Earlier this year the Information Commissioner’s Office issued an Enforcement Notice – the fourth to ever be issued – for failure to respond to Freedom of Information requests in a timely matter.
The Enforcement Notice was issued to the Department of Finance and Personnel Northern Ireland in May this year
When it issued the Enforcement Notice to the Northern Irish department the ICO noted meetings were had an letters were exchanged between the two bodies. These were requested under FOI and have now been released.
The documents show that the number of outstanding requests within the Private Office dropped from 72 to 100, over the period of a few months. However, the ICO noted that 10 of the outstanding requests were more than 6 months old and decided to issue enforcement action. None of the outstanding requests had received Section 50 complaints, for not being responded to.
Gerrard Tracey, the ICO’s Principal Adviser was corresponding with the Department but Information Commissioner Christopher Graham went to the meetings with in Northern Ireland.
“The number and age of the 10 outstanding requests undermine DFP’s performance, and I am disappointed that, despite the ICO’s intervention, they remain unanswered,” the enforcement documents state.
“As things stand I have no option other than to give notice of our intention to issue the Department of Finance and Personnel Northern Ireland with an Enforcement Notice, served under section 52(1) of the Act.”
The documents provide a view into the approach of ICO when it comes to regulatory action.These include the ICO’s ‘rules of thumb’ for when it monitors public authorities.
A telling sign is that under the ‘regulatory action’ section of the regulator’s own policy it lists forms of non-regulatory action: ‘negotiation’.
Included in the “initial drivers” for regulatory action is the number of complaints about an authority, concerns raised by Parliament or the Information Tribunals, and also “issues that come to our attention via the media, the web and social media such as information rights blogs”.
Regulatory action may occur, according to the guidance, when there is:
- Repeated or serious failure to respond to requests within the appropriate timescales, particularly if a period of monitoring fails to encourage an improvement.
- Repeated or serious failure to complete internal reviews within the appropriate timescales, particularly if a period of monitoring fails to encourage an improvement.
- Failure to adopt an approved publication scheme.
- Failure to publish in accordance with an approved publication scheme.
- Failure to have a records management policy in place or to operate in accordance with that policy.
- An obvious disregard for the access provisions FOIA and EIR seek to promote.
- An obvious lack of understanding about the requirements of FOIA and EIR, particularly when the ICO’s attempts to provide advice and support have been ignored.
- A repeated failure to produce refusal notices which comply with the requirements of the legislation.
Also included are the ICO’s monitoring forms, which it issues to a public authority when it requires it to keep the regulator up to date with its performance in answering requests.
Minutes from the following meeting:
On 31 October 2014 the Commissioner met with the Northern Ireland Permanent Secretaries Group.
The letter described here:
On 10 March 2015 the Commissioner wrote to the DFP noting that whilst some improvements in performance had been made, 11 requests remained outstanding, 8 of which were over six months old.
And, also the following letter:
The Commissioner wrote to the DFP on 11 May 2015 notifying it of his intention to issue an Enforcement Notice under section 52(1) of FOIA.”
The ICO’s response was as such:
I will start by explaining that the 31 October 2014 meeting attended by the Information Commissioner was a Permanent Secretary Group meeting. The minutes of this meeting are publically available online and the ICO does not hold any separate minutes of this meeting. (Part 7)
They included the following documents, which comprise of the letters and the ICO’s enforcement policy: