Community Care magazine
By Heather Brooke
Jan 13, 2005
Privacy and public accountability may seem mutually exclusive but social care professionals must learn quickly how to straddle the divide. The Freedom of Information Act 2000 is now with us and queries from the public can no longer be refused simply by muttering something about data protection, client confidentiality or commercial confidence.
Although social services departments are used to receiving requests for information from the public or those involved in care cases, other organisations may find the transition more difficult. The act affects more than 100,000 public bodies, including local authorities, schools, the Prison Service and Youth Justice Board, as well as voluntary and private sector organisations.
“This is something that everyone knew was coming, but its true impact was not recognised until it came into force,” says a spokesperson for Voice of the Child in Care. The voluntary group plans to use the act to access information that will help its work as an advocate for children. For example, it could ask a council for its criteria for taking a child into care if the child disagreed with the decision.
Information can now only be refused if it meets an exemption outlined in law. Admittedly, there are many exemptions to choose from, 23 in all. Plus requests can also be refused on two other counts: if they are vexatious, in that the request has been answered but the individual keeps asking the same thing; or if providing the answer would cost central government more than £600 and other public bodies more than £450. Exemptions are discretionary. If they are applied, the majority have a public interest test, which means information must be disclosed if it is in the public interest.
All that a member of the public need do is submit their request in writing. The public authority has 20 working days to respond, though some extensions are allowed.
If the information is refused, an appeal can be made to the body concerned. If this is rejected the next ports of call are the information commissioner, followed by the information tribunal and finally to the High Court on a point of law. A public body’s failure to abide by a ruling to disclose could mean a charge of contempt of court and the prospect of jail or a fine.
With such an emphasis on disclosure, how will those in social care continue to meet their strict obligations to protect the confidentiality of their clients? The main exemption that applies to the information held by social care workers is section 40 that appears to exempt all “personal information”. But it’s not as easy as that. A person’s right to information about himself continues to be governed by the Data Protection Act 1998 but with new rights that extend access in public authorities to all unstructured files along with files indexed and arranged, known as structured files. This means notes on a client held on scraps of paper may be up for grabs.
However, the right to information about oneself is not absolute. Access may be denied, or limited if the person in charge of the data determines that it would cause serious harm to the physical or mental health or condition of the subject. Many service user groups dislike this system because it means the decision depends on one person’s subjective interpretation. They hope the information commissioner may act as an independent adjudicator to ensure that this exemption is not used by the data controller to hide mistakes. Additionally, it is legitimate for people to be given their records thinking they are complete, but unbeknown to them the data controller has deleted sections believing they are harmful.
If the information is about a third party, the act covers it, but its release will be governed by the data protection principles already enshrined in law.
A request might come into a social services department asking for the number of social workers and their case load for each of the previous 10 years. Someone else may want to know how many complaints the department receives and how many social workers are disciplined for misconduct.
If your department is small, then even answering an innocuous request will identify your social workers. But this alone is not grounds for refusal. The public has an interest in knowing the names and job descriptions of public officials who are working on their behalf. They also have an interest in knowing how well public employees are doing their jobs.
The line between privacy and openness is a bit murky here. The key factor in deciding what to release and what to withhold is what is reasonably considered private. The concept of privacy is itself ambiguous: an “I know it when I see it” kind of thing that is almost impossible to pin down.
The information commissioner’s guidance states: “It is often believed that the Data Protection Act prevents the disclosure of any personal data without the consent of the person concerned. This is not true. The purpose of the Data Protection Act is to protect the private lives of individuals. Where information requested is about people acting in a work or official capacity then it will normally be right to disclose.”
Ask yourself: does the information sought relate to a person’s public or private life? If it is about someone acting in an official or work capacity it should normally be provided on request unless there is a risk to the individual concerned.
The guidance document warns against using the data protection exemption “as a means of sparing officials embarrassment over poor administrative decisions”.
Several cases in 2003 highlighted the risks of grasping the Data Protection Act exemption too quickly. Police in Humberside claimed that they had deleted details of allegations against Ian Huntley, who went on to murder two schoolgirls, in order to comply with the act. British Gas believed that the act prevented the company notifying social services when it cut off the gas service to an elderly couple, both of whom subsequently died (one of hypothermia).
The ambiguity of data protection legislation is the main reason for the confusion. The European ombudsman warned in 2002 that EU data protection rules (on which UK legislation is based) were “being used to undermine the principle of openness”.
All those answering requests must find a balance between the legitimate need of privacy and the importance of openness. It will take test cases to establish precedents about what is and isn’t disclosable information. But an over-reliance on secrecy and the Data Protection Act will undermine public confidence in services that are meant to serve the people. And if people are expected to make informed choices about their health, their care and their lives bold decisions must be made to give the public the information they need.
Tags: Community Care