|
Decision 064/2007 Ms X and Scottish Borders Council |
|
Information relating to the Architects' Section of the Council |
Applicant: Ms X
Authority: Scottish Borders Council
Case No: 200501889 and 200502793
Decision Date: 3 May 2007
Decision 064/2007 Ms X and Scottish Borders Council
Information relating to the Architects' Section of Scottish Borders Council - whether certain information held - whether certain information exempt from disclosure under section 38(1)(b) (personal information)
Relevant Statutory Provisions
Freedom of Information (Scotland) Act 2002 (FOISA): sections 17 (Notice that information is not held); 38(1)(b) (Personal information).
Data Protection Act 1998 (DPA): section 1 (Basic interpretative provisions); section 2 (Sensitive personal data); Schedule 1, Part 1, paragraph 1 (the first data protection principle); Schedule 2 (Conditions relevant for the first principle: processing of personal data)
For the full text of these sections see the Appendix to this decision. The Appendix forms part of this decision.
Facts
Ms X requested information from Scottish Borders Council (the Council) on two separate occasions.
In its responses to Ms X's requests the Council stated that it did not hold the majority of the information requested, but that it was unable to disclose some of the information as to do so would breach the provisions of the DPA.
Ms X was not satisfied with the responses to either request and asked Scottish Borders Council to review its decisions. Ms X was dissatisfied with the responses received and wrote to the Scottish Information Commissioner on both occasions asking him to investigate whether the Council had responded to her request in line with the provisions of FOISA.
Because of the similarity of the requests, the Commissioner conjoined his investigation of Ms X's application for a decision.
Following investigation the Commissioner found that the Council did not hold the majority of the information requested. He also found that the Council was correct in withholding certain information under section 38(1)(b) of FOISA. However the Commissioner found that the Council had incorrectly withheld certain other information under this section and ordered the Council to release this information.
Background
1. On 26 April 2005 Ms X emailed the Council and requested the following information:
(a) The names and employment dates of the all staff in the Architects' Section over the last 10 years
(b) The instances of work-related sick leave in the Architects' Section over the same period
(c) A copy of the accident book for the Architects' Section over the same period
(d) The name of the person currently responsible for the accident book for the Architects' Section"
2. On 6 May 2005 the Council responded to Ms X's request, stating that to disclose the information which it held in relation to request (a) would breach the provisions of the DPA.
3. In response to requests (b), (c) and (d), the Council stated that it did not hold the information requested.
4. Ms X emailed the Council on 9 May 2005 requesting that it review the way in which it had responded to her requests.
5. On 23 May 2005 the Council responded stating that it had carried out a review and had nothing further to add.
6. Ms X remained dissatisfied and wrote to me on 28 May 2005 requesting that I investigate the way in which the Council responded to her request for information.
7. On 3 August 2005, Ms X emailed the Council and asked whether inadequacies in project management within the Architects' Section been investigated.
8. The Council responded on the same day stating that no investigation had been carried out.
9. On 3 August 2005 Ms X emailed the Council, requesting it review the way in which it had responded to her requests.
10. Ms X remained dissatisfied and wrote to me on 30 September 2005 requesting that I investigate the way in which the Council responded to her request for information.
11. The cases were allocated to an investigating officer and Ms X's appeals validated by establishing that she had made valid requests for information to a Scottish public authority and had appealed to me only after asking the authority to review its responses to her requests.
12. In the circumstances, I have decided to conjoin my decisions in relation to these requests.
The Investigation
13. Letters were sent to the Council on 1 July 2005 and 23 November 2005 giving notice that appeals had been received and investigations into the matters raised had begun, as required by section 49(3)(a) of FOISA. The Council was asked to comment on the issues raised by Ms X's cases and to provide supporting documentation for the purposes of the investigation.
14. In its submissions the Council provided information about its procedures for records management and copies of the relevant sections of its personnel policies, guidelines and records. It also provided details of its annual public performance reports and guidance on how it investigated areas in which it judged itself to be underperforming.
The Commissioner's Analysis and Findings
15. In these cases I must investigate whether the Council was correct in stating that it did not hold the information requested, and then go on to determine whether the information which the Council does hold in relation to Ms X's request is exempt from disclosure under section 38(1)(b) of FOISA.
Whether the information is held
16. In its responses to Ms X, the Council stated that it did not hold information relating to:-
The first request
(a) Instances of work-related sick leave in the Architects' Section in the previous 10 years
(b) A copy of the accident book for the Architects' Section for the same period
(c) The name of the person currently responsible for the Accident Book within the Architects' Section
The second request
Details of an investigation into previous project management inadequacies within the Architects' Section
17. I shall consider each of these in turn.
Instances of work-related sick leave in the Architects' Section
18. Section 17(1) of FOISA requires that an authority must give notice to an applicant if it does not hold the information requested.
