What was my reply when Wirral Council's "Ministry of Truth" asked for 2 invoices on this blog to be erased?

What was my reply when Wirral Council’s “Ministry of Truth” asked for 2 invoices on this blog to be erased?

What was my reply when Wirral Council’s “Ministry of Truth” asked for 2 invoices on this blog to be erased?

Jenmaleo,
134 Boundary Road
Bidston
CH43 7PH
18th January 2015
by email to surjittour@wirral.gov.uk
CC: joeblott@wirral.gov.uk

Mr. Surjit Tour
Head of Legal and Member Services and Monitoring Officer
Department of Transformation and Resources
Wirral Metropolitan Borough Council
Town Hall
Brighton Street
Wallasey
Wirral
CH44 8ED

Dear Mr. Tour,

Thank you for your email of 15th January 2015 sent at 16:38 with the subject “Blog posting of invoices” which is attached for reference at appendix A. You also attached to your email ICO guidance to s.32 of the Data Protection Act 1998 titled “Social networking and online forums – when does the DPA apply?” which can be read on ICO’s website at https://ico.org.uk/media/for-organisations/documents/1600/social-networking-and-online-forums-dpa-guidance.pdf .

Please class this as a formal response to the issues you have raised in it. I have no problem with you sending a copy of this response to Dr Gareth Vincenti.

You refer in your opening paragraph to section 15 of the Audit Commission Act 1998 (in its amended form as it was later amended by s.160 of the Local Government and Public Involvement in Health Act 2007). This is attached in full for reference at appendix B.

You state You were provided with copies of certain invoices in compliance with Section 15 (a) of the 1998 Act, which entitles you to make copies of all or any part of the accounts and those other documents.”

The issue of copying of documents (as you can read for yourself in appendix B which is a copy of the legislation) is dealt with by the Audit Commission Act 1998 section 15(1)(b), as section 15(1)(a) deals with a right to inspect documents, not to copy documents. Therefore this sentence in your email should read Section 15(1)(b), not Section 15(a).

You go on to state “In redacting certain parts of those invoices, the Council relied on Section 15 (3A) of the Audit Commission Act 1998, as amended, which relates to personal information.”

If you read s.15(3A) of the Audit Commission Act 1998, as amended (attached as appendix B) you will find the definition of personal information in s.3A is “(3A) Information is personal information if–

(a) it identifies a particular individual or enables a particular individual to be identified; and
(b) the auditor considers that it should not be inspected or disclosed.”

It is important to note that the way the legislation is phrased it is not down to Wirral Council to make the ultimate decision as to whether information that may or may not fall within the definition of personal information as defined by section 3A should or shouldn’t be inspected or disclosed, but that decision is to be made by Wirral Council’s auditor who is for the financial year in question (2013-14) was Grant Thornton UK LLP.

It has not been determined yet whether Wirral Council asked its auditor Grant Thornton UK whether any of the information on the invoice in question should not be inspected or disclosed and if so what Grant Thornton UK LLP’s decision on this matter was.

Appendix C is a communication to Wirral Council’s external auditor in an attempt to clarify whether this took place.

On the 19th January 2015 I received a reply from Wirral Council audit Grant Thornton UK LLP. As you may or may not be aware the current engagement lead at Grant Thornton UK LLP is different to the engagement lead at Grant Thornton UK LLP for the 2013/14 audit. I can confirm that Grant Thornton UK LLP however are making enquiries and will respond as soon as they can.

If there has been an oversight and Wirral Council did not ask its external auditor to make a determination in relation to the many redactions it made to the hundreds of invoices I inspected and received copies of, I would hope that that arrangements could be made to inspect and copy the information I was incorrectly denied access to inspect and receive copies of last year.

You state later in your email:

The Council considers that it may be necessary to report this matter to the Information Commissioner’s Office and Dr Vincenti may wish to take his own action in connection with your disclosing his personal data

I will deal with the two interrelated matters raised here in relation to what you refer to as “personal data” of Dr Vincenti’s.

His surname “VINCENTI” is mentioned at the top of the invoice. Not redacted on the copy invoice supplied by Wirral Council is the phrase “Invoicing by Midex Pro for Dr Vincenti”. It is also stated that “cheques are to made payable to Dr. Vincenti”. Two addresses are also used on the invoice to send cheques to, one is a document exchange “DX 720874 Northallerton”, the sort code of 54-10-41 (which relates to a specific branch of a bank) is provided on the invoice for BACS payments and an email address of garethvincenti@btinternet.com is also given.

