ASSEMBLY BUSINESS

Second Report on the Unauthorised Disclosure of a Draft Report of the Public Accounts Committee

Committee: Standards and Privileges

Session: 2012/2013

Date: Wednesday, 13 March 2013

Reference: NIA 103/11-15

ISBN: 978-0-339-60472-8

Mandate Report Number: Fourth Report

Together with the Minutes of Proceedings of the Committee relating to the Report, Minutes of Evidence, and Written Submissions

Powers

The Committee on Standards and Privileges is a Standing Committee of the Northern Ireland Assembly established in accordance with paragraph 10 of Strand One of the Belfast Agreement and under Assembly Standing Order No. 57.

The Committee has power:

  • to consider specific matters relating to privilege referred to it by the Assembly;
  • to oversee the work of the Assembly Clerk of Standards;
  • to examine the arrangement for the compilation, maintenance and accessibility of the Register of Members’ Interests and any other registers of interest established by the Assembly, and to review from time to time the form and content of those registers;
  • to consider any specific complaints made in relation to the registering or declaring of interests referred to it;
  • to consider any matter relating to the conduct of Members, including specific complaints in relation to alleged breaches of any code of conduct to which the Assembly has agreed and which have been drawn to the Committee’s attention;
  • to recommend any modifications to any Assembly code of conduct as may from time to time appear to be necessary.

The Committee is appointed at the start of every Assembly, and has power to send for persons, papers and records that are relevant to its enquiries.

Introduction

1. On 20 June 2012 the Committee on Standards and Privileges agreed its report on the unauthorised disclosure of a draft report of the Public Accounts Committee (Report: NIA 60/11-15). A copy of this Report is appended in CD ROM format. Included within this report as an annex was a report from the then interim Assembly Commissioner for Standards (“the interim Commissioner”) on his investigation into the circumstances surrounding the disclosure.

2. The Committee set out in its report the key findings of the interim Commissioner’s report. The Committee noted that the interim Commissioner had identified during his investigation a number of gaps in the processes, working methods and systems of the Assembly. These had led the interim Commissioner to make a number of recommendations designed to reduce the risk of future unauthorised disclosures of restricted documents.

3. The Committee noted that responsibility for implementing the interim Commissioner’s recommendations lay with a number of bodies. The Committee wrote to these bodies inviting them to comment. Having now received their responses and having given further consideration to the findings of the interim Commissioner, the Committee has agreed the following report.

Background

4. During plenary session on 21 March 2011 the Chairperson of the Public Accounts Committee (PAC) moved that a specific matter affecting the privilege of the Assembly should be referred to the Committee on Standards and Privileges. The Chairperson explained that on 18 January 2011, a draft report on the PAC’s Inquiry into Performance and Governance in NI Water was leaked to the media. The PAC had subsequently commissioned an inquiry into the leak, but this had not been conclusive. The PAC therefore agreed at its meeting on 15 March 2011 that this was a matter affecting the privilege of the Assembly and that it should seek to have the matter referred under Standing Order 70.

5. The Speaker confirmed that in his opinion the requirements of Standing Order 70 had been met and that the matter would be referred to the Committee on Standards and Privileges. Correspondence to the then Chairperson from the Speaker setting out this opinion is attached at Appendix 1.

6. The Committee met on 23 March 2011 to consider the referral. The Committee agreed to refer the matter, under Standing Order 69A, to the interim Commissioner for investigation and provided the following terms of reference:

To establish the circumstances surrounding the unauthorised disclosure of the draft PAC re port on its Inquiry into the Performance and Governance of NI Water on 18 January 2011;

  • To establish the source of the unauthorised disclosure;
  • To comment on the efficacy of referring such matters as breaches of privilege for investigation by the Commissioner;
  • To report the findings of the investigation to the Committee on Standards and Privileges;

7. The Committee recognised that this was the first referral of its kind to the interim Commissioner and that, as such, the opportunity should be taken to review the procedure once the investigation was completed.

8. At a subsequent meeting on 23 November 2011 the Committee considered correspondence from the office of the interim Commissioner which requested that the Committee agree to extend the terms of reference of the investigation to enable him to include recommendations of a systemic nature in relation to the protection of information and documents more generally. The Committee agreed to this request. Correspondence from the Deputy N I Ombudsman setting out this request is attached at Appendix 1.

9. The interim Commissioner completed his investigation and submitted his report to the Committee. A copy of the interim Commissioner’s report is included at Appendix 1.

Key Findings

The circumstances surrounding the unauthorised disclosure of the report

10. Paragraphs 9 to 20 of the interim Commissioner’s report set out at length the circumstances in which different versions of the draft PAC report were created and made available to individuals within the Assembly secretariat, the Northern Ireland Audit Office (NIAO) and members of the PAC. The interim Commissioner established that between Friday 14 January 2011 and Tuesday 18 January 2011 six versions of the draft report were created and that at different times during this period a number of people had access to one or more of these versions.

11. The most widely available version was draft 6. Draft 6, which was created at some time between 4.56 pm and 6.00pm on Monday 17 January 2011, was the only version of the draft report to be distributed to members of the PAC. It was also either sent or accessible to a number of members of staff within the Assembly secretariat and the NIAO. A distinctive feature of draft 6 was a header which read ‘Draft PAC report – Procurement Governance of NI Water’.

12. The interim Commissioner’s report sets out how news of the draft PAC report broke. The first mention was broadcast shortly after 5.00pm in a news bulletin on Radio Ulster’s Evening Extra programme on Tuesday 18 January 2011. There was more substantial discussion about the content at 5.24pm on the same programme. Shortly afterwards UTV broadcast details on its UTV Live at Six programme. This was followed by a feature on BBC Northern Ireland’s Newsline programme. Transcripts of each of these three broadcasts are included at appendices 4, 6 and 7 of the interim Commissioner’s report.

13. The interim Commissioner believed it was reasonable to conclude that it was draft 6 of the report which was leaked to UTV and that it was probable that it was leaked to them at some time on Tuesday 18 January 2011.

14. It was not possible for the interim Commissioner to determine definitively which version of the draft report was leaked to the BBC. He considered it possible that the BBC did not have a full copy at the time of the broadcasts on Tuesday 18 January 2011 but may have been given an opportunity to view the draft report or was provided with details of its content. The interim Commissioner was of the view that it was probable that it was draft 6 of the report (or detail of its content) that was leaked to the BBC and that the leak took place on Tuesday 18 January 2011.

15. The interim Commissioner concluded that there were a number of weaknesses in the working processes and systems that were in operation during the creation, distribution and storing of the draft report. It was his view that while these weaknesses did not lead directly to the unauthorised disclosure of the draft report, they did increase the risk to the PAC of its draft report on NI Water coming into the public domain prematurely and without proper authority, and they also afforded an individual (or individuals) who had access to the draft report an enhanced opportunity to leak its contents to the media, if so minded.

16. The weaknesses identified by the interim Commissioner are included in paragraph 74 of his report. His recommendations to address these weaknesses (and other issues) are considered in further detail at paragraphs 27 to 43.

The source of the unauthorised disclosure

17. The interim Commissioner went to great lengths to establish the source (or sources) of the leak. As well as written enquiries interviews were carried out with all eleven (January 2011) members of the PAC, as well as staff from the Assembly secretariat, staff from the NIAO and two others (see appendix 3 of the interim Commissioner’s report). Every person who was questioned stated categorically that he/she was not the source of the leak and had no knowledge of who was. Some members of the PAC commented that they had their suspicions about the source but had no evidence to substantiate them.

18. The BBC confirmed to the interim Commissioner that details of the draft PAC report were provided to its political correspondent, Ms Martina Purdy. UTV confirmed that its correspondent, Mr Jamie Delargy, had obtained the leaked report. However, neither organisation identified their respective source or sources and neither provided any information as to which draft they had either seen or been provided with.

19. The interim Commissioner was therefore unable to identify with any certainty the source of the unauthorised disclosure of the draft PAC report.

