Home Decisions

Decision 090/2017

Decision 090/2017: Mr Derek Jackson and the Scottish Fire and Rescue Service

Job evaluation

Reference No: 201602278
Decision Date: 1 June 2017

Summary

The SFRS was asked for information about a job evaluation. The SFRS withheld some of the information on the basis that it was exempt in terms of sections 33(1)(a) and 36(2) of FOISA.

The Commissioner found that the SFRS was not entitled to withhold the information under the exemptions applied originally (which it withdrew during the investigation). She accepted, however, that the SFRS was entitled to withhold the information as the applicant's own personal data.

  Relevant statutory provisions

Freedom of Information (Scotland) Act 2002 (FOISA) sections 1(1) and (6) (General entitlement); 2(1)(a) and (2)(e)(i) (Effect of exemptions); 33(1)(a) (Commercial interests and the economy); 36(2) (Confidentiality); 38(1)(a) (Personal information)

Data Protection Act 1998 (the DPA) sections 1(1) (Basic interpretative provisions) (definition of "personal data")

The full text of each of the statutory provisions cited above is reproduced in Appendix 1 to this decision. The Appendix forms part of this decision.

All references in this decision to "the Commissioner" are to Margaret Keyse, who has been appointed by the Scottish Parliamentary Corporate Body to discharge the functions of the Commissioner under section 42(8) of FOISA.

  Background

1. On 29 September 2016, Mr Jackson made a request for information to the Scottish Fire and Rescue Service (the SFRS). He stated that following receipt of a letter dated 26 September 2016, which provided him with the outcome of his job evaluation appeal, he was writing formally under FOISA and the DPA for information held regarding that appeal. He requested:

a) Sifting notes from panels

b) Reasons for any rejection of factors to be heard at hearing

c) Individual panel members' notes at hearing

d) Typed minutes of hearing

e) Reasons for rejected factors following hearing

f) System software audit trail of question/answer

g) All notes in relation to decision making on answer set

h) Any other information and emails held with regard to my role within the process.

2. The SFRS responded on 8 November 2016. It explained that it had responded separately regarding the aspects of his request it had treated as a Subject Access Request (SAR) under the DPA. The SFRS confirmed that it had dealt with part f) of his request, for the system software audit trail of question/answer, as a request under FOISA, as the information it held for this part was not considered to be Mr Jackson's personal data. It informed Mr Jackson that it considered the information to be exempt from disclosure in terms of sections 33(1)(a) and 36(2) of FOISA.

3. The SFRS explained that the software system in use, known as "Gauge", was owned and licensed by a third party supplier. Disclosure of the requested information would, it claimed, reveal embedded software and system architecture of the software, which were trade secrets for the purposes of section 33(1)(a) of FOISA. It stated that disclosure would be harmful to the commercial interests of the supplier.

4. The SFRS also stated that the information had been provided to it in confidence and that disclosure would constitute a breach of its contractual obligation to maintain confidentiality. As such, it stated the information was exempt in terms of section 36(2) of FOISA.

5. On 18 November 2016, Mr Jackson wrote to the SFRS requesting a review of its decision. Mr Jackson made a number of comments regarding the response he received under the DPA, which cannot be considered by the Commissioner as they fall outwith her statutory remit. In relation to the application of sections 33(1)(a) and 36(2) of FOISA, Mr Jackson disagreed with the SFRS's view that the software did not hold his personal information. He explained that it was he that had appealed his job evaluation and therefore he that had been evaluated.

6. The SFRS notified Mr Jackson of the outcome of its review on 8 December 2016. The SFRS stated that it had reviewed whether the application of sections 33(1)(a) and 36(2) of FOISA had been appropriate. It upheld the original response without modification.

7. On 14 December 2016, Mr Jackson wrote to the Commissioner. He applied to the Commissioner for a decision in terms of section 47(1) of FOISA. Mr Jackson stated he was unhappy with the response as he believed part f) of his request should have been dealt with under the DPA. He further stated that if it was considered to be a request under FOISA, he disagreed with the application of the exemptions. He confirmed he was not requesting the full infrastructure of the software system, but merely information input with regard to his role, which was clearly evidenced at his appeal hearing.

  Investigation

8. The application was accepted as valid. The Commissioner confirmed that Mr Jackson made a request for information to a Scottish public authority and asked the authority to review its response to that request before applying to her for a decision.

9. On 16 January 2017, the SFRS was notified in writing that Mr Jackson had made a valid application. The SFRS was asked to send the Commissioner the information withheld from Mr Jackson. The SFRS provided that information withheld, entitled "Overview question trace", and the case was allocated to an investigating officer.

10. Section 49(3)(a) of FOISA requires the Commissioner to give public authorities an opportunity to provide comments on an application. The SFRS was invited to comment on Mr Jackson's application and to answer specific questions in relation to its handling of his request, focusing on the interpretation of the request and the application of sections 33(1)(a) and 36(2) of FOISA.

11. Following further correspondence between the SFRS and the investigating officer, the SFRS provided Mr Jackson with the Overview question trace.

12. The SFRS informed the Commissioner that it had initially interpreted part f) of Mr Jackson's request as seeking the entire question and answer bank contained within the software. It explained that it had withheld this information to protect the intellectual property rights of the company which had supplied the system.

13. The SFRS now accepted that Mr Jackson had merely requested the questions and answers held within the system as they related to his personal appeal and the evaluation of his own post. Having arrived at this view, it confirmed that it no longer wished to rely on sections 33(1)(a) or 36(2) of FOISA. It considered the information it held and which fell within the scope of this part of the request to be Mr Jackson's personal data and thus subject to the exemption in section 38(1)(a) of FOISA. It confirmed the information had been provided to Mr Jackson on a personal basis.

14. Mr Jackson acknowledged receipt of the Overview question trace, but asked for a Decision Notice to be issued. As mentioned above, the SFRS dealt with the remainder of Mr Jackson's request as a SAR under the DPA. Mr Jackson was advised that any dissatisfaction with the SFRS's response to his SAR could not be considered by the Commissioner.

  Commissioner's analysis and findings

15. In coming to a decision on this matter, the Commissioner considered all of the withheld information and the relevant submissions, or parts of submissions, made to her by both Mr Jackson and the SFRS. She is satisfied that no matter of relevance has been overlooked.

Interpretation of the request and information held

16. The Commissioner notes that in submitting his request for information, Mr Jackson made reference to the outcome of his own job evaluation appeal, requesting information relating to that appeal.

17. The Commissioner is satisfied that Mr Jackson did not seek the entire question and answer bank contained within the software system, as the SFRS understood originally, but only the questions and answers in the system resulting from the job evaluation exercise pertaining to him.

18. The SFRS explained that the information falling within the scope of part f) of his request was held within the Gauge system. It explained that producing the Overview question trace relating to Mr Jackson was a simple matter of running a programme within the system. Doing so in relation to Mr Jackson's appeal produced the Overview question trace relative to his appeal. This consisted of the questions asked, the answers input and the evaluation outcome.

19. Having examined the information contained in the outcome of his job evaluation appeal as referred to in Mr Jackson's request, the Commissioner is satisfied that the Overview question trace provided to Mr Jackson during the investigation (which included the information within the job evaluation outcome referred to in Mr Jackson's request) is the "System software audit trail of question/answer" which Mr Jackson requested. Taking all submissions into account, the Commissioner is therefore satisfied that, by the end of the investigation, Mr Jackson has been provided with the information that falls within the scope of the relevant part of the request.

Section 33(1)(a) - Commercial interests and the economy

20. Section 33(1)(a) of FOISA is set out in full in Appendix 1. As mentioned above, the SFRS withdrew its reliance upon section 33(1)(a) during the investigation. In the absence of submissions from the SFRS, the Commissioner must conclude that the information in question was not exempt from disclosure under section 33(1)(a) of FOISA.

Section 36(2) - Confidentiality

21. Section 36(2) of FOISA is set out in full in Appendix 1. As mentioned above, the SFRS withdrew its reliance upon section 36(2) during the investigation. In the absence of submissions from the SFRS, the Commissioner must conclude that the information in question was not exempt from disclosure under section 36(2) of FOISA.

Section 38(1)(a) - Mr Jackson's personal data

22. Section 38(1)(a) of FOISA contains an absolute exemption in relation to personal data of which the applicant is the data subject. The fact that it is absolute means that it is not subject to the public interest test set out in section 2(1) of FOISA.

23. This exemption exists under FOISA because individuals have a separate right to make a request for their own personal data (commonly known as a "subject access request") under section 7 of the DPA. The DPA will therefore usually determine whether a person has a right to their own personal data, and govern the exercise of that right. Crucially, it provides for access by the data subject (the person to whom the data relate) alone, rather than (as under FOISA) to the world at large. Section 38(1)(a) of FOISA does not deny individuals a right to access to information about themselves, but ensures that the right is exercised under the DPA and not under FOISA.

24. Personal data are defined in section 1(1) of the DPA as data which relate to a living individual who can be identified: a) from those data, or b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller (the full definition is set out in Appendix 1).

25. In its submissions to the Commissioner, the SFRS explained that it considered the information requested by Mr Jackson to be his own personal data.

26. Mr Jackson also submitted, in his requirement for review and in his application to the Commissioner, that the withheld information should have been provided to him under the DPA. The Commissioner is satisfied that the information was provided to Mr Jackson during the investigation.

27. The Commissioner has considered the submissions received from both the SFRS and Mr Jackson. She has also considered the content and context of the request and the information provided during the investigation. It is apparent that any information held and falling within the scope of part f) of Mr Jackson's request would relate to Mr Jackson and his own personal circumstances, and therefore would be his own personal data. In all the circumstances, therefore, the Commissioner is satisfied that the SFRS was entitled to withhold this information under section 38(1)(a) of FOISA.

28. Having reached this conclusion, the Commissioner does not require the SFRS to take any action in relation to Mr Jackson's application.

Decision

The Commissioner finds that the Scottish Fire and Rescue Service (the SFRS) failed to comply with Part 1 of the Freedom of Information (Scotland) Act 2002 (FOISA) in responding to the information request made by Mr Jackson.

She finds that the SFRS wrongly applied sections 33(1)(a) and 36(2) of FOISA to the information it withheld from Mr Jackson.

Given that the Commissioner accepts that the information held falls to be exempt from disclosure under section 38(1)(a) of FOISA, she does not require the SFRS to take any action.

  Appeal

Should either Mr Jackson or the Scottish Fire and Rescue Service wish to appeal against this decision, they have the right to appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days after the date of intimation of this decision.

Margaret Keyse
Acting Scottish Information Commissioner

1 June 2017

  Appendix 1: Relevant statutory provisions

Freedom of Information (Scotland) Act 2002

1 General entitlement

(1) A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.

(6) This section is subject to sections 2, 9, 12 and 14.

2 Effect of exemptions

(1) To information which is exempt information by virtue of any provision of Part 2, section 1 applies only to the extent that -

(a) the provision does not confer absolute exemption; and

(2) For the purposes of paragraph (a) of subsection 1, the following provisions of Part 2 (and no others) are to be regarded as conferring absolute exemption -

(e) in subsection (1) of section 38 -

(i) paragraphs (a), (c) and (d); and

...

33 Commercial interests and the economy

(1) Information is exempt information if-

(a) it constitutes a trade secret; or

36 Confidentiality

(2) Information is exempt information if-

(a) it was obtained by a Scottish public authority from another person (including another such authority); and

(b) its disclosure by the authority so obtaining it to the public (otherwise than under this Act) would constitute a breach of confidence actionable by that person or any other person.

38 Personal information

(1) Information is exempt information if it constitutes-

(a) personal data of which the applicant is the data subject;

Data Protection Act 1998

1 Basic interpretative provisions

(1) In this Act, unless the context otherwise requires -

"personal data" means data which relate to a living individual who can be identified -

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;