Dr Gareth Vincenti discloses his own email address, along with other contact details such as the address for correspondence on his website here [drvincenti.co.uk/contact.htm (at the time of writing this link worked however Dr Vincenti’s website is down as of 19th March 2015)]] . The document exchange address is published here http://www.expertsearch.co.uk/cgi-bin/find_expert?4052 and also elsewhere online.

Neither the sort code, nor the document exchange reference fall under s.3A as neither identify a particular individual or enable a particular individual to be identified as both would be used by multiple individuals.

You refer in my email to my right to inspect the invoice. Section 34 of the Data Protection Act 1998 deals with information available to the public under inspection by another enactment (in this case s.15 of the Audit Commission Act 1998).

As it is short I will quote it here:

34 Information available to the public by or under enactment.

Personal data are exempt from—
(a) the subject information provisions,
(b) the fourth data protection principle and section 14(1) to (3), and
(c) the non-disclosure provisions, if the data consist of information which the data controller is obliged by or under any enactment other than an enactment contained in the Freedom of Information Act 2000 to make available to the public, whether by publishing it, by making it available for inspection, or otherwise and whether gratuitously or on payment of a fee.

As to the invoice in question, the “personal data” of Dr Vincenti as you put it was available for inspection because of s.15 of the Audit Commission Act 1998, therefore s.34(c) of the Data Protection Act 1998 applies. It has not been established whether the auditor made a determination that any of it fell within the meaning of “personal information” in section 3A. Therefore at this stage, as you have not provided any evidence that the auditor made such a determination it means such “personal data” is exempt from the non-disclosure provisions that you refer to in your email.

You also state in your email that “which additions include the address of an employee/or former employee of the Council which is capable of amounting to personal data and in the context of the invoice capable of amounting to the processing of sensitive personal data.”

The address you refer to was a partial address. Had it been a complete address including house number, it could be argued that it would fall under the definition of personal information (as defined by s.15(4) of the Audit Commission Act 1998 see appendix B) which states that in order to qualify as personal information, the information “relates specifically to a particular individual”.

There are 60 different addresses in Forwood Road and 22 addresses that match that particular postcode. Wirral has a average household population of 2.17 per a household. Therefore the partial address could potentially relate to one of an estimated 48 individuals.

A partial address, without a house number does not therefore “relate specifically to a particular individual” nor does it enable a particular individual who may live at one of these addresses to be identified. It relates to a large group of individuals. Therefore it falls outside the definition of “personal information” as defined by s.4(1)(a) as it is not information that relates specifically to a particular individual.

Section 32 of the Data Protection Act 1998 on journalism, literature and art also applies here. I state my belief as data controller that I believe that having regard in particular to the special importance of the public interest in freedom of expression, publication of both the original invoice, a copy of the invoice with some of the text from the original invoice highlighted in green and this response including appendices to the response is in the public interest.

A very similar complaint to ICO was made in 2011 about a blogger called Derek Dishman who blogs under the nom de plume of “Mr Mustard” by Barnet Council. The exchange between Barnet Council and ICO can be read here https://www.whatdotheyknow.com/request/94886/response/237295/attach/2/R%20IRQ0426076%20ICO%20Barnet%20correspondence%20re%20ENQ0391446.pdf . To summarise ICO disagreed with Barnet Council’s incorrect assertions about this blogger (which seem broadly similar to those made by Wirral Council).

Finally you state “I do not consider that your right to inspect and the right to have copies made of relevant documents, then entitles you to disclose such documents to the public”.

I hope I have outlined (in much detail above) as to why you are incorrect in that assertion. This issue of the purposes to which information obtained by third parties using their rights to inspect and have copies of information held by local councils during the audit has already been dealt with at a previous judicial review case.

I refer you to R (HTV Ltd) v Bristol City Council [2004] 1 WLR 2717 which I have recently read. I quote from Elias J, the High Court Judge in that matter:

55. The premise here is that the provision requires the information to be used for a limited purpose or purposes. As I have indicated, I accept that Parliament probably did envisage that the information would be primarily in order to enable electors to raise questions with the auditor and ultimately raise objections. But the fact that those who have access to this information extend beyond those who can make such a request, or raise such an objection, shows that it cannot be the only purpose.

56. In any event, there is no express limitation in the statute as to the use to which this information can be put. I see significant practical difficulties as to confining the use of the material once it has been acquired.”

