, and within the 40-day period, you are likely to comply with the duty to comply promptly.

So for SARs the ICO defines “promptly” as “within the 40-day period.
I asked the ICO about this, and they said:

Having considered your request, we have come to the view that any differences to the text in the guidance you cite are superficial rather than of any real substance, and simply reflect the fact that they were drafted by different people at different times, about different legislation, hence are not identically worded.
Although the promptness reference is explained in slightly different terms in our data protection and freedom of information guidance we do not consider that there is any difference in the position we take. Both are explained as being ‘long-stop’ provisions, indicating that 20 or 40 working days is the maximum amount of time that can be taken to respond. The FOI guidance states that public authorities will need to be able account for or justify the length of time taken to comply and the DPA guidance states that SARs need to be dealt with both within 40 days and without unreasonable delay. This goes to the same point, that the time taken to respond has to be reasonable/justifiable as well as within 20/40 days in order for the response to be considered as prompt.

I respectfully disagree. The ICO’s FOI guidance states that authorities will have to prove that they comply with both the requirement to respond “promptlyand the requirement to respond “not later than the twentieth working day“. Yet the ICO’s SAR Code of Practice states that provided a data controller has responded within the 40 working day limit, they will automatically have complied with the duty to respond “promptly“.

A mountain out of a molehill, perhaps, an esoteric difference – but I wonder why the ICO are taking the line that responses to subject access requests don’t have to be supplied any more promptly than 40 days. If Parliament had meant purely “within 40 days” they would no doubt have said just that and left the “promptly and in any event” out. No doubt that’s the ICO’s reasoning for time limits for Freedom of Information. So why so different for Subject Access Requests?

No doubt there are more important things to worry about, I know, but this bugs me. I’ve got it out of my system for a while now, I’ll shut up, don’t worry.


The esteemed Jon Baines has drawn my attention to the Tribunal caselaw on the subject.

Jon Baines’ blog on the subject is informative. My summary of the Judge’s decision is this:

  • It takes time to do a proper FOI response, check it throughly and do a good job
  • Promptly” doesn’t mean immediately, it is more akin to “without delay
  • In the case he was looking at, it had been responded to “promptly” because it was “well within” the 20 working day limit
  • There may be other cases where an authority will have to account for the time it took to respond

I guess that this says that there “may” be times when the Authority hasn’t responded “promptly” even where it has met the 20 working day long stop so is in keeping with the ICO’s guidance on FOI timescales, but it’s not exactly definitive…

May 232015

I recently asked for the Information Commissioner’s Office’s “Lines to Take” documents giving guidance to their staff about their work under the Data Protection Act. These are previously unpublished. I’ve separated them into individual documents and I provide them below. Some of the documents provided seem to be Lines to Take under other regimes; some of them contain typos – I’d like to say that all typos in the documents are the ICO’s but I did a lot of copying and pasting when splitting the document up so I may have introduced errors; for the definitive version, check the original response. The summary is my own and may not be a fully accurate representation of the contents.

“Please note that, while contained in the list of current LTTs, the Line to Take for Domestic CCTV, and the Line to Take for DPA Section 56 – Enforced Subject Access are currently under review following recent developments, and are likely to be amended in due course.”

Interesting bits:

Topical LTTs include those on US Surveillance, Snowden and Prism and Universal Jobsmatch.

On self-incrimination. “An organisation does not have to comply with a subject access request to the extent which compliance would reveal evidence of an offence, (other than one under the DPA), which he could be exposed to proceedings for. Information provided in response to a subject access request cannot be used against a data controller in proceedings brought under the DPA.”

On the exemption for domestic purposes. “Section 36 provides an almost total exemption from the DPA. It exempts individuals from complying with all of the principles, all individual’s rights and notification. The only part of the DPA which still applies are the powers of the ICO, meaning the ICO could still investigate whether an individual had gone beyond the scope of the exemption.” Er… surely means that the only thing the ICO can investigate is somebody’s refusal to allow the ICO to investigate?!

The guidance for MPs and Constituents Complaints Files is apparently sensitive. “Internal guidance only. Whilst this information is freely available to Members, it is not published on our internet and it is asked that you do not share it verbatim with a requester.

