Official information held in private email accounts



Similar documents
UNIVERSITY OF BIRMINGHAM GUIDANCE ON IN RELATION TO DATA PROTECTION

Data controllers and data processors: what the difference is and what the governance implications are

DATA PROTECTION (JERSEY) LAW 2005: YOUR RIGHTS AND HOW TO ENFORCE THEM

Identity Cards Act 2006

Queensland WHISTLEBLOWERS PROTECTION ACT 1994

Request under the Freedom of Information Act 2000 (FOIA)

Mesothelioma Act 2014

2015 No FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Finance Platforms) Regulations 2015

Privacy Policy. January 2014

technical factsheet 176

Guidance on data security breach management

Freedom of Information Act 2000 (FOIA) Decision notice

Additional Tax, Penalty and Prosecution

CORK INSTITUTE OF TECHNOLOGY

Money Laundering The Legal Position Andrew Campbell University of Leeds

Frequently Asked Questions

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;

Data Protection Policy

HERTSMERE BOROUGH COUNCIL

Personal Data Protection LAWS OF MALAYSIA. Act 709 PERSONAL DATA PROTECTION ACT 2010

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BERMUDA REHABILITATION OF OFFENDERS ACT : 6

Enforced subject access (section 56)

DRUG TRAFFICKING OFFENCES (AMENDMENT) ACT 2004

2015 No FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Businesses (Credit Information) Regulations 2015

Data Security Breach Management - A Guide

A Working Protocol between ACPO, the Crown Prosecution Service (CPS), Her Majesty s Court & Tribunals Service (HMCTS), the Witness

Information Governance Policy

Criminal appeals. Page 1 of 19 Criminal appeals version 3.0 Published for Home Office staff on 08 July 2015

There are principles of consumer protection and fair business practice which apply to all debt recovery activities.

tes for Guidance Taxes Consolidation Act 1997 Finance Act 2015 Edition - Part 47

Privacy and Cloud Computing for Australian Government Agencies

Casino, Liquor and Gaming Control Authority Act 2007 No 91

Protection of Freedoms Bill

Choosing Business and Company Names

2015 No FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Credit Information) Regulations 2015

Time limits for compliance under the Freedom of Information Act (Section 10)

Decision 121/2011 Ms Margaret Sutor and Social Care and Social Work Improvement Scotland

STITT & C Ọ SOLICITORS 11 Gough Square, London EC4A 3DE Tel: Fax: info@stitt.co.uk

Education Services for Overseas Students Act 2000

This document explains non-party campaign spending, the rules that you must follow and how to manage your campaign spending.

Many things go through your Mind when deciding whether to Make a protected disclosure of wrongdoing.

Abusive Behaviour and Sexual Harm (Scotland) Bill [AS AMENDED AT STAGE 2]

Request under the Freedom of Information Act 2000 (FOIA)

ACCESS TO MEDICAL RECORDS. By Felicia Jolaoye Blavo & Co Solicitors Ltd.

APPENDIX 1: Frequently Asked Questions

Data Protection Act 1998 Codes of Practice. The Employment Practices DP Code Part 1: Recruitment and Selection

Employee Payroll Deduction Scheme. Protocol for direct deductions from wages between. [ ] ( the Credit Union ) and

Human Resources and Data Protection

CHRISTMAN & FASCETTA, LLC FLAT FEE AGREEMENT AND HOURLY FEE PROVISIONS

Data Protection in Ireland

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

ATMD Bird & Bird. Singapore Personal Data Protection Policy

Freedom of Information Act 2000

Provider secure web portal & Member Care Information portal Registration Form

PLEASE NOTE. For more information concerning the history of this Act, please see the Table of Public Acts.

Data Retention and Investigatory Powers Bill

A court claim has been made against me what should I do?

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Standard terms of business

Request under the Freedom of Information Act 2000 (FOIA)

Mr and Mrs Sample and future owners or occupants of the Property and Your/their mortgage lender(s).

Revised Code of Practice for Disclosure and Barring Service Registered Persons. November 2015

Thank you for your request for information regarding ACPO UAS Steering Group which has now been considered.

