section 40 FOIA « Panopticon Blog

PAYMENTS TO SENIOR PUBLIC SECTOR EMPLOYEES: ROUNDUP OF RECENT PERSONAL DATA CASES

February 22nd, 2011 by Robin Hopkins

The FOIA update paper given at last week’s 11KBW Information Law Seminar provides a roundup of recent caselaw in a few of the most common areas of Tribunal litigation.

One is commercially sensitive or confidential information: in particular, Veolia and its aftermath.

Another is information on planning applications and property developments: in particular, those cases subsequent to South Gloucestershire, namely Bristol City, Bath & North East Somerset and Elmbridge.

A third area is personal data: here the recent cases of Dun, Bryce, Ferguson and Ince have all – like the cases mentioned above – been covered in Panopticon posts. Two others to take note of, however, both in the context of public sector pay (other than salaries).

One concerns bonus payments to public sector employees. Davis v IC and Olympic Delivery Authority (EA/2010/0024) saw the Tribunal distinguish between bonus information and performance assessment information. It ordered disclosure of certain information relating to the bonuses of senior employees of the ODA: the maximum performance-related bonuses to which the chief executive and communications director were contractually entitled, and the percentage of the maximum available bonus actually paid to certain other members of senior management. The Tribunal decided, however, that details of the performance targets which individuals failed to hit to 100% satisfaction should not be disclosed.

The other recent case on the personal data exemption is Pycroft v IC and Stroud District Council (EA/2010/0165). The context was an auditor’s report which observed that the local authority’s former Strategic Director of Housing “did not ensure that staff had taken ownership of managing the budgets”. The applicant requested the details of this Director’s early retirement package. The Commissioner found that disclosure of this information would not be fair, and the Tribunal agreed. It should be noted by those dealing with requests for information about payments to allegedly poorly-performing public sector employees.

Tags: confidentiality, environmental information, planning, public interest, section 40 FOIA, section 43 FOIA
Posted in INFORMATION LAW | Comments Off on PAYMENTS TO SENIOR PUBLIC SECTOR EMPLOYEES: ROUNDUP OF RECENT PERSONAL DATA CASES

PERSONAL DATA OF WHISTLEBLOWING CIVIL SERVANTS: REDACTION AND FAIRNESS

January 24th, 2011 by Robin Hopkins

Those considering the disclosure of personal data in a civil service context will wish to pay close attention to last week’s decision in Dun v IC and National Audit Office (EA/2010/0060). This is the latest Tribunal exercise in forensic scrutiny of fairness under the “personal information” exemption at section 40 (applied in tandem with the first data protection principle under the DPA).

The disputed information concerned the NAO’s enquiry into the Foreign & Commonwealth Office’s handling of employee grievances of a whistleblowing variety, i.e. those in which the employee had raised concerns as to “the proper conduct of public interest, fraud, value for money and corruption in relation to the provision of centrally-funded public services”. The request for information was triggered by the FCO’s inadvertent publication on its intranet of a “track changes” version of the draft report sent to it by the NAO: this tended to suggest that the FCO had sought not only to correct points of fact in that draft report, but also to influence its conclusions.

Unfairness of grievance and investigation information was pleaded based largely on the expectations of the complainants that their personal data would not be disclosed, and on the distress of their potentially being perceived as “trouble makers”.

A number of categories of arguably personal data were examined: junior civil servants’ names (outcome: don’t disclose), junior civil servants’ roles or job titles (outcome: disclose), contact details (outcome: don’t disclose, except for that part of an email address containing the name of a person whose name was otherwise to be disclosed), details of complaints and criticisms of employees (outcome: disclose in sufficiently redacted form).

The issue of redaction turned on whether disclosure in redacted form would preserve anonymity or achieve fairness – the NAO and IC had said no, but the Tribunal disagreed. It found that disclosure of whistleblowing case information in redacted form would be fair where (i) only those involved would be able to identify the persons being referred to, and (ii) those involved would not learn anything from the disclosed material which they did not know already.

This case is another instance of the established position that disclosure of the names of senior civil servants (here Grade 5 or above) will generally be fair, whereas those of their more junior colleagues would not. A note of caution here, however: the Tribunal was clear that no blanket policy should apply, and that fairness depends on the particular responsibilities and information with which the case is concerned.

One interesting aside: what of a civil servant who was junior at the time the information was created, but has since been promoted? Generally, subsequent events should not make a difference, but not necessarily: the Tribunal observed that it could “envisage a scenario where it is fair to disclose an earlier document in order to refute protestations of ignorance from the same individual who later becomes more senior and accountable”.