Title Subject area Content
192.com Standard Letter Internet and Technology The division of the Electoral Roll into full and edited versions as of 2002. Objections to processing by 192.com and the general lawfulness of similar services.
1st Principle DPA – Fair and lawful Other The obligations on data controllers to give certain key information to data subjects.
4th principle DPA – Accuracy of Health Records Health When is a diagnosis a fact? How should disagreements over diagnoses be dealt with? How can diagnoses be challenged?
6th principle DPA – Rights of data subjects Other The 6th Data Principle is only contravened if the data controller contravenes sections 7, 10, 11 or 12 of the DPA.
7th principle DPA – Destruction of personal data Other Whilst the Act doesn’t specify how confidential data should be destroyed, this is up to the data controller who must take care.
7th Principle DPA – Security Other The duty to take proportionate care of data, and to make sure this is continued when delegating within the controller’s own organisation and in any data processor’s organisation.
8th Principle DPA – Countries with adequacy Other A list of countries that the ICO consider have adequate data protection laws such that personal data may be transferred to them under the 8th Principle
8th Principle DPA – Embassies Government-central It used to be thought that our embassies abroad were our soil, but this isn’t the case. Foreign embassies on UK soil are part of the UK. The effect on the legality of transferring data is minimal.
Access to Adoption Records Health The specific statutory instrument that can be used to refuse access to data when disgruntled people ask for it following being turned down as potential adoptive parents.
Access to copies of a credit agreement, original signed copy, or bank statement. Finance The obligation to provide copies of credit agreements, and what lenders can and can’t do whilst this is pending. The right to obtain a computer printout of transactions for the £10 fee as opposed to paying for reprints of statements.
Access to Court Records Police, legal & criminal justice Where court records are available using the Court processes at a fee, then SARs fail. Otherwise, as long as the info is personal data and in a relevant filing system, SAR applies.
Access to deceased persons’ medical records Health The DPA doesn’t apply to dead people. Some health records may be obtainable under other legislation.
Access to information held by schools – maintained schools Education Parents / guardians may request their pupil’s records under education regulations, the school must respond with 15 days. They can only do a SAR if they act on behalf of the child and the child doesn’t have capacity. A child with capacity can make a SAR.
Access to information held by schools – non-maintained schools Education Academies and Free Schools don’t have the same obligations to provide pupil information to parents, though they do have to do a yearly report and are subject to SAR.
Access to Land Registry information Government – central The Land Registry give out personal data but this is in compliance with the Data Protection Act. A person can object using S10.
Access to proof of partners’ convictions / cautions by victims of domestic violence Police, legal & criminal justice Victims of domestic violence need proof of partners’ police and criminal records to qualify for legal aid; this is how they get it.
Access to solicitor’s files while under a lien. Police, legal & criminal justice Solicitors may withhold documents if their clients haven’t coughed up their fees; however, they must still respond to SARs.
Appealing a DN (decision notice) Government – central Don’t ask me why this is under the “Data Protection Act” lines to take… If the ICO have made a DN, parties can appeal to the first tier tribunal.
Automatic Number Plate Recognition (ANPR) CCTV & optical surveillance ANPR systems record personal data, therefore organisations using this must comply with the DPA.
Basic DPA definitions -DC, DS, DP, Personal data Other Key definitions of terms under the DPA.
Biometrics in Schools Education Protection of Freedoms Act 2012 places controls on the use of biometric systems in schools.
Body Worn Video (BWV) CCTV & optical surveillance Because body worn video is likely to be more intrusive, its use must be limited and there must be a privacy impact assessment.
CCTV in Classrooms CCTV & optical surveillance For “Classwatch” and similar systems, schools must follow the CCTV Code of Practice and consult parents.
CCTV signage where there is a potential detriment to individuals by identifying the Data Controller CCTV & optical surveillance For premises such as womens’ refuges and mental health care accommodation, where identifying the Data Controller may put people at risk, this lists what info must be put on CCTV notices.
Charging for public information Government – central (Again I don’t know why this is in DPA LTTs.) The charging for info under FOI or EIR.
CLI identification Internet & Technology “we may be able to look at a concern about this under the DPA and in particular the first principle.”
Cloud Computing and the US Patriot Act Internet & Technology Transferring data to America places it under the Patriot Act. Cloud data companies become data processors. If they comply with legal requirements they’re unlikely to face regulatory action.
Community CCTV schemes (access to footage) CCTV & optical surveillance The housing association is the data controller; privacy impact must be considered. Potential to view disturbing video.
Companies in Administration Other The administrator becomes the data controller. The ICO would struggle to take enforcement action.
