The Information Commissioner's Office has published some new Guidelines for Organisations, regarding the use of Anonymous or Pseudonymous Names by people who submit Freedom of Information Act requests:
Guidance on Valid request - name and address for correspondence (.pdf)
The name of the applicant
The use of the phrase "the name of the applicant" in section 8(1)(b) indicates that the real name of the applicant should be used when requesting information and not any other name, for example, a pseudonym.
Although one of the underlying principles of the FOIA is that the identity of the applicant is not taken into account, it can be relevant in certain circumstances. For example, when:
a request is being made by the applicant for his/her own personal data and so would be exempt under section 40(1) of the FOIA (and would comprise a subject access request under the Data Protection Act 1998);
- a request is being made by the applicant for his/her own personal data and so would be exempt under section 40(1) of the FOIA (and would comprise a subject access request under the Data Protection Act 1998);
- a public authority has good reason to believe a requester is using a pseudonym to shield his/her identity in order to avoid the possibility of the request being considered as vexatious or repeated; or
- determining whether to aggregate costs for two or more requests in accordance with the Fees Regulations.
Therefore, we are of the view that it was the intention of the legislation that an applicant should provide their real name so that the request can be processed in accordance with the requirements of the FOIA.
We do not have a problem with Public Authorities refusing personal data about the FOIA request submitter (which needs to be requested via the Data Protection Act) or suspected "vexatious or repeated" requests, or when aggregating any Fees which are being charged.
When determining whether or not a request is "repeated" or "vexatious", surely the Name or Pseudonym is irrelevant, surely it is the content of the request which reveals if it is a repeat of a previous one or not ?
We do strongly object to the ICO's insistence on "real names" in all other circumstances, when it should be utterly irrelevant to the Public Authority who exactly is making the request.
The Name and Address "for correspondence" should only be to facilitate the actual delivery of the disclosed documents or information.
It is all very well for the ICO to claim that "one of the underlying principles of the FOIA is that the identity of the applicant is not taken into account", but there are no criminal penalties which apply to individual bureaucrats or organisations who abuse this principle, are there ?
There will be a chilling effect on insiders who know or suspect, that there is some information which a Government department is hiding from the public, who will not now be willing to make an Freedom of Information Act Request for it, because they fear for their careers or other consequences, if they have to provide their real names.
People who make Freedom of Information Act requests need at least as much protection from petty bureaucrats, who may be in a position of power relative to them, just as internal whistleblowers do. Public Authorities (and large private sector companies) already log the details of "complainants" into dubious databases, and share this data with other organisations.
What constitutes a real name?
We consider that a relatively informal approach is also appropriate in this context. Therefore, title and/or first name with surname satisfies the requirement for provision of a real name, as does the use by a female applicant of her maiden name. The prime consideration is whether enough of a person's full name has been provided to give a reasonable indication of that person's identity.
Example:
Mr Arthur Thomas Roberts could satisfy section 8(1)(b) of the FOIA by stating his name in a request for information as "Arthur Roberts", "A. T. Roberts", or "Mr Roberts", but not by stating his name as "Arthur" or "A.T.R."In the case of a company, it is not necessary to provide the full registered name. It will be acceptable to provide another name which exists as a real entity, such as a trading name.
Similarly, a sole trader could provide his or her real name or trading name.In most cases, it will be reasonable for a real name to comprise a name by which the person making the request is widely known and/or is regularly used
The only bit of good news in this new ICO Guidance is confirmation that email addresses are just as acceptable as postal addresses.
An address for correspondence
The requirement is for an address to be supplied such that it enables correspondence to reach the applicant.Postal address
A postal address will meet this requirement. This does not have to be the applicant's own address, and it is acceptable for the applicant to provide a "care of" or PO Box address.Email address
An email address also satisfies the requirement of section 8(1)(b) that the applicant should provide an address for correspondence. Support for this is found in the FOIA as follows:
- a request for information can be made by email.
- the access regime is a relatively informal one - for example the applicant does not have to state formally that the request is being made under the FOIA
Where will all this leave Freedom of Information Act request portals like MySociety.org's WhatDoTheyKnow.com or even our own Spy Blog UK FOIA Request blog ?
Given how often Government officials try to hide their own names and job titles, and especially photographs of themselves, (i.e. literally faceless, nameless bureaucrats), from the public who they are supposed to be serving, this latest Guidance by the ICO is wrong. and should be amended in our favour, as soon as possible.
Although the timing is interesting, it's worth remembering that all the Commissioner is really doing is extrapolating the text of the Act itself. Section 8 (1) (b) states "the name", not "a name". It might be inconvenient, but it's difficult to interpret the FOI Act as requiring anything other than the applicant's real name.
However, I think what might happen is that a few organisations who don't like emailed requests, or ones routed through WhatDoTheyKnow, will use this guidance as justification to block requests. This will only cause problems for the Commissioner in unravelling pointless complaints over requests that should have been answered.
We, at WhatDoTheyKnow, have updated our help to reflect this new guidance, and recent behaviour by the ICO refusing complaints about requests made using pseudonyms.
http://www.whatdotheyknow.com/help/about#real_name
It is a flaw in the law - it is so easy to get somebody else to make a request for you, it hardly seems worth the bother of forcing people to use their name.
I doubt the ICO would look favourably upon an authority trying to use this as a reason to refuse requests filed by WhatDoTheyKnow using people's real names.
They would, logically, have to also refuse any requests sent by email or by post, as they could just as easily have made up names, and in the case of email, made up addresses (e.g. a new Hotmail account).
Why should people not be able to request information about themselves under the freedom of information act? Surely if this information was gathered using public money then it belongs to the public. Also, people should be able to reasonably ensure that the information being stored about them is accurate, and that they are not being unfairly misrepresented.
@ Bob Mottram - you are supposed to use the increasingly crippled Data Protection Act to request information about yourself, and that has the usual "national security" and "for the "prevention, detection or prosecution of crime" exemptions.