Decision 134/2007 | Scottish Information Commissioner

Home Decisions

Decision 134/2007

Decision 134/2007 Mr Edward Milne and the Chief Constable of Tayside Police

Information held by police on named third party

Applicant: Mr Edward Milne
Authority: The Chief Constable of Tayside Police
Case No: 200601624
Decision Date: 9 August 2007

Kevin Dunion
Scottish Information Commissioner

Request for police reports for named person ? Commissioner found that Tayside Police responded in accordance with Part 1 of FOISA

Relevant Statutory Provisions and Other SourcesFreedom of Information (Scotland) Act 2002 (FOISA): sections 1(1) (General Entitlement; 21(1) (Review by Public authority); 38(1)(b), (2)(a)(i) and (b) (Personal information).

Data Protection Act 1998 (DPA): sections 1 (Basic interpretative provisions)(definition of personal data); 2 (Sensitive personal data); schedule 1 (The data protection principles)(the first data protection principle).

The full text of each of these provisions is reproduced in the Appendix to this decision. The Appendix forms part of this decision.

Other sources:

Information Commissioner: "Freedom of Information Awareness Guidance 1" http://www.ico.gov.uk/documentUploads/AG%201%20personal%20info.pdf),

The Chief Constable Northumbria Police (Reference: FS50090750) 3 October 2006 http://www.ico.gov.uk/upload/documents/decisionnotices/2006/decision_noticefs50090750_v2.pdf

Transport for London (acting on behalf of any subsidiary authority) (Reference FS50075171) 5th May 2006 http://www.ico.gov.uk/upload/documents/decisionnotices/2006/Decision_Notice_FS50075171.pdf

Facts

Mr Edward Milne (Mr Milne) requested all files and information on a named third party from the Chief Constable of Tayside Police (Tayside Police). Tayside Police responded by stating that the requested information fell within the definition of personal data and was exempt from disclosure under section 38(1)(b) of FOISA. Mr Milne was not satisfied with this response and asked Tayside Police to review their decision. Tayside Police carried out a review and, as a result, notified Mr Milne that they upheld their decision to apply the exemption in section 38(1)(b) of FOISA. Mr Milne remained dissatisfied and applied to the Commissioner for a decision.

Following an investigation, the Commissioner found that, although Tayside Police had failed to comply with the timescales required by section 21(1) of FOISA, they had otherwise dealt with Mr Milne's request for information in accordance with Part 1 of FOISA. He did not require Tayside Police to take any action.

Background

1. On 11 January 2006, Mr Milne wrote to Tayside Police requesting the following information: all files and information held by Tayside Police on a named third party.

2. Tayside Police initially failed to respond to this request and a subsequent request for review. Following an application by Mr Milne to my office, which resulted in Decision 124/2006, Tayside Police wrote on 28 August 2006 to Mr Milne in response to his request for information. Tayside Police issued a refusal notice stating that the requested information fell within the definition of personal data and was exempt in terms of section 38(1)(b) of FOISA.

3. On 1 September 2006, Mr Milne wrote to Tayside Police requesting a review of their decision.

4. On 15 November 2006, Tayside Police wrote to notify Mr Milne of the outcome of their review. They apologised that his request had not been dealt with within the appropriate timescales. Tayside Police said that they considered the information withheld to be sensitive personal data in terms of the Data Protection Act 1998 (DPA) and therefore exempt under section 38(1)(b), read in conjunction with section 38(2)(a)(i) of FOISA.

5. On 21 December 2006, Mr Milne wrote to my office, stating that he was dissatisfied with the outcome of Tayside Police's review and applying to me for a decision in terms of section 47(1) of FOISA. In subsequent correspondence, Mr Milne indicated that he was dissatisfied with Tayside Police's decision because he required the information to further his pursuit of justice.

6. The application was validated by establishing that Mr Milne had made a request for information to a Scottish public authority and had applied to me for a decision only after asking the authority to review its response to that request.

Investigation

7. On 13 February 2007, Tayside Police were notified in writing that an application had been received from Mr Milne and was asked in terms of section 49(3)(a) of FOISA to provide my office with specified items of information required for the purposes of the investigation. Tayside Police responded with the information requested and the case was then allocated to an investigating officer. Tayside Police replied on 28 February 2007 with the withheld information and their submissions.

