Who watches the Watchdog?

A popular parlour game in Information Rights is to decide what kind of watchdog the Information Commissioner is. Tim Trent, erstwhile stalwart of the Jiscmail Data Protection forum, was fond of characterising the pre-CMP ICO as a poodle, whereas in the same era, one of my old managers believed that it was a canine capable only of giving a nasty suck. In these days of actual Wilmslow-based action, it’s hard to keep such comparisons in play, but whatever kind of mutt the Commissioner is, one thing is certain: the watchdog cannot properly watch itself.

This lunchtime, in an announcement doubtless designed to give the Executive Team indigestion, the Public and Commercial Services Union announced that it had written to the ICO to complain about a possible criminal offence committed by the Information Commissioner himself. Section 77 of the Freedom of Information Act 2000 makes it an offence to alter, deface, block, erase, destroy or conceal any record held by the public authority with the intention of preventing its disclosure under FOI.  The complaint follows an FOI request made by Graham’s staff about significant pay increases for some of the ICO’s most senior staff, while most of their underlings have laboured under a pay freeze.

I would need to write a book to pick apart all of the ridiculous things that the request has revealed. One classic moment sees Mr Graham telling the Ministry of Justice that his deputies need pay rises because the office has inherited responsibility for PECR and EIR since their jobs were last evaluated in 2008 (presumably the EIR decisions they made from 2005 and the PECR enforcement against political parties in 2006 are a figment of my imagination). Another sees one of the aforementioned deputies (Graham Smith) trying to help explain why even though “I have no specific new duties“, his pay rise is necessary because of “load sharing“. If you have an appraisal coming up, feel free to give that one a try. But best of all of all is the finesse with which the PCS requests were actually handled. First the response was late, then the PCS were told by Chris Graham that no information was held, and finally, after an internal review carried out by someone whose name was redacted from the response, a heap of emails appeared as if from nowhere, emails Chris Graham said were not held, despite the fact that he had either sent or been copied into most of them.  It’s a shambles (and as an FOI trainer, I thank them with all of my heart for the material).

A quick glance at the Information Commissioner’s What Do They Know pages shows an FOI process very much of the “Do as I say” variety. One recent request shows that suddenly finding lots of new stuff at internal review is not limited to the PCS request, while reading Helen Cross’ attempts to obtain management board papers is like slowing down past a motorway pile-up. Responses are long delayed or unconvincing, or even reach for the bogus vexatious label that Alan Dransfield keeps telling us all about. In the light of all this, it’s pointless to speculate about what went on with the ICO’s handling of the PCS request because it could be anything.

Nevertheless, the Information Commissioner’s Office cannot investigate the PCS complaint about Section 77. There are doubtless robust people working in Wilmslow capable of actually doing it independently and objectively, but is anyone really going to stand up to the boss and tell him that he should be prosecuted? And equally, if the investigation leads to a conclusion that no action is required, are we all just expected to believe that? The PCS press release seems clear that they are accusing Mr Graham himself of the Section 77 offence (“We have asked for a formal investigation into a possible criminal breach of the law by the man charged with upholding access to information rights“). It is inconceivable that Mr Graham would ask anyone in his office to make a decision on such an allegation.

As it happens, we already have a precedent. In 2012, the Commissioner asked Cheshire Police to investigate an alleged criminal breach of the Data Protection Act by a former employee, Alec Owens. Shortly before his appearance at the Leveson enquiry where he was to accuse Mr Graham’s precedessor of being afraid to take on the press, Owens’ house was raided by the police. No action was taken against him as a result, and he subsequently received an apology from the force because the warrant issued against him was unlawful. Despite the criticism of Paul Farrelly MP for their actions, the ICO maintained that reporting the matter to the police was the right thing to do because “it would not be appropriate for us to investigate a former member of staff“. Having said that in 2012, it is obvious that an allegation against a current member of staff cannot be taken on by the ICO either, especially given who that member of staff is. Whilst I am not recommending that Mr Graham hands himself into Wilmslow Nick, it is vital that his office makes clear that whatever the truth of the PCS claim, someone else will take charge of getting to the bottom of it.


  1. Jt Oakley says:

    The Internet request…

    This is public money being spent.

    So it begs the question who is monitoring ICO employee use of the Internet and how do they check proper usage – if they have no idea of what has been accessed? Why the quick destruction of information?

    Besides, other organisations monitor usage and answe FOIA requests.

    So why should the ICO be exempt?

    • I don’t think any organisation should create data just in case somebody might ask for it under FOI. But your point is valid – how is proper usage analysed?

      • Jt Oakley says:

        The ICO cannot be seriously expecting anyone to believe that it leaves Internet usage unmonitored.

        For example, if it has a policy on the viewing of porn on government equipment, then it must be monitored in an accessible way to comply with the policy. Otherwise, why the policy? Is it just window dressing?

        Public officials have been caught viewing illegal child porn on gvt computers. Because it is the public duty of any gvt organisation to monitor and comply with the law in this respect.

        So is the ICO arguing that any illegal usage evidence – against its own policy and the law – can be safely ignored and destroyed …simply because it’s in an incomprehensible form – and therefore no one checks it?

        Log/ file information must also exist – because of audit requirements.

        The ICO’s argument seems to indicate that the IT expenditure , funded by the public, doesn’t have to be either open to auditing – or monitored.

  2. There’s another precedent for how the ICO might investigate a Section 77 allegation against Christopher Graham. The Head of Enforcement investigated the matter, before seeking Mr Graham’s “advice and comments” on how to respond…

  3. Alan M Dransfield says:

    Wakey wakey Tooltime Tim . Of course the ICO are perverting the course of justice by virtue of section 77 of the FOIA 2000.
    Look no further than the Dransfield Vexatious Hogwash for proof.

    How can the ICO be independent when they investigate complaints (under the Act) against themselves.
    Remove you head from the ICO Ass and you sense of observation will improve.

    • The small flaw in your argument is that the ICO’s decisions on your cases, Mr Dransfield, are entirely correct.

      • Alan M Dransfield says:

        Have you got a crystal ball,can you see the CoA decision on my Case?
        Cracks are appearing Timmy in the ICO Dam.

      • I don’t have a crystal ball. If the Court of Appeal finds in your favour, I will have to accept their decision, but I will not agree with it. Are you saying that if you lose, you will graciously accept that they are right, and go quietly?

%d bloggers like this: