Privacy and public accountability may seem mutually exclusive
but social care professionals must learn quickly how to straddle
the divide. The Freedom of Information Act 2000 is now with us and
queries from the public can no longer be refused simply by
muttering something about data protection, client confidentiality
or commercial confidence.
Although social services departments are used to receiving
requests for information from the public or those involved in care
cases, other organisations may find the transition more difficult.
The act affects more than 100,000 public bodies, including local
authorities, schools, the Prison Service and Youth Justice Board,
as well as voluntary and private sector organisations.
“This is something that everyone knew was coming, but its true
impact was not recognised until it came into force,” says a
spokesperson for Voice of the Child in Care. The voluntary group
plans to use the act to access information that will help its work
as an advocate for children. For example, it could ask a council
for its criteria for taking a child into care if the child
disagreed with the decision.
Information can now only be refused if it meets an exemption
outlined in law. Admittedly, there are many exemptions to choose
from, 23 in all. Plus requests can also be refused on two other
counts: if they are vexatious, in that the request has been
answered but the individual keeps asking the same thing; or if
providing the answer would cost central government more than
£600 and other public bodies more than £450. Exemptions
are discretionary. If they are applied, the majority have a public
interest test, which means information must be disclosed if it is
in the public interest.
All that a member of the public need do is submit their request
in writing. The public authority has 20 working days to respond,
though some extensions are allowed.
If the information is refused, an appeal can be made to the body
concerned. If this is rejected the next ports of call are the
information commissioner, followed by the information tribunal and
finally to the High Court on a point of law. A public body’s
failure to abide by a ruling to disclose could mean a charge of
contempt of court and the prospect of jail or a fine.
With such an emphasis on disclosure, how will those in social
care continue to meet their strict obligations to protect the
confidentiality of their clients? The main exemption that applies
to the information held by social care workers is section 40 that
appears to exempt all “personal information”. But it’s not as easy
as that. A person’s right to information about himself continues to
be governed by the Data Protection Act 1998 but with new rights
that extend access in public authorities to all unstructured files
along with files indexed and arranged, known as structured files.
This means notes on a client held on scraps of paper may be up for
However, the right to information about oneself is not absolute.
Access may be denied, or limited if the person in charge of the
data determines that it would cause serious harm to the physical or
mental health or condition of the subject. Many service user groups
dislike this system because it means the decision depends on one
person’s subjective interpretation. They hope the information
commissioner may act as an independent adjudicator to ensure that
this exemption is not used by the data controller to hide mistakes.
Additionally, it is legitimate for people to be given their records
thinking they are complete, but unbeknown to them the data
controller has deleted sections believing they are harmful.
If the information is about a third party, the act covers it,
but its release will be governed by the data protection principles
already enshrined in law.
A request might come into a social services department asking
for the number of social workers and their case load for each of
the previous 10 years. Someone else may want to know how many
complaints the department receives and how many social workers are
disciplined for misconduct.
If your department is small, then even answering an innocuous
request will identify your social workers. But this alone is not
grounds for refusal. The public has an interest in knowing the
names and job descriptions of public officials who are working on
their behalf. They also have an interest in knowing how well public
employees are doing their jobs.
The line between privacy and openness is a bit murky here. The
key factor in deciding what to release and what to withhold is what
is reasonably considered private. The concept of privacy is itself
ambiguous: an “I know it when I see it” kind of thing that is
almost impossible to pin down.
The information commissioner’s guidance states: “It is often
believed that the Data Protection Act prevents the disclosure of
any personal data without the consent of the person concerned. This
is not true. The purpose of the Data Protection Act is to protect
the private lives of individuals. Where information requested is
about people acting in a work or official capacity then it will
normally be right to disclose.”
Ask yourself: does the information sought relate to a person’s
public or private life? If it is about someone acting in an
official or work capacity it should normally be provided on request
unless there is a risk to the individual concerned.
The guidance document warns against using the data protection
exemption “as a means of sparing officials embarrassment over poor
Several cases in 2003 highlighted the risks of grasping the Data
Protection Act exemption too quickly. Police in Humberside claimed
that they had deleted details of allegations against Ian Huntley,
who went on to murder two schoolgirls, in order to comply with the
act. British Gas believed that the act prevented the company
notifying social services when it cut off the gas service to an
elderly couple, both of whom subsequently died (one of
The ambiguity of data protection legislation is the main reason
for the confusion. The European ombudsman warned in 2002 that EU
data protection rules (on which UK legislation is based) were
“being used to undermine the principle of openness”.
All those answering requests must find a balance between the
legitimate need of privacy and the importance of openness. It will
take test cases to establish precedents about what is and isn’t
disclosable information. But an over-reliance on secrecy and the
Data Protection Act will undermine public confidence in services
that are meant to serve the people. And if people are expected to
make informed choices about their health, their care and their
lives bold decisions must be made to give the public the
information they need.
Heather Brooke is the author of Your Right to Know: A Guide to
the Freedom of Information Act and Other Access Laws. Pluto Press.
Go to www.yrtk.org