What stipulations can I put on a freedom of information request?

ldxo15wus6fpgm

Hypothetical situation.
If I needed a letter from a public body, let's say a hospital, stating the dates I began and finished treatment for something, and nothing else on the letter. Let's say I have made normal requests and they repeatedly send me a letter detailing my treatments and referrals etc. along with the dates I asked for. This is no good to me as I don't want this other sensitive info on the letter, because of the intended use for it - let's say it's for my bank.

Can I make a FOI request for the dates and also demand that they do not include any other information on the letter? Would they have to comply with the request in full or could they just send the same letter including all the additional info and say they've complied with my request?

Tabnabs

Take a big black marker, cross out the stuff you don't want a third party to see and give them the redacted copy.

Robbo

Simplify things: Use a black marker. Redact any information you see as excessive. Make sure that the redacted material isn't visible from the back of the page.

Pat Mustard

Arthur Numerous Stream wrote: »

Hypothetical situation.
If I needed a letter from a public body, let's say a hospital, stating the dates I began and finished treatment for something, and nothing else on the letter. Let's say I have made normal requests and they repeatedly send me a letter detailing my treatments and referrals etc. along with the dates I asked for. This is no good to me as I don't want this other sensitive info on the letter, because of the intended use for it - let's say it's for my bank.

Possibly consider getting a letter from your GP.

ldxo15wus6fpgm

Let's say that given the circumstances, a redacted letter will not be ok to use. Can I make such a demand under a freedom of info request and expect them to comply? Honestly I would think that I could, as I'm essentially asking them to not disclose peripheral information which is private.

Really Interested

Arthur Numerous Stream wrote: »

Let's say that given the circumstances, a redacted letter will not be ok to use. Can I make such a demand under a freedom of info request and expect them to comply? Honestly I would think that I could, as I'm essentially asking them to not disclose peripheral information which is private.

You can only seek data they have, a letter you ask them to create is not data as it does not currently exist.

ldxo15wus6fpgm

I am asking them to disclose info A without disclosing info B on the same document. They have all of this information on file. They are two separate pieces of information and so I should surely be able to have info A sent to me without info B?

huskerdu

I can understand your frustration that they will not create the letter exactly as you have requested it but I don't see how FOI can help.

A FOI is a request for the information that they have on file on you. They are not obliged to format it to suit you.

They have already sent you this information, so the FOI request is for info which you already have, just in a slightly different format.

mel123

They will edit the information and put whatever you want or dont want in it....for a nice hefty fee of course!!

ideb

As @really interested and @huskerdu have said, you cannot get a letter in the format you want under FOI. FOI is for the release of records that are held on file in the public body. So in other words they would be printing out or photocopying documents that they have on file. If the record isn't there, they don't have it so they can't release it. You could try asking them to give you a letter listing all dates you attended the hospital or just the date you first attended and the last date you attended for a treatment. This link may help you get what you are looking for; http://www.citizensinformation.ie/en/health/legal_matters_and_health/access_to_medical_records.html

Just don't look for it under FOI. That will involve a lot of red tape and obviously isn't getting you the letter that you need for this "Hypothetical situation". ;-)

Miaireland

Write out exactly what you want in the letter as To Who1m it may Concern, John Joe received treatment/ was an in patient etc. As thay they copy the letter onto their headed paper. Include a copy of the letter they sent 1you with the exact details highlighted. Some people don't think and just print off everything. Might be easier that fre

d9oiu2wk07blr5

OP, contact the doctor's secretary and ask him/her for a letter documenting the dates of treatment and explain why you need it and what exactly you need to go into the letter. You can put in a FOI request for your records too and specify that you're only looking for a letter with the dates that you commenced and finished treatment. Go with the first option though.

Losty Dublin

When I worked in the FOI part of a government department, when it was blatantly obvious who and what was required we often would pass on certain requested informations to the requesting party outside of FOI. The benefits of this was that it bypassed a lot of the delays that came with formal requests, assessment and file retrieval that came with applying FOI to the letter of the law, as well as saving us and Joe Public paperwork*. Perhaps you could go to the source and explicitly ask them what you want and why and in a specific format.

*This is by no means a formal policy within the Public Sector so please don't presume it will be done all of the time.

Fred Swanson

This post has been deleted.

Raycyst

OP, you need to use the Data Protection Act.

The bank wants the hospital dates from you. They do not want the other information.

You have to explain to the bank that the only formal document you have which contains the dates also contains other, highly sensitive, personal data. You have to ask the bank what to do.

