I reckon the first witty thing I said was, aged 19, in the dinner queue at my university hall of residence.
Bullshit Dave (that nickname told him apart from Commie Dave, who I believe once made some mildly left-wing remarks) must have liked Monty Python. Dave Bullshit joined us by saying ‘no-one expects the Spanish Inquisition!’. I replied, ‘Of course not Dave, we’re not in Spain.’ The Spanish Inquisition did come to mind when I read a recent blog by the data protection regulator, the ICO. Offering ‘advice‘ to councils under the cosh, wondering what they can cut next. The same goes for police forces, as an aside. By chance on a web search I came across a Freedom of Information Act (FoI) request of Greater Manchester Police (GMP) asking for the risk assessment of the city’s Christmas markets. You might find it obvious that GMP would never release that, for counter-terrorism reasons (and they didn’t). Still, it takes someone some time to make that decision and send the reply. This matters in security terms because you will recall the ‘data breach’ by the Police Service of Northern Ireland (PSNI) in August 2023, when it released personal info about its people, potentially catastrophic in a region where criminals and people with long memories generally would like to know who’s serving in the police, and those serving might want to keep it private.
Don’t burn, improve
For all the kind words that are easy to type (‘we know that this can be a very stressful time for everyone working in a local authority’), you can boil down the advice from the ICO to councils who are having trouble meeting their responsibilities under FoI; tough! Councils still have to obey the law (in the jargon of regulation, for why say something plainly when grander phrases will do, ‘meet your statutory obligations’), even if a council announces that they are in financial trouble. Indeed, that a council issues a section 114 notice, to admit that they are bankrupt, may prompt more FoI requests, as the ICO’s bloggers admit hearing from such councils; because, presumably, unions and their members or anyone using a council service may fear for it.
The same implacability as the Inquisition. As reported in the November edition of Professional Security Magazine, the ICO fined PSNI £750,000 for the breach, as if that would undo the damage or make the police force do anything differently. PSNI chief constable Chris Todd described the fine as ‘regrettable, given the current financial constraints we are facing and the challenges we have, given our significant financial deficit to find the funding required to invest in elements of the requisite change’. Such as, in December 2023, ‘a payment of up to £500 was made available to each individual in the organisation whose name was contained on the data set released in reimbursement for equipment or items purchased by those individuals against their own particular safety needs’, as taken up by most at PSNI. The ICO knows best!
Can’t afford as many home helps and social workers, already stretched by a decade of austerity? Council staff are frazzled and have better things to do than answer FoI requests? The bloggers make empty suggestions that only make sense on Planet Regulation, such as ‘open conversation with departments to find the best way forward when dealing with large volumes of information requests’. Humanity has progressed, though. In the heyday of the Spanish Inquisition, they burned heretics; if you fall foul of FoI, you have to pay a fine or sign an ‘improvement notice’. Meanwhile, what of the ICO’s own backlog of handling inquiries?
Photo by Mark Rowe: Bangor police station, Northern Ireland