19. Ms X requested that the Council provide her with all of the instances of work-related sick leave within the Council's Architects' Section in the 10 years prior to her request. From the context of Ms X's request, I am taking work related sick leave to mean absence through illness which an employee has claimed to be caused by their working environment.
20. The Council responded stating that the information which Ms X had requested was not available because the Council only recorded instances of work-related sick leave where it had been the result of an incident or accident at work. In its response to the request for review the Council stated that it had nothing else to add.
21. In decision number 208/2006 I set out the procedures used to search the same Council's records to confirm that it did not hold records of instances of work-related sickness within its Architects' Section. I am satisfied that the same procedures were used in this case and that the Council does not hold the information which Ms X has requested.
22. As such I am satisfied that section 17(1) of FOISA applies in this case and that the Council was correct in stating that it did not hold the information.
Copies of the accident book for the Architects' Section since 1995
23. Ms X requested that the Council provide her with a copy of the accident book for the Architects' Section covering the 10 years prior to her request. The Council's response stating that the information which she had requested was not available, as the Council no longer recorded details of accidents at work in an accident book. It explained that it had been advised that Accident Books contravened the provisions of the DPA.
24. In its submissions to me, the Council confirmed that it did not hold an accident book for its Architects' Section. It also provided me with a press release from the Health and Safety Executive which states that accident books (in the form generally maintained at that time) did not comply with the DPA. Further to this, it provided me with copies of its Work-Related Accident Procedures to demonstrate its new procedures for recording accidents or injuries at work.
25. From the information provided to me it is clear that, as of 31 December 2003, accident books or their equivalent are not maintained for the various constituent parts of the Council. I am therefore satisfied that the Council does not hold the information which Ms X requested for 2004-2005 and therefore that it was appropriate for the Council to apply section 17(1) of FOISA to that part of the request.
26. However, Ms X requested the information recorded in the relevant accident book since 1995. The Council explained that it had misread Ms X's request and only considered accident books for 2005 and, since accident books had been abandoned after 2003, it was on that basis that it had stated that these did not exist. Subsequently, it was able to produce an accident book for the period from 1 January 2001: I am satisfied that this is the only relevant accident book it holds.
27. As the Council does, in fact, hold an accident book for part of the period covered by Ms X's request I must find that the Council breached section 17(1) of FOISA in its response to Ms X, insofar as the period from 1 January 2001 to 31 December 2003 was concerned.
28. Having established that the Council holds a relevant accident book, I must ascertain whether the Council should have disclosed that accident book to Ms X.
29. The Council cited advice given by the Information Commissioner's Office that to disclose the information contained within its accident books would breach the DPA is the books contained personal information the disclosure of which would breach the first data protection principle. I will consider in detail whether the information is exempt from disclosure under section 38(1)(b) of FOISA in paragraphs 41 onwards below.
The name of the person responsible for the accident book within the Architects' Section
30. Ms X requested that the Council provide her with the name of the person with the Architects' Section currently responsible for the maintenance of its accident book. The Council responded that it did not hold this information, as it no longer maintained accident books and therefore no one within the Architects' Section currently had responsibility for their maintenance.
31. As stated above, I am satisfied that the Council no longer maintains accident books or their equivalent for its constituent parts (such as the Architects' Section). It follows that I am satisfied that no one within the Architects' Section currently has responsibility for the accident book.
32. As such, I find that the Council was correct in notifying Ms X that it did not hold the information which she requested in this instance and in applying section 17(1) of FOISA accordingly.
Details of an investigation into previous project management inadequacies within the Architects' Section
33. In her request to the Council dated 3 August 2005 Ms X highlighted financial information which related to the Architects' Section's work on ensuring that the Council complied with the disability legislation. Ms X alleged that the information indicated inadequacy in the project management of this work and requested confirmation that those inadequacies had been investigated.
34. The Council responded to Ms X stating that no investigation into the matter had taken place.
35. I should point out here that it is not my role to determine whether there have been inadequacies in project management within the Council's Architects' Section. It is my role to determine whether the Council holds information falling within the scope of Ms X's request.
36. In determining what the Council's procedure for investigating any inadequacies would be, I note that the Council has 3 main ways of obtaining evidence to evaluate its own performance. These are:-
a) Through the internal audit system
b) Through an external audit
c) Through its Scrutiny Committee
It is also possible, however, that an investigation specific to a particular matter, not falling into any of the above categories, may be commissioned using internal or external resources.
37. Examining the records the Council holds of investigations carried out by these methods during 2004 and 2005 (the only years in which the relevant investigation could have taken place), I found no evidence of any investigation having been carried out into any part of the operation of the Architects' Section.
38. The Council also provided me with a copy of a report commissioned by the Council from external consultants into the performance of its Architects' Section. This document revealed no evidence of any investigation falling within the scope of Ms X's request.
