3 min read

Editorial Wednesday 19 June 2013: Why redacting the name of the CQC cover-up leader for Data Protection Act reasons is bullshit

Oh dear.

David Prior, Conservative MP for North Norfolk pre-Norman Lamb and now chair of the Care Quality Commission in the aftermath of the lovely Dame Jo Williams, told BBC Radio 4's Today that the name of the person who, according to Grant Thornton's report into the CQC cover-up over Morecambe Bay, told a CQC colleague "Are you kidding me? This (internal report into CQC failings at Morecambe Bay) can never be in a public domain, nor subject to FOI", had to be redacted.

Mr Prior told John Humphreys that the names could not be released in the Grant Thornton report because doing that would breach the 1998 Data Protection Act.

This is, quite simply, bullshit.

Nor is it just a minor pellet of bullshit. This is epic, hog-whimpering and noxious bullshit.

The Data Protection Act affords specific exemption at Section 55 2(d)"to a person who shows ... that in the particular circumstances the obtaining, disclosing or procuring was justified as being in the public interest".

Moreover, the Information Commissioner's Office, which enforces the Data Protection Act, is explicit in its advice on Principles One and Two (those dealing with an individual personal data) that fairness is crucial: "it depends on whether it would be fair to do so ... personal data must not be processed for any purpose that is incompatible with the original purpose or purposes".

Pretty simple, really. If Grant Thornton's report is accurate, then it describes what is at least gross misconduct by a senior employee of a public body (and quite conceivably criminal behaviour). To disclose that is pretty evidently fair. Likewise the name of the individual would be held by CQC so as to identify them: the purpose for which it is being held is wholly congruent with its release.

Moreover, the Nolan Principles on standards in public life were devised based on "Members of Parliament, Ministers and Civil Servants, executive Quangos and NHS bodies ... All public bodies should draw up Codes of Conduct incorporating these principles". This reported conduct by a senior CQC executive breaches all seven Nolan Principles at once. It's almost heroic.

This is before we come to the broader principle of provable truth as an absolute defence against any attempt to pursue a claim for defamation. Either the CQC leadership think the Grant Thornton report is true and based on evidence, or they think it isn't.

If they think the latter, clearly it should not have been published. If the former, then they must surely know that proveable truth is the absolute defence against libel claims.

The CQC has a tough job to rebuild public confidence in its work (and probably needs as a minimum to change its name as part of this process); part of which involves telling the truth, the whole truth and nothing but the truth about its former leaders' conduct.

Its new leadership looks disastrously ill-informed to cite Data Protection Act reasons for refusing to release the names of the guilty party or parties.

Because the Data Protection Act is not a valid excuse for this approach: that is bullshit.

UPDATED: I've just got a quote from David Smith, ICO Deputy Commissioner, who said: “the Data Protection Act does not specifically prevent people being named publicly, but instead talks about using information fairly and considering what expectations of confidentiality people may have had when providing their personal information.

“Put simply, patients would not expect sensitive information about their health to be disclosed in a public document, but there is no blanket ban preventing senior managers being held to account. The Care Quality Commission is well-placed to make a decision based on these factors, but it is important the Data Protection Act is not used as a barrier to keep information out of the public domain where there is an overriding public interest in disclosure”.

And later on, Information Commissioner Christopher Graham told BBC2's Newsnight "this feels like a public authority hiding behind the Data Protection Act, it's very common, but you have to go by what the law says and the law is very clear. You have to process data fairly, you have to take into account people's expectation of confidentiality, patient data, obvious, but officials, there you have to apply a public interest test.

"I'm not convinced that the Care Quality Commission have been correctly advised. I think they are going to have to look at this again".

Updated:  the blog 'Information Rights And Wrongs'  thinks this is wrong and suggests there is a defensible case for the CQC.