Former information commissioner Richard Thomas has a new job: overseeing the government’s systems of administrative justice. He talks to Matt Ross about the challenges, potential and importance of both roles
Public organisations may exist to serve the public good while private enterprises are designed only to make a profit, says Richard Thomas, but – at least when markets are operating well – businesses tend to meet the needs of their users better than public sector agencies. In his new job, as in his old one, he sees it as his job to close that gap.
In private markets, Thomas argues, “nobody needs any lessons on the importance of consumer care; the market is far and away the best way to make sure that consumers’ needs are accurately identified and taken on board. But in the public sector, by and large there’s no competition: you’re stuck with a single, monopolistic supplier – and monopolies do have a tendency to be a bit slow and inefficient and consumer-unfriendly.”
Thomas sees bodies like the Administrative Justice and Tribunals Council (AJTC) – a fairly new agency set up to oversee public sector complaints-handling systems, where he began work as chairman this month – as “a proxy for those pressures that exist” in private markets. “I think that the public sector has been rather slow to give sufficient attention to the interests of users and consumers,” he says. “It’s our job to make sure that they’re properly identified and taken into account.”
The former information commissioner’s new role fits neatly into a career dedicated, he says, to three themes: “one, that I’m a lawyer who thinks it’s important to demystify the law and make it as accessible as possible; two, the theme of consumer and user activity; and three, I’ve always rather enjoyed a challenge where I think I can make a difference”.
Thomas maintains that he is “not a consumer champion; I’ll see the two sides, whether it’s consumer against government or consumer against business.” But his CV (see box) is packed with roles in which Thomas has stood up for the needs and interests of private individuals in their dealings with large and powerful organisations – most famously, of course, during his seven-year stint as the UK’s information commissioner.
Data protection
On data protection and freedom of information, says Thomas, we have come a very long way. In 2002, data protection had become “somewhat marginalised, academic, theoretical, and remote from the concerns of ordinary individuals”; it “had fallen somewhat into disrepute and wasn’t being taken seriously”.
At the same time, he continues, computing power was increasing exponentially; it was a dangerous combination. “Personal data is an enormous asset to an organisation, but also a toxic liability if things go wrong,” he says. At the time, “senior management people perhaps didn’t really understand the power of technology, how much material was being handled in their organisations, and the consequences if things went wrong. All this kit has been installed over the last 20 years, and they haven’t always known just how powerful it is.”
The first piece of major fall-out was, of course, HM Revenue & Customs’ loss of the personal details of 25 million child benefit recipients. “You’d be astonished at how many very senior people said to me: ‘I had no idea that you could get 25 million records on two CDs. That was when people understood that careless handling of personal data can have many, many detrimental effects,” comments Thomas. “It was a massive shock – and it was followed by a number of others in very fast order, because people were waking up to the importance of checking that their systems were in good order.” Many such checks, of course, uncovered weak systems and data losses.
By the time a Ministry of Defence laptop containing the details of millions of people who’d sought information on military careers was stolen from a car, says Thomas, “they were beginning to ask the right questions. The question wasn’t: ‘Why did somebody leave a laptop in a car overnight?’ It was: ‘Why was so much data being collected? Secondly, why did they keep it for ten years? Thirdly, why was it all on a central database? Then, why did it get transferred to the laptop? Then, why wasn’t the laptop made secure? And then, why did the guy leave it in the car?’”
Years of progress
Nowadays, Thomas says, public organisations are much better at handling data. Information issues have appeared on ‘risk registers’ across the sector, and senior officials are being appointed to manage data risks. “It is now being embedded in the risk business of government departments,” he says. “At the end of the day, this is just glorified risk management.”
Meanwhile, Thomas’s campaign for his office to win greater powers and resources has made real progress. A rise in fees for large organisations is set to boost the office’s data-protection budget from £11m to £16m; the commissioner now has the power to impose civil penalties on organisations that “deliberately or recklessly” ignore data-protection rules; and the commissioner may now inspect public organisations without their consent.
However, the former information commissioner has worries about the plans for an identity database: as the scheme progresses, he warns, officials must abide by the principle of data-minimisation: “Don’t collect more data than you need for a particular purpose. We have expressed concerns about setting up databases without strict limits around the data being collected, and tight controls over how it’s used.”
For example, he says, why should the system keep a record of when and where an identity card is swiped through a reader? Because, I suggest, the information might prove useful. For a second, Thomas’s passion almost over-rides his lawyer’s habit of choosing his words with great care. “As a very broad proposition, collecting information on a ‘just in case’ basis, because it might be useful one day, is not acceptable,” he says abruptly. “You need to be clear about your purposes and proportionate in your approach. If you aren’t clear about the purpose for which you’re collecting data, then a question mark arises.”
Data sharing concerns
On data sharing too, Thomas has qualms about the government’s approach. The Coroners and Justice Act has put his data-sharing code of practice on the statute book, but Thomas also recommended the establishment of a mechanism for creating ‘data-sharing orders’ – a process stymied when justice secretary Jack Straw’s proposals “didn’t contain all the specific limitations that we had in mind; in theory, [under Straw’s proposals] an order could have been made much wider than we had envisaged”. The result, says Thomas, was “a very strong reaction against it in Parliament, and the government withdrew that part of the bill.” Now, he says, “government will rethink its approach, and I suspect they’ll bring it forward in a slightly tighter format in the future.”
Despite the progress, then, new information commissioner Christopher Graham has a fairly full in-tray. The introduction of custodial penalties for people who steal personal data, for example, is on the face of the Criminal Justice and Immigration Act but, says Thomas, “must be activated by a ministerial order – and my successor went on the radio and said he was going to press ministers to activate it as soon as possible”.
