Disclosure of Request Letters Handled in Different Ways

31 January 2014

Request letters – the core instrument used to ask for government information – are themselves disclosable in many jurisdictions, but the names of the requesters are commonly kept confidential, according to a FreedomInfo.org sampling of practices in a dozen countries.

Some countries make available public logs with short summaries of all requests.

Such “FOI Logs” exist in Canada, Mexico, the United States and at the Asian Development Bank.

In many places, however, such logs are nonexistent. In some countries, such as Russia, no information is available about requests.

In most of the countries that provide any information about requests, the names of requesters are not disclosed, nor is identifying information such as addresses and phone numbers. Authorities cite privacy concerns. The United States releases requester names, but not identifying information.

In at least one country, Georgia, a distinction is made between the release of individuals’ names (prohibited) and of the names of institutions (allowed).

For close observers of governments, access to request letters and summary logs provides valuable information, a “treasure trove” as one US journalism group termed it.

Keeping logs and proactively releasing information that has been provided pursuant to previous requests are good practices, not only from an openness perspective, but also at the level of administrative efficiency, according to Toby Mendel, executive director of the Centre for Democracy and Information, based in Halifax, Canada, who has written extensively on comparative FOI practices.

The countries covered in this report are: the United States, Australia, Mexico, the United Kingdom and Scotland, Lithuania, Georgia, India, Ireland, Lithuania, Slovenia, Russia and Romania.

Controversial Topic, Trends

Active debate about disclosing requester’s information exists in a number of countries.

In India, the law seems to favor disclosure not only of requests, but also of names and addresses. This has been complicated by a recent court ruling supporting nondisclosure of identifying information. There’s an ongoing debate about protecting requesters against reprisals.

In the United Kingdom, a leading FOI advocate has argued strongly against proposed legislation to mandate the release of requester names.

There appears to be some movement toward preparing summaries of requests, without names.

In Australia, the State of Queensland recently announced plans to prepare a log. In Ireland, creation of such a log has been recommended by an expert panel.

At the World Bank, consideration is being given to creating summaries, a practice followed by the Asian Development Bank. Bank staffers recently decided not to release requester letters after FreedomInfo.org sought access to requests sent to the Bank in October. The request was denied on privacy grounds. FreedomInfo.org will appeal.

New nonprofit services springing up to help with the online  filing of FOI requests also have had to address the issue.

The British website What Do they Know has been used to facilitate nearly 200,000 requests. On the site, individual requests and responses can be viewed. Names of the requesters are viewable, but not addresses or direct contact details. A similar policy is observed on the US site MuckRock.

Names Released in United States

In the United States, the names of requesters are public.

Agencies typically redact personal information such as addresses or Social Security numbers, however.

The US courts have largely settled the issue, ruling that FOIA requesters do not ordinarily expect that their names will be kept private, according to the Department of Justice Guide to the Freedom of Information Act (Page 19 in the section on Exemption 6). “FOIA requesters . . . have no general expectation that their names will be kept private” according to the federal court in the District of Columbia in 1980. Another court made an exception in 1991, supporting the protection of the name of high school student who requested information about wiretaps on Jimmy Hoffa, a union leader with reputed connections to organized crime.

One caveat: requests can be, and are, made by third parties to disguise the source. A number of such services exist in the US, largely working with corporate clients.

One such service, FOIA Group Inc., says on its homepage:

For a low fixed fee our legal staff files and coordinates each FOIA request to ensure that our clients obtain the most cost efficient information release while ensuring them 100% anonymity and confidentiality.

US FOI Logs Widely Available

Many government department and agencies, but not all, provide online lists of summarized requests.

For example, a FOI Log at the Department of Homeland Security contains this entry in its FOI Log for requests on 2012:

On October 10, 2012, Melissa Ramos, an individual with Govsphere Inc., Syracuse, NY, requested from the Department of Homeland Security (DHS) a copy of the full text proposal submitted by the winning bidder of Solicitation #HSH QDC-12-Q0010198 for Geospatial Information Infrastructure Program Management Support Services.

DHS redacts some information besides that of the requester, such as names of others referred to in a request.

There is some variation in the frequency of releasing logs and how up-to-date they are.

The US Coast Guard issues quarterly reports via its FOIA Library. The U.S. Department of Agriculture Animal and Plant Inspection Service has a page with monthly lists of requests (dating back to October of 2010).

