Shame

In the flood of positive PR for Freedom of Information’s 10th anniversary, a piece appeared in the Manchester Evening News that shows a possible downside of the legislation. The MEN is my local paper and the main hospital in the story is the closest to my house, but I didn’t notice it – it was highlighted on Twitter by Dr Ben Goldacre and then to me by Sarah White.

The story concerns individuals who make multiple visits to A&E departments, and in particular, the revelation that one person went to A&E at Wythenshawe Hospital more than 100 times in an 11 month period in 2014. Several individuals – including a child – are mentioned, including the number of times they attended and the hospital in question, although the reasons for attendance are not revealed. The information was obtained using FOI.

An (unnamed) spokesperson says: ““Due to patient confidentiality, we would not comment on individual cases” but the problem is, they already have commented on individual cases by releasing data at an individual level. Goldacre’s concern – encapsulated in a comment he put on the story – is that by releasing the information and facilitating comments, these individuals are being exposed to unkind comments from strangers. As one of the other (unnamed) spokespersons observed, one of the likely reasons for multiple A&E attendances is mental health issues. Imagine being the person who went to Wythenshawe 116 times last year, and reading your story, reading comments about what you have done being ‘disgraceful’. Admittedly, the MEN’s handling of the story isn’t as hysterical as it would be in the Dailys Mail or Express, but how long will it take for them to pursue a similar story?

What happens if the parents of the kid mentioned in the story realise that it’s their family who are the “A&E frequent fliers“, draining the resources of “embattled” local hospitals? What happens if, as a result of the shame (which I suspect is the intended effect of this story), they don’t take their kid to A&E next time? What happens if the alcoholic, the self-harmer, the domestic violence victim, the anorexia sufferer – what happens if one of them knows or suspects that they are one of the frequent fliers, and then they don’t attend when they need to?

I live in the same postcode as Wythenshawe Hospital, I frequently drive and cycle past it, and several people that I know and love have been treated there. The ‘frequent flier’ could be one of my neighbours, someone who shops at the local supermarket; if I wasn’t so resolutely anti-social, I might even know them. It’s not likely that I would be able to identify them, but University Hospital of South Manchester NHS Trust (UHSM), the public authority that runs Wythenshawe and answered the FOI request, have consciously set those hares running to make a point about the over-reliance on A&E. That woman who always has an ambulance outside her house, that woman who is always down at A&E, I bet it’s her.

I am about to fall into the worst FOI trap, one I mention every time I run an FOI training course. It’s almost impossible to say that any request is an abuse of what FOI is intended for, because FOI is not intended for anything. It has no purpose clause, nothing to say what you’re supposed to use it for. If the Manchester Evening News want to try to use it to get a quick headline at the expense of vulnerable people, they’re absolutely entitled to do so but they shouldn’t get the information. And here I jump into the trap: FOI is not for this. FOI is not there to expose citizens, it is to expose the organisations that serve them. We need to know that A&E departments are run properly, that the managers responsible for them ensure that services are available so that people are not reliant on them when they should be elsewhere in the NHS system. However, exposing civilians to the glare of publicity is wrong and moreover, unnecessary.

I believe that the likelihood that the individuals cited in this story may be identifiable to their friends and neighbours, and as such, the release of their personal data is unfair – UHSM should have used Section 40 of the FOI Act to refuse to disclose this information on the basis that to do so would breach the Data Protection Act. I also believe – as Ben Goldacre said – that disclosure is likely to lead to adverse comment, and so Section 38 of FOI (which prevents disclosures that would endanger physical or mental health or safety) should also have been used to refuse. No matter how difficult and expensive some of these people might be, exposing them to shame and possible identification is a disgrace. It should not have happened.

Number crunching

At least according to Wikipedia, St Basil of Caeseria is the patron saint of hospital administrators, while lighthouse keepers enjoy the patronage of both St Dunstan and St Venerius the Hermit. In the light of such specificity, it seems unjust that Freedom of Information Officers have no more appropriate option that St Thomas More, who covers the broad spectrum of politicians, statesmen, lawyers, civil servants, and court clerks. My vote would go to St Jude, who sponsors lost or hopeless causes, although a case could possibly be made for St Alban, who as well as converts and refugees, is the patron saint of torture victims.

