PLC Public Sector reports:
Services continue to be outsourced by public authorities at an ever increasing rate. The public procurement regime that governs this process can be challenging and often makes public authorities wary of making a procedural error that could send the process back to square one. However, it is also important that a focus on the procedure adopted does not lead to general commercial principles being overlooked.
In this post we look at two recent high profile examples arising from contracts at both ends of the scale, highlighting how public authorities should not go about outsourcing services.
You need a contract (and one that is fit for purpose!)
There could probably be no clearer example of the risks of failing to put in place an appropriate contract than the Information Commissioner’s Office’s (ICO) recent announcement that it had imposed a fine of £250,000 on Scottish Borders Council under the Data Protection Act 1998 (DPA). The council had employed a company to digitise pensions records of its past employees and details of their pensions arrangements.
No written contract was put in place between the council and the company. The arrangement was that the company would collect manual files from the council, scan the documents at its own premises and then return the digital files to the council on a disk using standard post. However, the company was unaware that the next step saw the company dispose of the paper files at various public recycling banks. This came to light in September 2011 when a member of the public, having discovered a bank that had been overfilled with files containing personal data, called the police.
On becoming aware of what had been happening to the records, the council terminated its relationship with the company and informed the ICO of the situation. On 10 September 2012, the ICO announced that a fine of £250,000 had been imposed on the council under sections 55A of the DPA.
The error here is obvious and not one that appears to have been caused by the authority’s attention having been diverted to the niceties of the public procurement regime. When services are outsourced, appropriate contracts must be put in place. Where a contractual relationship will involve the transfer of personal data, particular regard should be had to ensuring that the requirements of the DPA are met. For example, the contract should make it clear that:
- Data will only be processed in accordance with the instructions of the authority.
- Appropriate security measures are put in place (and followed).
- The authority can monitor compliance with these requirements.
Even if you have a contract, you cannot rely on this alone
Our second example makes it clear that even a perfect contract will not be sufficient to ensure the success of a project. The memorandum setting out the results of the National Audit Office’s (NAO) investigation into a contract let by the Ministry of Justice (MoJ) is an interesting read. The contract in question was a call-off contract for interpretation and translation services let under a framework agreement established by the MoJ with a company called Applied Language Solutions (ALS). The call-off contract was worth an estimated £90 million over five years. The NAO was asked to investigate the relationship following numerous complaints and it concluded that:
- The rationale behind the changes to be implemented by the new arrangement was strong.
- The procurement process adopted was fair and open.
However, this is where the good news dries up, with the memorandum going on to state that:
- The due diligence process adopted, in particular the MoJ’s investigation of the ALS bid, was inadequate.
- While the MoJ had engaged with the market and users of the services, it had not given weight to concerns raised during this process.
- The MoJ had underestimated the risks to the project when switching from a regional roll-out to a national roll-out.
- The agreement had been made fully operational before the contractor was ready.
Unsurprisingly, this led to the issues that were complained about, which could have been resolved in part by the contract in place, but the MoJ:
- Initially chose not to impose service credits when it was entitled to do so (it is now).
- Failed to take full advantage of its rights to inspect ALS’s service provision.
This project is a good example of one where you can have a fully compliant procurement process and a fit for purpose contract, but still fall short if finer details such as due diligence and contract management are not kept on top of.