In many respects… no, to be honest, in every respect, this complaint is the one that has given me most concern. It doesn’t really affect me, but my family, so it was top of the complaints list.
As a result of my hearing, at which members of my family were present, a number of questions were raised and later submitted to the Scottish Social Services Council as Freedom of Information requests.
In essence, the flood of these were deemed what I suppose could best be summed up as conspiratorial. In actual fact, there was no organised family campaign but outrage, and the result was that most of these questions were deemed vexatious on the grounds of their “nature and number”.
The relevance of these questions is a matter I’ll deal with later. However, there were further ramifications involving contact made by the SSSC and employers – an issue of considerable dispute and one that is still continuing, and still of significant concern.
I was, and remain, adamant that I would be honest in this blog but there are sections in here I have removed as a safeguard for others. But there is a message her for everyone, whether you align yourself with the SSSC stance or not, and that is to always use a personal email account when dealing with the SSSC and not one connected with your profession or your employer.
Contrary to what we understood, and were legally advised, FOI requests do not need to be viewed as "applicant blind"; your profession and the use of a work account means your boss, and your colleagues, can be made aware of your submission of FOI requests.
The response from Lorraine Gray, chief executive of the SSSC, is given at the end.
Complaint 1: Breach of Data Protection Act 2018 & SSSC intimidation
Of the two allegations against me, investigated by the SSSC, the second was my breach of the Data Protection Act, a breach I admitted from the outset and one committed as protection from harassment and bullying I felt I was experiencing and the dishonesty of a colleague which I believed really was placing children at risk.
I submitted my mitigating circumstances - Aberlour’s production of two suspect documents giving a completely false version of events, which had been written by a worker subsequently dismissed for other serious acts of dishonesty. The SSSC had no power to investigate these given this person’s unregistered status and the case investigator subsequently removed them from evidence in my favour.
It was initially redacted by the case holder, allegedly to spare me embarrassment, and I had no access to it until I submitted a subject access request.
If it had not had such serious implications for me I would have dismissed it as an absurdity. More seriously however, if the SSSC sought to include the statement when said worker had already been dismissed, or was about to be, were any agreements reached, and between whom, for this to occur?
However, my admission to my own transgression clearly shows my recognition of the gravity of such an act. Therefore it was with considerable surprise that I found my family targeted by the SSSC through a breach of the Data Protection Act 2018 after I had been removed from the register and in response to Freedom of Information requests.
FOI requests are applicant blind and that was confirmed by the Office of the Scottish Information Commissioner which stated on September 24, 2018:
...requests under the Freedom of information (Scotland) Act 2002 are indeed considered to be ‘applicant blind’. Unless it is necessary to do so, in order to consider your information request (for example if your boss holds the information you are requesting and it is necessary that he/she is aware of your identity), I would not expect an authority to share your details. If you are concerned that an authority has unlawfully shared your personal data, as mentioned below, you may wish to seek further advice from the ICO.
There seems also to have been some “confusion”, as admitted by the SSSC, over other FOI requests, possibly caused by the surnames of the FOI applicants, thereby causing yet another breach of the Act, and I believe leading to the identification of {REMOVED}. We, as a family decided we had no option but to withdraw all of {REMOVED} FOI requests and not to reduce or re-assess them, or ask for a Review.
I find this breach of the Data Protection Act 2018 intimidatory in the extreme.
The SSSC response we received in seeking an explanation to your approach to {REMOVED} was:
In reference to your email of 3 September 2018, I have now spoken to my colleague, XXXXXXX, who had a conversation with {REMOVED} and it appears that there may have been a misunderstanding. I understand that XXXXXX did not advise that your freedom of information requests were made by {REMOVED} but rather made reference to the fact that a number of requests have been made by{REMOVED} and there were a number of requests from people we believe were
connected to {REMOVED}. Beyond that, I am unable to comment any further on the particular content of that conversation.
For the purpose of this complaint {REMOVED} has made available the response he received from the SSSC regarding his complaint over this breach of the Data Protection Act 2018. In this the SSSC acknowledges contact with {REMOVED} but justifies its actions. The ramifications of the SSSC actions are disputed; the SSSC obviously sees its actions as fair and reasonable and any criticism or objection to these would appear to be simply attributed to those of an aggrieved, vexatious and time-wasting family.
The SSSC, not for the first time in my family sourcing facts for this complaint, raises the issue of the number of requests for information lodged though, at no time in correspondence or on its website, has it ever indicated the ceiling number of questions a member of the public is permitted to ask. The SSSC response was thus:
We received a high volume of requests for information from your professional account that states that you are {REMOVED}. It was therefore not unreasonable for us to make enquiries with {REMOVED} to ascertain {REMOVED}, so that we could respond or assist appropriately. The purpose of that conversation was not to interfere with your right to make a Freedom of Information request in any way and should not be conflated with our obligations to provide information in accordance with the legislation. Therefore, I do not accept that we contacted {REMOVED} to impugn your professionalism.
