Full marks to this FoI requester – for using WhatDoTheyKnow to take a thorny issue to the heart of the ICO – the UK regulating body, overseeing information and data. On the surface, this request may seem cheeky / provocative / frivolous, but far from it…. the Information Commissioner, whilst stating last year that public bodies would most likely be in breach of the Act, should an FoI request be made by a ‘banned’ ex-employee, has recently admitted that it has no power to prevent public bodies opting out of their obligations under the FOI Act by including gagging clauses in compromise agreements. So questions like this should be expected. But just LOOK at the standard of response it received.
The request goes as follows:
Dear Information Commissioner’s Office,
How many compromise agreements, or similar settlements for people
who have resigned from the Information Commissioner’s Office have
been signed in each of the past ten years, including this one?
For any agreement signed, did it include any provision for the
individual to agree not to make FOI and DP requests, or to
correspond with the ICO?
How many allegations of unfair dismissal have been made against the
ICO in each of the past ten years, including this one?
The ICO response came within the required 20 working days (you’d hope so given this is the regulator) – but despite this, it can only be described as “sloppy”. They’re at pains to say there’s a whole lot of ‘considering’ going on, but there’s very little of the much-trumpeted and much-hoped-for ‘openness and transparency’:
The number of compromise agreements and allegations of unfair dismissal
broken down in to each year is exempt under Section 40(2) by virtue of
Section 40(3)(a)(i) of the Freedom of Information Act 2000. This section
of the Act allows a public authority, such as the ICO, to withhold
information in response to a request under FOIA when the information being
requested is the personal data relating to someone other than the
requester and where its disclosure would contravene one of the Data
We consider that because of the small number of compromise agreements and
allegations of unfair dismissal in each year it would be possible to
identify the person or ex employee of the Commissioner. Therefore, this
would be the personal data of each of those individuals. In these
circumstances there would be no reasonable expectation of those
individuals that these details would be made public and released in
response to such a request, and in some cases a further degree of
confidentiality was provided. To release this personal data broken down
into years would therefore be unfair and in breach of the first data
protection principle which states that – Personal data shall be processed
fairly and lawfully…
I can however confirm that in the last ten years there have been nine
compromise agreements or other settlements and two allegations of unfair
We also consider that the details of, or provisions within, those
individual agreements is exempt information under Section 40(2) of FOIA
for the reasons detailed above.
I hope this information is of some interest and assistance.
OK, the unwillingness to risk identifying recipients of compromise agreements due to the small numbers involved sounds reasonable on the surface, but eagle-eyed readers will have spotted pretty much immediately that the ICO, the regulator of all things data and information has failed to respond to the WHOLE question.
Here was a pretty unambiguous request for details of FOI / DP related “provisions” (gagging clauses aimed at preventing the recipients of compromise agreements exercising their statutory information and data querying rights) which the requester made reference to in his initial query – “did it include any provision for the individual to agree not to make FOI and DP requests, or to correspond with the ICO?”
As is his right, the requester then came back with a request for an internal review to be undertaken by a senior officer:
I would like to request an internal review on the following basis.
I do not believe that it would be possible for an individual to be
identified purely because you confirmed that, for example, “there
was one compromise agreement signed in 2006″.
I would also like a review on the issue of whether any agreement
include provision not to make FOI / DP requests. Given that the
Information Commissioner is the FOI / DP regulator, I believe that
anyone signing such an agreement would have a reasonable
expectation that this information might be made public. However, I
also do not believe that it is possible to maintain your position
that the information is not disclosable in the format you used to
respond. In confirming that there have been nine agreements or
other settlements, I do not believe that there would be any
possibility of identification if you confirmed that any or all of
the agreements included a provision not to make FOI or DP requests.
Spot on. The justification given for not releasing the numbers of compromise agreements was NOT explained very well and the reasons given were sparse. It’s not surprising that the requester wasn’t happy. As for the FoI / DP gagging clauses, I’m more inclined to believe the regulator either missed the point or deliberately didn’t address it, rather than failed to mention it because it could have identified individuals.
Eventually, on 23rd November, what can only be described as a ‘partial climb-down’ came through the ether:
Case Reference Number IRQ 0421243
I refer to your email of 3 November 2011 asking for an internal review of our decision on your FOI request to us of 19 October 2011. I have now had an opportunity to discuss the basis for our original decision with my colleague Charlotte Powell and to carry out the review you have requested. We now believe that there is some additional information that we can provide you with.
So far as compromise agreements or similar settlements are concerned the main difficulty for us is in identifying those years in which there were no such agreements. This would disclose personal data about all those who left the ICO’s employment during the year in question, by telling you, with absolute certainty, that more of them benefited from a compromise agreement or similar settlement. However, provided that we do not distinguish between those years in which there were no agreements and those years in which there was only one, we consider that we can disclose the information requested without breaching the Data Protection Act.
We are therefore able to disclose the following to you:
YEAR No. OF COMPROMISE AGREEMENTS OR OTHER SETTLEMENTS UNFAIR DISMISSAL CLAIMS 2011/1210/11
So far as the question of whether any agreement includes provision not to make DP/FOI requests is concerned a similar consideration applies. If we were to openly disclose that none of the agreements contains such a provision this would tell anyone who might already know that a particular person has benefited from such an agreement something about that agreement and hence disclose personal data about that person. However, on reflection we do not consider that, in this case, there could be any meaningful breach of the Data Protection Act given that it is so improbable that we, as the information rights regulator, would ask someone to agree to a term signing away the very rights we are seeking to uphold. Indeed it is a little disappointing that you feel the need to even ask this question of us. However I can confirm that no such term has been, nor would be, included in any compromise agreement or other settlement between a former member of staff and the ICO.
I hope this provides you with the information you are seeking. If you remain dissatisfied you have the right, under section 50 of FOIA to apply to the Information Commissioner for a decision as to whether your request has been dealt with in accordance with the Act. If you make such an application it will be considered independently of your original request and this review.
When you consider this response came from the Deputy Commissioner himself, it’s pretty startling to read “……. Indeed it is a little disappointing that you feel the need to even ask this question of us.”
It’s worrying to think that the Deputy Commissioner is on the defensive, acting all affronted and has to be dragged protesting over the need to address probing questions, especially given that his own organisation now appears to have been sidelined by clever lawyers in this area. A number of ‘publicly accountable’ organisations are pouring council tax or central government money hand over fist into insidious devices aimed at blocking the free flow of information; or actively circumventing their own stated obligations as public data controllers under both Acts.
But why would they seek to do this? Because when they’re caught red-handed breaking the law or up to their collective necks in deceit, or immoral behaviour, the last thing they want is somebody they regard as a ‘troublemaker’ using the statutory provisions within the FoI or DP Acts to expose their deplorable conduct.
So, riding in on a white charger come compromise agreements (see Glenn Mulcaire and #Leveson) – a legal option available to them, backed by the Law Society, the Local Government Association, by unions and by central government. These agreements (and the gagging clauses within them) are a cornerstone of reputation management, which sweeps (and conceals) all before it.