Corporate ICT & Data Management. Data Protection Policy

CONSULTATION PAPER NO

USING A SIMILAR NAME FOR YOUR NEW COMPANY/TRADING AS THE ONE THAT IS INSOLVENT

WITNESS PROTECTION ACT

Using Your Personal Information

STATES OF JERSEY. DRAFT CRIMINAL JUSTICE (YOUNG OFFENDERS) (No. 2) (JERSEY) LAW 201-

Data Protection Act a more detailed guide

NHS REDRESS ACT 2006

Personal Data Act (1998:204);

DATA PROTECTION POLICY

CODE OF PRACTICE ON THE MANAGEMENT OF POLICE INFORMATION

Request under the Freedom of Information Act 2000 (FOIA)

Transfers home for prisoners abroad

GOVERNMENT PROSECUTIONS AND QUI TAM ACTIONS

TERMS OF BUSINESS AGREEMENT

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Anti-terrorism, Crime and Security

Website Disclaimer Disclaimer 1

Recruitment Sector. Consultation on prohibiting employment agencies and employment businesses from advertising jobs exclusively in other EEA countries

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

Access to Information by Succeeding Auditors

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

Subject Access Request Procedure (Data Protection) Doc No IMPR04 Rev 2 27/07/ Scope. 2.0 Responsibilities and Definitions

Witness Protection Act 1995 No 87

Data Protection Policy

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

The Health Information Protection Act

Elements of Alberta's Cancer - Part 1

Powers of Attorney in New South Wales. This fact sheet also contains the forms to make a general power of attorney or an enduring power of attorney.

Safer recruitment scheme for the issue of alert notices for healthcare professionals in England

A Bill Regular Session, 2015 SENATE BILL 830

Law Society of England and Wales - Chapter 3 - Money Laundering Regulations 2003

Child and Adult Services Subject Access Requests Guidance

SUBJECT ACCESS REQUEST

The criminal and civil justice systems in England and Wales

Transcription:

Official information held in private email accounts The Freedom of Information (Jersey) Law, 2011 Published: January 2015 Brunel House, Old Street, St.Helier, Jersey, JE2 3RG Tel: (+44) 1534 716530 Email: enquiries@dataci.org

Official information held in private email accounts Freedom of Information (Jersey) Law, 2011 Contents Overview.3 What the Freedom of Information (Jersey) Law, 2011 says..3 The Information Commissioner s approach..4 Relevant information in other forms...5 Concealment and deletion...6 Records management..6 More information 6 The Freedom of Information (Jersey) Law, 2011 ( the Law ) gives rights of public access to information held by scheduled public authorities ( SPAs ). An overview of the main provisions of the Law can be found in The Guide to Freedom of Information. This is part of a series of guidance, which goes into more detail than the Guide to the Law, to help you as a SPA fully understand your obligations, as well as promoting good practice. This guidance is intended to clarify the legal status under the Law of information relating to the business of a SPA held in private email accounts in particular, but also other media formats. This is an emerging area of compliance with the Law and so the guidance may be updated in due course. This guidance does not deal with exemptions which might be applicable to information held in private email accounts, only whether it may be held for the purposes of the Law. Guidance issued by the Information Commissioner may include references to cases and decisions linked to operation of the Freedom of Information Act 2004 ( the U.K. Act ). Such references are provided as additional context to relevant areas given the lack of case law regarding the interpretation of the Freedom of Information (Jersey) Law 2011 ( the Law ). It should be noted, however, that judgments from the Courts of England and Wales (which includes any decisions from the Information Tribunal) are not binding in Jersey (albeit that they may be 2

viewed by the Royal Court as being persuasive). There are, however, differences between the Law and the UK Act and so the judgments which have flowed following an interpretation of the UK Act may not be directly applicable in this jurisdiction. Overview The Law applies to official information held in private email accounts (and other media formats) when held on behalf of the SPA. Such information may be exempt and will not necessarily have to be disclosed. It may be necessary to request relevant individuals to search private email accounts in particular cases. The occasions when this will be necessary are expected to be rare. Adherence to good records management practice should assist in managing risks associated with the use of private email accounts for any business purposes connected to a SPA. What the Law says 1. Article 3 sets out the two legal principles by which it is established whether information is held for the purposes of the Law. Article 3. For the purposes of this Law, information is held by a public authority if (a) it is held by the authority, otherwise than on behalf of another person; or (b) it is held by another person on behalf of the authority. 2. Under Article 3(a) information will be held by the SPA for the purposes of the Law if it is held to any extent for its own purposes. Only if information is held solely on behalf of another person will the SPA not hold it for the purposes of the Law. 3. Article 3(b) provides that in circumstances where information is held by another person on behalf of the SPA, the information is considered to 3