Tags: data protection, section 40 FOIA
Posted in INFORMATION LAW | Comments Off on PERSONAL DATA OF WHISTLEBLOWING CIVIL SERVANTS: REDACTION AND FAIRNESS

Application of the first data protection principle

November 19th, 2010 by Edward Capewell

Ms Alison Ince worked in a further education institute in Northern Ireland. She was dismissed from her employment in June 1999 and, from around 2002, had alleged on a number of occasions that her managers had been engaged in a fairly widespread fraud against the public purse in 1997. These allegations were investigated first by the Department for Education and Learning (DEL), and then by the Police Service of Northern Ireland. No criminal or disciplinary charges were brought and the investigation was not taken any further. Ms Ince had also raised the matter with her local MLA, with the chairman of the public accounts committee in Westminster and before an Industrial Tribunal (as they are still called in Northern Ireland). The IT held that there were no grounds for finding that any fraud had been committed.

Ms Ince was not satisfied with this finding. In October 2007 she made a request for information from the DEL with respect to her allegations of fraud at the institute. The information she sought included the transcripts of certain interviews held with other employees during the fraud investigation by the DEL. DEL provided some of the information, but withheld the transcripts pursuant to the personal data exemption in section 40(2) FOIA. The Information Commissioner agreed with DEL’s reliance on the exemption.

The Information Tribunal in Ince v Information Commissioner (EA/2010/0089) agreed – for the most part – with the Commissioner’s decision. Save in respect of one of the transcripts – that belonging to a friend of Ms Ince who gave evidence at a late stage in the hearing in which he consented to disclosure – the Tribunal found that it would not be fair for DEL to disclose the information and that disclosure would therefore breach the first data protection principle. Ms Ince had made four contentions in respect of the information:

(i) That because it related to the individual’s employment for a public sector organisation it related to their public, not private life;

(ii) That no harm or distress would have been caused to the individuals by disclosure of the transcripts;

(iii) That the interviewees’ objections to disclosure were outweighed by other considerations; and

(iv) That the interviewees did not have a reasonable expectation of privacy in respect of the transcripts

The Tribunal disagreed on all counts. As to (i), following the reasoning in Corporate Officer of the House of Commons v IC and Baker it unanimously rejected the notion that anything said or done by a public sector employee was public information and could therefore be disclosed. It found by a majority that “the disputed information in the case related to the individual’s employment but was not information so directly connected with their public role that its disclosure would automatically be fair”. As to (ii), the Tribunal found that harm or distress would be caused by disclosure generally, and would also be caused by Ms Ince’s own ‘disproportionate’ method of pursuing her allegations – which included threatening to bring private prosecutions for fraud against certain individuals. The Tribunal further considered that the Commissioner had given appropriate weight to the interviewees’ clearly expressed objections, and that they also had a reasonable expectation of privacy in respect of the transcripts. There was moreover no common law public interest in disclosure – fraud in the education sector generally was obviously of legitimate concern, but would not be helped by disclosure of the information sought by Ms Ince.

Tags: data protection, FOIA, section 40 FOIA
Posted in Uncategorized | Comments Off on Application of the first data protection principle

ELECTORAL COMMISSION’S INVESTIGATION INTO UNLAWFUL POLITICAL DONATIONS: PERSONAL AND NON-PERSONAL DATA

November 4th, 2010 by Robin Hopkins

Wendy Alexander MSP became leader of the Labour Party group in the Scottish Parliament in September 2007. In the course of her leadership election campaign, someone in her team recorded a donation of £950 as coming from a domestically-based company, whereas it in fact came (unlawfully) from an overseas-based individual. The Electoral Commission investigated two potential criminal offences that arose under the Political Parties, Elections and Referendums Act 2000. In February 2008, it issued what the Information Tribunal described as a “meagre statement”. It said that there was insufficient evidence of an offence under section 61 (knowingly facilitating, concealing or disguising an impermissible donation), but it acknowledged – implicitly – that an offence under section 56(3) (failure to return an impermissible donation within 30 days). Nonetheless, the case was not referred to the Procurator Fiscal. Many were dissatisfied with the investigation.

The requester in this case sought further information. Answers to a number of his questions were withheld. The Tribunal in Ferguson v IC and The Electoral Commission (EA/2010/0085) has today handed down a decision which is notable both for its commentary on the interaction between personal data and the inherent publicity of political life, and for a number of distinctions it draws between types of information which, at first glance, may appear to be personal.