Thomas also remains dissatisfied with the commissioner’s new power to compel public bodies to allow data inspections – which, he says, is not supported by sufficient sanctions for non-compliance, and should be extended to private organisations. And he raises what he calls “the next big issue: data cleansing. How much inaccurate information is being held? How much has been kept for too long?”
Freeing the information
On freedom of information, the picture is more straightforward. “The MPs’ expenses issue brought into focus the rhetoric of openness and transparency,” says Thomas. “The public are well-educated, demanding; they don’t like being treated like children. They want to understand what’s going on in government, and they’ll become suspicious if things are hidden.” Organisations that have responded well, “identifying what really needs to be kept confidential and being as open as possible with everything else”, have thrived: “I pay credit to public administration as a whole; people have taken this seriously,” he says. “We’re moving in the direction of a more open society.”
However, asked how whole-heartedly senior civil servants have embraced the principles of freedom of information, Thomas sounds cautious. “There are mixed feelings,” he replies. “It’s still seen as irritating on occasion; as time-consuming and resource-intensive. We’ve seen, right across public administration – including the senior civil service – a recognition that it’s here to stay, that it’s inevitable, that it’s a good thing. But there’s still a little bit of knee-jerk reaction.”
Senior officials, Thomas has found, retain a tendency to think “we can’t possibly disclose this now; we’ve never done so in the past” – even when the data, “when you finally see it, isn’t particularly sensitive or damaging”. Progress, though, continues: “They get used to it,” he concludes.
A new challenge
At the AJTC, Thomas hopes for similar progress – and in some ways the world of administrative justice looks rather like the field of freedom of information and data protection did at the beginning of the decade: a newly-established scrutinising organisation and framework stands above an area of public operations where performance is patchy and scantily-monitored.
After the 2000 Leggatt Review of Tribunals identified what Thomas delicately calls “a less than satisfactory state of affairs” in administrative justice, a 2004 white paper criticised the public sector’s piecemeal, opaque and incoherent systems of complaints management. “It proposed quite comprehensive reform – not least creating a unified tribunals service covering most of the tribunals, and reconstituting the old Council on Tribunals as the AJTC, with a revitalised role,” explains Thomas.
Tribunals and administrative justice systems, he continues, will be tested for accessibility, fairness and efficiency. The AJTC’s establishment represents a recognition that “for the vast majority of individuals who have a dispute with public authorities – whether it’s social security, taxation, immigration, employer disputes or more specialised areas – there’s not much legal or other representation involved. People are often by themselves, and they’re up against the weight and resources of the government.”
In that context, the AJTC exists “to recognise the interests of the users of the system, to identify good practice and ensure that it’s as widely available as possible, and to speak out when there’s poor practice and to seek improvements,” says Thomas, who is quick to recognise that “this is not easy stuff: you’ve got to sort out the merits of each case, which we’re not concerned with, from the process for resolving the case, which does concern us. In many ways, the interesting thing is: how satisfied are the people who lost their case?”
The task ahead
To achieve this task – “a big job”, says Thomas, with masterful understatement – the AJTC has a part-time, 15-strong council, plus what he calls “a very talented staff in very small numbers – and not much in the way of other resource”. Thomas can advise ministers, but has no powers of compulsion. “That doesn’t dismay me too much, though,” he comments. “At the Information Commissioner’s Office we had few powers, but we re-engineered our approach, and found ourselves being taken increasingly seriously.”
A week into his new job, Thomas hasn’t yet met the full council, let alone developed a strategy: “Right now there’s only one priority, and that’s to have priorities,” he says. “But we’ll have to be very strategic; we’ll have to be selective in order to be effective, identifying our fundamental aims and objectives.”
It is, at least, clear that under Thomas the AJTC will be taking a different approach from that adopted by previous chair Lord Newton – a former Tory minister who held the job for a decade. “In the past the council has been highly effective in identifying good practice and poor practice, and putting across its views – but its remit was somewhat narrow: Leggatt said that ‘it has done a good job by stealth’,” Thomas comments. “Maybe there’s a case for a little more visibility”.
On this, the AJTC’s new chair is clear that “we shouldn’t be visible simply for the sake of raising our profile – but when there’s an occasion when we need to put our head a little higher above the parapet to achieve a particular result, we won’t shy away from that.” There’s a big job of persuasion to do here, he adds, “and sometimes people are more likely to read something in Civil Service World than they will if it’s tucked away in a letter to a minister. We’ve got to get our message across in any way that’s appropriate.”
As the AJTC develops into its new role, says Thomas, “We’re to a very large extent pushing at open doors – but we’ve got to make sure that people understand the importance of getting this right.” While he is at pains not to scare his new charges, he also shows flashes of the single-mindedness that has made him one of the UK’s foremost champions of consumer and user rights.
“I don’t want to seen as confrontational or challenging”, he begins, before rowing back – he clearly does not want to be seen as unchallenging – and searching for the right phrase. “I want to be seen as a constructive, critical friend,” he says firmly.
Thirty years’ work improving services’ responsiveness to users and access to justice has left Thomas with a clear focus on what matters and what doesn’t. “Most individuals are not interested in high matters of state; they are interested in how government organisations treat them,” he says. “That’s a very important part of political engagement and citizen welfare in a healthy democracy. People don’t expect to be right every time, but they do expect to be treated fairly and considerately – and that’s what I hope we can achieve here.” ?