The Information Commissioner’s Office has warned that private email accounts being used for departmental business could be accessed and open to the public under FOI rules.
Following the leaking of emails by adviser Dominic Cummings to Education Secretary Michael Gove, there has been uproar over discussion of departmental business over private accounts.
An investigation of DfE has now been completed and the ICO new guidance has been published, with a severe warning that private emails are not a safe haven from public disclosure.
According to the ICO there was supposedly a lack of clarity over the law concerning whether such private accounts can be used for discussion of sensitive information, and is seeking to stamp this out.
Of course while there are thorough guidelines as to what is appropriate for advisers such as Cummings there is sometimes a blur of what can be discussed. For those in government who have a joint role in government covering both departmental policy and party political adviser there is an inevitable crossover in interests.
However this means that there is a staggering lack of clarity and accountability, with departmental manouvering happening away from plain sight and allowing little openness.
Now, though, it seems that if it is suspected that private accounts have been used to secretly further departmental interests then those accused will have to hand over passwords.
Apparently new guidance aims to help decide in which cases “a search of private email accounts is necessary.” It also seeks to outline “procedures that should generally be in place to respond to requests” for information to be made public from private accounts.
Although it is claimed that searching of email accounts “should be a rare occurrence”, it will come as little comfort to those who may be about to have their emails pored over.
Indeed there is a case for opening up further lines of communication under FOI rules, with text messages just as likely to be used for discussion of departmental business. It is likely that many in Whitehall are now quivering at the thought of having government investigators rifle through all manner of private information to unearth their political wrangling.
And of course there are little grounds to refuse handing over passwords, with the intentional concealment of information a criminal act, which the ICO was careful to reiterate. Indeed even those found to be purposefully deleting incriminating messages will find themselves in a lot of hot water.
The discussion of highly sensitive government business also drew flak from security experts who warned that sending information away from secure departmental emails could be a big risk - in addition to being highly unethical.
“Clearly private email accounts do not generally have the same security controls as those in a corporate and particularly a government environment,” said Graeme Stewart at security analysts Sophos.
“It therefore stands to reason that sensitive government information should not be sent in this way.”
“In addition to the security angle, there is an issue around the use of collaborative tools in the context of open Government.”
“If Government business is being conducted on any medium it should be subject to the usual FoI scrutiny. Therefore using hotmail or other private email accounts to dodge that scrutiny is not appropriate.”