Friday, June 28, 2013

Freedom of information and requester privacy

There's an interesting spat brewing in the UK where, among their "alternative Queen's speech" aimed at returning the UK to the 1950's, the Conservatives have put up a member's bill requiring the identities of Freedom of Information Act requestors to be publicly disclosed. Why is this a bad idea? The Campaign for FOI counts the reasons:

What is the problem in requiring the publication of requesters' names? Once requests have been answered, there may be no objection to identifying the requesting organisations such as media bodies, campaign groups, professional bodies or companies.

Identifying individual requesters is a different matter. Many people use the FOI Act to obtain information about matters which directly affect them. The information they seek may not be personal, but their interest in it is. Someone who asks a social services department about the support provided to people with a particular condition living in particular circumstances may be describing their own situation. Publishing their names will suggest this to others. Where the inference is correct, the disclosure would be highly intrusive. As the law stands, it would also breach the Data Protection Act (DPA). There should be no question of identifying requesters seeking information about issues they face such as mental illness, child abuse, domestic violence, sexual orientation or learning disability.

Someone who believes they have been wrongly suspected of committing an offence may seek information from the police about the incident. Publishing their names may publicly identify them as a suspect.

A request may be prompted by suspicion that an authority or other body has behaved improperly. Naming the requester may reveal them as a potential whistleblower, exposing them to possible reprisals.

When someone asks for information about the spending, conduct or truthfulness of a minister or council leader, the first thing the politician may want to know is who is asking. If that person is an employee or someone dependent on the authority for a service, naming them may leave them vulnerable. Some FOI officers refuse to circulate the requester's name to others within their organisation, partly for these reasons.

When I request OIA statistics from Ministers and agencies, I am always clear that I don't want the subjects of individual requests, or the identities of requesters, for precisely these sorts of reasons. And as a requester, I'd be annoyed if a Minister was going around handing out my personal information willy-nilly without consultation.

(Meanwhile, I am now curious as to whether New Zealand agencies and Ministerial offices take internal precautions to protect the identities of those making sensitive requests. Or, alternatively, whether they have a process of googling for dirt on requesters. As the OIA is supposed to be requester-neutral, the latter would be a perversion of the process. But its exactly what I'd expect from Ministers such as Paula Bennett).

So what's the official practice in New Zealand? There are only two disclosure logs that I know of: the Dunedin City Council and NZTA. The former seems to redact for privacy, the latter so far includes only requests from media organisations, but identifies (and gives contact details) for the journalists who make those requests. The latter is a little bit dubious, IMHO, and should be reconsidered. There's also FYI, but everyone using the service has agreed to be named, and the site prohibits requests for personal information.