An entry about a request from Terry Torreance says:

Requesting copies of all International Health Certificates and VS 10-13 owner/shipper forms for all loads of horses shipped to Petit Nations plant in Quebec for slaughter by Leroy Baker/Sugarcreek livestock from January 1, 2011 to December 31, 2011.

As agencies use better software to track requests, producing the logs become easier, according to frequent requesters. Still, even a quick check suggests unevenness in handling logs.

At some agencies, FOI logs are available on request but not posted, such as the Federal Trade Commission where 30 years ago copies of requests were accessible in three-ring binders in the public records room. The Interior Department posted the request logs, but appears to have stopped the practice in 2011.

Experience With FOI Logs

Several nonprofit sites in the US, MuckRock and Goverrnment Attic, are repositories for FOI logs from government agencies.

Jason Smathers may hold the national or world record for requesting agency logs and putting them online. “The first time I did them was around 2009 or 2010 and I asked for them from about 100 agencies. My list of agencies has grown and I asked for about 250 of them last year.” On his Twitter page he describes himself as “Christian, Husband, Father, Pastor @ Golden Shores Community Baptist Church, FOI Geek.”

In his experience as a FOIA log publisher, Smathers said, “I’ve never had anyone upset that I put the log online.” Another log poster also reported that only about once a year was there a request to remove a name.

Value of Information

The potential value in exposing FOI requests is addressed by the US group, the National Freedom of Information Coalition. Its website includes a page of advice on requesting FOI letters and enthusiastically discusses their value.

A FOIA log is a treasure trove of information, invaluable for seeing: (1) What information is requested from agencies (2) Whether multiple requests for the same information are being received — indicating a hot issue that may merit further investigation and (3) Who is requesting the information.

The key benefit is that any information previously released under a FOIA request is, in most instances, available for you to request immediately. With the information from the log, you can pinpoint requested material down to the case log file. These specifics reduce guesswork on your part and possible foot-dragging by officials processing your request.

Similarly, Smather cited a variety of advantages to making request public. He told FreedomInfo.org:

1) They show how quick the agency is currently responding.

2) Often the records other people are requesting are interesting and can easily be requested.

3) If a request seems to be very old, and has no response, requesting it yourself may cause the agency to speed up the processing. Many frequent FOIA requesters give tips to one another when there are interesting documents that they are waiting to have released in hopes that others share an interest and also request the same records. Sometimes a very old request deserves a “good Samaritan” request for the same records to help out whoever has been waiting so long.

4) They reveal systems of records that may be of interest for further FOIA requests and provide new ideas in many ways for related or similar records.

Indian Court Rules for Anonymity

“This is an interesting issue which we are grappling with in India,” according to Venkatesh Nayak, Programme Coordinator for the Access to Information Programme at the Commonwealth Human Rights Initiative.

“Under the law nothing prevents a public authority from disclosing information requests received and processed by its designated officer to strangers, Nayak told FreedomInfo.org.

In fact, the Department of Personnel and Training, which oversees RTI administration, in memorandum No.1/6/2011-IR, dated April 15, 2013, directed: “1.4.1 All Public Authorities shall proactively disclose RTI applications and appeals received and their responses, on the websites maintained by Public Authorities with search facility based on key words.”

This was in effect in some places. Nayak described: “Earlier the Indian Railways had set up a website displaying the scanned versions of all RTI applications received, names, addresses and all along with the replies given. However that website has been taken down recently without much explanation.”

Indian Court Rules on Addresses

Complicating things, the Calcutta High Court recently ruled that an applicant must not be forced to disclose his contact address in the RTI application as that could be misused, Nayak said. Requesters may provide a Post Box No. for replies, but this will create problems because only ordinary mail and small packets can be fitted into post boxes, Nayak noted. “The practice in most public authorities is to send replies by registered mail which indicates proof of delivery. Such mails will not get delivered to a post box.”

Nayak expressed concern that “some public authorities would disclose the contact details of an applicant to a third party whose information was sought in the RTI application.” This “could endanger the applicant’s life and safety,” he said.

“So many of us raised our voice against such practice. So the practice in some States is to send only the name but not the contact details to the third party while inviting their consent/objection to disclosure,” Nayak reported.

On the basic issue, Nayak said, “Many RTI activists believe that all RTI applications must be in the public domain as they are about transparency. However the system should be robust enough to quickly penalize anyone who misuse personal details to harass or attack a requestor.”

Masking the name and address of the requestor “may not find favour in India as many RTI supporters believe all this information must also be publicly available,’ according to Nayak. “The reasoning is that it would be absurd to exercise the fundamental right to know in secrecy. This issue has not been resolved yet.”

