Add "report this request" link to outgoing message email footer

[RichardTaylor]

A review of the results of the work at #3479 highlights public bodies sometimes don't respond to requests which are seeking personal information, are vexatious, or are just general correspondence.

These are correspondence threads which administrators will probably want to remove from public view on their sites.

Some public bodies report such requests to WhatDoTheyKnow either by email or via the contact form; some though just ignore them.

This is a proposal to add a line to the footer which is added to requests to encourage public bodies to let site administrators know about problematic correspondence.

We could use similar text to that used on request pages and say something like:

The WhatDoTheyKnow.com service is not for requesting personal information, general correspondence, or vexatious requests. If you believe this message is not an appropriate use of our service you can report it for attention by the site administrators via:

https://www.whatdotheyknow.com/request/[url_title]/report/new

While the footer is rather long we could also add:

In cases of inappropriate correspondence please consider replying to offer advice, for example a link to procedures for making a request for personal information, or a link to relevant contact details.

That might help those other than the requestor and might reduce the incidence of correspondence on the site which gets no response at all. I'm less keen on this line as I think the footer ought be concise.

Currently the footer used by WhatDoTheyKnow states:

---

Please use this email address for all replies to this request: request-xxxxx-xxxxxxx@whatdotheyknow.com

Is team@whatdotheyknow.com the wrong address for Freedom of Information requests to [body] ? If so, please contact us using this form: https://www.whatdotheyknow.com/change_request/new?body=[body]

Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies: https://www.whatdotheyknow.com/help/officers

For more detailed guidance on safely disclosing information, read the latest advice from the ICO: https://www.whatdotheyknow.com/help/ico-guidance-for-authorities

If you find this service useful as an FOI officer, please ask your web manager to link to us from your organisation's FOI page.

I'll copy @MyfanwyNixon as this is copywriting

[MyfanwyNixon]

Thanks. I've had a go at making a few changes.

WhatDoTheyKnow.com should be used only for the submission of Freedom of Information requests. If you believe this message is not an appropriate use of our service (for example, it is general correspondence, a request for personal information, or is vexatious) you can report it for attention by the site administrators via: https://www.whatdotheyknow.com/request/[url_title]/report/new

In such cases, please also consider replying to the originator of the request to offer advice. For example, you may wish to send them a link to procedures for making a request for personal information, or to provide relevant contact details.

It could go above the disclaimer, so long as there's no risk of making the footer so long that the bottom parts don't get read. If we think that's a danger, i suppose this could go right at the bottom.

[RichardTaylor]

A suggestion arising from discussion at retreat was to try and record when requests are made to an inappropriate body.

We could ask bodies to report such requests (though we'd expect them to reply and say "not held" too so that might be confusing).

Examples of how this information could be used:

• too many such requests by a user could indicate poor use of the site and suggest they shouldn't be given access to more powerful site features
• we might want to change the way a body is described / tagged to deter inappropriate requests.

[RichardTaylor]

Extend "report this request" to seek more feedback about the request from FOI officers - eg. let FOI officers flag a request as well formulated,

[garethrees]

Related to https://github.com/mysociety/alaveteli/issues/3645

[RichardTaylor]

Adding a +1 to this following an occurrence when someone used WhatDoTheyKnow for correspondence with a school about their child. A WDTK administrator removed the material and wrote to the school asking them to let us know about any further such correspondence, and urging the school to take care with what they release in response to messages sent via WhatDoTheyKnow.

Ideally we'd already be asking the school to alert us to requests for personal information in the footer of outgoing correspondence.

We might want to add a sentence to the end of what's proposed above:

Do not release personal information by responding to this message.

While "personal information" can be interpreted very broadly I think it would be clear what such a sentence was intended to mean and such a statement shouldn't reasonably conflict with any legitimate requests/responses; but there's a risk it might.

[RichardTaylor]

If we trusted public bodies we could automatically hide correspondence they flagged, for example, as personal correspondence.
Related: #41 Privileges for Public Authority Users (though clicking a link on an email received might be sufficient - we might not need an officer at a public body to be logged in as a user?)

[RichardTaylor]

I should raise a concern about potentially increasing admin workload, but there are ways that could be mitigated eg. trusting public body users, or enabling admins to review or act on decisions to hide material as personal / not_foi in bulk - in many cases a subject line, and perhaps snippet, would be sufficient to take action on. We can hopefully rely a little on legitimate users speaking up if we do get it wrong and hide something which shouldn't be.

[RichardTaylor]

+1 following misuse of WhatDoTheyKnow by someone requesting their medical records and including sensitive personal information in their requests. Ideally the bodies receiving these requests would have flagged them up to us.

[RichardTaylor]

+1 We're currently in correspondence with a public body about how they should act when someone misuses WDTK to write to them with personal correspondence.

Letting us know isn't something they considered!