Cookie Directive – New powers and obligations Internet & Technology (again I don’t know why this is under DPA) An introduction to the “new” EU cookie directive.
CRA Arrangements to pay – fairness of then registering a default Finance A default can legitimately be recorded when a creditor has failed to make three of their monthly payments, but they must not be worse off than somebody who hasn’t attempted to pay at all.
CRA Can I stop them from processing my personal data? Finance S14 only applies where information is inaccurate or out of date; S10 only where processing “unwarranted” so creditors can’t stop firms using their personal data.
CRA Default on a credit file Vs default under the CCA Finance A default notice isn’t necessary (though is advisable) for defaults to be recorded on a file as this is different from a default under the CRA.
CRA Defaults – Guidance for filing defaults Finance “the absence of a formal ‘default notice’ would not prevent a default from being registered on an individual’s credit reference file”
CRA Defaults – Necessity of recording of defaults with multiple CRAs. Finance Lenders can report defaults to any, none or all credit reference agencies as they see fit.
CRA Defaults – Recording of defaults relating to debts that have been sold. Finance Debts are often sold. As long as the sale is correctly recorded on the credit reference file there isn’t a problem.
CRA Defaults – Showing defaults relating to unenforceable debts. Finance Just because a debt isn’t enforceable doesn’t mean that it is incorrect to record defaults on a credit reference file.
CRA Do they require consent to process personal data? Finance “No.”
CRA How accounts included in a bankruptcy should be recorded Finance “Default date MUST be NO LATER than the date of the Bankruptcy. Settlement date (where shown) MUST be NO LATER than the date of Discharge.”
CRA How payments on a debt management plan should be recorded Finance Token payments in Debt Management Plans can be classed as a Default in some circumstances, but if the lender is genuinely recovering the debt through token payments then a default should not be recorded.
CRA None credit organisations passing information to a CRA? Finance Despite not being lenders, utility companies can legitimately supply info to credit reference agencies. Some tenants may voluntarily include their rent payments on their credit files to help repair their rating.
CRA Rapid updates and P4 Finance All three Credit Reference Agencies have a fast-track update facility to correct mistakes on subjects’ records. They aren’t always required to use it.
DBS checks and filtering Police, legal & criminal justice As of 2013, certain cautions and offences “expire” and aren’t reported in response to disclosure and barring scheme checks. This gives details of how these and fixed penalty notices are dealt with.
Debt collectors Finance Sometimes they’re data processors, sometimes controllers. Mistaken identity concerns; Code of Practice etc.
Deceased Individuals – Information about. Other The DPA doesn’t apply to dead people. FOI may be useful. There’s a separate LTT for where people write a SAR then die before the SAR response.
Domestic CCTV CCTV & optical surveillance Under review as of May 2015. Domestic CCTV isn’t subject to the DPA even when it’s pointed at neighbours’ properties; but anti-harassment etc. legislation MAY be relevant.
DPA Definition – “Health record” vs “Accessible record” Health Esoteric info on definition of “health” and “accessible” records; the difference between the two is beyond me.
DPA Exemptions – Niche and Miscellaneous Other Manual data held by public authorities S33A, Parliamentary Privilege, Armed forces, Judicial appointments and honours, Crown employment, Management Forecasting, Corporate finance, Negotiations, Self-incrimination
DPA Exemptions – Overview Other A summary of DPA exemptions from obligations in SAR and non-disclosure.
DPA Exemptions – Section 28 – National Security Government – central The extent of the exemption and the certificate required to engage it.
DPA Exemptions -Section 29 – Crime and taxation Police, legal & criminal justice The degree of importance required for legitimate engagement of this exemption; the transfer of the exemption to other bodies etc.
DPA Exemptions – Section 30 – Health, education and social work Health Exemptions where providing info under SAR would damage the requester or anybody else, or where the subject doesn’t have capacity but objects to the info being provided to their representative.
DPA Exemptions – Section 31 -Regulatory activity Government-central The limitations on the exemption on “subject information provisions” where such would affect regulatory activity.
DPA Exemptions – Section 32 – Journalism, literature and art (the special purposes) CCTV & optical surveillance The factors required for the exemption to engage, and the sections of the act that are exempted. “Indeed, the only circumstance where an individual can make a claim for compensation relating to distress alone, (rather than damage and distress), is where the processing is for the special purposes.”
DPA Exemptions – Section 33 – Research, history and statistics Education The conditions required to engage the exemption, and the extent of the exemption.
DPA Exemptions – Section 34 – Information made available to the public by or under enactment Government – central Where a statutory organisation has to provide info under other legislation, e.g. the Companies Act, even at a fee, it’s exempt from SAR / non-disclosure requirements.
DPA Exemptions – Section 35 – Disclosures required by law or made in connection with legal proceedings Police, legal & criminal justice Mandatory and discretionary waiving of non-disclosure requirements where legislation or a specific court order applies.
