Decision 137/2013 | Scottish Information Commissioner

Home Decisions

Decision 137/2013

Decision 137/2013 Ms Sandra Sneddon and South Ayrshire Council

Claim about an individual

Reference No: 201202472
Decision Date: 15 July 2013

Summary

On 17 September 2012, Ms Sneddon asked South Ayrshire Council (the Council) for information and correspondence relating to a claim it had made about the behaviour of an individual. The Council considered that the requested information was personal information which was exempt from disclosure.

During the investigation, the Council disclosed redacted versions of two documents to Ms Sneddon and identified additional information falling within scope of the request, which the Council considered was exempt on the basis that it was subject to legal professional privilege.

Following an investigation, the Commissioner found that the Council had been entitled to withhold the remaining information. However, by initially withholding some information which it later disclosed, the Council failed to comply with section 1 of FOISA. The Commissioner did not require the Council to take any further action.

Relevant statutory provisions

Freedom of Information (Scotland) Act 2002 (FOISA) sections 1(1) and (6) (General entitlement); 2(1) and (2)(e)(ii) (Effect of exemptions); 36(1) (Confidentiality) and 38(1)(b) and (2)(a)(i) and(b) and (5) (definitions of "the data protection principles", "data subject" and "personal data") (Personal information)

Data Protection Act 1998 (the DPA) sections 1(1) (Basic interpretative provisions) (definition of "personal data"); Schedules 1 (The data protection principles, Part 1: the principles) (the first data protection principle), 2 (Conditions relevant for purposes of the first principle: processing of any personal data) (Condition 6)

The full text of each of the statutory provisions cited above is reproduced in the Appendix to this decision. The Appendix forms part of this decision.

Background

1. On 17 September 2012, Ms Sneddon emailed the Council requesting information and correspondence regarding events which had led the Council to make a certain claim about the behaviour of an individual.

2. The Council responded on 15 October 2012. The Council informed Ms Sneddon that the requested information was considered to be personal information exempt from disclosure under section 38(1)(b) of FOISA.

3. On 22 October 2012, Ms Sneddon emailed the Council requesting a review of its decision. In particular, Ms Sneddon considered that the requested information had been made available to a third party, therefore the information should not be withheld from her.

4. The Council notified Ms Sneddon of the outcome of its review on 19 November 2012. It upheld its previous decision without amendment, but provided further explanation of its reasons.

5. On 24 December 2012, Ms Sneddon wrote to the Commissioner, stating that she was dissatisfied with the outcome of the Council's review and applying to the Commissioner for a decision in terms of section 47(1) of FOISA.

6. The application was validated by establishing that Ms Sneddon had made a request for information to a Scottish public authority and had applied to the Commissioner for a decision only after asking the authority to review its response to that request.

Investigation

7. On 22 January 2013, the Council was notified in writing that an application had been received from Ms Sneddon and was asked to provide the Commissioner with any information withheld from her. The Council responded with the information requested and the case was then allocated to an investigating officer.

8. The investigating officer subsequently contacted the Council, giving it an opportunity to provide comments on the application (as required by section 49(3)(a) of FOISA) and asking it to respond to specific questions. In particular, the Council was asked to justify its reliance on any provisions of FOISA it considered applicable to the information requested.

9. The Council responded to this request, providing submissions in support of its decision to withhold the requested information under section 38(1)(b) of FOISA. After further discussions with the investigating officer, the Council disclosed redacted versions of two documents to Ms Sneddon. It also identified additional information falling within scope of the request, but considered it to be exempt under section 36(1) of FOISA, as it was subject to legal professional privilege.

10. During the investigation, Ms Sneddon was given an opportunity to provide her submissions as to why she considered that the withheld information should be disclosed.

Commissioner's analysis and findings

11. In coming to a decision on this matter, the Commissioner has considered all of the withheld information, the submissions made to her by both Ms Sneddon and the Council. She is satisfied that no matter of relevance has been overlooked.

12. Ms Sneddon's request to the Council comprised five parts. The Council relied upon section 38(1)(b) of FOISA to withhold information covered by parts 1 to 4 of the request, and to withhold some information in two documents (disclosed in redacted form during the investigation), which were covered by part 5 of the request. The Council also relied upon section 36(1) of FOISA, to withhold correspondence with its solicitor, which fell within scope of part 5 of the request.

Section 36(1) - Confidentiality

13. As noted above, the Council relied upon section 36(1) of FOISA to withhold correspondence with its solicitor.

14. Section 36(1) of FOISA exempts from disclosure information in respect of which a claim to confidentiality of communications could be maintained in legal proceedings, which includes communications subject to legal professional privilege. An aspect of legal professional privilege is legal advice privilege, which the Council argued applied in this case.