St Albans Council hit the local headlines in September, when the St Albans and Harpenden Review reported the huge burden on the council represented by FOI requests. Councils bleating about the cost of FOI is not a new story, and I have complained about it repeatedly. But fans of the genre will have enjoyed some novel twists among the usual invented cost totals and reassurances that the Council takes FOI seriously. For one thing, the Council Leader Julian Daly aimed his fire at commercial companies rather than the public: “what makes me particularly annoyed are requests from businesses using FOI to get detailed information for commercial gain, instead of investing in market research“. Paul Bradshaw has already beaten me to the observation that businesses, like the public, are taxpayers anyway, but more importantly, it’s hard to imagine how a company would get market research data in any other way than FOI, unless the information was already published.

A second element was even more intriguing. In breaking down the percentages for April to June, St Albans claimed that as well as the whopping 57% of requests from commercial applicants, 13% of requests were from the Metropolitan Police. The technical term for this is bollocks, but I didn’t want to say so without checking. I made an FOI request to St Albans Council after the story resurfaced in the Herts Advertiser in October, and the results were interesting.

One question I asked was: “Did any of these police requests mention ‘Freedom of Information’ or ‘FOI’?“. Although they devoted several paragraphs to explaining their FOI process, St Albans did not actually answer, so I am going to assume that none of them did. It is true that an FOI applicant does not need to specify that they are making an FOI request, and St Albans drew my attention to a section on the Information Commissioner’s website which says that any request for information that is plainly not an EIR or a subject access request should be treated as an FOI: “Any other non-routine request for information you hold should be dealt with under the Freedom of Information Act“. It is always unwise to rely on the ICO’s website, which is generally written as if the reader is a nine-year-old; complexity and subtlety are studiously avoided. Nevertheless, even on the face of it, the ICO’s text does not support St Albans’ interpretation. A request from the police as part of an investigation is plainly ‘routine’ – St Albans received more of such requests than they did FOI requests from the public, a total of 35 in one three month period.

More importantly, when I asked how many of the Met Police requests were made under Section 29 of the Data Protection Act (i.e. made explicitly under completely separate legislation), they admitted that all of them were, and any data was disclosed under that section. It’s not clear (and I probably should have asked) whether St Albans formally refused these requests under FOI before disclosing under the DPA, but I bet that they didn’t. The police were using the Data Protection Act for what the ICO’s Data Sharing Code of Practice calls a ‘disclosure’, and what is more commonly (though less accurately) known as a data sharing request. They were asking not that the data be disclosed under FOI, but that it be disclosed one data controller to another, for the purposes of conducting a criminal investigation. The idea that anyone could think that this was an FOI request is nonsense.

It’s entirely logical for the same people who process FOI and EIR request to also handle subject access and DPA disclosures. Indeed, given that there is currently no formal obligation in England, Wales and Northern Ireland to collate and report FOI statistics to anyone, there is no reason why St Albans’ information requests team shouldn’t lump all of their workload into one system to keep track of it all. It would be nobody else’s business if they did. It’s possible that when the issue came up, the police requests were included by mistake.

The problem comes in the way that St Albans have tried to use the volume and cost of their requests as part of the FOI burden narrative that local government is still enthusiastically engaged in. A statistically significant portion of the requests they complained about were nothing to do with FOI at all. If St Albans Council can afford to stage free PR events for Eastenders Actors, then local taxpayers of any type making FOIs should pass without comment. However, if we are to have a debate about the FOI burden, it has to be conducted honestly. The Herts Advertiser version of the story remarked that St Albans received markedly more than surrounding authorities, and I can only conclude that this is because Dacorum and Watford don’t count electricity bills and stuff written on toilet walls in their FOI totals.

I don’t blame the FOI officers for this; I assume that most of the anti-FOI propaganda is generated by PR teams, senior officers and politicians. But given that it is certain that the St Albans figures have been exaggerated by the inclusion of police requests, any assertion they make about the total cost, the average cost to households, even the total number of requests that they have received, is meaningless. If public authorities want to talk about FOI, they have to start by getting their facts straight.

A fairy story

A stupid FOI request made to Wigan Council about their preparations for dragon attacks has hit the headlines at least twice. In  June, the first time it made waves in the local press and on the BBC, I blogged about how such daft requests brought FOI into disrepute; rather than make a fuss, a council should simply ignore them. More recently, the LGA issued a press release detailing ten requests that exemplified what they felt was the burden of FOI requests, and once again, there was Wigan’s silly dragon, proudly displayed as an example of everything that was wrong with trivial time-wasting FOI. Of course, a publicly funded lobby group like the LGA should be subject to FOI rather than undermining it, but they caught the imagination. For days afterwards, people around the world tweeted their amusement at the story in general and Wigan’s dragons in particular. The council joined in, drawing attention to the BBC’s coverage of the story and making slightly tendentious points via Twitter:

There is a serious point to all this. The number of Freedom of Information (FOI) requests sent to us has more than doubled in four years.”

