ICO highlights challenge Slack-like tools pose to public sector FOI request compliance

The Information Commissioner’s Office outlines how the growing use of cloud-based communication channels could complicate how public sector organisations respond to Freedom of Information requests

The Freedom of Information Act (FOIA) may need amending to account for the growing public sector use of cloud-based communication tools, the Information Commissioner’s Office (ICO) has warned.

The data protection watchdog said the use of online data-sharing tools, such as Slack, by public authorities raises a number of “complicated and novel issues” about how such organisations are expected to meet their FOIA obligations and maintain their records.

“The commissioner [Elizabeth Denham] will consider the wider implications for government and the public sector more generally, and whether further guidance is required. She may also consult with the National Archives about the records managements issues arising,” the ICO said.

The admission is in response to a long-running dispute between an unknown individual and the Cabinet Office, prompted by the former party submitting a freedom of information (FOI) request in August 2016, demanding access to all of the information held on the “UK Government Digital” Slack channel.

“This should include messages in both public and private channels, private messages, files shared, archived channels and message edit and deletion logs,” the August 2016 request read.

“As this Slack is used across government departments, I would ask each user to be listed alongside their relevant department and, where possible, job role, including where their name has been redacted.”

The Cabinet Office initially batted away the query in September 2016, claiming no information falling in the scope of the request is held on FOIA grounds because Slack is not used in an “official capacity”, the ICO decision notice stated.

The complainant challenged the Cabinet Office on this claim, and requested an internal review into its response to the FOI request, on the basis the Slack channel is publicly referenced on government blogs as a tool used by the Government Digital Service (GDS) and others.

A follow-on complaint in February 2017 was submitted to the ICO about the Cabinet Office’s handing of the original request, during which the department conceded that some of the information the complainant asked for did fall under the scope of FOIA.

However, it considered the request to be “vexatious” and responding to it would be “unduly burdensome” for the organisation, given the Slack channel contained around 85,000 public messages at this time, with 400 new ones being generated every 24 hours by its users.

Read more about public sector cloud use

The ICO investigation has seen the organisation support the Cabinet Office’s decision not to respond to the request, and backs the classification of the request as “vexatious”, in a decision notice dated 26 July 2017.

This is the first time the ICO has been brought in to investigate an FOI response to a request regarding information stored on Slack, and the case highlights the complications these tools can bring to organisations when it comes to fulfilling their legislative responsibilities, the notice stated.

“The commissioner recognises that public authorities’ use of cloud-based communication tools, such as Slack, raise a number of complicated and novel issues in respect of compliance with the requirements of FOIA, including wider issues related to records management,” the notice read.

Read more on Infrastructure-as-a-Service (IaaS)