Georgia Makes Distinction

A distinction is made in Georgia between that handling on requester letters from individuals and from a company, NGO or other legal entity.

A letter from an individual would have the requester name and personal information deleted, according to Giorgi Kldiashvili, Director of the Institute for Development of Freedom of Information, in line with the  Personal Data Protection law and General Administrative Code of Georgia and Constitution.

“But you will receive full information if the requester was the company or NGO or any legal entity,” he said. This information is included in FOI reports published on the websites of government institutions according to the proactive disclosure obligation.

Mexico Has Online Platform, No Names

Information about requests for information made under the Mexican Right to Information Law (RIL) are available through the INFOMEX platform.

If requesters want to make their names public you can access their names, explained Lourdes Morales, director of the Accountability Network.

A tool called “zoom” provides a search engine of public information requests and appeals resolved by the Federal Institute of Access to Information and Data Protection (IFAI). The user can enter key words and phrases in the system, and it will show relevant requests and appeals.

However, the name of the requestor is not shown, reflecting  privacy concerns.

ADB Keeps Log

The Asian Development Bank maintains a log of requests, fairly up-to-date, that includes short summaries, but not requestor names.

The listings, dating back to 2005, provide the ADB case number, the country from which the request came, the date of receipt and handling, a brief description labeled “title” and an entry about the response labeled “document type.”

One entry is about “TA 4694 (37600-012)-PRC: Urban Poverty Strategy Study” and the document type is “Technical Assistance Consultants’ Reports.”

A separate list is kept of “denied Information requests,” also without requester names.

A request for information about “Project 37269-REG-CAM: GMS Rehabilitation of the Railway in Cambodia” was denied because “PCP para. 97(i) and (ii): Disclosure would, or would be likely to, compromise the integrity of the deliberative and decision-making process within ADB and between ADB and its member by inhibiting the candid exchange of ideas and communications.”

An ADB official told FreedomInfo.org: “Our policy does not require the names of the requesters to be disclosed. Para. 134 of ADB’s Public Communications Policy only requires ADB to post the list of requests reviewed, and the corresponding decisions, i.e., fulfilled or denied, with the reason for the latter. This is also in line with the practice of other international financial institutions. In any event, the identity/name as well as email address of the requestor of a particular information request are not disclosed as a matter of privacy.”

Privacy is also cited as the reason not release the full request letter. “We also do not disclose a full request letter (with or without names) for the same reason of the privacy of the requester or any third party mentioned or referred to in the letter,” according to Robert Paul S. Mamonong, Associate Communications Coordinator (Information Disclosure).

World Bank Denies Request

The World Bank is considering a pilot project to release summaries of requests, according to a World Bank official.

In the meantime, the Bank has rejected a FreedomInfo.org request for a small sample of requests.

In doing so, the Bank chose to rely on a section of its access to information policy that denies access to information if disclosure “is likely to endanger the life, health, or safety of any individual, or the environment.” The Bank chose not to release the letters with such information redacted.

FreedomInfo.org intends to appeal the decision.

Partial Disclosure in Scotland

In Scotland, there is no requirement for authorities to provide information about or arising from information requests but several choose to do so, according to former Scottish information Commissioner Kevin Dunion, now Executive Director of the Centre for Freedom of Information, School of Law, University of Dundee.

“Those which give information about the request itself tend not to provide personal information about the requester, citing data protection concerns,” he said. “So the request is often summarised and anonymised.”

The Scottish Code of Practice in part 6.2 on establishing and maintaining a ‘disclosure log’ states that: “Authorities are encouraged to maintain a “disclosure log” of information requests, i.e. a publicly available description of some or all of the information which the authority has previously released under the regimes with, where feasible, direct online access to the information itself. Authorities may, for example, list all requests received or only those where the information is likely to be of interest to the wider public. Personnel working in public bodies should be familiar with any such log and be able to provide guidance to potential applicants on how to make use of it. Maintaining a disclosure log may pre-empt information requests, by highlighting what information has already been made available.”

Some agencies give quite full details regarding their response and associated information disclosed.  The Scottish Parliament, for example, maintains a “disclosure log,” that is an up-to-date database of requests in response to which information is disclosed.  The Edinburgh City Council maintains a log which summaries requests made, date received; date resolved. Links to the specific responses are sometimes given and information disclosed, but again anonymized.  http://www.edinburgh.gov.uk/info/20249/disclosure_log?month=2014-1

The Scottish Government similarly maintains a disclosure log which is also up-to-date but includes only the information disclosed as a result of requests but not details of the specific response or reply to individual requests, Dunion said.