You have already done this and the bank say they need the un-redacted document. You then have to ask the bank, under the terms of the DP Acts, why they want the other personal info on the letter.

The bank cannot say that they don't want the info given that they are refusing to allow you to redact it.

The bank may think about this and conclude that the reason they won't allow you to redact the document is because they want to be able to assure themselves that the document is legitimate.
Your response to this is that in your opinion redacting a document does not affect its legitimacy, nor does it affect the ability of the bank to confirm its legitimacy.


If the bank insist upon receiving an un-redacted document they need to comply with the DP Act in respect of all of the info on the document, including the info they say they don't need.
The DP Act requires that organisations only ask for, and only receive, infomation which they have a reason to receive. The bank must also be prepared to give you the reason they need the info.

The bank cannot on one hand say they don't need the info and then say on the other hand that they must receive the info.



The bank may say that this is your problem. That you must obtain a letter which you can submit to the bank in an un-redacted form.
You can challenge that.
You can say that it is proving impossible for you to receive or to produce the document the bank describe as it doesn't exist. That the best you can do is provide a redacted document. You cannot afford to have the redacted document verified by a solicitor or a commissioner for oaths.

The bank must accept the redacted from you unless they state clearly that redacted documents are unacceptable, or unless they provide reasons as per the DP Act for all of the info they want to receive. Stating that redacted documents are unacceptable in all cases is unreasonable.

If they refuse to allow you to redact a document then they must be considered to be asking for the infomation they refuse to allow you to redact. Therefore, the Data Protection clearly applies.

NUTLEY BOY

The thing I found out quite quickly about FoI released data it that it is not a narrative or a version of the information held. In some respects it is akin to the civil process of discovery e.g. here is what we actually have in our possession and in this form.

You also need to take care about how a FoI request is worded. Requests for highly specific information get equally specific replies that might not actually embrace what you thought you were asking for. Likewise, scattergun generalised requests might not do it either. It is better to make the request reasonably specific but broadly enough worded so that material you get is not conveniently or inconveniently inadequate.

Although the FoI material you obtain might not be redacted there is a potential problem with credibility if you redact before passing it on as supporting documentation i.e could the redacted material be hiding something materially relevant as distinct from that which is actually irrelevant. It's all about good draughtsmanship

Clareman

AFAIK, a Freedom of Information request will get you a copy of all data held on you, if there is details belonging to others in the file (e.g. a list of people in the same ward) then the information will be retracted. If you are looking for information for a specific reason from a third party then the third party should outline what information they want for the other party to confirm, for example, if a bank want confirmation that someone was in hospial for 2 weeks then they should write a letter looking for confirmation of the facts outlined.

ldxo15wus6fpgm

Raycyst wrote: »

OP, you need to use the Data Protection Act.

The bank wants the hospital dates from you. They do not want the other information.

You have to explain to the bank that the only formal document you have which contains the dates also contains other, highly sensitive, personal data. You have to ask the bank what to do.

You have already done this and the bank say they need the un-redacted document. You then have to ask the bank, under the terms of the DP Acts, why they want the other personal info on the letter.

The bank cannot say that they don't want the info given that they are refusing to allow you to redact it.

The bank may think about this and conclude that the reason they won't allow you to redact the document is because they want to be able to assure themselves that the document is legitimate.
Your response to this is that in your opinion redacting a document does not affect its legitimacy, nor does it affect the ability of the bank to confirm its legitimacy.


If the bank insist upon receiving an un-redacted document they need to comply with the DP Act in respect of all of the info on the document, including the info they say they don't need.
The DP Act requires that organisations only ask for, and only receive, infomation which they have a reason to receive. The bank must also be prepared to give you the reason they need the info.

The bank cannot on one hand say they don't need the info and then say on the other hand that they must receive the info.



The bank may say that this is your problem. That you must obtain a letter which you can submit to the bank in an un-redacted form.
You can challenge that.
You can say that it is proving impossible for you to receive or to produce the document the bank describe as it doesn't exist. That the best you can do is provide a redacted document. You cannot afford to have the redacted document verified by a solicitor or a commissioner for oaths.

The bank must accept the redacted from you unless they state clearly that redacted documents are unacceptable, or unless they provide reasons as per the DP Act for all of the info they want to receive. Stating that redacted documents are unacceptable in all cases is unreasonable.

If they refuse to allow you to redact a document then they must be considered to be asking for the infomation they refuse to allow you to redact. Therefore, the Data Protection clearly applies.

