THE NEWS FEBRUARY 2014 - INDEPENDENT
For a guardian of the nation’s privacy, Christopher Graham is having to grow used to incursions into his own personal space as the public confronts him on buses and in hotel lobbies with concerns over the safety of their intimate details.
The information commissioner didn’t expect this level of recognition when he took the job in 2009 but his tenure in what had previously been a relatively low-key post has coincided with a data revolution.
Mr Graham, 63, finds himself interviewed on television about lost medical records, and summoned to the Leveson Inquiry to answer questions about private investigators “blagging” secrets from banks and phone companies. His office has been front-page news after The Independent’s revelations that blue-chip companies are accused of illegally obtaining the public’s private information.
“It’s top of people’s agenda – both citizens and politicians and businesses. Everyone wants to know what the information commissioner is going to do,” he says. Clearly he has enjoyed the experience, because last week it was quietly confirmed that he has signed up for a further two years in the role.
But that doesn’t mean he thinks he has the tools to do what is an increasingly demanding job. He has “pretty limited powers” and is frustrated that some of his office’s recent prosecutions have been thrown out.
“I had one of our fines struck down the other day because I couldn’t prove that dumping all the pensions records in the recycling area of the local supermarket was going to cause serious damage or distress,” he complains, of an attempted prosecution of Scottish Borders council. “I couldn’t prove that someone of malicious intent had picked up all this personal information and was going to be doing people down.”
The information tribunal also rejected his office’s attempts to prosecute Tetrus Telecoms for sending thousands of spam text messages because the judge didn’t accept that substantial damage and distress had been caused.
“We could show there was nuisance – that isn’t enough apparently,” says the commissioner. “We have just got to lower that hurdle because I think if you ask most people they would say silent calls and unsolicited spam texts are one of the great curses of the age – and if the Information Commissioner can’t protect you it’s a poor lookout.”
Under data-protection laws, the Information Commissioner’s Office (ICO) can only bring monetary penalties. Even the criminal offence of unauthorised disclosure or obtaining of personal information (Section 55 of the Data Protection Act) carries only a fine and is often dealt with by a magistrate.
“The track record in the magistrates court is pretty pathetic,” says Mr Graham. If people don’t think this sort of thing matters and if you get to the magistrates court you will be fined about £120, not surprisingly the public doesn’t have great confidence that their personal information will stay secure.”
This lack of confidence, he says, has huge implications for the Government’s plans to improve public-sector efficiency by moving services online.
“If you don’t have confidence in the way data controllers will handle all the information they are bound to hold on us these days because we are doing everything online then – surprise, surprise – you don’t have the public confidence for the big data-sharing initiatives that the Government wants to see in the public service.”
More serious cases of information theft – such as the recent prosecution of private eyes ICU Investigations, who received fines of up to £7,000 – are dealt with in crown courts, which can impose unlimited monetary penalties. But jail sentences – which information commissioners have called for since 2006 – are not in the
armoury. “It feels like it’s groundhog day,” Mr Graham is quoted as
A provision for custodial sentences is included in the Criminal Justice and Immigration Act but has not been commenced into legislation because, as the commissioner says, it was “caught in the reeds of the Leveson Inquiry”.
Some in Fleet Street appear hostile to the commissioner having more powers, but Mr Graham accuses them of flawed thinking.
“You can’t have it both ways,” he says. “You can’t say we don’t do this sort of thing and by the way it would be a terrible attack on investigative journalism to commence this legislation.”
The ICO, which is based in Wilmslow, Cheshire, has not been immune to public-sector cuts and has seen its budget reduced from £5 million, when Mr Graham arrived, to £3.75 million next year. He is exasperated by “rickety” funding mechanisms which mean he must keep separate spending pots for his two areas of responsibility: promoting freedom of information and maintaining data privacy. Both subjects are attracting growing numbers of complaints.
Mr Graham, who had a long career at the BBC as a radio and television journalist before becoming director general of the Advertising Standards Authority in 2000, would like a new data tax to create a single, ICO fund.
“I would have thought an information rights levy, paid for by public authorities and data controllers [is needed]. We would be fully accountable to Parliament for our spending.”
Following Edward Snowden’s revelations of GCHQ’s mass collection of personal data (including phone calls, emails and use of social media), Mr Graham has written to Sir Malcolm Rifkind, chair of Parliament’s Intelligence and Security Committee.
“We have said there has got to be a democratic and accountable oversight regime for the security services’ access to data; we have got to understand how it works,” he says. “It’s no longer convincing to have a senior Privy Councillor saying ‘OK chaps, it’s fine’.”
He says the public is more exercised by the NHS England care.data programme of a giant store of individual medical records than it is worried about Snowden.
“People have been challenging me on the bus about care.data. That’s the talking point but Snowden hasn’t been, which is kind of a surprise.”
He is critical of the NHS’s efforts to explain the care.data system, saying the ICO had advised individual letters to all patients.
“They said ‘No, we’re going to do a leaflet.’ I never received my leaflet,” he says.
He has the right to compulsory audit of local government organisations which he
criticizes as “hopeless” in their handling of personal data. “It just happens far too often, that a social worker loses a memory stick, an unencrypted laptop is taken for home working and gets nicked after being left in the pub,” he says.
The Information Commissioner's Office (ICO; stylised as ico.) in the United Kingdom, is a non-departmental public body which reports directly to Parliament and is sponsored by the Ministry of Justice. It is the independent regulatory office dealing with the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 across the
UK; and the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in England, Wales and Northern
Ireland and, to a limited extent, in Scotland.