The Scottish Information Commissioner’s decisions are publicly available. The decisions page gives the name of the requester and of the authority involved, although in certain cases the name of the requester is anonymized to prevent disclosure of sensitive personal data, e.g. if the requester is a prisoner.

Room for Improvement Seen in Ireland

In Ireland there is no statutory requirement to publish details of requests but a few government departments have voluntarily included disclosure logs on their websites which contain details of FOI requests, according to Maeve McDonagh, Professor of Law at University College Cork.

She and several others prepared a short report last year for the purpose of informing the development of a Code of Practice for the operation of FOI in Ireland. The report recommends the introduction of disclosure logs and sets out the features that such logs should have. “It is expected that this recommendation will be included in the Code of Practice to be developed under the new FOI Act which is currently going through the Irish parliamentary process,” she wrote FreedomInfo.org.

The group of external advisors wrote, “There are clear benefits for public bodies in adopting an approach to FOI that recognises and facilitates greater utilisation of technological developments. Disclosure logs could be a first step, with data made publicly available ideally conforming to open data standards.”

The report goes into greater detail and on privacy takes the position that requesters, and third parties consulted about a release, should be apprised of the possibility of publicity. “Standard letters of acknowledgement to requesters should be used as an opportunity to apprise requesters that their requests, including name of the requester, will be placed on disclosure logs.” The recommendations concluded, “Given the breadth of its recommendations for release of information outside of FOI, the Group considers it advisable that the legal position regarding such wider release be assessed and if required, any appropriate legal protections, consequent on its recommendations, be also provided.”

A First in Australia

“In a first here,” according to Australian FOI blogger Peter Timmins, the State of Queensland in 2013 included a provision in the Right to Information Act to the effect that once an agency or Minister receives a valid RTI access application, the date of the application and what the applicant has applied for is to be published online in the disclosure log. His descriptive “Open and Shut” blog post says no names are published at that stage.

But if access is granted, the requirement extends to publication of the applicant’s name and the name of the other entity (where access to the document was sought for the benefit or use of that entity). See sections 78, and 78B which includes scope to not publish such details (http://www.austlii.edu.au/au/legis/qld/consol_act/rtia2009234/s78b.html).

“No other jurisdiction has shown an interest in publishing details of an application when made or going as far as publishing the name of the applicant or the beneficiary when access is granted, Timmins told FreedomInfo.org. “In our other jurisdictions if someone sought access to an FOI application lodged by someone else there could be exemption issues regarding disclosure of personal information contained in the original application, he said. Timmins concluded, “FOI application forms should contain an appropriate privacy statement alerting the applicant to use and disclosure issues-not all do.”

Limited Access in Slovenia, Romania

In Slovenia, state and local government bodies are obliged to draw up an annual report on the implementation of Access to Public Information Act, including also the number of filed, approved and denied requests. The Information Commissioner also issues annual reports.

However, the legislation does not provide that public sector bodies publish the FOI requests as such, according to Kristina Kotnik Šumah, Deputy of the Information Commissioner.  FOI requests are considered public sector information, she said, therefore, should someone request them, the public body would have to provide them in anonymized form.

In Romania, every public institution has to publish each year a report providing statistical information about freedom of information requests.  There is no obligation to publish FOI requests and/or the answers provided, advised Andra Bucur, legal advisor at the Soros Foundation Romania.

Public bodies are obliged to publish proactively some pieces of information, such as budget and public procurement data. A few institutions provide some other data proactively due to the large number of FOI requests on the same issue.

UK Protects Requester Information

Generally, the names and addresses of individual FOI requesters would not be released in the United Kingdom, on privacy grounds, according to Katherine Gundersom of the UK Campaign for Freedom of Information.

“Last year an MP was proposing to introduce a private member’s bill that would have required FOI requesters’ identities to be revealed,” she said. Karl McCartney, a Conservative MP, said his objective was “to allow those individuals or organisations who are subject to any FOI requests to rightfully know who is requesting the information of them.” He also said this would reveal whether requesters are foreign citizens whose requests impose a burden on UK taxpayers and  that the bill would help avoid ‘potential abuse of the FOI regime.”

The Campaign published an article setting out objection to McCartney’s bill.

The Campaign drew a distinction between identifying the requesting organisations such as media bodies, campaign groups, professional bodies or companies, and disclosing the names of individual requesters.

