On this page:

Preparing Scotland: Scottish Guidance on Preparing for Emergencies

« Previous | Contents | Next »

Listen

07 Sharing information

This chapter to be reviewed by November 2007

Summary

  • Information should be shared freely unless it is sensitive, in terms of the Regulations, in which case it may be treated differently.
  • Responders should consider their information needs and have regard for the position of those who hold it.
  • Other legislation regulates access to information. Information held by responders may be subject to its provisions.
  • Sensitive information needs to be managed and stored securely.

Introduction

7.1 Information sharing is vital for effective response to emergency and for preparation for response. A majority of information passes between responders informally as part of normal business and the duty to co-operate is founded on the need to share information in establishing robust working relationships. However, there is information that is sensitive for a number of reasons for which special provision is made in the Act and other legislation. The Regulations establish a framework for information flows that presumes that information should be shared unless its release would be counterproductive or damaging in some other way.

7.2 However, there are controls on the free flow of information. Access is limited in a range of ways including physical access, restrictive markings, circulation lists, the "need-to-know" principle and targeting particular audiences.

Types of information

7.3 It may be helpful for Category 1 and 2 responders to think about their use of information in the round and consider how streams of information interact.

7.4 It is important not to think of information as being either public or private. There are various types of information. Information may be suitable for some audiences but not others. The circulation of information can be limited to certain classes of organisation or individual. For example there is:

  • information that may circulate within one organisation, maybe on a severely restricted "need to know" basis (for example, reports on terrorist suspects held by the police);
  • information shared between a limited number of responders on the basis of their functions (for example, information about vulnerable people shared by utilities, local authorities and health services);
  • information that can be freely shared between Strategic Co-ordinating Group members but it might be unhelpful if it entered into the public domain prematurely (for example, proposals for a commercial public event);
  • public information that is made available for interested parties but is not promoted for general awareness (for example, COMAH off-site plans); or
  • public information that is actively promoted for the benefit of the general public (for example, a public information leaflet on flooding).

7.5 Therefore, responders should carefully consider their information needs and be clear about what is required, the purpose for which it is needed and, if it is sensitive information, how it will be stored and distributed.

7.6 Category 1 responders should be aware that their partners with a Scotland wide remit may, potentially, have to respond to information requests from many responders and they should consider ways of reducing the burden of responding to a large number of individual requests by acting jointly through their SCGs. Scotland wide responders should consider methods of providing information proactively.

Category 2 responders

7.7 It is important for Category 1 responders to be realistic about what information is requested from Category 2 responders. Information sharing has the potential to be onerous for Category 2 responders if it is not handled responsibly.

7.8 Category 2 responders often put information about their activities into the public domain. Information about the overall regulatory regime for Category 2 responders such as the utility and transport sectors is also widely available. The Government will work with Category 2 responders to put as much information as practical about their industry's civil protection arrangements into the public domain. In the first instance, Category 1 responders should seek information from Category 2 responders from these open sources.

7.9 Beyond these generic arrangements, Category 1 responders can generally expect to be making information requests in a limited number of areas:

  • information about local configuration of national arrangements;
  • information about specific local facilities; and
  • contact details of key staff.

7.10 Of course, this list is not exclusive. If a Category 1 responder wants information in order to discharge its duties under the Act it should approach the Category 2 responder in question about access. If that is not possible, or is unsuccessful, and the Category 1 responder believes the request to be reasonable and appropriate, it should make a formal request under the Regulations. 1

7.11 Where possible, Category 1 responders should seek to channel requests through as small a number of routes as possible so as to avoid duplication of effort. There are other more efficient ways in which Category 1 responders can request access to information:

  • Where the information is required by a number of Category 1 responders, the request may be coordinated through the Strategic Co-ordinating Group ( SCG).
  • Where a type of information request comes up repeatedly, a Category 1 responder should consider raising this with either its national representative body, the sponsoring government department, the national representative body for the Category 2 sector in question or the SCG Forum. This will allow the sector to consider if adjustment might be made to the way in which information could be made accessible for future requests.

7.12 In terms of sensitive information, private sector Category 2 responders may rely on exceptions that relate to commercial confidentiality. This reflects the fact that many Category 2 responders may be in competition with others within the same area. It is important that these needs are respected.

7.13 Category 1 responders should also bear in mind that information may be available to them by virtue of existing commercial relationships with a Category 2 responder and subject to commercial confidentiality. For example, an electricity supplier might have a contract to supply a local authority but civil protection work might reveal problems with the resilience of that supply.

7.14 It is important that Category 1 responders respect the circumstances under which such information is obtained and abide by any restrictions on its use. Should Category 1 responders not handle information properly, the sanctions set out in the Act 2 would be available to the Category 2 responder in question.

7.15 In return for responsible use of these powers to request information, Category 2 responders should ensure that they can deal with reasonable requests made by Category 1 responders.

Other legislative requirements

7.16 Although there are many pieces of legislation which affect the use of information within individual sectors, there are three which have a wider-ranging impact. It is for each Category 1 or 2 responder to make the final judgements about the detailed implications of each of these pieces of legislation and how they interface with the Act.

