Back in early October, following the publishing of my email address without permission on a group of Wirral Councillors’ website, I decided to make enquiries and find out how many of our then 66 councillors were registered as ‘data controllers’ with the Information Commissioner’s Office.
This is a legal, statutory requirement where councillors are acting on behalf of constituents and storing their personal information electronically on home computers.
Within the ICO website, there’s a handy name checker where you can type in a name, address, etc. and discover whether an individual or company is actually registered. I did this for the Wirral 66 and discovered that…. none of them were registered.
So I gave them all fair warning, advising them that they may have been in breach of statutory law. It was possible that not all of them needed to register, but highly unlikely that all 66 didn’t.
Since then, two have sadly died, however I waited a further month, but of the remaining 64, only 2 have registered.
So I’ve now sent a second email, advising them that as a member of the public, not wanting to see constituents’ personal data being manipulated illegally, I see it as my duty to inform the ICO, who will hopefully be taking steps to put the situation right.
Here are both emails:
From: Paul C
Sent: 10 October 2012 21:38
To: ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’; ‘email@example.com’; ‘firstname.lastname@example.org’
Subject: Registering with the Information Commissioner’s Office as a data controller
After checking, I note with some concern that none of Wirral’s 66 councillors appear to be registered with the Information Commissioner’s Office as Data Controllers. This seems unusual given that a number of you are likely to have personal details e.g. residents’ names and addresses / email addresses stored on your computers at home, and are likely to have represented these residents either individually or collectively in some way, shape or form.
Here is a helpful message from Jane Corrin, the Council’s Information Manager, explaining some of the background to this issue:
Thank you for your email below.
Advice from the Office of the Information Commissioner for Local Councils is that each individual councillor needs to review and consider if they need to notify with the ICO; depending how they process Personal Data. This advice is detailed at the link below, which I trust you find useful.
A short summary is also below, which explains how some processing will be covered by the Council’s Notification and Councillors do not need to register; although circumstances may arise when Councillors must notify individually, at a cost of £35 a year.
“In determining whether they need to notify, councillors need to consider the role in which they are processing personal information. If doing so as a member of the council or as a representative of a major political party, councillors will not normally be required to notify with the ICO. However, when carrying out their role as a representative of the residents in a ward or an independent councillor who is not affiliated to any political party a councillor may need to notify.”
Simon Entwistle, Director of Operations at the ICO, said:
“Most councillors have regular access to the personal information of the residents they represent. Like all organisations who handle people’s information, it is of paramount importance that they take their responsibilities under the Data Protection Act seriously.
“We will be writing to councillors with advice on whether they need to notify with the ICO. Those who fail to notify with us when required may face enforcement action.”
Please take time to follow this link, which will enable you to very quickly and honestly assess your own position in order to determine whether any of your own activities should be registered. This may help to protect the data security and privacy of any residents whose information you may be storing:
Please note that any qualifying failure to notify with the ICO may result in a £5,000 fine, or an unlimited Crown Court fine.
More helpful information here: http://www.ico.gov.uk/~/media/documents/pressreleases/2011/councillors_dp_compliance_news_release_20110125.ashx
As a Wirral resident, given the Council’s less than adequate performance on Freedom of Information in particular, I am concerned that a degree of sloppiness may have been allowed to creep into the important areas of data protection and security. For this reason, I will be checking with the ICO in a month’s time to see what progress has been made,
12th November 2012
I’ve re-checked with the Information Commissioner’s Office and it appears that despite the email I sent to you all a month ago (below), only one of you appears to have decided to ‘go legal’ and register with the ICO as a data controller.
Individually, there may be perfectly valid reasons for this, but 63 councillors lawfully not registered seems highly unlikely, given that many of you deal on a day to day basis with constituents’ personal data and information – and may have that personal data and information stored on your home computers for the purposes of e.g. carrying out casework on behalf of individual constituents.
I’ll now take this on to the next stage and report the situation to the ICO, who I’m sure will be grateful to receive the heads up. Given the background on Wirral of years of disabled abuse; disability discrimination; impropriety; hideously misconceived legal crusades; failed standards complaints; blaming the public for the Council’s own inadequacies in data and information management; suspensions, followed by vindication; pay offs; gags; nobody made accountable, and layer upon layer of cover up, they may not be surprised. But there’s one thing for sure….
