Chris Brogan MA LLM, Managing Director of consultancy Security International Ltd writes.
This is a short article that I was asked to write about the potential threat of the Freedom of Information Act 2001 to the Security industry in view of the imminent extension of the legislation to include non public authorities. Please feel free to do with it as you wish and distribute amongst your readers/members. Knowledge is useless if it is not shared. <br><br>Freedom of Information Act 2001 –v- Security <br><br>The Freedom of Information Act 2001 (FOIA) came into full effect on January 1, 2005. It provides a right of access for any person/organisation to information held by a public authority (PA) in England & Wales. Scotland has similar legislation which came into effect on the same day. <br><br>On Wednesday, May 13, 2009 Michael Wills, the Justice Minister announced that the government was considering extending the FOIA to include individuals/organisations who acted on behalf of a PA by supplying a service or product. It is believed that the results of the government’s consultation will be released prior to the parliamentary recess, July 21, 2009. <br><br>Despite any confidentiality agreement included in a contract or correspondence, a PA must divulge the information requested unless they can rely on an exemption or it would not be in the “Public Interest” (PI) to do so. The FOIA does not define PI so we must look to “Case Law” or Academia. Case Law states: “The Public Interest” means for the public’s good and not their curiosity: Lion Laboratories Ltd –v- Evans (1984) 2 ALL ER 417.423: Francome –v- MGN Ltd (1984) WCR892, 897-898. Lord Falcolner in the House of Lords 22nd Nov 2000 added that the PI has to be considered on a case by case basis. This really doesn’t help us to wade through this fog of legal uncertainty. The following examples give some indication as to how FOIA is likely to erode away this notion of confidentiality that we in the security industry have relied upon when defending one of our most valuable assets-information. <br><br>Example 1 <br><br>A request was made to Derry City Council for information relating to the agreement they had with Ryan Air for use of the Derry City Airport, including the fees paid for the use of the facility. Despite the Council claiming that the contract was confidential because of the commercially sensitive information it contained the Information Commissioner (IC) ordered the information to be disclosed. The decision was based on: the lack of any express indication of confidentiality; the contract was six years old: much of the contract was in the public domain: the Council had claimed confidentiality on the whole of the document. <br><br>Example 2 <br><br>In December 2007 the IC decided that the Department for Culture Media & Sport (DCMS) should release documents to a complainant that they held with regard to the takeover by Malcolm Glazer of Manchester United Football Club. Malcolm Glazer using the limited company Red Football Ltd, purchased a majority of the shares of Manchester United Football Club. Details of this takeover had been provided to the DCMS which is a PA and subject to the FOIA. Despite objections by Red Football Ltd and an initial refusal by DCMS the IC decided that information should be revealed. <br><br>There are many more examples and if you are interested visit www.informationtribunal.gov.uk/Decisions/foi.htm. <br><br>Now at first blush it may not be clear as to what this may mean for the Security Industry but consider for a moment the information that you share on a regular basis with a PA whether they are your client or not. <br><br>Have you submitted a tender to a PA? Did it contain details of information that in the normal course of events you would consider confidential and would go to some length to protect; costings; methodology; etc? <br><br>Do you provide a service/product to a company that in turn provides a service/product to a PA? <br><br>Do you provide advice to organisations on safeguarding proprietary/confidential information that may provide their services/products to PA’s? Heathrow Airport and the Olympic Village spring to mind. <br><br>Enough examples I hope to help you focus your mind on the potential threat that FOIA poses to your proprietary information. <br><br>Having identified the problem let me see if I can provide you with a few ideas to help you develop some solutions. <br><br>The FOIA gives no statutory right to a company that has supplied information to a PA to be consulted when a request is made but makes provision for it to be so if required. – Make sure that you require it by including a clause stating as much in any contract that you enter into. This at least gives you notice that your confidential information is about to be released and allow you to take some steps to help mitigate against its loss. Do that now as the FOIA is retrospective <br><br>Where confidential information is to be shared with a PA consider putting that information on your intranet and giving the PA access to it. It always stays in your possession not that of the PA. We may have to wait until the new details are provided to see if this will be applicable when the FOIA is extended. <br><br>Submit your tenders in two parts so that information you consider confidential is clearly identified to the PA and that it is agreed between yourself and the PA that this information would fall within one of the exemptions provided by the FOIA. This does not stop any refusal to the information being appealed to the IC & then the Information Tribunal. This procedure however can take many months if not years giving you sufficient time to manage the potential threat to your confidential information. <br><br>This is just a brief summary of a very complex piece of legislation that could go some way to negate the expensive steps you have taken to protect your proprietary information. In conclusion I would ask you to consider who would find this information valuable and do you really want them to get it.
Visit also –
http://news.zdnet.co.uk/itmanagement/0,1000000308,39652091,00.htm