15. For legal advice privilege to apply, certain conditions must be fulfilled: the information must relate to communications with a legal adviser, such as a solicitor or an advocate, and this may include an in-house legal adviser or an external solicitor employed by the authority; the legal adviser must be acting in his/her professional capacity, and the communications must occur in the context of the legal adviser's professional relationship with his/her client.

16. The information withheld under section 36(1) in this instance was correspondence with an external solicitor whom the Council had engaged in relation to the case which had led it to make a claim about the behaviour of the named individual. The Council provided confirmation of its relationship with the solicitor, and the Commissioner accepted that the solicitor was appointed to act in the capacity of legal adviser to the Council in this matter. The Commissioner accepted that the Council's correspondence with the solicitor was legally privileged.

17. There is a further matter to be considered, however, before the Commissioner can determine whether, or the extent to which, the section 36(1) exemption applies in this case. Information cannot be privileged unless it is also confidential. The claim of confidentiality must be capable of being sustained at the time the exemption is claimed.

18. A claim of confidentiality will not be capable of being maintained where the information has (prior to the conclusion of the public authority's review) been made public, either in full or in a summary sufficiently detailed to have the effect of disclosing the advice. Where confidentiality has thus been lost in respect of part or all of the information under consideration, any privilege associated with that information will also effectively be lost.

19. Ms Sneddon commented that, in her opinion, as the information covered by her request had been passed to the external solicitor, confidentiality had been waived. However, given that the solicitor was acting in the capacity of the Council's legal adviser, and that the information has not been disclosed to any other external party, the Commissioner does not accept that there has been any loss of confidentiality. Therefore, having considered the Council's submissions on this point, the Commissioner is satisfied that the legal advice referred to above has not been made public, either in full or in summary.

20. The Commissioner is therefore satisfied that the withheld information includes information in respect of which a claim to confidentiality of communications could be maintained in legal proceedings. As a result, the Commissioner accepts that the information withheld by the Council under section 36(1) of FOISA is exempt from disclosure.

21. The exemption in section 36(1) is a qualified exemption, which means that its application is subject to the public interest test set out in section 2(1)(b) of FOISA. Therefore, having decided that the information is exempt under section 36(1), the Commissioner must go on to consider whether, in all circumstances of the case, the public interest in disclosing the information is outweighed by the public interest in maintaining the exemption.

Public interest test

22. As the Commissioner has noted in a number of previous decisions, the courts have long recognised the strong public interest in maintaining the right to confidentiality of communications between legal adviser and client on administration of justice grounds. Many of the arguments in favour of maintaining confidentiality of communications were discussed in a House of Lords case, Three Rivers District Council and others v Governor and Company of the Bank of England[1], and the Commissioner will apply the same reasoning to communications attracting legal professional privilege generally.

23. Ms Sneddon's application to the Commissioner, and her correspondence with the Council, underline her view that there is a public interest in the scrutiny of the Council's actions with respect to this particular instance. The Commissioner acknowledges Ms Sneddon's personal reasons for requiring disclosure.

24. The Council acknowledged that the public interest in releasing the information might include the general public interest that information is accessible, and in knowing whether or not the Council has properly fulfilled its duties with respect to the handling of benefit claims and (in particular) appeals made by members of the public. The Council considered, however, that it was of considerable public interest for the Council, like any other party to legal proceedings, to be able to prepare for litigation and to defend its position.

25. The Commissioner agrees that there is a general public interest in authorities being open to scrutiny and being accountable for their actions. She considers that this might include making information available which would show whether the Council has been correctly discharging its duties on key statutory responsibilities such as handling benefit claims and appeals. However, on this occasion, the Commissioner does not consider that such public interest considerations are relevant to the information being withheld, which, if disclosed, would not assist the public in making any such assessment.

26. As stated above, there is a long-recognised and strong public interest in maintaining the right to confidentiality of communications between legal adviser and client on administration of justice grounds, and in this instance the Commissioner accepts the Council's argument that there is a greater public interest in allowing the Council to obtain and consider legal advice in confidence. On balance, therefore, the Commissioner is satisfied, in all the circumstances of this case, that the public interest in disclosing the information in this case is outweighed by the public interest in maintaining the exemption in section 36(1).

27. Consequently, the Commissioner accepts that the Council was entitled to withhold the information included in its communications with its solicitor under the exemption in section 36(1) of FOISA.

28. The Commissioner will consider whether the remaining information was correctly withheld under the exemption in section 38(1)(b) of FOISA.

Section 38(1)(b) of FOISA

29. The Council withheld information covered by Ms Sneddon's request under section 38(1)(b) of FOISA, on the basis that it was the personal data of identifiable individuals, the disclosure of which would breach the first data protection principle.

