Site iconSite icon IFSEC Insider | Security and Fire News and Resources

Freedom of Information Act 2001: Corporate Update

Just reflect for a moment about the confidentiality of the information you provide in tenders, contracts and general correspondence with Government organisations. Would you like that information to fall into the hands of your competitors, a pressure group or perhaps members of the national press? It’s likely to happen this year.

The Government is proposing to extend the jurisdiction of the Freedom of Information Act 2001 to include those organisations/individuals that have dealings with Government organizations. What issues would any such extension engender for the security industry?

For starters, the extension is retrospective so you might want to review the information that you’ve already provided to Government bodies. If it’s still confidential try and do something about having it destroyed or removed from the control of the Government body. This action needs to be taken NOW because, once the legislation is extended, any information cannot be destroyed.

Freedom of Information Act 2001 versus Security

The Freedom of Information Act 2001 (FOIA) came into full effect on 1 January 2005. It provides a right of access for any person/organisation to information held by a public authority in England and Wales. Scotland has similar legislation which came into effect on the same day.

Last Wednesday (13 May), justice minister Michael Wills announced that the Government was considering extending the FOIA to include individuals/organisations who act on behalf of a public authority by supplying a service or product. It’s believed that the results of the Government’s consultation will be released prior to the parliamentary recess beginning on 21 July.

Despite any confidentiality agreement included in a contract or correspondence, a public authority must divulge the information requested unless it can rely on an exemption or it would not be in the ‘public interest’ to do so.

The FOIA does not define ‘public interest’, so we must look to case law or academia. Case law states: “The ‘public interest’ means for the public’s good and not their curiosity: Lion Laboratories Ltd -v- Evans (1984) 2 ALL ER 417.423: Francome -v- MGN Ltd (1984) WCR892, 897-898. Lord Falcolner (speaking in the House of Lords on 22 November 2000) added that the public interest has to be considered on a case by case basis.

This really doesn’t help us to wade through what is a fog of legal uncertainty. The following examples give some indication as to how the FOIA is likely to erode this notion of confidentiality that we in the security industry have relied upon when defending one of our most valuable assets: information.

Example 1: Derry City Council

A request was made to Derry City Council for information relating to the agreement it had with Ryan Air for use of the Derry City Airport, including fees paid for the use of the facility.

Despite the Council claiming that the contract was confidential because of the commercially sensitive information it contained, the Information Commissioner ordered the details to be disclosed.

This decision was based on the lack of any express indication of confidentiality, the contract being six years old (thus much of the contract was in the public domain) and the fact that the Council had claimed confidentiality on the whole of the document.

Example 2: Manchester United FC

In December 2007, the Information Commissioner decided that the Department for Culture, Media and Sport (DCMS) should release documents to a complainant that it held in respect of the takeover by Malcolm Glazer of Manchester United Football Club.

Using the limited company Red Football Ltd, Glazer purchased a majority of the shares of Manchester United Football Club. Details of this takeover had been provided to the DCMS (which is a public authority and subject to the FOIA 2001).

Despite objections by Red Football Ltd, and an initial refusal by DCMS, the Information Commissioner decided that the information should be revealed.

What does it all mean?

Now at first blush it may not be clear as to what all this may or may not mean for the security industry, but consider for a moment the information that you share on a regular basis with a public authority (whether they’re your client or not).

Have you submitted a tender to a public authority? Did it contain details of information that, in the normal course of events, you would consider confidential and would go to some lengths to protect?

Do you provide a service/product to a company that in turn provides a service/product to a public authority?

Do you provide advice to organisations on safeguarding proprietary/confidential information that may provide their services/products to public authorities? Heathrow Airport and the Olympic Village spring to mind.

Enough examples, I hope, to help you focus your mind on the potential threat that the FOIA 2001 poses to your proprietary information.

Developing some solutions to the issue

Having identified the problem, let me see if I can provide you with a few ideas to help you develop some solutions.

The FOIA 2001 gives no statutory right to a company that has supplied information to a public authority to be consulted when a request is made, but makes provision for it to be so if required.

Make sure that you require it by including a clause stating as much in any contract that you enter into – this at least gives you notice that your confidential information is about to be released, and allows you to take some steps towards mitigating against its loss. Do that NOW. As I said, the FOIA 2001 is retrospective.

Where confidential information is to be shared with a public authority, consider putting that information on your Intranet and giving the public authority concerned access to it. It always stays in your possession, not that of the public authority. We may have to wait until the new details are provided to see if this will be applicable when the FOIA 2001 is extended.

Submission of tenders in two parts

Submit your tenders in two parts such that information you consider confidential is clearly identified to the public authority, and that it’s agreed between yourself and the public authority that this information would fall within one of the exemptions provided by the FOIA.

This doesn’t stop any refusal to the information being appealed to the Information Commissioner and then the Information Tribunal. That particular procedure, however, can take many months (if not years), giving you sufficient time to manage the potential threat to your confidential information.

This is but a brief summary of what is a very complex piece of legislation that could go some way towards negating the expensive steps you’ve taken to protect your proprietary information.

I would ask you to consider who would find this information valuable, and do you really want them to get their hands on it?

Chris Brogan MA LLM is the managing director of Security International

Visit the web link provided on the right hand panel of this page for further information

Also, log on to the Information Tribunal site (again, the link is posted on the right hand panel of this page)

Exit mobile version