May 7, 2002

Dear Jean,

I am writing to comment on the above timetable, which has been circulated to members of the Advisory Group on Implementation of the FOI Act.

In general, the timetable for implementing these secondary measures seems reasonable, but there are two specific areas where we believe implementation should be accelerated.

Deliberate destruction of a requested record

Section 77 of the FOI Act provides that anyone who deliberately destroys or alters a record to prevent the applicant obtaining it under either the Data Protection Act or the FOI Act commits an offence. Under the draft timetable, this provision would not come into force until January 2005. The document acknowledges that this could be brought into force earlier, to prevent the destruction of records applied for under the DPA, but says it "makes more sense" to delay implementation until the FOI Act's commencement. We disagree.

There is no justification for allowing public authorities to deliberately destroy a record for the deliberate purpose of cheating an applicant out of his or her DPA right of access. Now that the power to make this an offence exists, it should be implemented promptly.

The DPA already allows data controllers to amend or delete a record before giving access if they intended to do so before receiving the request. The destruction of records in other circumstances - particularly to subvert a legal right of access - should be intolerable.

The case for commencing this offence promptly is all the more compelling in light of the Performance Innovation Unit's report on data sharing. One of the report's main themes is the need to build public trust in authorities' handling of personal data: indeed the report mentions the word "trust" more than 70 times.

It notes that "there is declining public trust in some public sector organisations and in the way that they handle personal information...". It acknowledges that there is confusion about the legal situation which is "exacerbated by a lack of clear and consistent safeguards, without which public trust in better data use is undermined" and concludes that "if the public does not trust the way that the public sector handles personal information, then it will not be possible to achieve the potential benefits for individuals and for society from better use of that informationÉthis would put at risk the potential gains for the public from the move to the electronic delivery of public services".1

Nothing would do more to undermine public trust in authorities' handling of their data than the recognition that they can destroy records with impunity purely to frustrate the citizen's right of access. Now that the power to deter such behaviour is available there is no excuse for delaying its implementation.

Repeal of statutory bars

The document contains a timetable for identifying statutory restrictions that are to be removed but no timetable for their actual repeal or amendment under section 75. Given that the review of these provisions has now been underway for over four years, we are pleased to see (from a recent Parliamentary Answer) that some progress in identifying measures for repeal has now been made.2 The repeals themselves should not be delayed any further and certainly should not await the January 2005 deadline.

Statutory bars, such as section 28 of the Health and Safety at Work Act, currently prevent the release of information under the open government code, or as a discretionary measure, and their relaxation should lead to greater openness prior to the commencement of the FOI access right.

Yours sincerely,

Maurice Frankel
Director