There was some push-back. My esteemed colleague Jon Baines took the LGA release apart, pointing out that several of the requests were entirely legitimate, and that the LGA’s derision was misplaced. Moreover, one applicant on What Do They Know responded to the FOI fuss with metronomic predictability – he made an FOI request to each of the LGA ten, quizzing them on how they dealt with both the original request and the LGA.  Among other things, the applicant asked “Did officers working for the council search for any information, given the extremely unlikely nature of the proposition in the FOI request?”. Wigan responded last week, and Their Answer May Surprise You:

No search for information was made. The request received the standard acknowledgement but no further response.

On two separate occasions, Wigan has used this FOI request to illustrate the burden that FOI represents for cash-strapped councils and to make itself the poster child for FOI abuse. But there was no burden. Terence Halliwell, a senior councillor and member of the Cabinet put his name to sombre soundbites to the press about the cost of FOI, but this emblematic request cost them nothing. The only cost to the Council incurred by this FOI is the time and resources they have expended in chasing headlines. If Wigan took the money they spent on spin and put it into servicing their statutory obligation to answer FOI requests, they would probably have less to complain about (as would some of their disappointed applicants).

Nobody can deny that the annually rising number of FOI requests is a challenge from which there is little respite. The routine cry of commentators (PUBLISH MORE) is futile, as FOI applicants frequently ask for individual correspondence, collated facts that the organisation does not hold individually and genuinely sensitive information that few organisations would publish willingly. The only answer for those citizens is FOI – the right to ask bespoke questions, and get an answer. In an era of cuts and austerity, these questions will increase, but the ‘burden’ of FOI should be seen as a basic running cost, like the electricity bill. You can’t run a publicly funded organisation without bearing those costs.

FOI Officers often do a thankless job, toiling in the shadow of PR staff who usually outnumber them, and resented by colleagues who want to get on with their “proper job”. Wigan’s handling of the Dragon request exemplified this trend – the Council didn’t make any attempt to answer the request, but enthusiastically exploited it for anti-FOI publicity. I don’t actually criticise them for the first part, but the second part shows a gobsmacking level of cynicism. Is it too much to suspect that the requests that might drain the council’s resources are actually serious enquiries to which no sensible person could object? Dragon requests are an open goal, but they’re also not the expensive problem that some councils would like us all to think.

I’ve written it here before, and wearily (especially given my previous, wholly positive history with Wigan Council), I write it again. FOI is the law. It’s a front-line public service, and council managers should see it as such. Wigan’s Council Leader recently claimed that it was an ‘open, honest and transparent organisation‘, but his evidence for this claim was the Council’s participation in a TV show. Given some of their recent ICO decision notices and unanswered legitimate FOIs on What Do They Know, as well as this depressing episode, some scepticism about whether Wigan is truly committed to transparency is understandable. And if they ever moan about the burden of FOI requests about Dragons again, the fine folk of Wigan should breathe fire on them.

Freedom Fighters

At least according to TweetDeck, Ian Dunt’s opinion piece about FOI on Politics.co.uk has struck a chord. For days, I have seen the headline being retweeted uncritically, usually by journalists: “How Whitehall neutered the FOI Act’. The article itself is stirring stuff. Take this:

Since the Act was passed it has become increasingly useless. Now, after four years of coalition government, the FoI Act is barely worth the paper it’s written on. One of the most powerful pieces of transparency legislation this country produced has been neutered.”

Dunt’s article doesn’t get close to substantiating the hype. Brace yourself – sometimes people ask for information under FOI, and they don’t receive it. Sometimes they have to fight to get the information. Sometimes, the information they want isn’t held. This isn’t neutering (Dunt’s headline even states that the neutering is done and dusted). This is how FOI works in every jurisdiction in the world that has an FOI Act.