I’ll be surprised if the ICO agree with Councillor Crabtree’s sentiments, and declare it…… quote… ‘a load of tosh’,
ps. Please accept my apology here and now if you have registered and the ICO has not yet updated its records to reflect this
I attached a read receipt to these messages and a number of councillors sent the receipt back “not read” i.e. the message itself was deleted without being read.
Since this email was sent, one further councillor has registered with the ICO.
I’ve now sent an email to the ICO, with a list of the 62 councillors not registered, asking them to advise:
18th November 2012
Dear ICO Notification Department,
I have sent the attached emails to all Wirral Councillors regarding non-notification as data controllers with the ICO. Wirral currently has an LGA “Improvement Board” in place following a number of serious scandals which were played out over a number of years. The council has also had a loose grasp on the importance of Freedom of Information and has been subject to the ICO’s ‘special measures’ following poor performance. My own experiences are not good and I have placed requests which have taken over a year to address.
When I sent the 1st email in early October, there were 66 councillors in total, none of whom were registered. Since then, two councillors have sadly died. I sent the 2nd email a month later after allowing them ample time to take action (if they felt it was necessary), however only two are now registered, making 2 from a total of 64. It seems likely to me that many of them will be active in representing constituents, will possess personal details in electronic format, will potentially be in breach of the Data Protection Act and are required to register.
I have checked against your own website records and I am therefore notifying you of the failure of the following 62 councillors to comply and to register:
- Ron Abbey
- Chris Blakeley
- Eddie Boult
- Alan Brighouse
- Wendy Clements
- Tony Cox
- Jim Crabtree
- George Davies
- Phil (shameless, unapologetic, inveterate liar (see here, here, here, here, here, and here) Davies
- Bill Davies
- Darren Dodd
- Paul Doughty
- David Elderton
- Gerry Ellis
- Steve Foulkes
- Leah Fraser
- Phil Gilchrist
- Patricia Glasman
- Jeff Green
- Robert Gregson
- Pat Hackett
- John Hale
- Tom Harney
- Paul Hayes
- Sylvia Hodrien
- Andrew Hodson
- Mike Hornby
- Mark Johnston
- Adrian Jones
- Chris Jones
- Stuart Kelly
- Brian Kenny
- Anita Leech
- Don McCubbin
- Ann McLachlan
- Moira McLaughlin
- Chris Meaden
- Dave Mitchell
- Bernie Mooney
- Simon Mountney
- Christina Muspratt
- Steve Niblock
- Tony Norbury
- Cherry Povall
- Denise Realey
- Lesley Rennie
- Denise Roberts
- Les Rowlands
- John Salter
- Harry Smith
- Tony Smith
- Walter Smith
- Jean Stapleton
- Adam Sykes
- Joe Walsh
- Geoffrey Watt
- Stuart Whittingham
- Irene Williams
- Jerry Williams
- Pat Williams
- Steve Williams
- Janette Williamson
The two now registered councillors are Peter Kearney and Michael Sullivan. Party leaders are Phil Davies, Jeff Green and Tom Harney.
I would appreciate it very much if you could acknowledge receipt of this email, advise me what’s now required and advise me what action you will be taking,
21st November 2012
No response in from the ICO yet.
26th November 2012
Still no response in from the ICO.
28th November 2012
Just spoke to a very helpful person from the ICO’s ‘Non-Compliance’ Department, who assured me that Wirral Council’s leader, Phil Davies, has been in touch and that hopefully soon, a cheque will be on the way to pay for all non-compliant councillors.
I should add that this cheque will cover 62 people, and they will not be paying out of their own pockets. Despite his obvious and grudging disapproval, this will include and benefit Councillor Jim Crabtree, who told me in an email it was “…a load of tosh“.
The Wirral public will be digging deep (£2,170) to cover not just themselves, but any errant councillor playing fast and loose with their sensitive personal information.
Watch here for further information and correspondence.
