Freedom Of Information Act

Simon Gay recommends using meta-tagging to describe data content

Checklist Ensure the document retention policy extends to all forms of material generated by the organisation Appoint individuals that are responsible for ensuring compliance and tracking requests for information Communicate policies and procedure to all staff and provide training where appropriate Assess how the organisation will respond to a request from an individual to see all documents, including emails, about them or a specific event or case Continually review policies so they can respond to the changing needs of the organisation – and new legislation

Computacenter

Information held by government organisations has always been of interest to the public, but until recently citizens had no legal right to demand access.

A new era of openness began in March 2000, when the most recent Data Protection Act became law, giving individuals the right to access information held on them by both public and private organisations. On January 5 2005, the Freedom of Information (FOI) Act will take things a step further in the public sector by giving individuals the right to gain access to information– regardless of whether it relates to them.

Requests for information are by no means a new phenomenon to those working in the public sector – most central government departments receive between 1,000 and 1,300 written requests for information each month.

Although these organisations anticipate only a modest increase in requests – estimated to be in excess of 10% – responding to inquiries under the FOI Act will be much more onerous than in the past.

As James Mullock, a partner at law firm Osborne Clarke, explains: “Not only do organisations have a very short window of 20 days in which to respond, there are also more than 20 exemptions that the requests may be subject to. Requests can also be made by fax or email, and don’t even have to mention the Act to be subject to its stipulations. It is therefore essential that organisations have processes in place to quickly capture and record requests or valuable time could be lost at the outset.”

Disparate data
Capturing requests, however, is only the beginning of what could be a time-consuming and complex process. As Simon Gay, Consultancy Practice Leader at Computacenter, explains: “The retrospective nature of the legislation means that organisations will need to be able to search not only electronic information but also historical paper-based records. To be able to perform this process efficiently and cost-effectively, organisations will need to ensure they can integrate disparate sources of data.”

This poses a massive challenge to IT departments in the public sector. Government IT systems have expanded and evolved over many years, and very few organisations have a standardised infrastructure, which means responding to a single request could involve pulling data from multiple platforms and sources. “Unless organisations find a way to integrate data from these disparate repositories, the time and resources involved in responding to requests could soon impact other business operations,” warns Simon. Before any integration can take place, however, organisations need to understand exactly what ‘information’ is covered by the Act. “A wide variety of items come into consideration under the generic heading of information: CCTV footage; voicemail; information databases; emails and transaction slips,” comments James. “As the list is potentially endless, the best definition of what constitutes information should not only encompass hard copy documents but also material that can be accessed or made intelligible or readable through the use of appropriate electronic equipment.”

Tagging along
In addition to understanding the different types of information, public sector organisations also need to find a way to categorise the content of these data files. “One of the most complex challenges facing organisations is the need to understand exactly what they are storing,” comments Simon. “Fortunately there are a number of sophisticated applications that can describe the content of a data file by ‘meta-tagging’ the document, and even automate the process.”

Meta-tagging is the technology that drives the Internet, and works by having a number of keywords that describe the content of each document in a hidden ‘metadata’ file that is part of the document. Meta-tagging is particularly useful for legacy data that has never been near a web site, as it is now possible to implement solutions that allow individual files to be identified by both structured and unstructured content.

In addition to categorising data, government organisations also need to consider the ongoing integrity and availability of their information. “In terms of the law, it is an organisation’s responsibility to ensure that data is available – no matter what,” comments James. “If a local authority is unable to produce necessary documentation due to a flood or IT failure, then this will not be looked upon favourably by the courts.”

Guaranteeing availability
It is therefore essential that organisations conduct a thorough assessment of their backup and disaster recovery solutions to ensure that their ability to comply with the FOI Act is not put at risk by their inability to retrieve vital data. “Many public sector bodies currently rely on tape backups to recover their data, which can be prone to corruption and physical failures,” warns Simon.

One simple and cost-effective way to overcome the data recovery challenge is to create a real-time, identical copy. By replicating data to a mirrored back-up site, government organisations can safeguard against both technical and physical problems.Although the impact of the FOI Act on public sector IT is immense, it does provide organisations with an opportunity to audit and refresh their infrastructures, which aids not only compliance but also enhances efficiency.

The FOI Act is unlikely to be the last piece of legislation that requires the public sector to revise its IT processes and systems. By tackling consolidation, integration and standardisation now, government organisations will not only be able to ensure they meet their FOI obligations, but also reduce their compliance challenges in the future.