Certainly, Dunt identifies some of the problems that FOI applicants encounter. He asked the DWP how much they had spent attempting to prevent disclosure of information about their Universal Credit Scheme. They didn’t provide the data, and he observes “even this small piece of the puzzle was considered confidential”. But it wasn’t. DWP didn’t claim that the information was exempt, they said “The department does not keep a record of the time its staff spend on particular Freedom of Information case work so the information you seek is not held”. There is an equally good example of the Howard League for Penal Reform being unable to find out when and how often they are mentioned in the Ministry of Justice – the quoted refusal makes clear that finding the answer would exceed the cost limits.

It’s frustrating when an organisation doesn’t record the information that you’ve asked for, or cannot search for information in the way you expect. Dunt offers no evidence that either department is not telling the truth, although he does imply that information is deliberately not being gathered centrally or that the civil service deliberately “cripple themselves with ineffective systems” that don’t allow for the right answers to be located.

There is no question that public sector IT systems are dire, but this isn’t anything to do with FOI, and in my experience, it’s often not deliberate. Senior managers everywhere think that everything can just be solved with a new IT system – this isn’t even just a public sector problem. Moreover, Dunt’s apparent solution (bring in Google) carries more Data Protection problems that I have time for here.

Dunt’s complaint about his DWP refusal overlooks the most important point: FOI worked. As he admits, the DWP’s refusal to disclose Universal Credit information was partially overturned by the Information Commissioner, and then wholly overturned by the Tribunal. True, DWP are seeking a further appeal, but we already know their appeal about Workfare schemes failed. The Universal Credit appeal will probably go the same way. This is not a neutered Act that isn’t worth the paper it is written on – on the substantial issue, it worked. Maybe it didn’t work fast, but that’s not Dunt’s complaint. His more trivial request was refused (my guess, legitimately), but the more important decision went in favour of disclosure.

Unless we are to let FOI derail the normal course of the public sector’s business, it has to have cost limits. Perhaps Dunt thinks that 24 hours of searching time per each request isn’t enough, but how high should we go? Should the applicant get 36 hours, 72 hours? Frankly, I don’t think how many times the Howard League for Penal Reform’s name is mentioned in the MOJ is worth more than £600 of public sector time, and if that’s really what they asked, the refusal serves them right for asking that sort of question. Rule number one for any FOI applicant should be to focus, focus, focus. Avoid a request that might involve an unlimited trawl of files and inboxes. FOI favours the stiletto strike, not the blunderbuss.

Any FOI Act will be imperfect tool to get at The Truth. It’s hard for FOI to be instant. Ironically, despite the fact that it is touted as a tool for journalists, the concept of FOI is a bit hopeless for anyone seeking information for the here and now. It favours the patient investigator. Government can cite exemptions or procedural hurdles, legitimately or otherwise, and the story may retreat into the long grass. But complaining about this is like complaining about the weather. Unless you think that all public sector information should be disclosed (paging Julian Assange), regardless of the circumstances and timing, you have to accept that FOI will include exemptions. One member of the House of Lords suggesting junking all of the exemptions in favour of a universal public interest test, and I like that idea. It would still result in refusals.

FOI does face a challenge. The Information Commissioner has proved unwilling to do anything strategic in his regulation of FOI, preferring to work only the case-by-case battle against the backlog. The attitude to FOI in the DWP, the Department for Education, and the Cabinet Office is clearly hostile, as it was when Labour ran the show. Dunt reminds us of Tony Blair’s repudiation of FOI, proving that this is not about politics, it’s about Government. If there is abuse of the process, it’s because Government knows the regulator is only willing to engage in skirmishes – the ICO won’t issue enforcement notices, won’t crack down on tactics. On this, the real problem, Dunt is silent.

The worst thing about Dunt’s article is that his message to his readers and the retweeting journalists is relentlessly negative. FOI is useless, he says, not worth the paper it’s written. It has been neutered. Probably not worth bothering with, then? If that’s what he thinks, fine. Dunt should stop making FOI requests, but his defeatism must not discourage others. My message to anyone with an interest in how government works is simple: ignore Ian Dunt. Work out a good request, make it, and if you get an unreasonable no, challenge it. Use the legislation. Make it work. FOI can only be ‘cancelled’ if we let it.

Angry birds

With two blogs already published on the question of Tweeted FOIs, there is every reason not to add to the noise. Alistair (@alistair_sloan) Sloan, from a legal perspective, has argued persuasively that a Tweeted FOI request has enough of the characteristics of a FOI request to often be valid. Bilal (@FOIkid) Ghafoor, from a more instinctive position, argues strongly that a Tweeted FOI is a ‘waste of everyone’s time’. Even the most pro-FOI advocates are very much against the idea of using Twitter for FOI, with no less than Paul (@FOIMan) Gibbons commenting  that applicants ought to be “discouraged” from using Twitter. All in all, the consensus seems to be in. Go back to your quill pens and vellum, citizens, we will have none of your modern technology here.

