Open RichardTaylor opened 8 years ago
Thanks. I've had a go at making a few changes.
WhatDoTheyKnow.com should be used only for the submission of Freedom of Information requests. If you believe this message is not an appropriate use of our service (for example, it is general correspondence, a request for personal information, or is vexatious) you can report it for attention by the site administrators via: https://www.whatdotheyknow.com/request/[url_title]/report/new
In such cases, please also consider replying to the originator of the request to offer advice. For example, you may wish to send them a link to procedures for making a request for personal information, or to provide relevant contact details.
It could go above the disclaimer, so long as there's no risk of making the footer so long that the bottom parts don't get read. If we think that's a danger, i suppose this could go right at the bottom.
A suggestion arising from discussion at retreat was to try and record when requests are made to an inappropriate body.
We could ask bodies to report such requests (though we'd expect them to reply and say "not held" too so that might be confusing).
Examples of how this information could be used:
Extend "report this request" to seek more feedback about the request from FOI officers - eg. let FOI officers flag a request as well formulated,
Adding a +1 to this following an occurrence when someone used WhatDoTheyKnow for correspondence with a school about their child. A WDTK administrator removed the material and wrote to the school asking them to let us know about any further such correspondence, and urging the school to take care with what they release in response to messages sent via WhatDoTheyKnow.
Ideally we'd already be asking the school to alert us to requests for personal information in the footer of outgoing correspondence.
We might want to add a sentence to the end of what's proposed above:
Do not release personal information by responding to this message.
While "personal information" can be interpreted very broadly I think it would be clear what such a sentence was intended to mean and such a statement shouldn't reasonably conflict with any legitimate requests/responses; but there's a risk it might.
If we trusted public bodies we could automatically hide correspondence they flagged, for example, as personal correspondence.
Related: #41 Privileges for Public Authority Users (though clicking a link on an email received might be sufficient - we might not need an officer at a public body to be logged in as a user?)
I should raise a concern about potentially increasing admin workload, but there are ways that could be mitigated eg. trusting public body users, or enabling admins to review or act on decisions to hide material as personal / not_foi in bulk - in many cases a subject line, and perhaps snippet, would be sufficient to take action on. We can hopefully rely a little on legitimate users speaking up if we do get it wrong and hide something which shouldn't be.
+1 following misuse of WhatDoTheyKnow by someone requesting their medical records and including sensitive personal information in their requests. Ideally the bodies receiving these requests would have flagged them up to us.
+1 We're currently in correspondence with a public body about how they should act when someone misuses WDTK to write to them with personal correspondence.
Letting us know isn't something they considered!
A review of the results of the work at #3479 highlights public bodies sometimes don't respond to requests which are seeking personal information, are vexatious, or are just general correspondence.
These are correspondence threads which administrators will probably want to remove from public view on their sites.
Some public bodies report such requests to WhatDoTheyKnow either by email or via the contact form; some though just ignore them.
This is a proposal to add a line to the footer which is added to requests to encourage public bodies to let site administrators know about problematic correspondence.
We could use similar text to that used on request pages and say something like:
While the footer is rather long we could also add:
That might help those other than the requestor and might reduce the incidence of correspondence on the site which gets no response at all. I'm less keen on this line as I think the footer ought be concise.
Currently the footer used by WhatDoTheyKnow states:
I'll copy @MyfanwyNixon as this is copywriting