Chapters: 01 | 02 | 03 | 04 | 05
4.1 In many situations it will be appropriate for a department neither to confirm nor deny the existence of the information sought and claim the section 23(5) exemption. Where a department does this it will not be appropriate or necessary to claim the section 23(1) exemption. Clearly it would not make logical sense for the duty to communicate the information to arise where it was decided to give a "neither confirm nor deny" response. Where the duty to communicate does not arise, it is not necessary to claim the exemption under section 23(1).
4.2 It is also important to note that where a department does NOT hold information, directly or indirectly supplied to them by, or about, a Security Body it may still be appropriate to rely upon the exemption under section 23(5) in order neither to confirm nor deny the existence of information. This is because to confirm that no information is held is of itself information about a Security Body, namely information that a Security Body has not supplied information. A more detailed explanation of NCND is given in the guidance on section 24 at Annex C.
There is considerable potential overlap between the information covered by section 23 and that covered by section 24. Clearly information about the existence or otherwise of information from, or relating to, a Security Body is information which is also capable of being exempt under section 24(2), if exemption from the duty to confirm the existence of information (section 1(1)(a)) is required for the purpose of safeguarding national security. The use of section 23(5) and section 24(2) together is possible under the Act (in contrast to section 23(1) and section 24(1) which are expressly mutually exclusive). The ability to use section 23(5) and section 24(2) together is important where it is necessary to answer a request in a way that preserves NCND.
4.3 There will be information requests where NCND does not need to be maintained. Whether an NCND stance is required to protect national security is a matter of fact to be considered on a case-by-case basis. For example, where a request concerns an area of activity where it is known that one or more of the Security Bodies are involved there will be no need to maintain NCND. Equally, there may be cases where information is shortly to be put into the public domain which would make an NCND stance unnecessary.
4.4 However, where NCND needs to be maintained for national security purposes it is important that whenever an exemption from the duty to confirm or deny (under section 1(1)(a)) is claimed under section 23(5) consideration is always given to claiming the equivalent exemption under section 24(2). Of course use of section 24(2) will require a full consideration of the need for the national security exemption and the public interest in disclosure (on which see paragraph 3.3 in the chapter on the section 24 exemption). But consideration of the combination is necessary because the nature of section 23 inevitably discloses that a Security Body is involved (or that the absence of involvement of a security body is significant) and use of section 23 and 24 together may be the only way that the "non committal" response that NCND requires, in order to work, can be maintained. Further, so that it cannot be readily inferred that use of the two exemptions together is itself an indicator of the relevance of security body activity, it is important that where section 24 is relied on, reciprocal consideration is given to the justification for relying on section 23.
4.5 NCND may be undermined not only by confirming that there is information held (i.e. implying that the Security Bodies have an interest in the subject) but also by confirming that there is not (i.e. implying that the Security Bodies do not have an interest). Thus confirmation that no information is held which has been supplied or relates to a Security Body may itself be information, for which an exemption from disclosure is required. This may justify the use of the section 23(5), or both the section 23(5) and the section 24(2) exemptions in order to neither confirm nor deny in response to a request for information. The decision as to whether a section 23(5) exemption is an appropriate response where no information is held must always be considered carefully. The following factors must always be taken into account:
4.6 This is not an easy analysis to make and there may be reasons why NCND needs to be used of which officials are not aware. Where a department is in any doubt as to the appropriate manner in which to respond in such circumstances it should always consult its departmental security officer and/or refer to the appropriate Security Body, who will be able to advise on the appropriate course of action.
4.7 Whether a department holds section 23 information or not it will need to consider whether it can confirm or deny that fact in response to a request. Where a department determines that it should neither confirm nor deny the existence of the information, as mentioned above, it may rely upon section 23(5). This provides that a department may NCND if compliance with the duty to inform (section 1(1)(a)) would involve the disclosure of information supplied by or about a Security Body. Whenever a department relies upon section 23(5) to NCND it will need to comply with the duty under section 17(1) to state in a notice that it is relying upon an exemption and indicate which exemption it is relying upon. It may also be obliged to state why the exemption applies (section 17(1)(c)), although this may not be required if to do so would reveal exempt information (section 17(4)).
4.8 Where a department claims the section 23(5) exemption it is not necessary for it also to claim the exemption from the duty to communicate the information (the section 23(1) exemption). As such any section 17 notice in relation to a claimed exemption under section 23(5) only need state the information required in relation to the exemption from the duty to confirm or deny. Where the section 24(2) exemption is claimed alongside the section 23(5) exemption, the section 17 notice will need to deal with both exemptions and in relation to the section 24(2) exemption, make reference to the fact that the public interest for and against disclosure has been properly assessed.
4.9 Section 23(2) provides that a certificate may be signed by a Minister, certifying that the information to which it applies was directly or indirectly supplied by, or relates to, any of the specified Security Bodies. The Act says that a certificate will "be conclusive evidence of that fact" but it should be noted that this can be challenged under section 60.
4.10 Section 23 only allows Ministerial certificates to be signed in relation to specific information. The certificate cannot be general and prospective; in other words it cannot be prepared and signed in expectation of a request for information (unlike certificates served under the section 24 national security exemption).
4.11 A Ministerial certificate requires the signature of a Minister of the Crown (who for these purposes are Cabinet Ministers, the Attorney General and the Advocate General).
4.12 It is not necessary to have a certificate in order to rely on the section 23 exemption but it will strengthen the position of the department in any legal proceedings, and determine the forum for hearing an appeal. When a Ministerial certificate has been served, any appeal is heard by the Information Tribunal (the Tribunal) rather than by the Commissioner. (See chapter on section 24, Annex A)
4.13 Officials should consider preparing a Ministerial certificate at an early stage in response to a request for information where the section 23 exemption will be relied upon. Since the certificate is relevant primarily to the stage at which formal enforcement action becomes a possibility departments need not serve a certificate on the applicant at this stage, but can defer doing so until the applicant has exhausted the internal review process and indicated that he will be applying to the Commissioner. To serve the certificate when answering a request may be premature and involve unnecessary work, but a department may nevertheless want to consider the drafting of a certificate at this stage in case it becomes necessary to utilise it.
4.14 In any event, departments should consider establishing a procedure with the appropriate private office so that where necessary certificates can be drawn up and signed without undue delay. The Act does not require that a certificate is signed by any particular minister. It is also possible for one ministerial certificate to cover round robin cases. Where the information being safeguarded potentially crosses departmental boundaries, it will be important to undertake interdepartmental consultation at an early stage. You should contact your departmental security officer and, when dealing with round-robin requests, the DCA Clearing House.
4.15 Consideration should be given to drawing up a specific certificate template; departments may wish to ask their lawyers to prepare a draft which can be adapted for use when needed.
4.16 Where a section 24(2) exemption has been claimed in conjunction with the section 23(5) exemption a certificate in relation to each exemption can be deployed in respect of the same information (see guidance on Ministerial certificates under section 24).