DPA Exemptions – Section 36 – Domestic purposes Other Near total exemption except that the law still allows the ICO to investigate whether the exemption has been over-stepped. (What?!)
DPA Section 10 – Right to prevent processing Other The ICO will only investigate whether the controller responded within 21 days; it won’t make any decision on whether the processing should stop or not – only the Court can do that.
DPA Section 55 – Business to business Employment Standard letter saying the ICO won’t get involved in commercial disputes between businesses unless individuals have experienced substantial distress.
DPA Section 56 – Enforced Subject Access Employment Under review as of May 2015. Employers can force people to do a SAR to the police because this section hasn’t been implemented. Such SARs may contain extra info than the employer could get through other statutory schemes, such as the disclosure and barring service, and this isn’t good. There’s nothing the ICO can do.
Drones / Unmanned Aerial Systems (UAS) CCTV & optical surveillance When used commercially, a Privacy Impact Assessment is required.
DVLA releasing keeper details – Protection of Freedoms info only. Government – central Where a car park operator’s CCTV / ANPR catches a driver infringing its T&C’s, they’ve got 14 days to get details from the DVLA and issue a notice to the owner. In general, the ICO considers that if the operator doesn’t meet this deadline, the DVLA can still give out info even after the 14 days is up, even though the debt won’t be legally recoverable.
Elections Political parties Political campaigning is marketing. They can use the unedited electoral roll. Election addresses are exempt from individuals’ right to opt out of marketing materials, as are unaddressed envelopes or letters to “the occupier”. Live telephone calls are subject to the usual telemarketing rules; parties need an individual’s prior consent before subjecting them to automated calls, emails, texts or faxes. The SNP, Tories, Lib Dems and Labour have all had ICO enforcement notices after using automated calls. What happens to personal data held by an MP following dissolution and election. Guidance for local authority and devolved government elections.
Electoral Register Government – local The change to individual registration. Mandatory inclusion on the unedited register. Organisations entitled to access / use the unedited register. How to opt out. If your entry on the register puts you at risk, you can apply for “anonymous registration”.
Employer-funded pension or insurance schemes – sharing Employment Employers should gather the least possible info for the scheme and not use it for any other purpose.
Employers sharing personal data with unions Employment Some employees’ info may be passed to unions for them to recruit; otherwise it must be anonymised.
Employers using CCTV- summary CCTV & optical surveillance CCTV at work is intrusive. It must be used with discretion, particularly if covert. Info accidentally caught by cameras used for other things shouldn’t generally be used for disciplinary matters unless it’s such that an employer can’t ignore it. Vehicle monitoring should be minimal, particularly where a vehicle has dual business / private use.
Employers using gagging clauses relating to DPA, FOIA. Employment Sometimes employers include “gagging clauses” to stop employees using their rights under the DPA and/or FOIA. These don’t stop employees using their DPA / FOIA rights, but employees may be in breach of contract if they do (and if the contract is judged legally watertight.) The ICO only gets involved when the employee has actually made a request which the employer hasn’t complied with, and then won’t make any determination as to whether the gagging clause is fair.
Employers using information posted online Employment Where an employer comes across info on Facebook etc. this may feed into disciplinary investigations but its weight as hearsay should be taken into account. This doesn’t apply where employers actively monitor employees’ Facebook accounts etc.
Employment reference – Provision without consent. Employment Only provide info to 3rd parties with the employee’s consent or if you’re legally required to; be careful with sickness / medical info.
Encryption of mobile devices Internet & Technology This is recommended.
Exam Marks and Scripts Education Exam marks are exempt until the results are announced. SARs for such must be responded to within four months of the request or 40 days of the release of the results, whichever is sooner. Information recorded by candidates is exempt from SARs, but examiners’ comments subject to SAR.
Exemptions under FOIA / EIR and the PIT Government – central Absolute and qualified exemptions; class-based and prejudice-based; timescales for public interest test. (Don’t know why this is DPA…)
FOIA / EIR FAQs – Guidance docs Index Government – central Don’t ask me why the ICO released this as a DPA LTT – nor why they supplied it with no working links.
FOIA requests to Academies Education FOI again. All academies, by virtue of the Academies Act 2010, are subject to the Freedom of Information Act 2000.
FOIA timescales – requests to educational establishments Education FOI – For schools, the standard time limit for dealing with Freedom of Information requests is 20 school days, or 60 working days if this is shorter.
FOIA/ EIR – Internal reviews under Government – central FOI. Public authorities don’t have to do internal reviews under FOI, but most do. They are required to do them under EIR.
FOIA/EIR coverage – recent organisation changes Government – central FOI. ACPO, UCAS, FOS, Free schools now subject to FOIA; Duchy of Cornwall under EIR but not FOIA; Royal Mail not FOIA any more; Post Office still FOIA.