Finally, my last two points are as Wirral Council is the data controller for the complaint made to it by Dr Gareth Vincenti which refers to me, please class this response as a request exercising my right under s.7 of the Data Protection Act 1998 for a copy of Dr Gareth Vincenti’s complaint.

I further point out that due to what is referred to above I am exercising my right under s.10 of the Data Protection Act 1998 and request that Wirral Council confirm it will immediately cease to process further any personal data about myself in relation to the complaint made by Dr Gareth Vincenti or your email for the reasons outlined above as raising this issue in the way it has been is causing distress.

Yours sincerely,

John Brace

 

 

Appendix A (email from Surjit Tour to John Brace dated 15th January 2015)

from:

Tour, Surjit <surjittour@wirral.gov.uk>

to:

john.brace@gmail.com

date:

15 January 2015 at 16:38

subject:

Blog Posting of Invoices

mailed-by:

wirral.gov.uk

Dear Mr Brace,

I refer to your inspection of documents under Section 15 of the Audit Commission Act 1998, in connection with the audit of the Council’s accounts for the financial year ending March 2014. You were provided with copies of certain invoices in compliance with Section 15 (a) of the 1998 Act, which entitles you to make copies of all or any part of the accounts and those other documents. In redacting certain parts of those invoices, the Council relied on Section 15 (3A) of the Audit Commission Act 1998, as amended, which relates to personal information.

I do not consider that your right to inspect and the right to have copies made of relevant documents, then entitles you to disclose such documents to the public nor does it entitle you to alter the Council’s redacted documents, which alteration constitutes processing of data. The Council has received a complaint from Dr Gareth Vincenti concerning a posting made on your blog on 1 December 2014 entitled:

Do you want to know what 6 redacted legal invoices paid by Wirral Council on employment matters (including one from a consultant psychiatrist) state?

This posting included the copy of an invoice from Dr Vincenti which had been redacted by the Council. You had posted a second copy of the invoice, having altered part of the redactions to include information in green. You state on the blog posting:

I’ve supplied both the original and a partly redacted copy of this as the original is heavily redacted. My additions are in green”.

I have had regard to the guidance of the Information Commissioner’s Office,Social networking and online forums – when does the DPA apply?”

I consider that by altering the Council’s redactions to include additions in green, you have potentially processed personal data in breach of the Data Protection Act 1998, which additions include the address of an employee/or former employee of the Council which is capable of amounting to personal data and in the context of the invoice capable of amounting to the processing of sensitive personal data. I do not believe that you are entitled to rely on the exemption contained in section 36 of the Data Protection Act 1998, in that I consider you are using social media for non-domestic purposes. Section 36 contains an exemption for personal data that is processed by an individual for the purposes of their personal, family or household affairs. I am therefore requesting that you remove from your blog both copies of the invoice from Dr Vincenti immediately.

The Council considers that it may be necessary to report this matter to the Information Commissioner’s Office and Dr Vincenti may wish to take his own action in connection with your disclosing his personal data and the address referred to above.

Yours sincerely

Surjit Tour

Head of Legal & Member Services

and Monitoring Officer

Department of Transformation and Resources

Wirral Metropolitan Borough Council

Town Hall

Brighton Street

Wallasey

Wirral

CH44 8ED

Tel: 0151 691 8569

Fax: 0151 691 8482

Email:surjittour@wirral.gov.uk

Visit our website: www.wirral.gov.uk

**********************************************************************

This email and any files transmitted with it are confidential and

intended solely for the use of the individual or entity to whom they

are addressed. If you have received this email in error please notify

the system manager.

This footnote also confirms that this email message has been swept by

MIMEsweeper for the presence of computer viruses.

www.clearswift.com

Appendix B
Section 15 of the Audit Commission Act 1998 (as amended by s.160 of the Local Government and Public Involvement in Health Act 2007)

15 Inspection of documents and questions at audit

(1)At each audit under this Act, other than an audit of accounts of a health service body, any persons interested may—
(a)inspect the accounts to be audited and all books, deeds, contracts, bills, vouchers and receipts relating to them, and
(b)make copies of all or any part of the accounts and those other documents.

(2)At the request of a local government elector for any area to which the accounts relate, the auditor shall give the elector, or any representative of his, an opportunity to question the auditor about the accounts.

(3)Nothing in this section entitles a person—
(a)to inspect so much of any accounts or other document as contains personal information within the meaning of subsection (3A) or (4); or
(b)to require any such information to be disclosed in answer to any question.