ROLE OF HONOUR
The Information Commissioner is an independent official appointed by the Crown. The Commissioner's decisions are subject to the supervision of the
Courts and the Information Tribunal. The Office's mission is to "uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals".
During the tenure of Richard Thomas as Commissioner, the ICO was particularly noted for raising serious concerns over the Government's proposed British national identity card and database, as well as other similar databases such as the Citizen Information Project, Universal
Child Database, and the NHS National Programme for IT, stating that the country is in danger of sleepwalking into a surveillance society, drawing attention to the misuse of such information by the former states of the Eastern bloc and Francisco Franco's Spain. The position of Information Commissioner is currently held by Christopher Graham, who took over from Richard Thomas on 29 June 2009.
DATA PROTECTION ACT 1998
The United Kingdom as a member of the European Union is subject to a strict regime of Data Protection. The Data Protection Act 1984 created the post then named Data Protection Registrar with whom people processing personal data had to register the fact of their processing of that data on the Register of Data Controllers. Under the provisions of EC Directive 95/46 (introduced in the UK as the Data Protection Act 1998, rather than as an SI under the European Communities Act 1972) the name of the post was changed to Data Protection Commissioner and later to Information Commissioner.
The register of data controllers is publicly available and searchable at the website of the ICO, which also gives links to the ICO's counterparts around
Prior to 2010 the enforcement powers were limited to issuing enforcement notices and to pursuing those alleged to have broken the Data Protection Act 1998 through the courts. In 2010 The Information Commissioner has started to issue fines, known as monetary penalties, by its own authority, granted in April 2010. The first such were served on 24 November 2010. More recently, at the Leveson Inquiry it came to light that the ICO had felt unable to challenge the press related to allegations of breaches due to the power of the press and perceived weakness of its own powers.
In March 2013, commenting on a fine of £90,000 imposed on Cumbernauld fitted kitchen company DM Design for nuisance marketing calls, the Information Commissioner said that "this fine will not be an isolated penalty. We know other companies are showing a similar disregard for the law and we've every intention of taking further enforcement action against companies that continue to bombard people with unlawful marketing texts and calls." The ICO said that ten other companies were under investigation at the time, for either sending spam text messages or cold calling. The executive director of Which? argued that fines of this size were not a sufficient deterrent given the scale of the problem.
The ICO can impose fines of up to £500,000 for breaches of the Privacy and Electronic Communications Regulations introduced in 2003, while the Ofcom watchdog can impose fines of up to £2m for breaches of the rules which regulate companies using automated systems that make silent and abandoned calls.
FREEDOM OF INFORMATION ACT 2000
Under the Freedom of Information Act 2000 the Commissioner's role was expanded to include freedom of information and the job title was changed to Information Commissioner ('IC'). The Freedom of Information (Scotland) Act 2002 is the domain of the
Scottish Information Commissioner and is aimed at public bodies administered by the Scottish Parliament (which are not covered by the UK Act).
ENVIRONMENT INFORMATION REGULATIONS 2004
The Information Commissioner is also responsible for appeals made under the Environmental Information Regulations 2004.
In 2002, under 'Operation Motorman', the ICO under Richard Thomas raided various newspaper and private investigators' offices, looking for details of personal information kept on unregistered computer databases. The operation uncovered numerous invoices addressed to
newspapers and magazines, which detailed prices for providing the journalists with personal information, with 305 journalists being identified as having been the recipients of a wide range of information.
In 2006, a request under the Freedom of Information Act led to the publication of a report to the British Parliament called "What Price Privacy Now?". The newspaper with the highest number of requests was the Daily Mail with 952 transactions by 58 journalists; the News of the World came fifth in the table, with 182 transactions from 19 journalists. The
Daily Mail immediately issued a press release, in which it rejected the accusations within the report. Editor Paul Dacre said that Associated Newspapers only used private investigators to confirm public information, such as dates of birth.
In a July 2011 appearance in front of a parliamentary committee, a day after former News International CEO
Rebekah Brooks had been arrested and bailed in light of the News International phone hacking scandal, Dacre told them that he had never "countenanced" phone hacking or blagging at his newspaper, as both acts were clearly "criminal".
Information Commissioner's Office
Water Lane, Wilmslow
Cheshire, SK9 5AF
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
45 Melville Street
Edinburgh, EH3 7HL
Tel: 0131 244 9001
Information Commissioner's Office
Cardiff, CF10 2HH
Tel:0292 067 8400
Fax: 0292 067 8399
Information Commissioner's Office
14 Cromac Place
Belfast, BT7 2JB
Tel: 0289 027 8757 or 0303 123 1114
two pictures were saved from Google Maps in February of 2014. They are in the same orientation
as the site plan above, north is at the top, south at the bottom and so
on. We are using the corner of The Old Rectory as the reference
point - or baseline. The left picture is untouched. The right picture has
the position of buildings on the appeal site plan shown in red. You can
plainly see that the block Wealden refer to as a "Garden Tool
Store" is a bare patch of grass covered land. It is also plain that
there are other buildings on this site that are not covered by the
enforcement site plan, so immune from enforcement. In 1988 the Judge
looking at this information (obviously no Google Maps at the time) found
in favour of Mr Nelson Kruschandl, in that a substantial building to the
north-east that was used for accommodation is not covered by any
4 - Fraud by abuse of
position [such as a planning or police officer]
A person is in breach of this section if he —
(a) occupies a position in which he is expected to safeguard, or not to act against, the financial interests of another person,
dishonestly abuses that position, and
intends, by means of the abuse of that position—
to make a gain for himself or another, or
to cause loss to another or to expose another to a risk of loss.
(2)A person may be regarded as having abused his position even though his conduct consisted of an omission rather than an act.