8. The information withheld from Mr Milne consists of an extract criminal record (document 1) and the historical equivalent of a standard prosecution report in respect of an offence by a named third party i.e. the evidence gathered from witnesses for presentation to court (document 2).

9. Tayside Police's submissions provided evidence of the steps taken to identify information falling under the scope of Mr Milne's request and detailed analysis of the application of the exemption in section 38(1)(b) to the information identified. Tayside Police also indicated that they would consider this information to be exempt under the terms of sections 34 and 35 of FOISA, but they did not provide any detailed reasoning on the application of these exemptions.

10. Over the course of the investigation, a range of information was provided to my office by Mr Milne. In particular, he provided press cuttings relating to the named individual that demonstrated that his prosecution, and the offence to which this relates, was a matter of public record.

The Commissioner's Analysis and Findings

11. In coming to a decision on this matter, I have considered all the information and submissions that have been presented to me by both Mr Milne and Tayside Police and I am satisfied that no matter of relevance has been overlooked.

12. I am satisfied that Tayside Police have demonstrated that they took appropriate steps to identify information falling under the scope of Mr Milne's request. The key matter for me to consider in this case is whether Tayside Police correctly applied the exemption in section 38(1)(b) to the information identified and withheld.

13. Under section 38(1)(b) of FOISA (read in conjunction with section 38(2)(a)(i) or (b)), information is exempt information if it constitutes personal data (as defined within the DPA) and the disclosure of the information to a member of the public otherwise than under FOISA would contravene any of the data protection principles contained in Schedule 1 to the DPA.

14. Tayside Police have claimed that the information withheld from Mr Milne falls within the definition of sensitive personal data of the named third party. They submitted that disclosure of this information would breach the first data protection principle, which states that personal data must be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 of the DPA is met and, in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

Is the information (sensitive) personal data?

15. In considering this matter, I must first ask whether the information requested by Mr Milne constitutes personal data, and if so, whether this should also be considered to be sensitive personal data.

16. Section 38(2)(a) of FOISA refers explicitly to the definition of "personal data" contained in section 1(1) of the DPA. "Personal data" are defined in section 1(1) of the DPA 1998 as follows:

"data which relate to a living individual who can be identified:

a) from those data

b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller"

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.

17. Section 2 of the DPA goes on to define sensitive personal data. Tayside Police have indicated that they believe the withheld information falls within the scope of parts (g) and (h) of this definition, i.e. information as to:

(g) the commission or alleged commission by him of any offence, or

(h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.

18. Having considered the two documents withheld from Mr Milne, I am satisfied that they each fall within the scope of sensitive personal data in their entirety. Both documents clearly have the named individual as their focus, and they relate to the matters set out in sections 2(g) and (h) of the DPA.

Would disclosure breach the first data protection principle?

19. As noted above, the first data protection principle states that personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 (of the DPA) is met and, in the case of sensitive personal data, at least one of the conditions in Schedule 3 (again, of the DPA) is also met.

20. Tayside Police explained that they had considered all the conditions contained within schedules 2 and 3 of the DPA, and found that none applied. Therefore, they argued, release of the information would breach this first data protection principle, in that the personal data would not be processed fairly and lawfully.

21. I will firstly consider whether the disclosure of the information requested by Mr Milne would be fair to the named individual concerned. As I have noted, this is sensitive personal data relating to their prosecution history. As sensitive personal data, it is afforded a level of protection through the DPA that goes beyond that provided in relation to non-sensitive personal data.

22. I am satisfied in this case that disclosure of the information concerned would be unfair to the individual named in Mr Milne's request.

23. In reaching this conclusion, I have noted the guidance from the Information Commissioner ("Freedom of Information Awareness Guidance 1"), the assessment of fairness includes looking at whether the third party would expect that his/her information might be disclosed to others and/or whether the third party would expect that his/her information would be kept private.

24. I am satisfied that there is a general expectation amongst individuals that information of this type will not be made publicly available. The personal data contained in the documents were collected and held for the primary purpose of pursuing and recording a prosecution against an individual and an offender would reasonably only expect such information to be processed in connection with this purpose.

25. I have also noted the comments below made by the Information Commissioner in his decision (under the terms of the Freedom of Information Act 2000) The Chief Constable Northumbria Police (Reference: FS50090750) 3 October 2006:

"It is long established public policy that the release of information held by the

police concerning its criminal investigations of an individual would be unfair. The criminal records of individuals are not available to the public and are protected except in extremely limited circumstances such as to protect vulnerable members of society or to assist the police in criminal investigations."