Freedom of Information (Scotland) Act 2002

7.17 The Freedom of Information (Scotland) Act 2002 ( FOI) provides a mechanism by which members of the public can access information held by public sector bodies. (General Category 1 and 2 responders are subject to the Freedom of Information Act 2000 with similar provisions).

7.18 The FOI aims to increase the transparency of public bodies and the way in which such bodies carry out their work, and to increase accountability. Category 1 and 2 responders, which are Public Authorities as defined by the FOI are required to communicate information which is requested by any person (subject to procedural requirements and exemptions). These duties are not affected by the Act.

7.19 Although as a matter of law the FOI could be used by one Public Authority to extract information from another, the FOI is not primarily intended to be used for that purpose. Public Authorities have an implicit duty of co-operation in the discharge of public functions which should facilitate information flow. As such, Public Authorities which are Category 1 and 2 responders should not regard the FOI as the principal basis for making requests from each other about civil protection matters. Category 2 responders which are not Public Authorities should also not rely on the provisions of the FOI as the principal basis to acquire information for civil protection purposes.

7.20 If necessary Category 1 and 2 responders should follow the process referred to above but only if the information is not publicly available.

7.21 In most respects, the information-sharing provisions in the Act and Regulations are broader than those in the FOI. The FOI recognises that the information will enter the public domain. The Act recognises that the information stays within the civil protection community. As a result the Act allows certain types of sensitive information to be shared which would be unlikely to be disclosed under FOI.

7.22 Detailed guidance on the FOI can be found on the Scottish Executive's website at www.scotland.gov.uk/Topics/Government/FOI

Environmental Information (Scotland) Regulations 2004

7.23 The Environmental Information Regulations 2004 provide for the freedom of access to information on the environment, subject to certain conditions, and must be taken into account when carrying out duties under the Act and Regulations. Category 1 and 2 responders as public authorities and those carrying out functions involved with the supply of essential public services such as water, sewerage, gas and electricity may fall within the scope of the Environmental Information (Scotland) Regulation 2004.

7.24 Environmental information required in the course of civil protection activities should be obtained through co-operation or formal requests under the Regulations as outlined above.

7.25 Further information is available through the Scottish Executive's website at www.scotland.gov.uk/library5/environment/aeig-00.asp

Data Protection Act 1998

7.26 The Data Protection Act 1998 provides certain rights to individuals to request information from public bodies about personal data held by them which relates to that individual. It also provides limits on the use or processing of such data by public authorities. The Data Protection Act must be considered in relation to the duties imposed under the Act and Regulations.

7.27 Guidance on the Data Protection Act can be found on the Information Commissioner's website at www.informationcommissioner.gov.uk

Security of sensitive information

7.28 Responders holding sensitive information, whether produced by themselves or obtained from others, have to make arrangements for its security.

7.29 Responders should consider establsihing security classification schemes. One of the most common systems for the protection of documents is the Government's own document classification regime. The classification system is designed to protect valuable property or information by labelling it with classifications, also known as protective markings. The system is operated by Government and is linked to vetting overall security policy. As such it is not readily transferable to the local level and should not provide the basis for any form of universally applicable system. It should also be noted that even highly classified material may not be exempt from FOI requests. The system may be used by some Category 1 and 2 responders by virtue of their functions. There are four classifications:

  • Restricted
  • Confidential
  • Secret
  • Top Secret

7.30 These classifications relate to the level of protection needed for a document. This operates on a sliding scale based on the subject of the document and the damage that would be caused if it were lost, stolen or seen by an unauthorised person. For example, loss of a Restricted document might cause distress to individuals or prejudice the investigation of crime, whereas loss of a Top Secret document might cause very serious damage to UK armed forces or severe long-term damage to the UK economy.

7.31 The classification determines who can see the information, how it is stored, transported or sent. Each item is classified on its own merits and so it is not possible to say that all examples of a particular type of document, for example, an emergency plan, would be classified at a particular level.

7.32 In relation to access, classified documents are more accessible than many people believe. To access Restricted information does not necessarily need any clearance but, in some cases a counter terrorist check ( CTC) may be needed. Access to Confidential information may only need a basic check ( BC) although I some cases CTC or a security check ( SC) may also be required. Access to Secret information requires an SC. Although Developed Vetting ( DV) clearance is required for access to Top Secret information, in some cases an SC may suffice.

7.33 Category 1 and 2 responders should be willing to challenge organisations which over-classify material or demand unwarranted levels of clearance.

7.34 Regardless of whether a classification scheme is established, the management, storage and distribution of sensitive information should be secure. For example, access to electronic versions of documents might be password protected, paper documents should be stored in locked cabinets and disposed of only by shredding.

7.35 The distribution of Secure information should be limited to those who need it to fulfil their duties and only for the purpose for which it was requested or provided.

« Previous | Contents | Next »

Page updated: Tuesday, June 12, 2007