(3A) Information is personal information if–

(a) it identifies a particular individual or enables a particular individual to be identified; and
(b) the auditor considers that it should not be inspected or disclosed.

(4) Information is personal information if it is information about a member of the staff of the body whose accounts are being audited which relates specifically to a particular individual and is available to the body for reasons connected with the fact—
(a)that that individual holds or has held an office or employment under that body; or
(b)that payments or other benefits in respect of an office or employment under any other person are or have been made or provided to that individual by that body.

(5)For the purposes of subsection (4)(b), payments made or benefits provided to an individual in respect of an office or employment include any payment made or benefit provided to him in respect of his ceasing to hold the office or employment.

Appendix C – Email to external auditor Grant Thornton

 

from:

John Brace<john.brace@gmail.com>

reply-to:

john.brace@gmail.com

to:

Robin Baker <robin.j.baker@gt.com>

cc:

“Chris Whittingham (Grant Thornton)” <c.whittingham@uk.gt.com>

date:

18 January 2015 at 18:48

subject:

query about whether Grant Thornton gave permission to Wirral Council during the 2013/14 audit for personal information on invoices should not be inspected/disclosed


Dear Robin Baker & Chris Whittingham,

During the 2013/14 audit I exercised my inspection rights to inspect various invoices and receive copies of them for the 2013/14 financial year under s.15 of the Audit Commission Act 1998.

Last Thursday I received an email from Wirral Council that stated “In redacting certain parts of those invoices, the Council relied on Section 15 (3A) of the Audit Commission Act 1998, as amended, which relates to personal information.”

S.15 (3A) of the Audit Commission Act 1998 was amended in 2008 to state:

“(3A)Information is personal information if—

(a) it identifies a particular individual or enables a particular individual to be identified; and

(b) the auditor considers that it should not be inspected or disclosed.”

Could you confirm that as Wirral Council’s auditor at the time whether a determination was made by the auditor that personal information on an invoice for £3,060 from a Dr Gareth Vincenti dated 31st December
2013 was made and if so which elements on the invoice the auditor considered should not be inspected or disclosed?

Could you also confirm as Wirral Council’s auditor at the time whether any determination was made by the auditor about personal information on any of the invoices I requested for the 2013/14 year was made and
if so the particular invoices and particular information that the auditor considered should not be inspected or disclosed?

If the auditor was not asked to make any such a determination could you state this too?

Thanks,

John Brace

If you click on any of these buttons below, you’ll be doing me a favour by sharing this article with other people. Thanks:

Is freedom of the British press over as UK blogging enters the age of George Orwell’s “Ministry of Truth” (1984)?

Is freedom of the British press over as UK blogging enters the age of George Orwell’s “Ministry of Truth” (1984)?

Is freedom of the British press over as UK blogging enters the age of George Orwell’s “Ministry of Truth” (1984)?

                                              

Ministry of Truth George Orwell 1984 comment removed
Ministry of Truth George Orwell 1984 comment removed

As I run a blog, I will declare an interest at the start of this article in that I am the operator of this blog. Before anyone accuses me of bias again (I will point out that much of the below is an opinion piece based on a recent court case, legal changes and experience).

One of the things I enjoy about writing (and reading other blogs) is that people do leave comments (although many others read without leaving a comment). The United Kingdom is however not an ideal place to base a high-tech business, which is part of the reason that in an ideal world doing what I do, I wouldn’t be based at all in the UK but somewhere that doesn’t have such a peculiar regulatory environment.

Previously the UK was well-known for its “libel tourism” because of the way the courts here operated when it came to libel. However from past cases certain things can’t be libelled, such as a political party or a local council. Even on matters published abroad, in the past lawyers had preferred to sue in the UK because of the way the court system was here and how easy it was to win their case (and how disastrous financially for the defendant even if they won!).

A lot of the laws that govern the media in this country were based on print publications and arguments about censorship have raged for centuries. A lot of the laws were written before the internet actually happened and were frankly, well overdue for reform. Eventually reform came.

For an example of what used to happen, I direct you to the case of what happened involving Carmarthenshire County Council. Details of the judgement in Thompson v James & Anor ([2013] EWHC 515 (QB) can be read by following that link.

Please note this next bit is in reference to Wales (a country within the UK that borders the Wirral but has a different set of laws and legal system (as well as political system) to here in England).

A local blogger there, Mrs Thompson sued the Chief Executive of Carmarthenshire County Council Mark James, alleging that he had libelled her. This was in reference to a letter written from Mark James that referred to Mrs Thompson that was published on another blog (that is not the blog of Mrs. Thompson) that writes under the nom de plume madaxeman.

