Data Protection and Freedom of Information Update - September 2011

Big players' focus on privacy.

The ICO has released details of their audit of Google Inc, which took place in July of this year at the company's London office.

The audit follows Google's undertaking to the ICO to operate with greater transparency and allow a consensual audit of their personal data processes. This formed part of the November 2010 agreement made by Google after admitting that they had inadvertently collected data from unprotected Wi-fi networks whilst mapping Google Street View.

The Commission gave an overall assessment of "Reasonable Assurance", ranking 3 out of 4 possible findings given by the Commission which tops the board at "High Assurance".

A summary of their overall findings identified the following good practice areas:

• Praise for their internal privacy structure, which is supported by focused teams and cross-department internal reviews;
• The enhancement of scenario based training for new and existing employees identifying privacy issues;
• Mandatory training for all staff on the objectives and obligations under the Google Code of Conduct;
• Advanced training for staff at engineer level; and
• The development of a project based in-house reporting mechanism setting out all data collection.

However, the Commission also identified areas where improvement could still be made, largely identifying a need to provide a consistent approach in their training methods and internal audit processes, together with product development processes.

Google responded to the Commission findings positively whilst pointing out that internal processes should never compromise innovation and creativity, which is crucial as they continue to compete in a fiercely competitive market.

Meanwhile, it has also been widely reported in the technology press that once again Facebook have amended their privacy settings, which control how users share information or, more simply, "who can see what".

Changes have included greater tag controls allowing you to review tags before they are shown, which allows users to confirm or remove their identity before appearing on their page. Users will also have greater control over who sees items posted online by new settings incorporated into the user's profile page.

Facebook announced the changes, saying that it had responded to user requests for greater security especially in relation to tagging. Critics note that awareness amongst users of security features remain disappointingly low, and that there was a real need to change user behaviour. Concerns remain on the prevalence of cyber-bullying and regular bloggers highlight the need for users to keep themselves and other users safe.

Case Ref: FS50373233
Public Authority: Department for Work and Pensions
Summary: A complainant asked for all opinion, information and/or documents relating to a Employment Act tribunal decision made in 2010. The information was refused by the DWP on the grounds that the information was afforded protection by way of legal professional privilege. The Commission upheld this finding, stating that the public interest in maintaining the exemption outweighed the public interest in disclosure.
Section of Act/EIR & Finding: FOI 42 - Complaint Not upheld.

Case Ref: FS50382825
Public Authority: Denbighshire County Council
Summary: The complainant requested information about the North Hoyle Offshore Wind Farm Community Benefit Fund. The public authority repeatedly maintained that they did not hold the information requested by the complainant. The Commissioner considered on balance of probabilities that the public authority did not hold the requested information.
Section of Act/EIR & Finding: FOI 1 - Complaint Not upheld.

Case Ref: FS50382867
Public Authority: Bishop Burton College
Summary: The complainant requested information detailing job titles and descriptions relating to 17 individuals made redundant by the College.. The College, whilst providing a summary of the positions to the complainant, refused to provide full details on the grounds that it was exempt from doing so. Following the complainant's referral to the Commission, the College agreed to disclose full details of six of the seventeen individuals, but maintained that the remainder were exempt. The Commissioner upheld their decision, but a number of procedural breaches were identified. The College, however, was not subject to any remedial steps.
Section of Act/EIR & Finding: FOI 17 - Complaint Upheld, FOI 40 - Complaint Not upheld.

Case Ref: FS50375439
Public Authority: BBC
Summary: The complainant requested financial data relating to the BBC spend on staff media training over a specific period, which was to include sub-contracting to outside agencies and other businesses. The BBC refused on the basis that this information was exempt on the grounds that it would prejudice a commercial third party. The Commissioner upheld the BBC's decision.
Section of Act/EIR & Finding: FOI 43 - Complaint Not upheld.


Case Ref: FS50367701
Public Authority: Dr V C Boss
Summary: The complainant made a request to Aldergate Medical Practice (the "Practice") for information relating to the treatment of his mother whilst in their care.  The Practice initially refused but, on referral to the Commissioner, agreed to provide some of the information privately to the complainant, together with other information which it would disclose under the Data Protection Act. The complainant remained unsatisfied, claiming that information was being withheld or was missing. The Commissioner determined that on the balance of probabilities there was no further information available to the claimant; however, they found a number of procedural breaches.
Section of Act/EIR & Finding: FOI 1 - Complaint Partly Upheld, FOI 10 - Complaint Upheld, FOI 17 - Complaint Upheld.

Ashfords LLP is regulated by the Solicitors Regulation Authority.  The information in this note is intended to be general information about English law only and not comprehensive.  It is not to be relied on as legal advice nor as an alternative to taking professional advice relating to specific circumstances.