Broadly, there were two types of question in dispute. One type sought the names of those who provided the Electoral Commission with answers to certain questions. Applying Durant, the Tribunal held that this was not personal data. Even if it were personal data, a Schedule 2 condition would be met, and the processing would be lawful and fair because there was no indication that interviewees had an expectation of confidentiality. The Tribunal emphasised that fairness does involve a balance of competing interests. Section 30(1) was engaged, but the public interest favoured disclosure. Here the Tribunal rejected the submission that disclosure would undermine voluntary co-operation with the Electoral Commission’s investigations: “politicians and their supporters have strong incentives to co-operate with the Commission”.

The second type was about who had misrecorded the donation and why. This was held to be sensitive personal data. The Tribunal cautioned against generalising about FOIA being purpose-blind: an applicant’s identity and motives may sometimes shed light on the public interests involved, and on whether conditions from Schedules 2 and 3 are met. In this case, however, a Schedule 3 condition was not met: the Tribunal was not persuaded that, at the relevant time, the answers the appellant sought were necessary for him to obtain legal advice on a possible application for judicial review of the Electoral Commission.

The Tribunal remarked that the appellant would have had a “strongly arguable case” under condition 6(1) of Schedule 2, and made a number of observations on fairness. It commented that “politics is an inherently public activity. The extent and manner of compliance with the rules should be expected to be subject to public scrutiny”. The Tribunal did, however, distinguish between the section 56 offence (implicit finding of guilt) and the section 61 offence (explicit finding of insufficient evidence). Disclosure concerning the former would not be unfair: Ms Alexander “would be well able to say in mitigation anything that she wished by making public statements, as any serious politician would”. Disclosure concerning the latter would be unfair: it “would risk placing the data subjects under a cloud of suspicion, in circumstances where there might be no definitive termination of speculation and where, as a result, undue distress would be likely to ensue”.

Tags: public interest, section 30 FOIA, section 40 FOIA
Posted in INFORMATION LAW | Comments Off on ELECTORAL COMMISSION’S INVESTIGATION INTO UNLAWFUL POLITICAL DONATIONS: PERSONAL AND NON-PERSONAL DATA

DISSECTING PERSONAL DATA – BRYCE V INFORMATION COMMISSIONER

August 18th, 2010 by Anya Proops

Section 40 FOIA provides for a number of exemptions in respect of ‘personal data’. The exemption which is most frequently prayed in aid by public authorities is the one provided for under s. 40(2), read together with s. 40(3)(a)(i). In essence, under these provisions, information will be absolutely exempt from disclosure under FOIA if: (a) it amounts to personal data, as defined in s. 1 of the Data Protection Act 1998 (“DPA”) and (b) its disclosure would contravene one or more of the data protection principles provided for under schedule 1 to the DPA. In practice, it can be very difficult to apply this exemption, particularly where the information in issue may comprise personal data relating to a number of different individuals. It was precisely this issue which the Tribunal had to tackle in the recent case of Bryce v IC & Cambridgeshire Constabulary (EA/2009/0083). In Bryce, a request had been made by Ms Bryce for disclosure of a police investigation report. The report addressed concerns which had been raised by Ms Bryce and others about the way in which the Cambridgeshire Constabulary had investigated the death of Ms Bryce’s sister, who had been killed by her husband. The Tribunal held that the report contained a multiplicity of different types of personal data including: Ms Bryce’s personal data; the husband’s personal data; personal data relating to the husband’s family; the personal data of witnesses; personal data relating to the deceased’s family; and personal data relating to officers who had conducted the investigation. Apart from Ms Bryce’s own personal data, which was exempt from disclosure under s. 40(1) FOIA, the Tribunal approached the question of how the s. 40(2) exemption applied to the remaining data by conducting a discrete analytical exercise in respect of each type of data. It is clear from the Tribunal’s analysis that it was of the view that very different considerations applied, for example, in respect of officers’ data as compared with the data relating to the husband’s family. The key implication of this judgment is that a public authority will expose itself to challenge under FOIA if it simply adopts a blanket ‘one size fits all’ approach to information comprising diffuse types of personal data. The judgment is also notable in that it applies the approach to the concept of ‘personal data’ which was approved in Durant v Financial Services Authority, rather than the arguably more liberal approach embodied in the Commissioner’s guidance: ‘Determining What is Personal Data’.

