Disclosure obligations of a public inquiry
Obligation to disclose
There is a minimum requirement for disclosure for public inquiries being held under the Inquiries Act 2005. By section 18(1)(a) the Chairman must take such steps as he considers reasonable to ensure that members of the public, including reporters, are able to obtain or to view a record of evidence and documents given, produced or provided to the inquiry or inquiry Panel. That obligation appears only to call for a schedule of the evidence and documents to be made available, rather than for publication of the content of it. There is also a proviso, namely that the obligation is subject to any restriction notice or order made under section 19 of the Act.
Obviously, a public inquiry may go much further in granting access to its workings. For example, The Hutton Inquiry states on its website, which is preserved for archive purposes, that it is compliant with the Code of Practice on Access to Government Information, found at http://www.foi.gov.uk/ogcode981.htm
Freedom of Information
During the course of a public inquiry held under the Inquiries Act 2005, it is not a public authority within the meaning of the Freedom of Information Act 2000 and is therefore not subject to that provision. However, once an inquiry has been completed its records are generally held by a public authority, such as a Government Department or the National Archives, and therefore becomes subject to the Act. The Freedom of Information Act is intended to promote a culture of openness among public authorities and to give people the right to access information they hold. While a public inquiry’s obligations in relation to disclosure are encapsulated within section 18, a public inquiry may consider that it will be beneficial to the public interest, and to the good running of the inquiry to accede to freedom of information requests and so facilitate free access to information.
The Baha Mousa Inquiry for example has stated that ”in keeping with the spirit of freedom of information [it] will operate in as transparent and open a manner as possible in keeping with the interests of justice.”
It suggests the following procedure for access to information:
Submitting a request for information
“If you would like to submit a request for information you can write to us or email us.
In common with many other organisations that are not covered by the Freedom of Information Act we will consider your request for information as if we were covered. This means that we will release the information if we hold it, unless one of the provisions under the Act applies and we determine that complying with the request would not be in keeping with the public interest.
We will respond to your request within 20 working days, either providing the information or explaining why we cannot provide it. “
Data Protection obligations
A public inquiry will have a number of practical obligations under the Data Protection Act 1998.
The applicable statutory obligations in principle
So far as is most material, the Act applies to sensitive personal data, which essentially comprises:
information which is being processed by computer (section 1)
which relates to a living individual who can be identified from the data or from it and other information which is in, or is likely to come into, the possession of the Data Controller (section 1)
and consists of information as to the person’s religious beliefs, his physical or mental health or condition, the commission of any alleged offence by him or any proceedings for any such offence (section 2).
The obligations relating to that data are to be met by the Data Controller, who is a person who, either alone or jointly or in common with another person, determines the purposes for which and the manner in which data are, or are to be, processed (section 1). A public inquiry must have a registered Data Controller and it is suggested that this function may usefully fall upon either the Secretary to the Inquiry or the Document Manager.
There are three basic relevant obligations, namely registration, notification, and fairness.
No data may be processed unless the Data Controller’s details are registered (sections 17 to 20).
Upon request individuals must be provided with a description of the data held about them, the purpose for which it is being or is to be processed and the recipients to whom it may be disclosed (section 7).
This is the first of eight data protection principles. In full it requires that data shall be processed fairly and lawfully and, in particular, it requires the satisfaction of at least one of the conditions in schedules 2 and 3 and to Part II of Schedule 1 (Schedule 1, Part I, paragraph 1).
Schedule 2 contains, among others, a condition that the processing is necessary for the administration of justice or for the exercise of any other functions of a public nature exercised in the public interest by any person (paragraph 5).
Schedule 3 contains, among others, a condition that the processing is necessary for the administration of justice or for the exercise of any functions conferred on any person by or under an enactment (paragraph 7).
Part II of Schedule 1 is more complex. It deems data to be obtained fairly if obtained from a person who is required to supply it by or under an enactment (paragraph 2(b)). It deems data not to be processed fairly unless the Data Controller makes specified information known to the individual within a specified time (paragraph 2). That is disapplied if the provision of that information would involve a disproportionate effort and the data recorder records the reasons for his view that it would do so (paragraph 3 and Articles 3 and 5 of SI 2000 No. 185).
If the Data Controller does regard the information requirements as being disapplied then he must ensure that his reasons for that are recorded.