be held by the SPA for the purposes of the Law. It is this sub-section that is of relevance to information held in personal email accounts. The Information Commissioner s approach 4. Information held in non-work personal email accounts (e.g. Hotmail, Yahoo and Gmail) may be subject to the Law if it relates to the official business of the SPA. All such information which is held by someone who has a direct, formal connection with the SPA is potentially subject to the Law regardless of whether it is held in an official or private email account. If the information held in a private account amounts to SPA business it is very likely to be held on behalf of the SPA in accordance with Article 3(b). 5. This can apply to any SPA. For example, a Civil Servant may hold information relating to SPA business in his/her private email account on behalf of the SPA. There is therefore need to have a clear demarcation between States business and personal emails and correspondence. However information in private email accounts that does not relate to the business of the SPA will not be subject to the Law. 6. When a request for information is received, SPAs should consider all locations where relevant information may be held. This may include private email accounts. 7. The Information Commissioner recommends that, as a matter of good practice, SPAs establish procedures for dealing with such situations. These should outline the relevant factors to be taken into account in deciding whether it is necessary to ask someone to search their private email account for information which might fall within the scope of a freedom of information request under the Law which a SPA has received. Relevant factors are likely to include: a) The focus of the request, indicated by the words used by the applicant; b) The subject matter of the information which falls within the scope of the request; c) How the issues to which the request relates have been handled within the SPA; d) By whom and to whom was the information sent and in what capacity (e.g. civil servant or States member); and e) Whether a private communication channel was used because no official channel was available at the time. 8. Where a SPA has decided that a relevant individual s personal email account may include information which falls within the scope of the 4

request and which is not held elsewhere on the SPA s own system, it will need to ask that individual to search their account for any relevant information. 9. The enquiries made should be directed towards deciding whether any information which is so held was generated in the course of conducting the business of the SPA. If it was, it is likely to be within the scope of the request. It will therefore be held by the individual on behalf of the SPA for the purposes of the Law. 10. Where members of staff or other relevant individuals have been asked to search private email accounts for requested information, there should be a record of the action taken. The SPA will then be able to demonstrate, if required, that appropriate searches have been made in relation to a particular request. The Information Commissioner may need to see this in the event of an Article 46 appeal arising from the handling of the request. 11. Where a SPA has decided that a relevant individual s personal email account may include information which falls within the scope of the request and which is not held elsewhere on the SPA s own system, it will need to ask that individual to search their account for any relevant information. 12. The enquiries made should be directed towards deciding whether any information which is so held was generated in the course of conducting the business of the SPA. If it was, it is likely to be within the scope of the request. It will therefore be held by the individual on behalf of the SPA for the purposes of the Law. 13. Where members of staff or other relevant individuals have been asked to search private email accounts for requested information, there should be a record of the action taken. The SPA will then be able to demonstrate, if required, that appropriate searches have been made in relation to a particular request. The Information Commissioner may need to see this in the event of an Article 46 Appeal arising from the handling of the request. Relevant information in other forms 14. Although the main emphasis of this guidance is on information held in private email accounts, SPAs should be aware that it applies to information in other forms. The definition of information under the Law is provided with the Article 1 Interpretation where it is stated that information means information recorded in any form. Therefore, official information recorded on mobile devices, including text messages on mobile phones, or in any other media, may also be considered to be held on behalf of the SPA in the circumstances outlined in this guidance. Again, this does not necessarily mean that such information 5

will be disclosable, but, on receipt of a valid request, SPAs should consider all locations where the requested information may be found. Concealment and deletion 15. SPAs should also remind staff that deleting or concealing information with the intention of preventing its disclosure following receipt of a request is a criminal offence under Article 49 of the Law. For example, where information that is covered by a request is knowingly treated as not held because it is held in a private email account, this may count as concealment intended to prevent the disclosure of information, with the person concealing the information being liable to consideration of prosecution. Records Management 16. The Information Commissioner stresses the importance, and benefits, of having good records management. As such, SPAs are advised to use their records management policies to clarify the types of information that could be considered as records relating to the SPA s business. These policies should include clear advice to staff that recorded information held by individuals, regardless of the form in which it is held, and which relates to the business of the SPA, is likely to be held on behalf of the SPA and so subject to the Law. 17. In order to avoid the complications of requesting searches of private email accounts, and other private media, records management policies should make clear that information on SPA-related business should be recorded on the SPA s record keeping systems in so far as reasonably practicable. 18. It is accepted, that in certain circumstances, it may be necessary to use private email for SPA related business. There should be a policy which clearly states that in such cases a SPA email address must be copied in to ensure the completeness of the SPA s records. In this way, records management policies will make it easier for SPAs to determine whether information is held and to locate and retrieve it in response to requests. If the information is contained within the SPA s systems it can also be subject to consistently applied retention and destruction policies. More information 20. This guidance has been developed with assistance of the Office of the Information Commissioner in the United Kingdom. The guidance will be reviewed and considered from time to time in line with new decisions of the Jersey Information Commissioner and the Royal Court. 6

21. It is a guide to our general recommended approach, although individual cases will always be decided on the basis of their particular circumstances. 22. If you need any more information about this or any other aspect of freedom of information, please contact us: Telephone - 01534 716530 Email - enquiries@dataci.org Brunel House, Old Street, St.Helier, Jersey, JE2 3RG Tel: (+44) 1534 716530 Email: enquiries@dataci.org 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information