Carsten Reisinger - stock.adobe.

ICO to probe Hancock over private email use

Former health secretary faces an investigation by the UK’s data protection watchdog over his use of private email to conduct government business

Former health secretary Matt Hancock, who resigned in June after breaking social distancing laws amid a storm of criticism for his handling of the Covid-19 pandemic, now faces an Information Commissioner’s Office (ICO) investigation into the inappropriate use of private correspondence channels at the Department of Health and Social Care (DHSC).

This comes after the government admitted that Hancock and health minister James Bethell used personal email accounts to conduct DHSC business.

Government ministers are supposed to only use official channels to communicate so that they can be properly recorded and scrutinised, but there is no official prohibition on the use of private email on a discretionary or occasional basis, as long as information is handled transparently and in accordance with the Official Secrets Act, Freedom of Information Act (FoIA), Data Protection Act (DPA) and Public Records Act.

Writing on the ICO’s website, information commissioner Elizabeth Denham said that the role of transparency as fundamental to democracy had been thrown into sharp relief by the events of the past year and a half.

“Government decisions about public health and civil liberties, about where we can travel and who we can see, about vaccines and testing, about supporting and reshaping economies – all these decisions are made on behalf of society by those in power. The effects of decisions taken during this time will be with us for years to come,” she said.

“It is through transparency and explaining these decisions that people can understand and trust them. And it is through documenting these decisions that lessons can be learned to inform future decisions – something emphasised by the international transparency community last year.

“That is why the suggestion of ministers and senior officials using private correspondence channels, such as private email accounts, to conduct sensitive official business is a concerning one. It concerns the public to feel there may be a loss of transparency about decisions affecting them and their loved ones. And as the regulator of data protection and freedom of information laws, it concerns me,” said Denham.

Denham said it was all too easy for information left in private email or messaging accounts to be forgotten, overlooked, deleted, or otherwise made unavailable if it was ever to be needed in future, frustrating the freedom of information process, and putting at risk the preservation of official records of decisions taken by government ministers – such as Hancock’s alleged handing of PPE contracts to businesses with which he had a personal connection.

She added that she was also worried that emails containing personal details might not be properly secured in people’s personal email accounts.

“That is why my office has launched a formal investigation into the use of private correspondence channels at the Department for Health and Social Care, and has served information notices on the department and others to preserve evidence relevant to my inquiry,” said Denham.

“That investigation will establish if private correspondence channels have been used, and if their use led to breaches of freedom of information or data protection law. We will publish the results of that investigation in due course.”

The ICO could take a number of actions following the investigation, ranging from issuing recommendations for best practice and enforcement notices, up to the option of criminal prosecution if it determines information has been deliberately destroyed, altered or concealed after being requested under the FoIA.

The ICO’s specific guidance on managing official information held in private email accounts can be read here.

Read more about the ICO’s work

  • Information commissioner’s concern over the problematic use of facial recognition in public spaces has prompted her to publish official guidance on its deployment, while civil society calls for an outright ban.
  • Data disclosed under the Freedom of Information Act reveals an estimated 700 data breaches were reported to the Information Commissioner’s Office by local councils last year.

Read more on Privacy and data protection

Data Center
Data Management