UPDATE 21st January 2013
Email in from a lead case officer at the ICO:
—– Forwarded message —–
From: [Lead Case Officer’s email address redacted]
To: Paul Cardin
Subject: Non-registration of 62 Wirral Councillors – FAO [Lead Case Officer’s name redacted]
Date: Mon, Jan 21, 2013 16:28
Dear Mr Cardin,
My apologies for not being able to reply sooner, I have been on leave and today is my first day back in the Office since Christmas.
I have been in communications with the Legal Services team at Wirral Council since you raised the matter of their councillors being un-registered.
On the 21 December 2012 we received 62 application forms for the individual councillors together with 1 cheque from the council to cover the 62 lots of £35 registration fees. I have no idea if the council will be re-imbursed by the individual councillors or whether the council is in fact paying for the registrations of their councillors.
If I remember rightly, a set of application forms was posted out in the name of Phil Davies and the legal services team then used that application form for the template for the rest of the councillors, obviously changing the data controller name each time to that of the respective councillor and a different registration number was created by us for each councillor when the forms were processed.
The forms were processed by our Notification Department on the 24th December 2012 and all of the councillors are registered at the same address (the Wirral Borough Council Offices address) so if you are wanting to do a search of the councillors registrations if you go onto our website and onto the public register page and put in the post code CH44 8ED then you should be able to see the list of the councillors that are now registered.
There was a covering letter with the application forms as I think they are waiting on 1 more application form but I think that is because of an upcoming election for a vacant seat? Perhaps I have got that wrong but I do recall there being a valid reason for the omission.
Hope this helps, like I say I am only just getting back into the swing of things and some of my recollections are a bit vague!!
[Lead Case Officer’s name redacted]
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
T. [redacted] F. [redacted] www.ico.gov.uk
From: Paul C
Sent: 18 January 2013 09:26
Subject: FW: Non-registration of 62 Wirral Councillors – FAO [Lead Case Officer’s name redacted]
FAO [Lead Case Officer’s name redacted]
Dear [Lead Case Officer’s name redacted]
Please forward copies of the information we discussed last year: documentation to show that Councillor Phil Davies placed a ‘bulk order’ for 60+ Wirral Councillors’ data controller registrations.
I realise that you are currently on leave, but would be grateful if you could act on this request shortly after returning.
I hope you had a good break,
The officer hasn’t forwarded what I asked for yet – copies of documentation in the form of correspondence / a ‘bulk order’ for 60+ councillors, but I’ll be chasing him up on it. Hopefully I won’t have to place an FoI request…. and wait.
UPDATE 2nd February 2013
I’ve had to place an FoI request… and wait. Here’s the ICO acknowledgment:
25 January 2013
Case Reference Number IRQ0482572
Dear Mr Cardin
Request for Information
Thank you for your correspondence which we received on 18 January 2013, in which you have made a request for information held by the Information Commissioner’s Office (ICO). Your request has been passed to the Information Governance Department to deal with.
You have asked us to provide you with “copies of all the documentation” in respect of what you describe as a “‘bulk order’ for 60+ Wirral Councillors’ data controller registrations”.
Your request is being dealt with in accordance with the Freedom of Information Act 2000. We will respond promptly, and no later than 15 February which is 20 working days from the day after we received your request.
Should you wish to reply to this email, please be careful not to amend the information in the ‘subject’ field. This will ensure that the information is added directly to your case. However, please be aware that this is an automated process; the information will not be read by a member of our staff until your case is allocated to a request handler.
[name redacted] Lead Information Governance Officer
UPDATE 13th February 2013
Today, I had a response to the FoI request I’d lodged with the ICO recently. Some of the information that came in is laid out below, in the form of an invoice (where names and sensitive information such as signatures have been redacted or blacked out).
The bulk of the information is there and we can see that yes, someone decided to use council taxpayers’ money to bail out the unregistered 62 members. Now call me out of touch or unsympathetic, but I don’t think £35 per councillor, per annum is likely to make a huge dent in these people’s wallets and purses. They do volunteer to stand and they do put absolutely everything into getting elected after all. In fact we’ve all seen them looking crestfallen when they’re beaten.
I doubt that having to ‘dig deep’ and fork out 10 pence a day to the Information Commissioner to stay on the right side of the law would be a deterrent to the “best people” – in fact as we all know, on Wirral we don’t boast the best people, and never have. It’s almost traditional…. and we need to ask “Why?”
