Officials at the Treasury’s Office of Government Commerce [OGC] are ordering the destruction of “gateway review” reports into the progress or otherwise of billions of pounds worth of risky government IT projects to cut the risk of leaks.
An OGC paper tells civil servants that, in the context of the Freedom of Information Act, they should “securely dispose” immediately of final reports of gateway reviews – which are internal assessments of projects such as the £5.3bn ID cards scheme and the NHS’s £12.4bn National Programme for IT.
The paper also tells civil servants they must securely dispose immediately after delivery of the final gateway report “all supporting documents”.
The OGC oversees large IT and other projects in Whitehall and the wider public sector. Its instruction comes even though it has lost two appeals under the Freedom of Information Act to keep early “gateway review” reports on ID cards secret.
Managed by the OGC, Gateway reviews are independent assessments of high and medium-risk IT-based and other projects at various stages in their lifecycle. More than 2,000 gateway reviews have been carried out – but the OGC has published none of them.
The order for the destruction of final reports will fuel suspicion that they identify fundamental flaws in some major government IT-based projects.
Vincent Cable, Liberal Democrat Shadow Chancellor, said the OGC’s instruction to destroy gateway final reports is “shockingly arrogant behaviour by those who should know they are accountable for public money”. He said that Parliament and taxpayers have a right to see the gateway review reports.
The Information Commissioner ruled in July last year that early gateway reviews on ID cards should be published, arguing that it should be public knowledge whether the programme was feasible and being well managed. The OGC appealed – and lost. It is now to fund a third appeal hearing, this time to the High Court.
In giving advice to gateway review teams on the Freedom of Information Act, the OGC paper says: “Please be aware that, as per our guidance, you must securely dispose of the [final gateway] report and all supporting documents immediately after delivery of the final report- which should be no later than seven days after the review.”
The OGC wants to cut the risk of leaks – only two people will have copies, the OGC and a department’s “senior responsible owner”.
Nobody else has any automatic right to see the reviews. So a department or agency’s internal audit committee, MPs, the department’s IT team, computer suppliers and potential end-users may be denied access to the final report.
The OGC is also assuring departments that confidentiality over gateway reviews is “assured” – even though the High Court could rule that the reviews are published.
And the presentation paper tells review teams if asked verbally for information on the gateway reviews to include in their reply the fact that the say they are not “actively published or disclosed”.
Under the Freedom of Information Act, each request for disclosure of gateway reviews should be considered individually. But the OGC has refused every application for disclosure of the results of gateway reviews.
Two Parliamentary committees have asked the government to look favourably on publishing gateway reviews after taking in evidence from Computer Weekly. This magazine’s evidence was also cited in the ruling of the Information Tribunal that early reviews on ID cards be published.
An OGC spokesman refused to say why it has ordered the secure disposal of gateway reports. The OGC confirmed that only two copies are kept.
Civil servants who undertake gateway reviews told Computer Weekly they thought it unnecessary to destroy the final reports. They said the documents usually contained important recommendations which may not be carried out properly if people in the department or agency do not know what they are.
One gateway reviewer said the order to destroy the final reports was “odd and a little sinister”.