Impact of the unauthorised disclosure

20. The interim Commissioner considered the detrimental impact of the unauthorised disclosure, particularly on trust between committee members as well as between members and staff. The interim Commissioner has set out in paragraph 40 of his report the depth of members’ feelings on the affair. It is clear that the leak damaged essential working relationships within the Committee.

21. The interim Commissioner also considered the threat that this leak (and others) pose to the effective work of the Assembly. The leaked draft committee report had not been agreed or even considered by the PAC, and the interim Commissioner has pointed out that in these circumstances the leak had implications for natural justice and fairness for the individuals and organisations who were mentioned in the report.

22. The Interim Commissioner addressed the competing public interests at stake in a case of this nature. He has, of course, acknowledged the public interest in defending a free press. However, the public also has a strong interest in maintaining the integrity of any live investigation, so that the privacy of those individuals named in draft reports is protected and a full and frank exchange of views among the participants is encouraged.

23. In the interim Commissioner’s view, it was not in the public interest to release the PAC’s draft report prematurely, before it had been considered or tested by the PAC. In his view, to do so had significant potential to undermine the work of the PAC and the integrity of the Assembly a s a whole, as well as to damage the reputation of the named individuals criticised in the report.

24. The interim Commissioner has also pointed out that the leaking of the report cannot be described as whistle-blowing, since the PAC’s findings on NI Water were due to be published once the scrutiny process had ended.

25. The Committee agrees that the public interest can be damaged by publishing leaked draft reports. Before a committee agrees a report, officials prepare a draft version for its consideration. It is wrong to either suggest or assume that this draft version embodies the views of the committee. On the contrary, a draft report is, by definition, a preliminary document and as such may contain contested personal information, factual inaccuracies, irrelevant comment and opinions not held by the committee. Successive draft reports may be written and rejected before a committee approves its final version, and it is this version alone that represents the committee’s views.

26. However, the primary responsibility for upholding the public interest in these circumstances lies with those who are entrusted with confidential information in the first place. Any person who leaks such information is failing in his or her public duty and acting in a manner incompatible with the Seven Principles of Public Life. That leaks often occur for transparently self-serving reasons only emphasises how dishonourable this action is.

The Interim Commissioner’s recommendations

27. The interim Commissioner identified a number of deficiencies in the processes, working methods and systems that were in operation at the Assembly during the creation, distribution and storing of the draft report. These also made the task of identifying the culprit much more difficult, as the number of potential suspects was increased.

28. The interim Commissioner went on to make a number of recommendations (17) which were intended to minimise the risk of unauthorised disclosure by providing additional “levels of assurance”. These recommendations, which were set out in appendix 8 of the interim Commissioner’s report, are as follows:

1. The Assembly’s protective marking policy and procedures should be reviewed to ensure that it is appropriate for the use, storage and transfer of the nature of confidential/sensitive information that may be contained in draft committee reports and other Assembly documents.

2. NIAO staff, Assembly Secretariat Staff and Members should be reminded of the need to apply the protective marking policy consistently, and appropriate training and/or guidance should be provided, if necessary.

3. Confidential/sensitive documents, such as draft committee reports, should be encrypted or password protected when being transmitted electronically, including those transmitted via the Government Secure Intranet.

4. Confidential/sensitive documents should not be emailed to personal email accounts – should staff be required to work at home, remote access to the Assembly’s IT network should be arranged.

5. All draft committee reports should include a declaration of the relevant committee’s proprietorial interest.

6. All draft committee reports should include a statement to the effect that the document remains confidential until it is published by the relevant committee or the Assembly.

7. All hard copies of draft committee reports, and other confidential/sensitive documents prepared for inclusion in committee packs should be individually numbered or watermarked with the recipient’s name before distribution.

8. Draft committee reports and other confidential information should not be made available to those who do not have a business need to access them.

9. Access rights to shared folders in IT networks should be reviewed immediately following staff moves and internal reorganisations and, where necessary, revised.

10. The practice of leaving committee packs unattended in unlocked Members’ offices at the time of their distribution) should cease.