I feel these people, and in fact the whole rotten system, is stuck in the past. It protects its own and always has done. A freeloader wouldn’t want or expect to pay. A freeloader would be there to enjoy the trappings of office.
ALL of these members never paid, and were breaking statutory law – for many years. Not until I came along and gave them a shove in the right direction did their leader cough up with our money. (Yes, I know – it’s all my fault. Haha. But think about it. I may have saved us the Wirral public from coughing up £300,000 in fines for 62 x breaches of the Data Protection Act – which equates to £5,000 per councillor…..
…..or put a nought on the end. £3 million or more if it went to Crown Court.)
That’s your local Wirral Council for you – they like to play fast and loose.
An honest candidate, once elected, with a conscience, a sense of public duty, and their heart and their values in the right place would not complain – and would pay for them damn selves.
Here’s the invoice and associated material. Sources at the ICO told me in a phone conversation some time ago it was Councillor Phil Davies who originated the order, so I’ll assume it was he who made the decision to fire off a cheque made out in public money, covering the 62 councillors who up until this point were in breach of the law of the land:
Dear Paul who do these councilors think they are? are they immune from the law I don’t think so, no doubt the ICO will put firm ground under their feet & they will comply sadly the bill of £2240.00 will be picked up by the poor ratepayers as I cannot see them forking out of their own pockets.
I spent a happy couple of hours yesterday trawling through the whole of your history with wirral & chester councils & I now see why you fight against councils who think they are above the law & thank goodness for people like you trying to get the truth into the public domain keep it up & I will follow you crusade with interest Cheers for now john hardaker
Thanks for the feedback John. It keeps me going. I’ve had no response as yet from the ICO, but it’s early days. I’m hopeful that they’ll come down on the side of the public interest here.
If my email address can be put up for the world to see by a Seacombe councillor, playing fast and loose with people’s privacy, then it’s possible that they could be just as reckless with constituents’ private and personal information.
Any councillor reading this should put 2 and 2 together and realise that if if he / she registers, they’ll be looked upon more favourably if there is a data breach discovered by the ICO.
Whereas if they’re not registered, then they could be held up as an example, with a £5,000 fine to follow ~ paid for by the councillor – not us. (edited to add: …not us, I hope.)
The registration point did come up in a court case I was involved with in the Birkenhead County Court earlier this year. Basically (although the issue of registration wasn’t the primary focus of the case) what was discussed was where a councillor is acting in his function as a party political officer that the duty to register with ICO lies with that body (in this case an unincorporated association which was part of a political party).
The body sued was the unincorporated association made up of that political party’s members in a particular constituency. This unincorporated association wasn’t registered with ICO, but the political party it was part of was.
I would suspect that most councillors view either Wirral Council’s registration or their political party’s registration as sufficient to cover the activities described and more detail is set out on ICO’s website http://www.ico.gov.uk/~/media/documents/pressreleases/2011/councillors_dp_compliance_news_release_20110125.ashx .
Thanks John. That link appears in the main text but all extra info on the subject is appreciated.
Pingback: Fine words – where Wirral Council’s concerned, they’re always a hostage to fortune « Wirral In It Together
Pingback: Fine words – but where Wirral Council’s concerned, they’re always a hostage to fortune | Wirral In It Together
Pingback: Red tape – 2040 information law blog
Pingback: “What a load of tosh” ~ Wirral Council’s monitoring officer responds to an email sent to the CEO | Wirral In It Together
Good to know its saved us money if our very reliable councillors ever lost any of our data. Shame they haven’t paid it themselves and once again we have to foot the bill.
Pingback: Angela Eagle supporters have been discovered telling lies about Wallasey CLP Vice Chair Paul Davies | Wirral In It Together
Pingback: Former Wirral Councillor Jim Crabtree – up in court today | Wirral In It Together
Pingback: Two lovely policewomen knocked on our door today. Wirral Labour Councillor Adrian Jones had accused us of ‘harassment’ | Wirral In It Together
Pingback: Today a few years back, we put Data professional Tim Turner straight 😁 | Wirral In It Together
Reblogged this on Wirral In It Together and commented:
An old favourite.