39. Having examined the available documents considered relevant to establishing whether an investigation of project management inadequacies within the Architects' Section was conducted, I am satisfied that there is no evidence of such an investigation.
40. Consequently, I am also satisfied that the Council holds no information relating to such an investigation and was correct in notifying Ms X that it held no information in relation to her request and applying section 17(1) of FOISA accordingly.
Section 38(1)(b) of FOISA - Personal information relating to third parties
41. In her request to the Council of 26 April 2006 Ms X requested a list of the names and employment dates of members of its Architects' Section for the previous 10 years. The Council argued that to disclose the names and employment dates of members of staff would be to breach the provisions of the DPA.
42. Once it had been established that the Council held accident books falling within the scope of Ms X's request, the Council stated that the information requested was also exempt from disclosure under section 38(1)(b) of FOISA. I will now consider whether the employment details and the accident books are exempt from disclosure under section 38(1)(b).
43. Under section 38(1)(b) of FOISA (read in conjunction with section 38(2)(a)(i) or, as appropriate, section 38(2)(b)), information is exempt information if it constitutes personal data and the disclosure of the information would contravene any of the data protection principles contained in Schedule 1 to the DPA.
44. In considering this exemption, I am therefore required to consider two separate matters: firstly, whether the information under consideration is personal data and, if so, whether the release of the information would breach any of the data protection principles.
45. It must be borne in mind that this particular exemption is an absolute exemption. This means that it is not subject to the public interest test contained in section 2(1) of FOISA.
46. "Personal data" is defined in section 1(1) of the DPA as "data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual."
47. Ms X requested the names of employees in the Council's Architects' Section in the previous 10 years, the employment dates of those employees, and also copies of the accident books for the Architects' Section for the same period.
48. I have considered whether the names of the individuals employed within the Architects' Section would constitute personal data as defined by the DPA and take the view that the names of those individuals will be their personal data.
49. Similarly, I have concluded that the employment dates of those individuals fall within the definition of personal data as defined in section 1(1) of FOISA.
50. Finally, I am satisfied that the information contained in the accident books held by the Council also falls under the definition of personal data. As the information in the books relates in some way or other to the physical or mental health or condition of each individual whose accident is recorded there, I am also satisfied that the information is sensitive personal data in terms of section 2 of the DPA.
51. Having concluded that the information under consideration is personal data (and in some cases sensitive personal data), I must now go on to consider whether the disclosure of this information would breach any of the data protection principles. In these cases, the Council has argued that release of the information would breach the first data protection principle.
52. The first data protection principle states that personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 of the DPA is met and, in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
53. According to the relevant guidance from the Information Commissioner (Freedom of Information Act Awareness Guidance No 1: Personal Data), the assessment of fairness includes looking at whether the third party would expect that his/her information might be disclosed to others and/or whether the third party would expect that his/her information would be kept private.
54. In considering whether it would be fair to disclose a list of the names of employees of the Council's Architects Section over the previous 10 years and their employment dates, I have considered any expectations of privacy that those individuals might have.
55. In relation to the names of employees in the Architects' Section over the 10-year period, I do not believe that that the employees in question would expect that information to be available for disclosure to a member of the public. This part of Ms X's request is capable of including all employees within the Section over that period, regardless of when they were employed during the period, how long they were employed and whether they remained employed by the Council at the end of the period. I would not consider it reasonable for every employee in a particular part of an authority over such a period to expect that the fact that they were employed there should be in the public domain for so long. Therefore, while there might be arguments for dealing with a more restricted request for names differently, I do not accept that disclosure of the list of names requested by Ms X would be fair and therefore would regard such disclosure as being in breach of the first data protection principle.
56. In relation to the employment dates of the employees in the Architects' Section over the specified period, my view is that these employees would not have a reasonable expectation that this level of detail would be made publicly available and that, accordingly, the release of this information would be not be fair in terms of the first data protection principle. Information at this level of detail, although it does relate to a person's employment, impinges also on the employee's private life and therefore, as a general rule, is likely to merit greater protection.
57. While the employees concerned would no doubt have an expectation that their employment dates would be held by the Council for the purposes of their personnel records, I do not believe they would expect this information to be made publicly available. I am satisfied that the release of this information would not be fair and that it would therefore breach the first data protection principle. In coming to this decision I have taken into account the relative seniority of the employees within the Council and the length of the period in respect of which the information has been requested.
58. Given that I have found that disclosure of the names and employment dates would be unfair, I am not required to go on to consider the lawfulness of the release of the information or whether the processing (i.e. disclosure) would meet any of the conditions in Schedule 2 to the DPA. I am therefore satisfied in relation to the request for a list of names and employment dates that the Council has relied on the exemption under section 38(1)(b) correctly.