I am the last person to claim that because the Information Commissioner’s Office have issued guidance that Tweeted FOIs are valid, public authorities should acquiesce. Some of their guidance is muddy and vague, some of it is just plain wrong (the recent rewrite of their position on Data Processors is as worthless as anything issued by Wilmslow in this decade). Any public authority that wants to blow a loud raspberry at the ICO has nothing but my encouragement – the appropriate reaction to much of what they say and do is often scepticism, if not sarcasm. Moreover, when I first heard about the ICO line on Twitter, I thought it was stupid. I tweeted them an FOI request to show them how daft it was, and they had the bad taste to answer it quickly and clearly.

But since then, I’ve changed my mind.

Years ago, the local authority planning system was a closed system. If a new development was in prospect, typewritten signs would be fixed to lampposts or telegraph poles informing locals. The planning documents were only available for inspection. Those with time on their hands would turn up to Council meetings and sit mutely while Councillors made their decisions. I’m not arguing that the planning system necessarily works any better now, but at least the documents are likely to be published on the internet. Members of the public use their smartphones to film meetings, even if the councillors don’t want them to. It’s a lot easier to know what’s going on, and to get involved. The system has been shaken up. This is what technology does. I hate to use a buzzword, but in both the new jargon and the old-fashioned dictionary senses of the word, technology has a great capacity to be disruptive.

In 2000, Parliament decided that you don’t have to cite ‘FOI’ to make a valid request. FOI isn’t specialist; it’s for everyone, not just journalists and angry middle-aged men with time on their hands. All you need is a coherent request for information, expressed in a written format. It’s true that Tweeted FOI requests don’t work like email – the request sits on a Twitter App or the internet, rather than a copy of the request being delivered to the public authority’s mail server. But who cares? The tweeted FOI request is “capable of being used for subsequent reference” because it has appeared in an electronic channel that you have opened up, and you can (almost certainly will) copy it onto your FOI system and get going.

I know quite a few people who don’t use email except at work – their personal interaction is via Twitter and Facebook. Fax is dead. I don’t know anyone who routinely sends letters except myself. I still enjoy the shock and awe that most people under 30 exhibit when I use a fountain pen in a meeting, especially when they realise that this is an artefact I bought new, rather than having scavenged it from a time capsule. If you deny people the opportunity to use the tools that they already have, and force them to use the channels you think are appropriate, proper, or serious, you’re condemning the legislation to a well-meaning, specialised ghetto.

FOI should not be open only to the cognoscenti. The applicant should not have to track down the FOI email address, find the (often buried) FOI page on the spin-strewn website. You’re there on Twitter, I can find you easily using a tool that is on my phone. Why shouldn’t I be able to use that for FOI if I can formulate a 140 character FOI request?

Would an epidemic of tweeted FOI requests be easy to deal with? No. Will it increase costs for public authorities? Perhaps. But if you want to use the inconvenient and expensive argument, then you might as well abolish the legislation altogether, because the same case could be made for FOI as a whole.

I know that many supporters of FOI believe in all that ‘sunshine is the best disinfectant’ stuff, but the jury is way, way out on that. I honestly don’t know whether I believe that FOI will ultimately improve the public sector. Much of it is fine already, and a bit of it is probably irredeemable. I believe in FOI because I think the public should have access to information, because information is power and a few votes over the electoral cycle aren’t enough. You shouldn’t be able to use FOI to browbeat and punish public servants you don’t like, but beyond that, if FOI requests are annoying and uncomfortable, they’re probably doing their job. Last year, public authorities were given the gift of Dransfield, allowing them to refuse a wide variety of FOI requests on vexatious grounds, even those that are plainly in the public interest (like Laura McInerney’s recent interrogations of the DfE). Swings, meet roundabouts.

There are many awful consequences that spin off from FOI’s existence, and I don’t doubt that tweeted FOI requests annoy FOI Officers and public sector staff more widely. And before you say it, it’s true that I write this knowing that I don’t work in the public sector, and I don’t have to deal with FOI requests at all. I just make them. Nevertheless, nobody made public bodies open their Twitter accounts. Nobody forced you to open these doors. Twitter is not just a loudhailer.