Free Electoral Roll – FAQs Internet & Technology “Intelligent Tracing” is broadly legit under the DPA, though causing people concern. The ICO has had discussions with them about mechanisms for people to “opt out” their data.
Gone away post and Telephone calls Finance If you’re receiving mail or telephone calls for people who don’t live there, you can tell the organisations and they must stop, though they can’t amend their data because the info isn’t being provided by the person they are attempting to contact. But some organisations must still send letters etc. due to requirements under the Consumer Credit Act.
Google Glass CCTV & optical surveillance The domestic exemption largely applies to users of Google Glass, though they’re urged to be reasonable. Business users are liable as usual. The ICO are still in talks with Google over their privacy policy.
Google Streetview Internet & Technology Dated (pre-implementation) advice indicates that blurring of faces etc. means they were relatively sure Streetview will be legit under DPA.
Health and Social Care data breaches (IG Toolkit) Health English data controllers must report breaches of health info using the “IG Toolkit”
Health Services and Social Care Services – Definitions/differences Health The ICO considers that “health” in the Data Protection Act covers some aspects of social care.
ICO and The Commissioner – FAQ Other What the ICO does, how the IC is appointed or got rid of, its sponsoring body, its budget, etc. etc.
ICO register of data controllers. Viewing and use of. Other The ICO makes the register of data controllers available by website and by DVD. It can be reused as long as not for nefarious purposes.
Location Data and Smartphones Internet & Technology Apps etc. must ask permission before collecting location data. Location data must be turned off by default.
London Gazette bankruptcy records Finance Because archives of the London Gazette is available online, records of “discharged” bankruptcies stay in the public domain. This isn’t really new; previously such would be available in libraries, and in any case some roles require that an individual has never been bankrupt.
MPs and Constituent’s Complaint Files Political parties MPs are data controllers. There are special rules for transfer or otherwise of people’s data to “new” MPs.
MPs and Elected Representatives – Disclosures to Political parties There’s legislation to allow easement of the DPA to make MP’s constituency casework easier; but there are some concerns for privacy so MPs are asked to tell the ICO if a constituent objects.
National Insurance Number as an identifier – DWP Government – central The use of NI numbers in bank statements etc. is legit under the DPA.
Occupational health referrals and data sharing Employment Rights and procedures when employees request medical information from an employee’s GP
Opt-Out UK Ltd Direct marketing “(Background information for internal use only)” OptOut may be sending “stop processing” requests to direct marketing organisations even where the person on behalf they’re sending it isn’t on that organisation’s list. Such organisations may need to confirm the ID of the requester. They should set up a “suppression list” of people who don’t want marketing, though they aren’t legally required to.
Planning Applications / Disclosures Government – local The requirements to publish information under the Town and Country Act mean that the DPA largely doesn’t apply, including SAR. Where sensitive information is published unredacted, special care must be taken including making the applicant aware.
Police & Crime Commissioners FAQs ( PCC ) Police, legal & criminal justice Introduction to the “new” PCCs; requirements on PCCs to publish certain data; PCCs obligations under the DPA and FOIA; and transfer or functions from defunct Police Authorities to PCCs.
Police retention of data. Police, legal & criminal justice Police keep personal info for a minimum of 6 years, after which they decide whether to keep it longer; except for data on the PNC, which is kept until an individual’s 100th birthday. The PNC’s data controllers are “all forces in common”, and SARs must go to the ACPO.
Police retention periods – DNA, PoF Act and Biometrics Police, legal & criminal justice Written before the Protection of Freedoms Act, describes the required deletion of DNA samples etc. post ECHR judgment. Lists various retention times for various ages of convicts / arrestees etc.
Publication scheme for EIR Government – central EIR. Barring certain exemptions, authorities must pro-actively publish EIR online.
Recording calls and Fair processing Internet & Technology It’s not always necessary to tell people their phone calls are being recorded, unless recordings to be used for a different purpose than the original call. Some environments (e.g. call centres) mean that recording for e.g. training purposes may be assumed.
Refusal notice format / contents under FOIA/EIR Government – central FOI. Details of the required content of refusal notices under FOI / EIR.
Reproduction of information from Twitter Internet & Technology The context and recipients of a tweet determine whether republishing it may be “fair processing” of personal data.
Requests for a list of public authorities under EIR Government – central The EIR require each state to publish a list of public authorities. DEFRA does this in the UK.
Retention P.5 DPA Other The Act can’t describe retention periods for all potential circumstances, so here are some key aspects to take into account when deciding on them.
Retention and Copying of original documents Employment The DPA is concerned with information, not the physical documents in which it is written. There may be circumstances where employers etc. need to confirm ID with original documents.