11. Members should be required to acknowledge formally the receipt of their committee pack.

12. Members should be reminded of the need to maintain the confidentiality of Assembly information and to ensure that such information is stored securely at all times. Appropriate training and/or guidance should be provided, if necessary.

13. The facility to audit access to specific electronic documents and/or folders that are considered to contain particularly sensitive information should be used.

14. Email tracking logs should include details of email attachments, or as a minimum, indicate whether an email included an attachment.

15. The Code of Practice for the Use of Assembly Computer Resources, which currently exists in draft form only, should be finalised and made operational in order that the monitoring of the use of Assembly email services by all users, including Members, as referred to in paragraph 5.4 of that draft document, may be undertaken.

16. Steps should be taken to ensure that email tracking/monitoring logs are maintained beyond the standard 99-day retention period in instances where an unauthorised disclosure of information has occurred until such time as all related inquiries/investigations have been completed.

17. The Committee on Standards and Privileges should consider the need to review the Code of Conduct for Members to reflect more specifically that the unauthorised disclosure of Assembly information constitutes a breach of the provisions of that Code.

29. The Committee noted in its first report on this matter that responsibility for implementing these recommendations lay with a range of bodies. The Committee agreed that the issues raised by the interim Commissioner should be addressed as a matter of priority and wrote to the relevant bodies (the NIAO, the Assembly Commission, Chairpersons’ Liaison Group and PAC) inviting their comments (see Appendix 1). Their responses are summarised below.

The NIAO

30. The Comptroller and Auditor General responded on behalf of the NIAO on 22 August 2012 (see Appendix 1). He accepted those recommendations which were applicable to the NIAO (recommendations 2, 3, 5, 6 and 8) and advised the Committee that he had reviewed his procedures and, where necessary, updated guidance to ensure that the recommendations were implemented in full. His correspondence provided further detail on how the NIAO had implemented these recommendations.

31. The Commit tee welcomes the C&AG’s prompt and decisive response to the recommendations.

The Assembly Commission

32. The Speaker replied on behalf of the Assembly Commission on 7 February 2013 (see Appendix 1). The Speaker wrote that a working group made up of secretariat staff had been established to review the Assembly’s Information Assurance policy in the light of the interim Commissioner’s recommendations. Further to the outcome of this review, the Assembly Commission had approved the majority of the Interim Commissioner’s recommendations.

33. The Committee noted that the Assembly’s Information Assurance policy had been reviewed and that it will incorporate guidance which takes account of the recommendations. The Committee welcomes these developments and encourages the Assembly Commission to implement the revised policy and issue the new guidance without delay.

34. The Committee noted that the Assembly Commission had only partially accepted recommendations 10 and 11. The interim Commissioner had recommended that the practice of leaving committee packs unattended in unlocked Members’ offices at the time of distribution should cease and that Members should be required to acknowledge receipt formally. The Assembly Commission has proposed that only those packs which contain confidential information should be treated in this way.

35. The Committee agrees that it is sensible to make this distinction between routine committee packs and those which contain confidential information.

36. The interim Commissioner recommended that the facility to audit access to specific electronic documents and/or folders considered to contain particularly sensitive information should be used. The Committee understands from the Assembly Commission that the IS Office is considering the benefits of replacing shared drives with Sharepoint document sites. This would ensure that access to documents would be restricted to those with a genuine need to use them and recorded in an electronic log. A pilot project has begun involving a small group of staff. Regardless of the outcome of this pilot project, the Assembly stands in need of such a facility.

37. The interim Commissioner recommended that ‘The Code of Practice for the Use of Assembly Computer Resources’, which exists in draft form only, should be finalised and made operational. This Code of Practice provides for the monitoring of the use of the Assembly email services by all users, including Members. The Committee notes that additional information on this issue is being sought from other legislatures before the Assembly Commission gives this recommendation further consideration.

38. The interim Commissioner advised that email tracking logs should include details of attachments or, as a minimum, record their existence. The Committee understands that the Assembly Commission has not accepted this recommendation on the grounds of cost and practicality.