26. In considering the matter of fairness, I have had regard to the fact that the offence would have been prosecuted in open court. I have noted the press cutting provided to my office by Mr Milne, which refers to the prosecution of the individual named in his request. However, in this respect I have noted comments made by the Information Commissioner in his decision Transport for London (acting on behalf of any subsidiary authority) [FS50075171] 5th May 2006, which states:

"The Commissioner recognises that at the time a case is heard in court, personal data is inevitably disclosed to those attending court, and in the absence of restriction on reporting, could be made known to the wider world. However the Commissioner believes that in practice public knowledge of the issues is only short lived and may be limited to only a small number of people?.There is established public policy on controlling access to the records of those who have been involved with the criminal justice system?. It is clearly not desirable for the Freedom of Information Act to undermine these principles" [Paragraph 5.3.3].

27. On these matters, I find that my thinking is in line with that of the Information Commissioner. I have considered the reasons for which Mr Milne is seeking the information and all information provided to my office in respect of this case, but I am not persuaded that any of the conditions set out in schedule 3 of the DPA can be met in this instance.

28. Therefore, I am satisfied that disclosure of the information requested by Mr Milne would breach the first data protection principle.

29. I am satisfied that the information which has been withheld by Tayside Police in this instance is exempt from release in terms of section 38(1)(b) of FOISA, read in conjunction with section 38(2)(a)(i) or (b).

30. Having decided that the information is exempt in terms of section 38(1)(b) of FOISA I am not required to consider the other exemptions referred to by Tayside Police.

Technical breaches of FOISA

31. I note that Tayside Police failed to respond to Mr Milne's request for review within the 20 working days allowed by section 21(1) of FOISA, and therefore failed to comply fully with the requirements of Part 1 of FOISA.

32. However, Tayside Police carried out a review and therefore I do not require it to take any remedial steps in relation to this failure.

Decision

I find that the Chief Constable of Tayside Police (Tayside Police) failed to comply with the timescales required by section 21(1) of the Freedom of Information (Scotland) Act 2002 (FOISA), and in so doing failed to comply with the requirements of Part 1 of FOISA in responding to the information request made by Mr Milne.

However, I find that Tayside Police acted in accordance with Part 1 of FOISA when withholding the information requested by Mr Milne. I have found that this information is exempt from disclosure under section 38(1)(b) of FOISA, read in conjunction with section 38(2)(a)(i) or (b).

I do not require any action to be taken by Tayside Police in response to this decision.

Appeal

Should either Mr Milne or the Chief Constable of Tayside Police wish to appeal against this decision, there is an appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days of receipt of this decision notice.

Kevin Dunion
Scottish Information Commissioner
09 August 2007

APPENDIX

Relevant Statutory Provisions

Freedom of Information (Scotland) Act 2002

1 General entitlement

(1) A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.

21 Review by Scottish public authority

(1) Subject to subsection (2), a Scottish public authority receiving a requirement for review must (unless that requirement is withdrawn or is as mentioned in subsection (8)) comply promptly; and in any event by not later than the twentieth working day after receipt by it of the requirement.

Personal information

(1) Information is exempt information if it constitutes-

(b) personal data and either the condition mentioned in subsection (2) (the "first condition") or that mentioned in subsection (3) (the "second condition") is satisfied;

(2) The first condition is-

(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998 (c.29), that the disclosure of the information to a member of the public otherwise than under this Act would contravene-

(i) any of the data protection principles;

(b) in any other case, that such disclosure would contravene any of the data protection principles if the exemptions in section 33A(1) of that Act (which relate to manual data held) were disregarded.

Data Protection Act 1998

1 Basic interpretative provisions

(1) In this Act, unless the context otherwise requires-

"personal data" means data which relate to a living individual who can be identified?

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;

2 Sensitive personal data

In this Act "sensitive personal data" means personal data consisting of information as to?

(g) the commission or alleged commission by him of any offence, or

(h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.

SCHEDULE 1

THE DATA PROTECTION PRINCIPLES - PART I THE PRINCIPLES

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless-

(a) at least one of the conditions in Schedule 2 is met, and

(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.