Let's change the hypothetical in this case, for simplicity. Let's say the 'bank' is instead a state body who would claim that any information on the letter may be relevant and therefore they request a non redacted document. I am (again hypothetically) seeking to avail of a service this state body provides and they can withhold this service until I provide the requested information. While they have not requested the secondary info they could claim it is or may be relevant and therefore I cannot redact the letter I have.

The letter I have is mostly made up of the secondary info and redacting it would mean blacking out most of the document. I know from professional experience this is generally seen as suspicious at best. Given the nature of the services I seek from the state this would not work in my favour and so this is not an option.

Let's say I have contacted the Secretary of the medical body where I was treated and they have been most unhelpful and will not send me anything other than the letter containing the peripheral sensitive info which I do not want to pass on to anyone.

I am essentially out of options in my hypothetical, as the medical Secretary will not (voluntarily) do any more for me. What could I do here?

Raycyst

Yes, it is tricky.

The state body is almost certainly subject to the Data Protection Acts, unless they're the Guards.

The state body should only be requesting information which they need and they should be clear about what their purpose is.
I was thinking more about this and it seems clear that any state body must refuse to receive any information which they don't explicitily need. If they were to knowingly and wilfully receive information which they don't need that would appear to be a straightforward breach of the DP Acts.
Therefore, they need to explicitily refuse to receive any information which they don't explicitily need.





Say for example you wanted to claim a benefit from a state body, and the benefit was paid based on the number of days you were an in-patient in a hospital then the purpose is pretty clear. They need to know the dates of your hospital stay. They don't need the name of your doctor for example, or any other information.

Although you're redacting a large part of your letter that's because a large part of the letter is not relevant. You can explain in an accompnying letter why the letter is redacted.
If all they need is the dates then they now have the dates. The only objection they can raise is to say that maybe the dates printed at the top of the letter, which they can see, are perhaps contradicted further down the letter and they need to check that. That would be silly for them to say that.
What other objection can they raise? Your position and explanation is perfectly understandable.


It's interesting that you think they'll want to see the info to see if they need it or not. In my opinion that's not consistent with the DP Acts although it may be in some very unusual circumstances which may or may not exist.
I'd be surprised if they were to say that. If they did you'd have to really ask the DP Commissioner if a state body can do that; ask for info in order to see if they need the info or not. The state body should be able to describe the types of information they might need and the types of information they definitely don't need. That's a start. You should be allowed to judge the various types of info on your own letter.

You can describe the nature of the redacted info. You can say it names your doctor for example and describes your treatment. If they only want the dates they don't need this.
Perhaps they might think your hospital stay covered two treatments, and you are only allowed to claim from them for one treatment, therefore the dates they can see may not be the correct and appropriate dates.
In that case you merely say that you are asserting that the letter is accurate and that the dates are the correct and appropriate dates. What more can they say?


The Data Protection Act is very powerful and it's very effective with state bodies. They need to be prepared to give an explicit and specific reason for every piece of info they request.

Raycyst

I can give more info on some issues raised.

Some interesting legal issues.

People can be genuinely unsure if some personal info is needed by a state body or not. They might not know how to find out and it could be that asking the state body for advice might be the easiest way of finding out.

The state body should only at first ask for a description of the info, rather than the info itself. If they can't tell based on the description that's where the fun starts.


If you provide information itself in order that a state body can determine if that info is needed for a second purpose, then you have just given the state body another purpose for having the info; that they need it in order to determine if they need it for a second unrelated purpose.

The interesting thing is that even if the state body determines that they don't need the info for the second purpose, they still need the info for the first purpose. The first purpose was determining whether or not they need the info for the second purpose!


So, the state body cannot force you to submit information which they might not need but I suspect that you can choose to give them information in order to receive advice.

If you choose to give them information then you have given them a new purpose which is seperate and distinct from the original purpose, and they might want to keep the info for this new purpose even if they determine that the information is not needed for the second original purpose.


This raises even more issues. Specifically that the first purpose (of determining whether or not they need the info) expires at the point they make their determination.

The DP act speaks of expired purposes and personal data in respect of expired purposes is not needed and should be deleted.

However, what if the data is integrated into several email systems and contained in backups?
Is it possible to remove all references to the data from all systems and from all backups?
What if the data is mentioned in emails alongside other info which needs to be kept? Can some parts of emails be deleted while other parts are kept?


I suspect the DP Comissioner would allow the state body to keep the info on file despite the fact that their purpose has expired.

These issues suggest to me that you should refuse to give info to a state body unless they demand it.