Information Commissioner's Office
ICO launches investigation into the use of private correspondence channels at the Department of Health and Social Care
A blog by Elizabeth Denham, UK Information Commissioner
The role of transparency as fundamental to democracy has never been clearer than in the past eighteen months. Government decisions about public health and civil liberties, about where we can travel and who we can see, about vaccines and testing, about supporting and reshaping economies – all these decisions are made on behalf of society by those in power. The effects of decisions taken during this time will be with us for years to come.
It is through transparency and explaining these decisions that people can understand and trust them. And it is through documenting these decisions that lessons can be learned to inform future decisions – something emphasised by the international transparency community last year.
That is why the suggestion of ministers and senior officials using private correspondence channels, such as private email accounts, to conduct sensitive official business is a concerning one. It concerns the public to feel there may be a loss of transparency about decisions affecting them and their loved ones. And as the regulator of data protection and freedom of information laws, it concerns me.
To be clear, the use of private correspondence channels does not in itself break freedom of information or data protection rules. But my worry is that information in private email accounts or messaging services is forgotten, overlooked, autodeleted or otherwise not available when a freedom of information request is later made. This frustrates the freedom of information process, and puts at risk the preservation of official records of decision making. I also worry that emails containing personal detail are not properly secured in people’s personal email accounts.
My office has looked at these issues in the past and produced clear guidance on the use of private communication channels, which has been available on our website for a considerable period of time.
The government’s own Code of Practice also sets clear standards, and emphasises the importance of good records management in ensuring public trust and confidence, particularly following a national crisis.
That is why my office has launched a formal investigation into the use of private correspondence channels at the Department for Health and Social Care, and has served information notices on the department and others to preserve evidence relevant to my inquiry.
That investigation will establish if private correspondence channels have been used, and if their use led to breaches of freedom of information or data protection law. We will publish the results of that investigation in due course.
The ICO has a range of powers following the completion of an investigation, ranging from good practice recommendations and enforcement notices, up to the option of criminal prosecution of individuals where information has been deliberately destroyed, altered, or concealed after it has been requested under the Freedom of Information Act. I will follow the evidence in this investigation where it leads and use all the powers available to me to ensure a full understanding of what has happened.
I will not comment further until the conclusion of our investigative work.
The practice of using private communications channels to conduct parliamentary and government business is not a new issue for my office. The ICO, successive governments and The National Archives have previously emphasised the important principle of transparency around government decision making, and the courts have also ruled on several specific information requests that touched on this area. We will continue to remind public authorities of the importance of good records management, and supporting them to get this right.
Latest News from
Information Commissioner's Office
We Buy Any Car, Sports Direct and Saga fined £495,000 after sending millions of ‘frustrating and intrusive’ nuisance messages.15/09/2021 13:20:00
The ICO has today announced fines totalling £495,000 to well-known companies that between them sent more than 354 million nuisance messages.
Blog: Sharing personal data in an emergency – a guide for universities and colleges15/09/2021 09:15:00
A blog by Viv Adams, Principal Policy Adviser in the ICO Parliament and Government Affairs team
G7 data protection and privacy authorities’ meeting: communiqué13/09/2021 09:10:00
The UK Information Commissioner’s Office (ICO) brought together data protection and privacy authorities from G7 countries, as well as guests from the Organisation for Economic Cooperation and Development (OECD) and the World Economic Forum (WEF), for a discussion this week on shared emerging challenges that need closer international collaboration.
Statement in response to DCMS consultation into proposed data protection reform10/09/2021 14:10:00
Statement given yesterday in response to DCMS consultation into proposed data protection reform.
ICO to call on G7 countries to tackle cookie pop-ups challenge07/09/2021 14:10:00
The UK Information Commissioner’s Office (ICO) will today call on fellow G7 data protection and privacy authorities to work together to overhaul cookie consent pop-ups, so people’s privacy is more meaningfully protected and businesses can provide a better web browsing experience.
ICO fines Glasgow company for making half a million nuisance calls05/09/2021 09:10:00
The Information Commissioner’s Office (ICO) has fined Glasgow-based company DialADeal Scotland Ltd (DDSL) for making more than half a million nuisance marketing calls.
Statement on DCMS announcement of next Information Commissioner26/08/2021 12:10:00
The Department for Culture, Media and Sport has today announced that John Edwards is the Government's preferred nominee to be the next Information Commissioner.
Blog: As the Children’s code comes in – what’s next?25/08/2021 12:25:00
A blog by Stephen Bonner, ICO’s Executive Director of Regulatory Futures and Innovation.