Expert Article                  Home | Legal notice | Privacy document | Accessibility | Directory | Contact | Search | Site Map  
  •  
  •  
Font Size

ICO clarifies law on information held in private email accounts

 By ICO

The Information Commissioner’s Office

Legal Articles
Add an article   Back to Articles

Issued 15 December 2011

The Information Commissioner’s Office (ICO) has today published new guidance making it clear that information concerning official business held in private email accounts is subject to the Freedom of Information Act.

Information Commissioner, Christopher Graham said:

“It should not come as a surprise to public authorities to have the clarification that information held in private email accounts can be subject to Freedom of Information law if it relates to official business. This has always been the case – the Act covers all recorded information in any form.

“It came to light in September that this is a somewhat misunderstood aspect of the law and that further clarification was needed. That’s why we’ve issued new guidance today with two key aims – first, to give public authorities an authoritative steer on the factors that should be considered before deciding whether a search of private email accounts is necessary when responding to a request under the Act. Second, to set out the procedures that should generally be in place to respond to requests. Clearly, the need to search private email accounts should be a rare occurrence; therefore, we do not expect this advice to increase the burden on public authorities.”

Key points set out in the guidance include:

  • Where a public authority has decided that a relevant individual’s email account may include official information which falls within the scope of the request and is not held elsewhere, it will need to ask that individual to search their account.
  • Where people are asked to check private email accounts, there should be a record of the action taken. The public authority needs to be able to demonstrate, if required, that appropriate searches have taken place.
  • Although the main emphasis of the guidance is on official information held in private email accounts, public authorities should be aware that the law covers information recorded in any form.
  • Public authorities should remind staff that deleting or concealing information with the intention of preventing its disclosure following receipt of a request is a criminal offence under section 77 of the Act.
  • It is accepted that, in certain circumstances, it may be necessary to use private email for public authority business. There should be a policy which clearly states that in these cases an authority email address should be copied in to ensure the completeness of the authority’s records.

Mr Graham continued:

“As part of our work on understanding more generally how FOI handling works across government, we conducted a good practice visit at the Department for Education. We’ve today published the findings of that visit and are now keen to carry out similar visits to other Whitehall departments. Work on specific complaints made to the Commissioner about the Department of Education’s handling of individual FOI requests is still ongoing. We hope to issue our decisions on these cases early in the New Year.”

The guidance is available on the ICO website here: http://www.ico.gov.uk/~/media/documents/library/Freedom_of_Information/Detailed_specialist_guides/official_information_held_in_private_email_accounts.pdf

The best practice findings are available on the ICO website here: http://www.ico.gov.uk/~/media/documents/library/Freedom_of_Information/Notices/foi_good_practice_visit_dfe_executive_summary.pdf

If you need more information, please contact the ICO press office on 0303 123 9070 or visit the website at: www.ico.gov.uk.

Notes 

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. The ICO is on Twitter, Facebook and LinkedIn.

4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

• Fairly and lawfully processed

• Processed for limited purposes

• Adequate, relevant and not excessive

• Accurate and up to date

• Not kept for longer than is necessary

• Processed in line with your rights

• Secure

• Not transferred to other countries without adequate protection

About the Author

The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We do this by promoting good practice, ruling on complaints, providing information to individuals and organisations and taking appropriate action when the law is broken.

The ICO enforces and oversees the following legislation:

  •  Data Protection Act 1998
  •  Freedom of Information Act 2000
  •  Privacy and Electronic Communications Regulations 2003
  •  Environmental Information Regulations 2004

Sign up to receive our FREE Newsletter for tax, legal and business tips by e-mail.


Article Published/Sorted/Amended on Scopulus 2011-12-19 08:15:16 in Legal Articles


Copyright © 2004 - 2012 Scopulus Limited. All rights reserved.  Terms of use  Privacy Policy  Directory  Contact  Search  Site Map1