Out-Law News | 27 Mar 2018 | 12:12 pm | 1 min. read
In a speech at University College London last week, Elizabeth Denham said she is giving "serious consideration" to how the Information Commissioner's Office (ICO) "might be more pro-active in ensuring compliance with the law".
"We respond to complaints, but from a systemic perspective, I believe that own-motion compliance investigations can be a valuable adjunct to our complaints work," Denham said.
"As an example, as information and privacy commissioner for British Columbia I conducted an audit of the City of Vancouver’s compliance with its legislated duty to assist access applicants. The audit led to changes in the City’s handling of FOI requests and guided other public bodies in British Columbia. The European Ombudsman, Emily O’Reilly, has undertaken work of this kind and I believe that institution-specific audits or reviews will be of similar benefit in the UK," she said.
The ICO already has the power to apply to court for a warrant to enter the premises of public bodies, and inspect and seize documents, where they can show that there are reasonable grounds for suspecting the public body is not complying with FOI rules.
In her speech, Denham also reiterated her previous calls she has made for FOI rules to be extended to businesses that perform the functions of public bodies in an outsourcing capacity.
She said: "As important public functions devolve to the private sector, we must ensure that the public’s right to know is not made illusory. For this reason, I will continue to call on government to extend the right of access to service provider records that relate to the delivery of public services. Not all records need be accessible, but it is vital that a fulsome record of actions related to delivery of public services be created and be available through FOI requests and proactive disclosure."
Denham also said that she is keen for organisations to factor in how to provide for the right to information when designing new systems, in the same way that it has become "routine" for organisations to design new systems with privacy in mind.