It is my submission that the actions of the SSSC were improper, intimidatory and illegal in that they were a deliberate breach of Data Protection Act 2018. I would also like to enquire if this was the first breach the SSSC has committed in dealing with its registrants?
Response from Lorraine Gray, chief executive SSSC
Under this heading you complain that the SSSC committed a data breach in respects of {REMOVED} regarding information disclosed {REMOVED}. We have addressed these matters with those individuals directly. I hope you can appreciate that it would be inappropriate for me to disclose any further details in this regard.
Picture: Kalhh
The response from Lorraine Gray, chief executive of the SSSC, is given at the end.
Complaint 1: Breach of Data Protection Act 2018 & SSSC intimidation
Of the two allegations against me, investigated by the SSSC, the second was my breach of the Data Protection Act, a breach I admitted from the outset and one committed as protection from harassment and bullying I felt I was experiencing and the dishonesty of a colleague which I believed really was placing children at risk.
I submitted my mitigating circumstances - Aberlour’s production of two suspect documents giving a completely false version of events, which had been written by a worker subsequently dismissed for other serious acts of dishonesty. The SSSC had no power to investigate these given this person’s unregistered status and the case investigator subsequently removed them from evidence in my favour.
It was initially redacted by the case holder, allegedly to spare me embarrassment, and I had no access to it until I submitted a subject access request.
If it had not had such serious implications for me I would have dismissed it as an absurdity. More seriously however, if the SSSC sought to include the statement when said worker had already been dismissed, or was about to be, were any agreements reached, and between whom, for this to occur?
However, my admission to my own transgression clearly shows my recognition of the gravity of such an act. Therefore it was with considerable surprise that I found my family targeted by the SSSC through a breach of the Data Protection Act 2018 after I had been removed from the register and in response to Freedom of Information requests.
FOI requests are applicant blind and that was confirmed by the Office of the Scottish Information Commissioner which stated on September 24, 2018:
...requests under the Freedom of information (Scotland) Act 2002 are indeed considered to be ‘applicant blind’. Unless it is necessary to do so, in order to consider your information request (for example if your boss holds the information you are requesting and it is necessary that he/she is aware of your identity), I would not expect an authority to share your details. If you are concerned that an authority has unlawfully shared your personal data, as mentioned below, you may wish to seek further advice from the ICO.
There seems also to have been some “confusion”, as admitted by the SSSC, over other FOI requests, possibly caused by the surnames of the FOI applicants, thereby causing yet another breach of the Act, and I believe leading to the identification of {REMOVED}. We, as a family decided we had no option but to withdraw all of {REMOVED} FOI requests and not to reduce or re-assess them, or ask for a Review.
I find this breach of the Data Protection Act 2018 intimidatory in the extreme.
The SSSC response we received in seeking an explanation to your approach to {REMOVED} was:
In reference to your email of 3 September 2018, I have now spoken to my colleague, XXXXXXX, who had a conversation with {REMOVED} and it appears that there may have been a misunderstanding. I understand that XXXXXX did not advise that your freedom of information requests were made by {REMOVED} but rather made reference to the fact that a number of requests have been made by{REMOVED} and there were a number of requests from people we believe were
connected to {REMOVED}. Beyond that, I am unable to comment any further on the particular content of that conversation.
For the purpose of this complaint {REMOVED} has made available the response he received from the SSSC regarding his complaint over this breach of the Data Protection Act 2018. In this the SSSC acknowledges contact with {REMOVED} but justifies its actions. The ramifications of the SSSC actions are disputed; the SSSC obviously sees its actions as fair and reasonable and any criticism or objection to these would appear to be simply attributed to those of an aggrieved, vexatious and time-wasting family.
The SSSC, not for the first time in my family sourcing facts for this complaint, raises the issue of the number of requests for information lodged though, at no time in correspondence or on its website, has it ever indicated the ceiling number of questions a member of the public is permitted to ask. The SSSC response was thus:
We received a high volume of requests for information from your professional account that states that you are {REMOVED}. It was therefore not unreasonable for us to make enquiries with {REMOVED} to ascertain {REMOVED}, so that we could respond or assist appropriately. The purpose of that conversation was not to interfere with your right to make a Freedom of Information request in any way and should not be conflated with our obligations to provide information in accordance with the legislation. Therefore, I do not accept that we contacted {REMOVED} to impugn your professionalism.
It is my submission that the actions of the SSSC were improper, intimidatory and illegal in that they were a deliberate breach of Data Protection Act 2018. I would also like to enquire if this was the first breach the SSSC has committed in dealing with its registrants?
Response from Lorraine Gray, chief executive SSSC
Under this heading you complain that the SSSC committed a data breach in respects of {REMOVED} regarding information disclosed {REMOVED}. We have addressed these matters with those individuals directly. I hope you can appreciate that it would be inappropriate for me to disclose any further details in this regard.
Picture: Kalhh
No comments:
Post a Comment