Cry Freedom

    Privacy and public accountability may seem mutually exclusive
    but social care professionals must learn quickly how to straddle
    the divide. The Freedom of Information Act 2000 is now with us and
    queries from the public can no longer be refused simply by
    muttering something about data protection, client confidentiality
    or commercial confidence.

    Although social services departments are used to receiving
    requests for information from the public or those involved in care
    cases, other organisations may find the transition more difficult.
    The act affects more than 100,000 public bodies, including local
    authorities, schools, the Prison Service and Youth Justice Board,
    as well as voluntary and private sector organisations.

    “This is something that everyone knew was coming, but its true
    impact was not recognised until it came into force,” says a
    spokesperson for Voice of the Child in Care. The voluntary group
    plans to use the act to access information that will help its work
    as an advocate for children. For example, it could ask a council
    for its criteria for taking a child into care if the child
    disagreed with the decision.

    Information can now only be refused if it meets an exemption
    outlined in law. Admittedly, there are many exemptions to choose
    from, 23 in all. Plus requests can also be refused on two other
    counts: if they are vexatious, in that the request has been
    answered but the individual keeps asking the same thing; or if
    providing the answer would cost central government more than
    £600 and other public bodies more than £450. Exemptions
    are discretionary. If they are applied, the majority have a public
    interest test, which means information must be disclosed if it is
    in the public interest.

    All that a member of the public need do is submit their request
    in writing. The public authority has 20 working days to respond,
    though some extensions are allowed.

    If the information is refused, an appeal can be made to the body
    concerned. If this is rejected the next ports of call are the
    information commissioner, followed by the information tribunal and
    finally to the High Court on a point of law. A public body’s
    failure to abide by a ruling to disclose could mean a charge of
    contempt of court  and the prospect of jail or a fine.

    With such an emphasis on disclosure, how will those in social
    care continue to meet their strict obligations to protect the
    confidentiality of their clients? The main exemption that applies
    to the information held by social care workers is section 40 that
    appears to exempt all “personal information”. But it’s not as easy
    as that. A person’s right to information about himself continues to
    be governed by the Data Protection Act 1998 but with new rights
    that extend access in public authorities to all unstructured files
    along with files indexed and arranged, known as structured files.
    This means notes on a client held on scraps of paper may be up for
    grabs.

    However, the right to information about oneself is not absolute.
    Access may be denied, or limited if the person in charge of the
    data determines that it would cause serious harm to the physical or
    mental health or condition of the subject. Many service user groups
    dislike this system because it means the decision depends on one
    person’s subjective interpretation. They hope the information
    commissioner may act as an independent adjudicator to ensure that
    this exemption is not used by the data controller to hide mistakes.
    Additionally, it is legitimate for people to be given their records
    thinking they are complete, but unbeknown to them the data
    controller has deleted sections believing they are harmful.

    If the information is about a third party, the act covers it,
    but its release will be governed by the data protection principles
    already enshrined in law.

    A request might come into a social services department asking
    for the number of social workers and their case load for each of
    the previous 10 years. Someone else may want to know how many
    complaints the department receives and how many social workers are
    disciplined for misconduct.

    If your department is small, then even answering an innocuous
    request will identify your social workers. But this alone is not
    grounds for refusal. The public has an interest in knowing the
    names and job descriptions of public officials who are working on
    their behalf. They also have an interest in knowing how well public
    employees are doing their jobs.

    The line between privacy and openness is a bit murky here. The
    key factor in deciding what to release and what to withhold is what
    is reasonably considered private. The concept of privacy is itself
    ambiguous: an “I know it when I see it” kind of thing that is
    almost impossible to pin down.

    The information commissioner’s guidance states: “It is often
    believed that the Data Protection Act prevents the disclosure of
    any personal data without the consent of the person concerned. This
    is not true. The purpose of the Data Protection Act is to protect
    the private lives of individuals. Where information requested is
    about people acting in a work or official capacity then it will
    normally be right to disclose.”

    Ask yourself: does the information sought relate to a person’s
    public or private life? If it is about someone acting in an
    official or work capacity it should normally be provided on request
    unless there is a risk to the individual concerned.

    The guidance document warns against using the data protection
    exemption “as a means of sparing officials embarrassment over poor
    administrative decisions”.

    Several cases in 2003 highlighted the risks of grasping the Data
    Protection Act exemption too quickly. Police in Humberside claimed
    that they had deleted details of allegations against Ian Huntley,
    who went on to murder two schoolgirls, in order to comply with the
    act. British Gas believed that the act prevented the company
    notifying social services when it cut off the gas service to an
    elderly couple, both of whom subsequently died (one of
    hypothermia).

    The ambiguity of data protection legislation is the main reason
    for the confusion. The European ombudsman warned in 2002 that EU
    data protection rules (on which UK legislation is based) were
    “being used to undermine the principle of openness”.

    All those answering requests must find a balance between the
    legitimate need of privacy and the importance of openness. It will
    take test cases to establish precedents about what is and isn’t
    disclosable information. But an over-reliance on secrecy and the
    Data Protection Act will undermine public confidence in services
    that are meant to serve the people. And if people are expected to
    make informed choices about their health, their care and their
    lives bold decisions must be made to give the public the
    information they need.

    Heather Brooke is the author of Your Right to Know: A Guide to
    the Freedom of Information Act and Other Access Laws. Pluto Press.
    Go to www.yrtk.org

     

    More from Community Care

    Comments are closed.