Appointment of the Information Commissioner Contents

Introduction

1.The July 2007 Green Paper, The Governance of Britain, proposed that, where Parliament has a particularly strong interest in a public post, the relevant select committee should hold a pre-appointment hearing for the government’s preferred candidate. It stated that the hearing should cover issues such as “the candidate’s suitability for the role, his or her key priorities, and the process used in selection”.1

2.Since 17 September 2015, one of the posts within the remit of the Culture, Media and Sport Committee has been that of Information Commissioner (it was previously the responsibility of our sister committee, the Justice Committee). In February 2011, the then Justice Minister announced to the House that, as part of the wider measures to strengthen the independence of the office of the Information Commissioner, the Government would accept the Justice Committee’s conclusion from its pre-appointment hearing. This was on the grounds that:

“The Information Commissioner plays a vital role in promoting transparency and protecting the rights of individuals in relation to their personal data. The Government are fully committed to an independent Commissioner and the critical role he plays as a champion and protector of information rights.

“The Commissioner is already entirely independent in the decisions he takes to enforce the legislation he regulates. However, the provisions to be included in the (Protection of Freedoms) Bill will further enhance his day-to-day corporate and administrative independence. The Commissioner will no longer need to seek the consent of the Justice Secretary on issues relating to staff appointments, charging for certain services, or before issuing certain statutory codes of practice under the Data Protection Act. Changes will also be made to the terms of the Commissioner’s appointment and tenure to increase transparency and protect against any potential undue influence.

“Taken together, these steps—to be underpinned by a revised framework document outlining the day-to-day relationship between Government and the Information Commissioner—will result in a real and tangible enhancement to his independence”.2

As a result, unlike other pre-appointment hearings, we have been given an “effective” veto over this appointment.

3.Christopher Graham has been Information Commissioner since June 2009, when he was appointment on a five year term, extended for a further two years. Under the Protection of Freedoms Act 2012 he cannot be reappointed. The successful candidate to replace him will take over in summer 2016 and will serve a term of five years. In November 2015 we were informed that the process for appointing a successor was about to start.

Recruitment process

4.The Information Commissioner role was advertised in December 2015. Gatenby Sanderson were appointed headhunters to assist with the recruitment. A selection panel3 was appointed in accordance with the Commissioner for Public Appointments Code 2012. Twenty seven applications were received by the deadline, six applicants of which were from women. The selection panel met on 28 January 2016 and considered each application. With the approval of Ministers, the panel agreed that, given the number of international candidates, they would ask the headhunters to carry out the longlisting interviews by telephone. Six candidates were identified for the

These interviews identified four candidates who were asked to attend an in-depth face-to-face interview on 29 February. Subsequently, two of these candidates met relevant Ministers and the Public Appointments Assessor, and on 22 March 2016 the DCMS announced that the Government’s preferred candidate was Elizabeth Denham.

The Information Commissioner’s Office

5.The Information Commissioner’s Office (ICO) is the independent body set up to uphold information rights in the UK. It oversees and enforces the Freedom of Information Act 2000 (FoI) and the Data Protection Act 1998 (DPA), and a number of regulations governing the release and use of information.4

6.The Freedom of Information Act 2000 provides public access to information held by public authorities. Under the Act public authorities are obliged to publish certain information about their activities; and members of the public are entitled to request information from public authorities. The Act covers any recorded information5 that is held by a public authority in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland. Public authorities include Government departments, local authorities, the NHS, state schools and police forces. However, the Act does not cover every organisation that receives public money, for example, some charities that receive grants and certain private sector bodies that perform public functions.

7.Where public authorities repeatedly or seriously fail to meet the requirements of the legislation, or conform to the associated codes of practice, the ICO can take the following action:

8.The Data Protection Act 1998 governs the processing of personal data by all organisations and includes an obligation for those organisations to take appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data (principle 7). Any organisation that processes personal information is required to register with the ICO as a ‘data controller’, unless they are exempt; failure to do so is a criminal offence. There are more than 400,000 registered data controllers. The ICO publishes the names and addresses of data controllers, as well as a description of how they use the data they hold, and it has the power to investigate the processing of personal data by a data controller.

9.The ICO has a number of options for changing the behaviour of organisations and individuals that collect, use and keep personal information,6 including criminal prosecution, non-criminal enforcement and audit. Offences do not carry custodial sentences and there are no powers of arrest. The main options available to the ICO are to:

The role of the Information Commissioner

10.The DCMS “role specification” states that the Information Commissioner is responsible for:

11.In advertising the post, the Department said that the successful candidate would be required to demonstrate:

The advertisement also stated that the role would ideally be filled by someone with an understanding of EU legislation and institutions; and an understanding of Whitehall and the wider public sector.

The preferred candidate: Elizabeth Denham

12.Elizabeth Denham has held senior leadership positions in the field of information rights in Canada over the last 12 years. Since 2010 she has been the Commissioner at the Office of the Information and Privacy Commissioner for British Columbia, Canada, where she is responsible for enforcing the Canadian Freedom of Information and Protection of Privacy Act (FIPPA), the Personal Information Protection Act (PIPA), and the Lobbyists Registration Act (LRA). Previously (2007–10) she was the Assistant Privacy Commissioner of Canada in Ottawa; having been a Director at the Office of the Information and Privacy Commissioner of Alberta (2003–7). Elizabeth Denham’s full CV, as submitted during the appointment process, is given in Annex One.

The Committee’s view on the suitability of the candidate

13.Ms Denham gave oral evidence to us on 27 April. We questioned her on the following topics:

14.On the basis of the evidence presented, we approve Elizabeth Denham’s appointment as Information Commissioner. We wish Elizabeth Denham well in her new post and look forward to working with her in the future.



1 Ministry of Justice, The Governance of Britain, Cm 7170, July 2007

2 OR, 6 February 2011, col 87WS: Ministerial Statement

3 Consisting of Ian Watmore, ICO Non-Executive Director; Sarah Healey, Director General at DCMS; Sue Gray, Director General of Ethics and Propriety at the Cabinet Office; Rosie Varley, Public Appointments Assessor and panel chair; and Rob Sumroy, Head of Technology and Outsourcing practices at Slaughter and May as the independent panel member.

4 Environmental Information Regulations, INSPIRE Regulations, Re-use of Public Sector Information Regulations and associated codes of practice.

5 Recorded information includes printed documents, computer files, letters, emails, photographs, and sound or video recordings.




© Parliamentary copyright 2015

Prepared 27 April 2016