The Campaign’s director Maurice Frankel cited a variety of reasons:

–          “There should be no question of identifying requesters seeking information about issues they face such as mental illness, child abuse, domestic violence, sexual orientation or learning disability.

–          “Someone who believes they have been wrongly suspected of committing an offence may seek information from the police about the incident. Publishing their names may publicly identify them as a suspect.

–          A request may be prompted by suspicion that an authority or other body has behaved improperly. Naming the requester may reveal them as a potential whistleblower, exposing them to possible reprisals.

–          Politicians may retaliate against employees or constituents. “It’s the MP who should be accountable to the constituent not the other way round and the bill should not seek to change that.”

Many public authorities publish FOI disclosure logs, but these don’t include the identity of the requester.

The Department for Constitutional Affairs (now the Ministry of Justice) published good practice guidance on disclosure logs back in 2005. This said: “As a general rule, it should not be necessary to publish the identities of individual applicants, and you should only do so in exceptional circumstances.”

The Information Commissioner’s Office (ICO) advisory Model Publication Scheme does not specifically address the release of information on FOI requests. The ICO’s “Disclosure Log” offers selected entries (four in 2013) — ICO responses to FOI requests to the ICO that are deemed to be “of wider public interest,” according to the website.

Canada Resumes Publishing Summaries

In Canada, summaries of requests were published, then not, and now are published again.

An internal database (CAIRS) containing summaries of requests. One requester recreated this database with the help of access requests and published it online. The government abolished CAIRS in 2008.

The Office of the Information Commissioner investigated this (see the results here). As a result of the investigation, the commissioner recommended that the government publish the summaries of completed requests online and to make them searchable.

The government made it a policy requirement for all federal institutions subject to the Act to publish their completed requests starting in January 2012. More recently, as part of its Open Government Partnership action plan, the government committed to the online search function. It is currently functional.

A sample entry:

Organization: Patented Medicine Prices Review Board

Request Number: 12-005

Disposition: Disclosed all existing documents

Year: 2012

Month: October

Number of Pages: 68

Request Summary: Obtain all draft copies of the 2012 PMPRB Report to Parliament, in addition to any emails regarding the report or its draft version sent by or to the Minister of Health, Paul Glover, Mary Catherine Lindberg or Michelle Boudreau

Contact Information: http://www.pmprb-cepmb.gc.ca/english/View.asp?x=1546

The identity of requesters is considered personal information and is never provided (unless the request is about your own information).

Bulgarian Mixed Signals

In Bulgaria, the Access to Public Information Act (APIA) does not provide for the publication of the request letters themselves, said Stephan Anguelov of the Access to Information Programme, and there is no case law on the topic.

“From a legal point of view it is not quite clear whether a request letter is public information (which can be requested under the APIA),” Anguelov said. “On the one hand this is information that is received, collected and kept by the obliged under the APIA bodies in the exercise of their legal powers (art. 2 in conjunction with art. 3 and art. 11 of the APIA), i.e. it could be considered `public information.’”

In practice, he reported:

Some, but not many, institutions do publish online the request letters themselves either when they receive and answer them, or with their annual reports on the APIA requests received. The problem that often occurs is that these institutions publish the request letters as they are, including the personal data of the requester therein (three names and address). This is a breach of the personal data protection legislation. Still, I don’t know of any cases when there was a complaint against such a breach. Ideally, the obliged body should publish the description of the information sought, i.e. the request letter without the requester’s personal data. I don’t know of any such cases.

Noting the lack of a decision on the issue, Anguelov pointed to case law that holds that a complaint filed with an institution, or with a court of law, is not public information and should not be disclosed. “The difference between a request and a complaint is dim, because many of the characteristics that lead to the non-disclosure of the complaint can be found in the request.”

Issue Not Addressed in Lithuania

Lithuania does not have any specific regulations on disclosing requests for information or even storing the requests, according to R?ta Mrazauskait?, Project Leader for Transparency International Lithuanian Chapter.

“My guess is that in case of a written request one would have to argue that the request itself provides information that is deemed to be public (i.e. argue that this is presupposed by the alleged content of the request itself – which would be tricky, since the general principle is that the applicant should not be obliged to provide the reasons for asking specific information).” However, she continued, “One would have to bear in mind that some parts of the information would probably be private (name of the applicant, etc.).”

Activists in several countries said the policy under their laws in unclear, but said they would investigate by making requests for request letters.

Be Sociable, Share!


Filed under: What's New