Chairpersons’ Liaison Group

39. Mr Alex Maskey MLA responded on behalf of the Chairpersons’ Liaison Group (CLG) on 6 November 2012 (see Appendix 1). The CLG had discussed the interim Commissioner’s recommendations at its meeting on 16 October 2012 along with the outcome of the review undertaken by the working group. Mr Maskey endorsed the view, expressed by the Assembly Commission and supported by the Committee on Standards and Privileges, that a distinction should be made between standard committee packs and those classified as restricted or confidential.

40. The CLG also acknowledged the need for sanctions to be imposed upon members who leaked confidential information and stressed that it was for committees to assume collective responsibility for the confidentiality of their documents and any subsequent leak.

Public Accounts Committee

41. Ms Michaela Boyle MLA responded on behalf of the PAC on 4 March 2013 (see Appendix 1). Ms Boyle referred to the Assembly Commission’s letter of 7 February 2013 and advised the Committee that the PAC had since moved to the arrangements described therein, which include watermarking and embargo systems and a requirement for members to sign for packs containing sensitive or restricted material. The PAC had responded to a previous unauthorised disclosure of a committee report by limiting members to monitored access to papers. However, Ms Boyle has indicated that the PAC will discontinue this practice as it reduced excessively the time available to members for meeting preparation.

42. The Committee notes that, in advance of the Assembly Commission issuing its new guidance, the PAC has already taken a number of steps to reduce the risk of an unauthorised disclosure of con fidential information. This reflects the Committee’s own approach and is to be welcomed.

43. The Committee also notes that the PAC had taken additional measures which it has reviewed and withdrawn. The Committee agrees that, while all reasonable steps should be taken to enhance information security, these steps should be proportionate and should not risk impeding a committee’s effectiveness.

The efficacy of referring such matters as breaches of privilege for investigation by the Commissioner

44. When setting the terms of reference for this inquiry the Committee agreed that the interim Commissioner should comment on the efficacy of referring such matters (i.e. the unauthorised disclosure of confidential information) as breaches of privilege for investigation by the Commissioner. In doing so, the Committee had recognised that this was the first such referral to the interim Commissioner and that the appropriateness of the procedure was open to challenge.

45. The Interim Commissioner has addressed this issue in paragraphs 92 to 97 of his report. Paragraph 96 is particularly instructive. The interim Commissioner says:

“…. an institution cannot afford to tolerate or ignore a leak or the integrity of work processes and ultimately the standing of the institution itself will be undermined. It is important that leaks are investigated and treated with the utmost seriousness because of their implications….”

46. The Interim Commissioner also says, however, that inquiries are often time-consuming and resource intensive (as this one was) and that it is notoriously difficult to identify the source of a leak of confidential information. In the Committee’s view a question of proportionality therefore arises.

47. The Interim Commissioner has noted the difference between an investigation into an unauthorised disclosure carried out as a result of a complaint under the Assembly’s Code of Conduct and one arising from a referral of an alleged breach of privilege.

48. In the former case, the complaint would have to meet the usual admissibility criteria. These include a requirement to name the Member who is the subject of the complaint and that the complaint is substantiated (i.e. that it includes enough supporting evidence to establish a prima facie case that a breach of the Code of Conduct has occurred).

49. In the latter case, the requirements of Standing Order 70 apply and the Speaker would have to be satisfied that a breach of privilege had been made out.

50. The Committee is satisfied that, where there is a prima facie case that a Member has disclosed a confidential document without authorisation, it is the Commissioner’s role to investigate and determine whether a breach of the Code of Conduct has occurred. The Committee would expect an admissible complaint to have been made in such an instance. However, where no complaint has been made, the Commissioner may choose to undertake an investigation at his own initiative.

51. The Committee is clear that leaks of confidential documents by Members are intolerable and amount to a serious breach of the Assembly’s Code of Conduct. The Code requires Members to at all times observe and comply with any guidance or instructions of any kind approved by the Assembly, or issued by the Assembly Directorates on its behalf or with its authority. The Committee is clear that this includes an instruction to treat information in confidence. The Committee would not hesitate to recommend a sanction where a Member was found to have leaked a confidential document.

