Tuesday, 15 November 2011

So, even Cabinet Office Ministers have to comply with Cabinet Office rules, these days

Ouch. But we ought commend Oliver Letwin, the Minister of State for Policy at the Cabinet Office, for agreeing so quickly to accept the regulatory action that the ICO has considered appropriate after the media reported on his somewhat strange data handling practices last month.

What did he do? Well, last month he was photographed by a newspaper tossing more than 100 documents into bins during morning walks around St James’ Park, close to Parliament. Letwin admitted throwing the papers away but denied that any were sensitive.

"None of them of course were classified and none of them were papers that originated from government," he told the BBC.

"I was walking around dictating responses and simply wanted to make sure the pieces of paper were not weighing me down."

The documents were dated between July 27, 2010 and September 30, 2011 and contained correspondence with parliament's Intelligence and Security Committee, the body which oversees Britain's spy agencies, the newspaper report said.

Others included references to the European Commission, Ministry of Defence, Home Office, Treasury and London's Metropolitan Police, it said.

Letwin had ripped some of the documents in half and handed others directly to a rubbish collector, the paper said. Some had details of people living in his parliamentary district of West Dorset. The material supplied to the ICO by a Daily Mirror journalist revealed that the letters and emails contained the names, addresses and contact details of approximately 20 individuals. One email also included a limited amount of information relating to an individual’s recent hospital treatment.

So, in disposing of his constituent’s correspondence in such a manner, he breached the Data Protection Act.

His penalty? To sign an undertaking that he shall:

(1) only dispose of documents containing personal data in a secure manner, such as shredding, pulping or incineration;

(2) take note of, and comply with, the latest standards of data handling issued by the Cabinet Office for use in central government departments; and

(3) implement such other security measures as he deems appropriate to ensure that personal data is protected against unauthorised and unlawful processing, accidental loss, destruction, and/or damage.

I did chuckle when I read undertaking 2 – after all, as a Cabinet Office Minister, it is rubbing it in a bit to get him to undertake that he will comply with the standards that are issued by his own Office, and thus presumably under his own signature!

His penalty, obviously, is also to endure no end of public ridicule, while many of us think “there but for the grace of God, go I.”

But brilliant timing by the ICO – especially after my last blog, which remarked on the length of time it took the folks in Wilmslow to publicise a series of recent breaches. This time, the ICO’s enforcement team worked at the speed of greased lightening to publicise the penalty within one month of the offence actually coming to light! Mightily impressive. Well done.

I wonder which politician will be next in the firing line. Despite the cuts to the ICO’s budget, it seems that the Commissioner will still find time to address the failings of public figures.