SAR and third party data – summary Other Unless compelling reasons otherwise, the ICO encourages such disclosure. Includes factors to be considered.
SAR by a Trustee of a debtor in bankruptcy Finance A trustee of a debtor in bankruptcy can request information from a mortgage advice company under Section 366 of the Insolvency Act 1986 free of charge. This is independent of SAR rights. A SAR may return extra information.
SAR Counting the 40 days to respond. (General + Schools) Education SAR responses have to be sent (not received by the subject) within 40 days. This includes schools, irrespective of holidays, except for educational records which must be returned in 15 school days.
SAR fee – acceptable payment types Other Data controllers can request payment via a specific mechanism but not insist on it. If the data subject has made a payment in a manner generally accepted for payment in the UK, then the SAR obligations begin.
SAR Handling repeated requests Other This LTT says info sent in response to first SAR doesn’t have to be sent again in a repeat SAR (contrary to that stated in the SAR Code of Practice). Looks at time between repetitions etc. and other practicalities of dealing with repeat SARs.
SAR Health Records Fees Health SAR fee for data supplied in electronic format is max £10; for manual records £50. Inspection of health records is free if they’ve been amended in the last 40 days, £10 otherwise.
SAR Information exempt as may cause harm – Education. Education This exemption only applies to the specific subset of data whose release may cause harm. The ICO are likely to be swayed by medical opinions, but less so of non-medical opinions.
SAR Information exempt as may cause harm – Health. Health The ID of the medical professional who must make this decision; when standing decisions can be relied upon; when representatives of people without capacity can be legit.
SAR Information exempt as may cause harm – Social work Health Data Protection (Subject Access Modification) (Social Work) Order 2000 (SI2000/415)
SAR Information from joint accounts /policies. Finance Each person can get all the data through SAR.
SAR Information in a different language Other While good practice might suggest information be translated into English (or Welsh / Gaellic I guess) the DPA doesn’t require this as long as it is in an “intelligible form”.
SAR NHS England – CCGs and CSUs – who is the DC? Health NHS England. england.igqueries@nhs.net
SAR Using S.7 to obtain “Evidence” Police, legal & criminal justice CPR disclosure doesn’t trump SAR provisions, but court may not enforce SAR rights in such circumstances.
SAR when the requestor dies during the process Other As long as requester still alive when SAR received, SAR must be processed and sent to rep / executor.
Sharing Box Office or ticketing Information Direct marketing When booking information is retained by theatres or venues and a travelling show company wants this info for direct marketing they usually shouldn’t be allowed it.
Shot gun licenses (certificates) and doctors’ records Health The ACPO wants a “tag” on health records of shotgun owners so the GP can warn the police if the person becomes a threat. The ICO thinks this disproportionate, but notes that the letter requesting medical opinion before the license is granted can stay in the notes.
Smart Meters Internet & technology Later in 2015, companies will start using smart meters that communicate via a Data Communications Company (Smart DCC Ltd). At the moment, “smart” meters communicate direct with energy and utility suppliers; this will swap over at some point. The DCC will have special licenses. This LTT gives various data protection advice on this new model.
Standard letter for EU funded projects approval under FP7 Other Application packs for funding under the EC’s 7th Framework Programme (research and technology) requires applicants to get permission “where appropriate” from their country’s data regulator. This standard letter says the ICO doesn’t fulfil this function.
Surveillance Camera Commissioner (SCC) CCTV & optical surveillance The Protection of Freedoms Act introduced the Surveillance Camera Commissioner (SCC) who must promote good practice and encourage compliance amongst ‘relevant authorities’ using surveillance cameras, and has written a Code of Practice.
TPS – Details of the Telephone Preference Service Ltd Internet & technology The TPS runs its Preference Services and maintains “do not contact” lists under the Direct Marketing Association but under contract to OFCOM. The TPS also has a complaints handling procedure, though this isn’t statutory. It reports the themes of complaints to the ICO.
Universal Jobsmatch Government – Central Lots of people raised concerns about “Universal Jobsmatch” and lack of clarity about its processing of data. The DWP have now made it clearer; this is run by “Monster” for the DWP. Its use may be compulsory for some claimants.
US Surveillance, Snowden and Prism Internet & Technology “There are real issues about the extent to which US law enforcement agencies can access personal data of UK and other European citizens.” The ICO is working with other EU countries on this.
Use of publicly available information Internet & Technology “People search” websites are generally legit under the DPA. The ICO can look at people’s complaints about them.
Vehicle Registration Marks as personal data CCTV & optical surveillance When Vehicle Registration Marks are collected by ANPR for parking / speeding fines etc. they are personal data.
Win-Back Campaigns Direct marketing Where people have opted out of direct marketing, companies occasionally asking if they want to come back is OK, but only as part of normal communication. “If you don’t respond we will add you to our list” is particularly bad.
May 182015

