Request
Regarding your answer to my FoI request. You state that you have verified my identity therefore will comply with my request.
Does this mean that if it was some other person who has asked for an FoI previously, ie you know who they are, would not be allowed a copy of my FoI request?
What would be the position if the person asking for a copy of the previous FoI by number as quoted in this particular reply had never asked for an FoI, ie they were not known to the FoI team?
Why is the number so secret unless I have a mole in the department I am not likely to find who made the request. Why has the reference number to be secret?
Response
All FOI requests are given a unique reference number (URN). This enables the Central FOI Unit (CFU) to log and easily identify each request. This number is also used by other departments.
From the records the CFU hold, an applicant’s personal details are linked to the URN. Some other departments may also hold this information.
Given the URN can be linked to personal information held about an applicant, a decision was made that the URN would be removed before the request and response was placed on the disclosure log.
In respect of your FOI request, you quoted the URN of a previous request, but did not ask for the information contained in that request / response.
In those circumstances, the CFU were able to confirm your identify as being the same applicant as for the previous request quoted. For this reason, you were provided with the information requested.
If another person quoted a URN in a request (but again did not refer to the information requested in the original request), and the identity differed from that of the original applicant, the Chief Minister’s Department would have to consider whether it was appropriate to disclose that information.
Requests are themselves personal to the applicant and therefore can constitute their personal data under the Data Protection (Jersey) Law 2005.
All Scheduled Public Authorities must therefore consider whether the sharing of that personal data would constitute a breach of the data protection principles.
If it would constitute a breach of the data protection principles, the information would be exempt from disclosure (Article 25 Freedom of Information (Jersey) Law 2011 (the “FOI Law”) see below).
Requests and responses may be published on the disclosure log. Therefore, this information is in the public domain and further requests for the same information are therefore exempt under the FOI Law (Article 23, see below).
If a request is received for information that is already available to the applicant, then the Scheduled Public Authority must make reasonable efforts to inform the applicant where they may obtain the information.
In this case, the applicant would be directed to previous FOI responses on the States of Jersey website.
However, this is different from asking what request and response was generated by a certain URN.
In applying data protection principles, a Scheduled Public Authority must consider what information is available or known to the applicant before providing further third party personal data.
Therefore, it is best practice for a Scheduled Public Authority to assume that the identity of an individual is known to the applicant by virtue of the fact they have used the URN.
On that basis, the disclosure of personal data to a third party must always be considered having regard to the data protection principles.
23 Information accessible to applicant by other means
(1) Information is absolutely exempt information if it is reasonably available to the applicant, otherwise than under this Law, whether or not free of charge.
(2) A scheduled public authority that refuses an application for information on this ground must make reasonable efforts to inform the applicant where the applicant may obtain the information.
25 Personal information
(1) Information is absolutely exempt information if it constitutes personal data of which the applicant is the data subject as defined in the Data Protection (Jersey) Law 2005.
(2) Information is absolutely exempt information if
(a) it constitutes personal data of which the applicant is not the data subject as defined in the Data Protection (Jersey) Law 2005; and
(b) its supply to a member of the public would contravene any of the data protection principles, as defined in that Law.