52. The interim Commissioner has suggested that the Committee should consider the need to review the Code of Conduct for Members to reflect more specifically that the unauthorised disclosure of Assembly information constitutes a breach of the provisions of that Code. The Committee accepts this recommendation. The Committee is about to embark upon a review of the Code and will consider how this issue is addressed elsewhere before strengthening the relevant provisions. However, Members should be clear that an unauthorised disclosure of confidential information would still be regarded by the Committee as a breach of the Code in its current version.

53. Of course it will not always be the case that when a leak has occurred there is a prima facie case that a particular Member is responsible (not least because no Member may have been responsible). The absence of such evidence would preclude the Commissioner from accepting a complaint or undertaking an investigation on his own initiative into whether a breach of the Assembly’s Code of Conduct had occurred.

54. The Committee notes that before the then Chairperson of the PAC raised the unauthorised disclosure of the leaked PAC report as an alleged breach of privilege, PAC commissioned its own internal investigation into the leak. On that occasion the internal investigation, which was conducted by a senior Assembly secretariat official, was not conclusive. Nonetheless, the Committee is satisfied that an internal investigation is the appropriate response to such leaks in the first instance. Internal investigations can be carried out speedily and are less resource intensive.

55. It is reasonable to question whether it is always necessary or proportionate to undertake further investigation into a leak of confidential committee papers where the committee’s own inquiry has failed to identify the source. Before seeking to raise a leaked document as a matter of privilege under Standing Order 70, committees should have regard to the co nsiderable resources, time and effort that an investigation by the Commissioner will demand.

56. Where such matters are raised under Standing Order 70 it is for the Speaker to take a view on whether a prima facie case of breach of privilege has been made out. In doing so the Speaker may wish to consider the extent to which the leak has caused a substantial interference to the work of the Assembly. In any event where such a matter is referred under Standing Order 70 by the Speaker to the Committee on Standards and Privileges, the Committee will give careful consideration to all relevant issues, including the seriousness of the leak and the resource implications of undertaking an investigation, before referring it to the Commissioner.

57. The Committee takes this position without prejudice to the outcome of any future review of Assembly privilege, and with the intention of undertaking such a review later in this mandate. The Committee is aware that the UK Government has published a green paper on the constitutional privileges of Parliament and that a Joint Committee on Parliamentary Privilege is due to report back in April 2013. Their conclusions will inform any review of Assembly privilege, notwithstanding the very distinct differences between parliamentary privilege and Assembly privilege.

Conclusion

58. The unauthorised disclosure of the draft PAC report, which probably took place on Tuesday 18 January 2011, inflicted damage on the Assembly without serving any public interest. The leak undermined trust within the PAC and obstructed its important work. The subsequent investigation was resource intensive and time consuming. While it is disappointing that the person or persons responsible have not been identified and subjected to disciplinary proceedings, the interim Commissioner’s investigation was a valuable exercise, having uncovered systemic shortcomings and making recommendations to address them. The Committee has noted the progress that has been made by those with responsibility for implementing the recommendations and looks forward to the swift adoption of the remaining accepted recommendations.

59. Of course, as the interim Commissioner has recognised, no matter what additional steps are taken it will never be possible or practicable to eliminate all risk of confidential or sensitive Assembly information being disclosed prematurely or without proper authority. The ultimate safeguard is the commitment of all those entrusted with confidential information to act in accordance with the Seven Principles of Public Life. Holders of public office must act with integrity and be truthful, something which the source of the leak conspicuously failed to do.

60. The Committee hopes that this report and that of the interim Commissioner underline the seriousness of leaking confidential information. The Committee is optimistic that with updated measures in place and with a renewed commitment by everyone to act in accordance with the principles of public life there will not be similar occurrences in future.

Download the full report.

Find Your MLA

Locate your local MLA

Find MLA

News and Media Centre

Read press releases, watch live and archived video.

Find out more

Follow the Assembly

Keep up to date with what's happening at the Assembly.

Find out more

Subscribe

Enter your email address to keep up to date

Sign up