Tags: personal data, privacy, section 40 FOIA
Posted in Uncategorized | Comments Off on DISSECTING PERSONAL DATA – BRYCE V INFORMATION COMMISSIONER

LATEST TRIBUNAL DECISION ON THE ‘PERSONAL DATA’ AND ‘COST OF COMPLIANCE’ EXEMPTIONS

June 1st, 2010 by Robin Hopkins

The Tribunal’s first decision in the case of Alasdair Roberts v IC and Department for Business, Innovation & Skills (EA/2009/0035) established the controversial principle that the s. 36 exemption only applies where the opinion of the ‘qualified person’ was reached by the time the request was responded to: see Anya Proops’ post on that decision. DBIS was therefore not entitled to rely on s. 36 in refusing Mr Roberts’ request. Its refusal was, however, upheld in the Tribunal’s second decision in this case, which provides the latest word on the s. 40 ‘personal data’ exemption.

In particular, this case concerned the first data protection principle (processing must be fair and lawful and meet a Schedule 2 condition) and paragraph 6(1) of Schedule 2 to the DPA 1998. That condition is that “the processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject”.

Two notable points about the application of this principle emerge.

First – on whether the processing would be fair – senior civil servants (Grade 5 or above) do not have a reasonable expectation of anonymity in respect of any document, no matter how sensitive. More junior civil servants might have reasonable expectations: this will be less cogent where the job is “public-facing” (such as a Job Centre manager), and more cogent where the information is controversial (such as information about animal testing).

Secondly – on legitimate interests of ‘parties to whom the data are disclosed’ – the Tribunal found that the requester’s strong individual interest (for research purposes) was not sufficient to override the fact that this information was of very little interest to the world at large (to whom disclosure is, in the eyes of FOIA, to be made).

This decision also offers further guidance on what can be included within the ‘cost of compliance’ for s. 12 purposes. The Tribunal accepted the established principle that costs of redacting names are to be excluded, but qualified this as follows: “that may be appropriate where the task is simply to locate individuals’ names and redact them… but where, as here, the process requires a judgment to be made, document by document, balancing the various criteria we have identified, then we believe that much, if not all, of the process should be regarded as retrieving from each document the information which requires to be disclosed and therefore properly included in the cost estimate”.

Tags: Costs of compliance, section 40 FOIA
Posted in INFORMATION LAW | Comments Off on LATEST TRIBUNAL DECISION ON THE ‘PERSONAL DATA’ AND ‘COST OF COMPLIANCE’ EXEMPTIONS

THE PERSONAL IS POLITICAL – ACCESSING NICK GRIFFIN TRIAL RECORDS UNDER FOIA

January 23rd, 2010 by Anya Proops

The Guardian reports today that the CPS has refused a request for disclosure of its records of the 1998 race-hate trial of Nick Griffin. In the year before he was elected leader of the BNP, Mr Griffin was given a suspended prison sentence after being convicted of an offence under the Public Order Act 1986. The prosecution case centred on a magazine edited by Mr Griffin in which he dismissed the Holocaust as a hoax. The Guardian’s article indicates that the paper requested disclosure of the CPS’s records of the trial in circumstances where no transcript had been made of the hearing. It would appear that the request was refused by the CPS under s. 40 FOIA (the personal data exemption) and, in particular, on the basis that a large proportion of the requested information was ‘sensitive personal data’ as it related to the commission of an offence and Mr Griffin’s political opinions (see section 2 of the Data Protection Act 1998). It would appear that the Guardian will now lodge a complaint with the Information Commissioner. For an example of how the Information Tribunal applied s. 40 FOIA to a request for disclosure of personal data about individuals who had been made subject to ASBOs see further Camden v IC EA/2007/21

Tags: data protection, FOIA, section 40 FOIA
Posted in Uncategorized | Comments Off on THE PERSONAL IS POLITICAL – ACCESSING NICK GRIFFIN TRIAL RECORDS UNDER FOIA

Abortion statistics: identification of patients and doctors held to be unlikely

November 2nd, 2009 by Robin Hopkins

In 2003, the Department of Health significantly reduced the detail of publicly available statistics on abortion operations: for example, no information was any longer to be released about post-24-week abortions carried out on the grounds of foetal medical defects. The Department relied principally on s. 40 FOIA in refusing the Prolife Alliance’s request for more detailed data. The Information Tribunal has, however, ordered the statistics to be disclosed: see Department of Health v IC (Additional Party: the Pro Life Alliance) (EA/2008/0074). The Tribunal agreed with the Department that the requested abortion statistics, although entirely anonymised, did constitute personal data because they were not anonymous in the hands of the data controller. The Department’s principal concern, namely the inferential identification of doctors or patients, was not, however considered ‘likely’ in the circumstances. This factual finding meant that, in the Tribunal’s view, the release of the requested personal data was fair and lawful and that (under paragraph 6(1) of Schedule 2 to the DPA) the potential prejudice to patients and doctors was outweighed by legitimate third party interests in (inter alia) monitoring compliance with abortion law, identifying abortion trends, informing public debate and encouraging accountability of medical practitioners. The decision is of note for its detailed analysis of the ways in which individuals might be identified from statistical data, and for the Tribunal’s reliance on the Corporate Officer of the House of Commons litigation (in its various stages) for guidance on the balancing test under paragraph 6(1) of Schedule 2 to the DPA.