59. Finally Ms X asked for a copy of the accident book for the Architects' Section for the specified period. The information contained within the accident book constitutes personal data relating to aspects of the physical or mental health or condition of the individuals involved in the accidents recorded and is therefore sensitive personal data. I am quite satisfied that those individuals would have a reasonable expectation that such information would not be disclosed to a member of the public. I am also aware that the Information Commissioner has provided guidance to the Health and Safety Executive to the effect that disclosing information contained within accident books to third parties is likely to breach the first data protection principle. In any event, I can identify no condition in Schedule 3 to the DPA which would permit disclosure to a member of the public. In all the circumstances, therefore, I accept that disclosure of the information in the accident book would breach the first data protection principle and consequently that the information is exempt from disclosure under section 38(1)(b) of FOISA.
Decision
I find that Scottish Borders Council (the Council) was correct in its response to Ms X's request in terms of section 17(1) of the Freedom of Information (Scotland) Act 2002 (FOISA), in that it did not hold information relating to:-
a) The instances of work-related sick leave within its Architects' Section in the 10 years prior to Ms X's request
b) Copies of accident books relating to the Council's Architects' Section up to 31 December 2000 and from 1 January 2004
c) The investigation of inadequacies in project management within the Council's Architects' Section.
However, I find that the Council was not correct in notifying Ms X that it did not hold information in relation to copies of accident books from 1 January 2001 to 31 December 2003 and that, to that extent, it breached section 17(1) of FOISA and so failed to comply with Part 1 of FOISA.
However I have also found that those accident books held by Scottish Borders Council in relation to its Architects' Section were in any event exempt from disclosure under section 38(1)(b) of FOISA and therefore that in that respect the Council dealt with Ms X's request in accordance with Part 1 of FOISA.
Finally, I find that the Council was correct in withholding the names and employment dates of individuals working within its Architects' Section in the 10 years prior to Ms X's request under section 38(1)(b) of FOISA and therefore dealt with that aspect of Ms X's request in accordance with Part 1 of FOISA.
I do not require the Council to take any action in response to my decision.
Appeal
Should either Ms X or Scottish Borders Council wish to appeal against this decision, there is an appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days of receipt of this decision notice.
Kevin Dunion
Scottish Information Commissioner
3 May 2007
APPENDIX
Relevant statutory provisions
Freedom of Information (Scotland) Act 2002
|
17 |
Notice that information is not held
|
|
|
(1) Where-
|
|
|
(a) a Scottish public authority receives a request which would require it either- |
|
|
(i) to comply with section 1(1); or |
|
|
(ii) to determine any question arising by virtue of paragraph (a) or (b) of section 2(1), |
|
|
if it held the information to which the request relates; but |
|
|
(b) the authority does not hold that information, |
|
|
it must, within the time allowed by or by virtue of section 10 for complying with the request, give the applicant notice in writing that it does not hold it.
|
|
|
(2) Subsection (1) is subject to section 19. |
|
38 |
Personal information
|
|
|
(1) Information is exempt information if it constitutes-
|
|
|
(a) personal data of which the applicant is the data subject; |
|
|
(b) personal data and either the condition mentioned in subsection (2) (the "first condition") or that mentioned in subsection (3) (the "second condition") is satisfied; |
|
|
[?..] |
|
|
(2) The first condition is-
|
|
|
(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998 (c.29), that the disclosure of the information to a member of the public otherwise than under this Act would contravene- |
|
|
(i) any of the data protection principles; or |
|
|
(ii) section 10 of that Act (right to prevent processing likely to cause damage or distress);
(b) in any other case, that such disclosure would contravene any of the data protection principles if the exemptions in section 33A(1) of that Act (which relate to manual data held) were disregarded.
[?.]
|
Data Protection Act 1998:
|
1. |
- (1) In this Act, unless the context otherwise requires |
|
|
[?] |
|
|
"personal data" means data which relate to a living individual who can be identified- |
|
|
(a) from those data, or |
|
|
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, |
|
|
and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;
(2)In this Act, unless the context otherwise requires-
(a)"obtaining" or "recording", in relation to personal data, includes obtaining or recording the information to be contained in the data, and
(b)"using" or "disclosing", in relation to personal data, includes using or disclosing the information contained in the data.
|
|
SCHEDULE 1
|
|
|
|
THE DATA PROTECTION PRINCIPLES |
|
|
PART I |
|
|
THE PRINCIPLES |
|
|
1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless-
|
|
|
(a) at least one of the conditions in Schedule 2 is met, and |
|
|
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met. |
|
SCHEDULE 2
|
|
|
|
CONDITIONS RELEVANT FOR PURPOSES OF THE FIRST PRINCIPLE: PROCESSING OF ANY PERSONAL DATA |
|
|
[?] |
|
|
6. - (1) The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.
|
|
|
(2) The Secretary of State may by order specify particular circumstances in which this condition is, or is not, to be taken to be satisfied. |
