The pandemic placed real and understandable pressures on ways of working across the public sector. Many public servants were forced to work from home, using at times unfamiliar technology, while still working at pace and under immense pressure. At the same time, decisions were being made that reached into all aspects of people’s lives and affected their most basic rights, including whether they could see their friends and family.
The key to the public’s understanding and trust in these decisions was, and remains, transparency about how and why they were needed. Information can no longer be seen as simply a business asset to Government – any future review of the pandemic will require access to information regarding the decisions that were made. Government officials are accustomed to managing assets, and records of significant decisions should be treated as key corporate assets. Furthermore, it is only through documenting decisions in detail that we can learn the right lessons for the future.
That’s why the suggestion of ministers and senior officials using private correspondence channels, such as private email accounts, to conduct sensitive official business is a concerning one.
This is not just an issue for central Government, however, but all public bodies. The Freedom of Information (FoI) Act has always been clear: relevant information that exists in the private correspondence channels of public authorities should be available and included in responses to information requests the authority receives
Good quality record keeping by all public bodies is also more essential than ever during a time of crisis. It’s why the FoI code of practice prepared by the Government specifically references the importance of records management in situations where a public inquiry is likely to take place.
New guidance from my FoI team on official information held in private communication channels reflects the practical realities of some of the changes in our ways of working. It now explicitly covers not just emails, but makes clear that conversations over WhatsApp, Facebook Messenger or other private channels are covered by FoI when they are used for official business.
In today’s modern age, preserving records is becoming more challenging than ever. Our guidance offers ways to manage the transitory nature of these conversations within your own organisation, such as regularly transferring messages across to government networks.
None of this should be news to information governance practitioners across the public sector. We are also still recommending that any official business should be conducted through the usual corporate channels wherever possible. But as a regulator, we have to be alert to how the world is working in practice and help practitioners carry out their valuable role maintaining transparency across our public authorities.
To be clear, using private correspondence channels does not break FoI or data protection rules. But our concern is that information in private accounts can be forgotten, overlooked or autodeleted when an FoI request is later made. This frustrates the FoI process, and can put at risk the preservation of official records. It’s also a concern that emails containing people’s personal data may not be properly secured in personal accounts, increasing the risk of a data breach.
Our guidance is clear and accessible. My office has also written to the Cabinet Office, Welsh Government and Northern Ireland Executive so they can share the guidance with public authorities across the UK. I would recommend every public official reads it and takes note of how you can ensure you are transparent with citizens, compliant with the law and are practising effective records management.
To get you started, here are the five key recommendations that anyone handling FoI requests within your public authority needs to bear in mind:
1) Make sure your staff, relevant public officials and elected representatives understand how they can securely access official IT systems and equipment. This should minimise the need to use private correspondence channels.
2) Train staff to recognise which communications relate to official business and which relate to non-official information, across all channels. In the context of local government, you should have a way of distinguishing between official business and an elected official’s work on behalf of their constituents.
3) Review and communicate your records management policy. You should regularly tell staff what they need to do to ensure information related to public authority business is transferred to official systems as soon as possible.
4) When handling FoI requests make sure you consider whether communications held on private correspondence channels, such as WhatsApp, may be relevant to the request.
5) Ensure staff correctly adhere to the relevant policies and procedures and regularly review them to ensure staff knowledge remains up to date. Remember, erasing, destroying or concealing information with the intention of preventing disclosure after a request is received is a criminal offence.
You can find further guidance and support to help you meet your requirements under the FoI Act on the ICO website.
Elizabeth Denham CBE is UK Information Commissioner