When sued, the Chief Executive of Carmarthenshire County Council used public funds to pay his legal costs (Carmarthenshire County Council had provided him with an indemnity for his legal costs) and his legal team also counterclaimed against Mrs Thompson for references made about Mr. James on her blog which he took exception to.

The court dismissed Mrs Thompson’s libel claim, but upheld Mr James’ counterclaim.

Although the audit bodies in Wales in relation to Carmarthenshire County Council have questioned the issue of whether using public funds for his employer to pay the Chief Executive’s legal costs in a libel lawsuit is actually lawful, Mark James is now vigorously pursuing enforcement of the court order he was granted against Mrs Thompson through a Land Registry charge on her property in respect of damages awarded to him and the defendant’s legal costs (paid for by the taxpayer).

Partly to prevent the courts getting completely clogged up with libel cases (because let’s face it if everyone who had ever had anything written about them untrue online actually filed a lawsuit with the court that would happen), whereas in the past somebody could sue not only the author of a comment, but the publisher and the editor as well, the law was changed. The UK ended up with a new libel law (Defamation Act 2013), which completely reformed the old libel laws, introduced defences of truth, honest opinion and publication on a matter of public interest and also new regulations were introduced that came into force on 2nd December 2013.

The new libel law also introduced a test that had to met. Any statement that was claimed to be defamatory had to have “caused or is likely to cause serious harm to the reputation of the claimant”. The new regulations are referred to as the Defamation (Operators of Websites) Regulations 2013 and cover comments left on blogs.

This blog (and comments left on it) fall under the new regulations as I’m the operator of the blog and am based in the UK. In theory if I wasn’t based in the UK but the people leaving the comments were, their comments would probably fall under the new regulations too.

In relation to user generated content (such as comments) on blogs, it means that now the operator of the blog (such as myself) is not liable if the operator of the blog follows the rather strict procedure laid down in the regulations when a complaint is made.

The regulations can be read online, but basically as an operator of a blog if a complaint (that falls within the regulations or even a defective notice) is made about a comment on my blog, I have to within 48 hours (assuming the commenter complained about actually has provided an email address) get in touch with the poster of the comment and they then have 5 days to respond. I also at this stage contact the complainant too.

If no response is received from the person who left the comment within 5 days, the comment is removed, otherwise I’m in breach of the regulations. The person who left the comment has five days to respond and the regulations give them a variety of options which partially determine what happens next. For example they can withdraw their comment in which case it is removed at that point. There are however other options also available to them.

Other larger technology businesses aren’t entirely happy with the current regulatory framework under which they have to operate here in the UK and have published transparency reports as to complaints received and outcomes. I have decided it is high time that I did this too, especially considering the views of the media on censorship.

Out of many thousands of comments currently on the blog since the new regulations came into effect on the 2nd December 2013 there have been complaints so far about two. Detail is provided below.

However, I’d like some feedback from you the reader as to the level of detail provided below and how open and transparent I am being. Are there things you think I should include in future reports, that I am not including currently?

Obviously in the case of complaint #1 I’m not allowed to republish the original comment as that has concluded and the author of the comment has withdrawn it. However there seems to be a general pattern emerging as to the type of stories I get requests for comments to be removed on, doesn’t there?

==============================================================================================================
STATUS: Completed (comment removed 4th July 2014 see here)

Complaint number: Complaint #1

Comment author: John Hardaker

Complainant: Surjit Tour of the Metropolitan Borough of Wirral (Wirral Council)

Article comment attached to: Graham Burgess invites Wirral Council councillors to 5 days of the Open Golf Championship

Outcome: Comment author (Mr. Hardaker) decided to withdraw comment and text of comment was edited out with details inserted explaining why.

Note: see also partial transcript of BBC Radio Merseyside broadcast at Councillor Walter Smith “I must say I enjoyed lavish hospitality” which discussed this.

===============================================================================================================
STATUS: Completed (comment removed 13th October 2014)

Complaint number: Complaint #2

Comment author: James Griffiths

Complainant: He/she have chosen to remain anonymous

Article comment attached to: Graham Burgess (Chief Executive) announces he will retire from Wirral Council on 31st December 2014

Outcome: Comment author (Mr. Griffiths) sent email wishing to withdraw comment.

Note:

===============================================================================================================

If you click on any of these buttons below, you’ll be doing me a favour by sharing this article with other people. Thanks: