Decision 096/2012 | Scottish Information Commissioner

Home Decisions

Decision 096/2012

Decision 096/2012 Mr Raymond Dorricott and Scottish Borders Council

Named employee's details and the departure of the former Chief Executive

Reference No: 201200116
Decision Date: 11 June 2012

Summary

Mr Dorricott requested from Scottish Borders Council (the Council) specific information relating to the departure of the former Chief Executive and, in a separate request, particular information relating to a named employee. The Council responded by advising Mr Dorricott that it did not hold the specific information relating to the departure of the former Chief Executive and it withheld information relating to the named employee in terms of section 38(1)(b) of FOISA, on the basis that it was personal dataFollowing a review, Mr Dorricott remained dissatisfied and applied to the Commissioner for a decision.

Following an investigation, the Commissioner found that the Council had dealt with Mr Dorricott's requests for information in accordance with Part 1 of FOISA, by correctly advising him that the specific information requested relating to the departure of the former Chief Executive was not held.The Council was also correct to withhold certain information relating to a specific employee in terms of section 38(1)(b). She did not require the Council to take any action.

Relevant statutory provisions

Freedom of Information (Scotland) Act 2002 (FOISA) sections 1(1), (4) and (6) (General entitlement); 2(1)(a) and (2)(e)(ii) (Effect of exemptions); 17(1) (Notice that information is not held); 38(1)(b), (2)(a)(i) and (b) and (5) (definitions of "the data protection principles", "data subject" and "personal data") (Personal information)

Data Protection Act 1998 (the DPA) sections 1(1) (Basic interpretative provisions) (definition of "personal data"); Schedules 1 (The data protection principles) (the first data protection principle) and 2 (Conditions relevant for purposes of the first principle: processing of any personal data) (conditions 1 and 6).

The full text of each of the statutory provisions cited above is reproduced in the Appendix to this decision.The Appendix forms part of this decision.

Background

Request 1

1.On 16 November 2011, Mr Dorricott wrote to the Council requesting the date on which it learned of the former Chief Executive's intention to cease to be an employee of the Council.

2.The Council responded on 21 November 2011.It advise Mr Dorricott that it was unable to provide him with the date it received notification of the Chief Executive's intention to leave the Council, as it considered this information to be personal data which was exempt under section 38 of FOISA.

3.On 24 November 2011, Mr Dorricott wrote to the Council requesting a review of its decision. He highlighted that much information relating to the Chief Executive's departure had already appeared in the local press and therefore he could see no valid reason for this information to be withheld.

4.The Council notified Mr Dorricott of the outcome of its review on 20 December 2011.The Council advised Mr Dorricott that, in fact, there was no written record of the date on which the Chief Executive informed the Council of his intention and therefore it was not possible to provide him with the information.

Request 2

5.On 31 October 2011, Mr Dorricott wrote to the Council requesting the following details of a specified employee:

their age
the date they first became an employee of the Council and

details of their previous employment before becoming an employee of the Council.

6.The Council responded on 21 November 2011, advising him that the information sought was personal information and exempt under section 38 of FOISA.

7.On 24 November 2011, Mr Dorricott wrote to the Council requesting a review of its decision.He argued that, as the person in question was paid from public funds, he could see no valid reason to withhold the information.

8.The Council notified Mr Dorricott of the outcome of its review on 20 December 2011.The Council upheld its original decision that the information in question was personal information and exempt under section 38 of FOISA.

9.On 23 December 2011, Mr Dorricott wrote to the Commissioner, stating that he was dissatisfied with the outcome of the Council's reviews in respect of requests 1 and 2 and applying to the Commissioner for a decision in respect of both requests, in terms of section 47(1) of FOISA.

10.The application was validated by establishing that Mr Dorricott had made requests for information to a Scottish public authority and had applied to the Commissioner for a decision only after asking the authority to review its responses to those requests.

Investigation

11.On 23 January 2012, the Council was notified in writing that an application had been received from Mr Dorricott and was asked to provide the Commissioner with any information withheld from him.The Council responded with the information requested and the case was then allocated to an investigating officer.

12.The investigating officer subsequently contacted the Council, giving it an opportunity to provide comments on the application (as required by section 49(3)(a) of FOISA) and asking it to respond to specific questions.In particular, the Council was asked to justify its reliance on section 38 of FOISA and to explain the steps it had taken to establish that it held no information falling within the scope of request 1.

13.The relevant submissions received from both and Mr Dorricott will be considered fully in the Commissioner's analysis and findings below.

Commissioner's analysis and findings

14.In coming to a decision on this matter, the Commissioner has considered all of the withheld information and the submissions made to him by both Mr Dorricott and the Council and is satisfied that no matter of relevance has been overlooked.

Request 1

15.In relation to Mr Dorricott's request for the date on which the former Chief Executive informed the Council of his intention to leave, the Council confirmed to the investigating officer within its submissions that it was relying on section 17 of FOISA.

16.Section 1(1) of FOISA provides that a person who requests information from a Scottish public authority which holds it is entitled to be given that information by the authority, subject to certain restrictions which, by virtue of section 1(6) of FOISA, allow Scottish public authorities to withhold information or charge a fee for it.The restrictions applied by section 1(6) are not applicable to this request.The information to be given is that held by the authority at the time the request is received, as defined in section 1(4).If no such information is held by the authority, section 17(1) of FOISA requires it to give the applicant notice in writing to that effect.

17.Within his application to the Commissioner, Mr Dorricott expressed his dissatisfaction that the Council could identify no records held in relation to this matter given the significance of the Chief Executive's role.

18.Within its submissions to the Commissioner, the Council advised that the Chief Executive notified it of his intention to leave the Council verbally and that no notes, e-mails or minutes recording details of this discussion were held.The Council also confirmed that the Chief Executive retired under the Voluntary Severance Arrangements.

19.In response to the investigating officer's further questioning about the Voluntary Severance scheme, the Council advised that the Chief Executive retired under the Voluntary Severance Agreement, but did not submit an application form as part of this process.The Council also advised that there was no requirement for staff to put notice of their intention to cease being an employee in writing.

20.The Council also submitted that relevant Chief Officers' emails were searched for information relating to the Chief Executive's intention to cease being an employee of the Council, and that no emails were found as a result of these searches.The Council also confirmed that there were no hard copy documents recording this information.

21.The Commissioner finds it reasonable for members of the public to hold the expectation that such information would be recorded, and finds it surprising that no formal record appears to have been made by the Council with regard to its former Chief Executive's informing it of his intention to cease employment.

22.However, on the balance of probabilities, taking account of the searches conducted and the explanations provided by the Council to the effect that the Chief Executive informed it verbally, the Commissioner is prepared to accept that the Council does not (and did not, at the time it received Mr Dorricott's request) hold a record of the date on which the Chief Executive informed it of his intention to leave.The Commissioner would expect such a record, if held, to be readily accessible.It is not immediately apparent to the Commissioner why the existence of such a record, if held, should be denied, and nothing relevant to this point has been drawn to her attention.

Request 2

Section 38(1)(b) ? Personal information

23.The Council applied the exemption in section 38(1)(b) of FOISA, read in conjunction with section 38(2)(a)(i), to information falling within the scope of request 2.

24.Section 38(1)(b), read in conjunction with section 38(2)(a)(i) or, as appropriate, 38(2)(b) exempts information from disclosure if it is "personal data" as defined in section 1(1) of the DPA and its disclosure would contravene one or more of the data protection principles set out in Schedule 1 to the DPA.This particular exemption is an absolute exemption and therefore is not subject to the public interest test set down in section 2(1)(b) of FOISA.

25.In order to rely on this exemption, therefore, the Council must show firstly that the information being withheld is personal data for the purposes of the DPA, and secondly that disclosure of the information into the public domain (which is the effect of disclosure under FOISA) would contravene one or more of the data protection principles to be found in Schedule 1 to the DPA.

Is the information personal data?

26.The information under consideration here comprises specific biographical details of a named employee.Having considered the withheld information, the Commissioner accepts that this information is the personal data of the specific employee, as it relates to them as an individual and they can be identified from it.

27.Having reached this conclusion, the Commissioner must now go on to consider whether disclosure of the personal data would contravene any of the data protection principles.Given the nature of the arguments presented by the Council, the Commissioner considers the first principle the most relevant.

Would disclosure contravene the first data protection principle?

28.The first data protection principle states that personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 to the DPA is met and, in the case of sensitive personal data, at least one of the conditions in Schedule 3 to the DPA is also met.The processing under consideration in this case is disclosure of the personal data into the public domain in response to Mr Dorricott's information request.

29.The Commissioner has considered the definition of sensitive personal data set out in section 2 of the DPA, and is satisfied that the personal data in this case do not fall into this category.As a result, it is not necessary to consider the conditions in Schedule 3 to the DPA in this case.

30.There are three separate aspects to the first data protection principle: (i) fairness, (ii) lawfulness and (iii) the conditions in the schedules.However, these three aspects are interlinked.For example, if there is a specific condition which permits the personal data to be disclosed, it is likely that the disclosure will also be fair and lawful.

31.The Commissioner will now go on to consider whether there are any conditions in Schedule 2 to the DPA which would permit the personal data to be disclosed.

Can any Schedule 2 condition be met?

32.Condition 1 of Schedule 2 permits data to be processed (in this case, disclosed into the public domain in response to Mr Dorricott's information request) if consent to such processing is given by the data subject.The Council advised that the data subject had not given consent to processing of their personal data.In the circumstances, the Commissioner is satisfied that condition 1 cannot be fulfilled in this case.

33.The Commissioner considers that condition 6 in Schedule 2 of the DPA would appear to be the only remaining condition which might permit the disclosure of the personal data requested by Mr Dorricott.

34.Condition 6 allows personal data to be processed if the processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject (the individual(s) to whom the data relate).

35.There are a number of different tests which must therefore be satisfied before condition 6 can be met.These are:

Does Mr Dorricott have a legitimate interest in obtaining the personal data?
If he does, is the disclosure necessary to achieve these legitimate aims?In other words, is the disclosure proportionate as a means and fairly balanced as to ends, or could these legitimate aims be achieved by means which interfere less with the privacy of the data subject?

Even if processing is necessary for Mr Dorricott's legitimate purposes, would disclosure nevertheless cause unwarranted prejudice to the rights and freedoms or legitimate interests of the data subject?

36.There is no presumption in favour of the disclosure of personal data under the general obligation laid down by FOISA.Accordingly, the legitimate interests of Mr Dorricott must outweigh the rights and freedoms or legitimate interests of the data subject before condition 6 will permit the personal data to be disclosed.If the two are evenly balanced, the Commissioner must find that the Council was correct to refuse to disclose the personal data to Mr Dorricott.

Does Mr Dorricott have a legitimate interest?

37.Mr Dorricott, within his application to the Commissioner, indicated why he considered the information should be disclosed.He wished to know the level of practical experience the individual had in order to make specific decisions, and also to verify information he had been advised of previously.

38.Having considered these submissions, the Commissioner is satisfied that a legitimate interest exists in relation to this data, to the extent that disclosure would contribute to public scrutiny of the matters referred to by Mr Dorricott.

Is disclosure of the information necessary to achieve these legitimate interests?

39.Taking account of the specific information sought by Mr Dorricott, the Commissioner can identify no viable means of meeting the requirements of his legitimate interests which would interfere less with the privacy of the relevant data subject than the provision of the withheld information.In the circumstances, the Commissioner is satisfied that disclosure of these personal data is necessary to meet the legitimate interests in question.

Would disclosure cause unwarranted prejudice to the rights and freedoms or legitimate interests of the data subject?

40.The Council stated that it considered matters relating to staff to be private matters and that it owed a duty to ask staff if they agreed to release of any of their personal information.In this instance, the individual in question did not provide consent to disclose the information.The Council stated that it owed the staff member a duty of confidentiality and wished to respect that.

41.The Commissioner has considered these arguments carefully when considering the legitimate interests of the data subject.The Commissioner has also taken into account the guidance on this point in the briefing on the section 38 exemption^{^[1]}, which identifies relevant factors as including:

Whether the information relates to the employee's public or private life

The potential harm or distress that may be caused by disclosure

Whether the employee has objected to disclosure

The reasonable expectations of the employee as to whether their information would be disclosed.

42.The Commissioner acknowledges that some of the information requested by Mr Dorricott could be seen as relating to the employee's public life, insofar as it relates to their employment in a Scottish public authority.The Commissioner also accepts that it could be argued that, in the interests of accountability, some of this information could give an insight into the suitability of a particular person to conduct a particular role.However, the Commissioner also acknowledges that, equally, some of the information requested relates to the individual's private life.

43.Having considered the nature of the information in question, the Commissioner acknowledges that the named employee (who did not hold a significantly senior role in the Council) would have no reasonable expectation that these particular details about them would be disclosed. The Commissioner places significant weight on the fact that the employee in question, when consulted, objected to disclosure of the requested information.

44.In this particular case, having balanced the legitimate interests of the data subject against those identified by Mr Dorricott, the Commissioner finds that any legitimate interests served by disclosure would not outweigh the unwarranted prejudice that would be caused in this case to the rights and freedoms or legitimate interests of the data subject.The Commissioner therefore concludes that condition 6 in Schedule 2 to the DPA cannot be met in the circumstances.

45.Having accepted that disclosure of the withheld personal data would lead to unwarranted prejudice to the rights and freedoms or legitimate interest of the data subject, as described above, the Commissioner must also conclude that its disclosure would be unfair.As no condition in Schedule 2 to the DPA can be met, she would also regard disclosure as unlawful. In all the circumstances, therefore, the Commissioner's conclusion is that the first data protection principle would be breached by disclosure of the information in the withheld personal data and that this information was properly withheld under section 38(1)(b) of FOISA.

DECISION

The Commissioner finds that the Council complied with Part 1 of the Freedom of Information (Scotland) Act 2002 (FOISA) in responding to the information requests made by Mr Dorricott.

Appeal

Should either Mr Dorricott or Scottish Borders Council wish to appeal against this decision, there is an appeal to the Court of Session on a point of law only.Any such appeal must be made within 42 days after the date of intimation of this decision notice.

Margaret Keyse
Head of Enforcement
11 June 2012

Appendix

Relevant statutory provisions

Freedom of Information (Scotland) Act 2002

1 General entitlement

(1) A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.

(4) The information to be given by the authority is that held by it at the time the request is received, except that, subject to subsection (5), any amendment or deletion which would have been made, regardless of the receipt of the request, between that time and the time it gives the information may be made before the information is given.

(6) This section is subject to sections 2, 9, 12 and 14.

2 Effect of exemptions

(1) To information which is exempt information by virtue of any provision of Part 2, section 1 applies only to the extent that ?

(a) the provision does not confer absolute exemption; and

(2) For the purposes of paragraph (a) of subsection 1, the following provisions of Part 2 (and no others) are to be regarded as conferring absolute exemption ?

(e) in subsection (1) of section 38 ?

(ii) paragraph (b) where the first condition referred to in that paragraph is satisfied by virtue of subsection (2)(a)(i) or (b) of that section.

17 Notice that information is not held

(1) Where-

(a) a Scottish public authority receives a request which would require it either-

(i) to comply with section 1(1); or

(ii) to determine any question arising by virtue of paragraph (a) or (b) of section 2(1),

if it held the information to which the request relates; but

(b) the authority does not hold that information,

it must, within the time allowed by or by virtue of section 10 for complying with the request, give the applicant notice in writing that it does not hold it.

38 Personal information

(1) Information is exempt information if it constitutes-

(b) personal data and either the condition mentioned in subsection (2) (the "first condition") or that mentioned in subsection (3) (the "second condition") is satisfied;

(2) The first condition is-

(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998 (c.29), that the disclosure of the information to a member of the public otherwise than under this Act would contravene-

(i) any of the data protection principles; or

(b) in any other case, that such disclosure would contravene any of the data protection principles if the exemptions in section 33A(1) of that Act (which relate to manual data held) were disregarded.

(5) In this section-

"the data protection principles" means the principles set out in Part I of Schedule 1 to that Act, as read subject to Part II of that Schedule and to section 27(1) of that Act;

"data subject" and "personal data" have the meanings respectively assigned to those terms by section 1(1) of that Act;

Data Protection Act 1998

1 Basic interpretative provisions

(1)In this Act, unless the context otherwise requires ?

"personal data" means data which relate to a living individual who can be identified ?

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;

Schedule 1 ? The data protection principles

Part I ? The principles

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless ?

(a) at least one of the conditions in Schedule 2 is met, and

(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

Schedule 2 ? Conditions relevant for purposes of the first principle: processing of any personal data

1.The data subject has given his consent to the processing.

6. (1) The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.

[1] http://www.itspublicknowledge.info/nmsruntime/saveasdialog.aspx?lID=661&sID=133