Data Protection Register: Is it over-protected?
The British state has lots of databases full of information about everything from cars to companies. The government proclaims it is going to open up such databases, making them publicly accessible as much as possible, in ways which would allow others to reuse the valuable information they contain. Naturally the Information Commissioner, Chris Graham, is to have an important role in this process.
One of these publicly owned databases is the Data Protection Register, which contains details of companies and public bodies who process the personal information of individuals, what kind of material they hold, and for what purposes (as in this example).
You can search it by certain selected fields such as name, postcode and organisational category. But you can't obtain more than 100 entries in response to one search. And, more importantly, you can't consult the register online in browsable form, nor can it be downloaded. In short, as a way of providing data, this isn't very useful.
And as it happens the official responsible for the Data Protection Register is actually the Information Commissioner himself.
I have to say that I have found the cumbersome nature of searching the database, rather than being able to browse it, very inconvenient. Perhaps those who have better web-scraping skills than I do might manage to get more out of the current setup.
It seems that I'm not the only person to be frustrated by this. Last year someone else made a freedom of information request to the Information Commissioner's Office (ICO), asking for a copy of the register "in any usable format".
The ICO dismissed the FOI application, stating that there is no legal requirement "that the register is provided as a usable database".
After an equally unsuccessful internal review of this rejection, the applicant took advantage of his right to complain to the person who decides whether FOI requests have been correctly handled by public bodies - the Information Commissioner.
Last week the ICO issued its ruling - and it turns out that the ICO agrees with the ICO's arguments that the ICO dealt with the case in accordance with the law. The judgment maintains that the information is reasonably accessible to the requester by other means, ie by searching the database one step at a time.
This is not an entirely comfortable position for the Information Commissioner to be in. Whatever the technical legal situation, it is clearly a long way from the spirit of the transparency rhetoric that has emanated from the government and from Mr Graham himself.
And in fact the ICO has recently been running a consultation exercise on the possibility of making the entire register available to be downloaded in a reusable format. The closing date for responses is this coming Friday.
I expect that in due course the Data Protection Register will become much more usefully accessible than it is at the moment. Just like other public authorities, the Information Commissioner's Office itself is being forced to change its processes by the drive towards openness.