Tags: data protection, FOIA, section 40 FOIA
Posted in INFORMATION LAW | Comments Off on Abortion statistics: identification of patients and doctors held to be unlikely

Disclosing Disciplinary Records Under FOIA

June 16th, 2009 by Anya Proops

The Information Tribunal has recently handed down a decision in which it upheld the Commissioner’s conclusion that information as to judges’ serious misconduct was exempt from disclosure under the personal data exemption provided for under s. 40(2)(c) FOIA – Guardian Newspapers v IC (EA/2008/0084). The decision is interesting not least because it highlights the Tribunal’s continuing reluctance to treat personal data concerning disciplinary matters as being disclosable under FOIA (see further on this point the earlier cases of Waugh v IC & Doncaster College (EA/2007/0060) and Roger Salmon v IC & King’s College (EA/2007/0135)). Notably, the Tribunal also held that the information in question was exempt under s. 31(1)(c) FOIA (administration of justice exemption).

The central issue in the appeal was whether disclosure of the information would contravene the first data protection principle (DPP1) contained in Schedule 1 to the Data Protection Act 1998 (DPA) and, hence, render the information absolutely exempt from disclosure under s. 40(2)(c) FOIA. The Tribunal held that DPP1 would be contravened. In reaching this conclusion, the Tribunal took into account in particular the facts that:

· the DPA contained an exclusion which prevented judicial office holders themselves gaining access to data which revealed assessments of their ‘suitability to hold judicial office’ and it would be an odd result if third parties could access such data under FOIA but the data subjects themselves could not (para. 91);

· some of the information would amount to sensitive personal data which would require that one of the stringent conditions contained in Schedule 3 be met in order for the disclosure to be in accordance with DPP1 (para. 92);

· some information was already in the public domain as to the fact and scope of reprimands or serious actions (para. 93);

· the judges themselves would have a reasonable expectation that their disciplinary record would be kept confidential (para. 96);

· there would a risk that judges would suffer great distress if the information were to be disclosed and, further, that their future authority and their future employment prospects would be jeopardised (para. 97).

In addition the Tribunal held that s. 31(1)(c) FOIA was engaged in respect of the information and that the public interest weighed in favour of maintaining that exemption. In reaching this conclusion, the Tribunal took into account in particular the fact that, in its view, disclosure of the information would undermine a judge’s authority while carrying out his or her judicial function and would otherwise disrupt the judicial process by encouraging legal representatives to seek adjournments by reason of alleged concerns about the judge’s good standing (para. 106). 11KBW’s Karen Steyn appeared on behalf of the Ministry of Justice.

Tags: data protection, disciplinary, Information Tribunal, personal data, section 40 FOIA
Posted in Uncategorized | Comments Off on Disclosing Disciplinary Records Under FOIA

ABORTION STATISTICS AND PERSONAL DATA

May 27th, 2009 by Anya Proops

The Information Tribunal will this week begin hearing an important appeal against a decision of the Information Commissioner that certain abortion statistics relating to ground (e) abortions (abortions in cases of disability) were disclosable under section 1 FOIA. The appeal concerns in particular the interesting and difficult question of whether and to what extent ostensibly anonymous, statistical information can nonetheless constitute ‘personal data’ for the purposes of the personal data exemption provided for under section 40 FOIA. Before the Commissioner, the DH argued that, whilst the information in the abortion statistics does not per se identify any particular individual, because the statistics themselves relate to a relatively small number of cases, it would still be possible to identify particular patients and/or doctors who have carried out the abortions, particularly if the statistics were married either with other information held by the DH or already in the public domain. The Commissioner was not persuaded by that argument. He held that the statistical information was so far removed from the information on the Abortion Notification forms from which the information was derived that it no longer retained the attributes of personal data. The proposition that proximity to identifying information should be the barometer of whether particular anonymous information constitutes ‘personal data’ is likely to be hotly contested before the Tribunal. Watch this space for further news! Tim Pitt-Payne will be appearing on behalf of the Commissioner.

Tags: data protection, Information Tribunal, section 40 FOIA
Posted in Uncategorized | Comments Off on ABORTION STATISTICS AND PERSONAL DATA

Blog maintained by:

Search

Subscribe

Law Reports

Links

Disclaimer