The Information Commissioner’s Office have released to me their Casework Advice Notes. These previously unreleased documents guide their staff on how to deal with various circumstances when they are asked for a S50 assessment of a public authority’s compliance or otherwise with the Freedom of Information Act and/or the Environmental Information Regulations. Previously we have had Lines To Take, which tell caseworkers what stance to use on certain key aspects of the Act and Regulations. These Casework Advice Notes give more practical guidance.

Some of them are illuminating of the internal machinations of the ICO. I particularly like their advice on the use of S40(3), which basically says: only consider this exemption if you are absolutely forced to by the Public Authority’s intransigence; in all normal circumstances persuade the Authority to use a different exemption.

For ease of use and for interest of others, I have indexed the 18 CWAN (CaseWork Advice Notes) with a brief summary of the contents. My summaries may not be correct and should not be used as a definitive statement of the Notes. Click on the Casework Advice Notes number or the Subject Details to download a PDF of the real CWAN.

CWAN number FOI / EIR Section Subjects Details


Prejudice to effective conduct of public affairs.

Common problems Lack of evidence that the Qualified Person (QP) has made a decision; problems with identifying the QP, reasonableness of QP’s decision.


Prejudice to effective conduct of public affairs.

Reasonable opinion Change from “reasonable in substance and reasonably arrived at” due to difficulties in determination. ICO developed own definition, based on dictionary: “in accordance with reason; not irrational or absurd”. “Reasonable opinion” doesn’t have to be the only / “most” reasonable one, nor does the ICO have to agree with it.


Information provided in confidence.

Anonymised information about people and the duty of confidence & standard DN wording Where it is not possible to identify the subject of information from the material to be disclosed, either on its own or together with other information available to the public, it is no longer necessary to consider each limb of the Section 41 test of confidence. Also provides boilerplate text to put in DNs.


Cost of Compliance

Exercising the Commissioner’s discretion to accept late claims of section 12 If a public authority has collated the requested material to justify usage of another exemption (e.g. s43) but then abandons the original exemption and attempts to rely on S12, the ICO does not uphold the S12 exemption as the material has already been collated and there would be little extra cost in supplying it.
5 EIR reg 12(4)(e) Internal communications. Email chains as “internal communications” In email chains, the sender and every recipient of every email in the chain must be in the authority for the exemption to apply. Caseworkers should broadly accept PA’s statement to this effect to minimise ICO investigative time. Each email must considered on its own; an email chain consists of multiple documents.
6 s1, Part II exemptions reg 5, reg 12 Email attachments A request for an email usually includes any attachments. Where printed emails and attachments are supplied, ICO may ask PA for written statement detailing attachments were attached to which emails to mitigate confusion.


Prohibitions on disclosure

ECHR Article 8 (respect for private and family life) as a statutory prohibition Rarely used as S40 and S38 deal with most issues. Posited example: an identified group of residents guilty of sexual assault but not specified which one so S40 and S38 don’t apply, but Article 8 may do. Process by which this is determined.


Application for decision by Commissioner.

Referencing Select Committee opinions and parliamentary proceedings in decision notices. Parliamentary Privilege applies to Select Committees and thus DNs must not rely on their statements
9 S2, 12(1)(b) Handling a suspicion of wrongdoing by a public authority in DNs. “Case officers must take great care when drafting a DN in any case in which there is a suspicion of wrongdoing. If necessary, use a confidential annex rather than run the risk of revealing that there is a smoking gun.”
10 s2, Part II exemptions, reg 12, reg 13 Public domain – practical guidance When considering a claimed exemption, ICO workers should do a brief Internet search to see if information already in public domain. Be careful about referring to Parliamentary material.


Investigations and proceedings conducted by public authorities

Evidence required to engage section 30(1)(a) Any evidence generated after a decision not to contiue a criminal investigation cannot be subject to the S30(1)(a) exemption. But investigations to consider whether an offense has occurred do engage S30(1)(a) until and unless satisfied that offence hasn’t occurred. Police must state broad category of offense; other public authorities must be more specific.

19, 21

Publication schemes / info available by other means

Approach to S19 and S21 exemptions Where both claimed, ICO should consider S19 first, because if the material is correctly published and so S19 is upheld, S21 is upheld by default. If PA hasn’t used Commissioner?s model scheme, S19 exemption automatically denied.
13 S50 / Reg 18 DN drafting steps Caseworkers must be careful and specific in DNs about actions they require PA to undertake, particularly avoiding phrase “the requested information”, to make the DN easier to enforce. Gives standard approaches to DNs on several common themes.
14 S40(1)

Applicant’s personal data

Applicant’s personal data If a request is for personal data alone, caseworkers consider PA’s compliance with SAR. If the request is for a mix of own data and non-personal data and S12 / S14 exemption upheld, authority directed in DN footnote to respond to SAR. If S12 / S14 exemption not upheld, warn authority to use S40(5) for any personal data.
15 S40, Reg 13 Sensitive personal data and fairness If request is for 3rd party sensitive personal data, nearly always “unfair” – ICO have boilerplate text for DN. If the 3rd party has actively published the info or has given consent to its release, then it is “fair” and S40 / Reg 13 don’t apply.
16 S40, Reg 13 Considering whether disclosure of personal data would be lawful Caseworkers only consider this if release of info is “fair”. Release of info should be considered lawful unless and until evidence suggests otherwise. Statute, common law, duty of confidence or enforceable contract must be considered.
17 S40, R13 Data subject’s consent to disclosure If 3rd party gives consent for release of their data within the statutory timescale of FoI request, it is absolute. If given outside this time, ICO must make interpretation as to whether this was a fully formed decision at the time the FoI request was made. If consent is actively NOT given, consideration must be given to whether info release would be “fair”. PAs are not required to ask data subject for consent, but in some circumstances it may be useful for the caseworker to suggest to the PA that they do so.
18 S40(4), R13(3) Information exempt from subject access right Caseworkers should only consider this exemption if claimed by the PA, and they should suggest the PA rely on other, less complicated exemptions. With rare exceptions, it is unlikely to be fair processing to release info about an individual to the public under FOI when exemptions mean they can’t get it via SAR.