30. Section 38(1)(b), read in conjunction with section 38(2)(a)(i) or (2)(b) (as appropriate), exempts personal data if its disclosure to a member of the public otherwise than under FOISA would contravene any of the data protection principles.

Is the information under consideration personal data?

31. "Personal data" are defined in section 1(1) of the DPA as:

"data which relate to a living individual who can be identified (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual."

32. In its submissions, the Council stated that disclosure of any of the withheld information would identify a living individual. The Council noted that Ms Sneddon had sought information which would not usually be considered personal information of a living individual, such as the date, name or reference number of the appeal, but it considered that disclosing such information would enable Ms Sneddon and other individuals to cross-check the information with their own records, identify the case in question and ascertain the identities of the Council staff involved.

33. The Commissioner has considered the Council's argument that all the withheld information should be considered as personal data capable of identifying living individuals, however innocuous it may appear to be. The Commissioner is satisfied that all the withheld information falls within the definition of personal data. Living individuals can be identified from the information, which is biographical in relation to those individuals and focuses on them. The Commissioner is therefore satisfied that the information relates to those individuals and is their personal data.

34. Having concluded that the withheld information is personal data as defined in section 1(1) of the DPA, the Commissioner must now go on to consider whether disclosure of this information would contravene any of the data protection principles cited by the Council.

Would disclosure of the information breach the first data protection principle?

35. The Council argued that disclosure of the information would breach the first data protection principle. The first data protection principle requires that personal data shall be processed fairly and lawfully and, in particular, shall not be processed (in this case, disclosed into the public domain in response to Ms Sneddon's request) unless at least one of the conditions in Schedule 2 to the DPA is met and, in the case of sensitive personal data (as defined by section 2 of the DPA), at least one of the conditions in Schedule 3 to the DPA is also met.

36. When considering the conditions, the Commissioner has noted Lord Hope's comment in the case of Common Services Agency v Scottish Information Commissioner [2008] UKHL 47[2] that the conditions require careful treatment in the context of a request for information under FOISA, given that they were not designed to facilitate the release of information, but rather to protect personal data from being processed in a way that might prejudice the rights, freedoms or legitimate interests of the data subject.

37. Condition 1 of Schedule 2 permits personal data to be processed if the data subject(s) consent(s) to the data being processed. The Council stated in its review response to Ms Sneddon that the individuals had not given consent for disclosure of the information. The Commissioner has therefore concluded that condition 1 in Schedule 2 cannot be met in this case.

38. The Commissioner considers that the only other condition in Schedule 2 to the DPA which might apply in this case is condition 6. Condition 6 allows personal data to be processed if that processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.

39. There are, therefore, a number of tests which must be met before condition 6(1) can apply. These are:

Does Ms Sneddon have a legitimate interest in obtaining these personal data?

If so, is the disclosure necessary to achieve those legitimate interests? In other words, is disclosure proportionate as a means and fairly balanced as to ends, or could these legitimate interests be achieved by means which interfere less with the privacy of the data subjects (i.e. the individuals to whom the data relate)?

Even if making the information available is necessary for the legitimate purposes of Ms Sneddon, would it nevertheless cause unwarranted prejudice to the rights and freedoms or legitimate interests of the data subjects? This will involve a balancing exercise between the legitimate interests of Ms Sneddon and those of the data subjects. Only if (or to the extent that) the legitimate interests of Ms Sneddon outweigh those of the data subjects can the personal data be made available.

Does Ms Sneddon have a legitimate interest?

40. There is no definition within the DPA of what constitutes a "legitimate interest", but the Commissioner takes the view that the term indicates that matters in which an individual properly has an interest should be distinguished from matters about which he or she is simply inquisitive. In the published guidance on section 38 of FOISA[3], the Commissioner states:

"In some cases, the legitimate interest might be personal to the applicant - e.g. he or she might want the information in order to bring legal proceedings. With most requests, however, there are likely to be wider legitimate interests, such as the scrutiny of the actions of public bodies or public safety."

41. In her request, Ms Sneddon sought information about the basis on which the Council had made a claim about the behaviour of an individual. In her application to the Commissioner, Ms Sneddon expressed concern about the Council defaming an individual and refusing to name others involved in the incident in question.

42. As noted above, the Council provided Ms Sneddon with redacted versions of some of the correspondence, with only names and dates withheld. This means that the information Ms Sneddon does not have (but still wants) is information which will identify the names of the people involved on both sides of the incident. However, Ms Sneddon has been unable to satisfy the Commissioner that she has a legitimate interest in the disclosure of this information. It does not relate directly to the Council's reasons or conclusion in relation to this matter, and will not assist public understanding of the basis of the Council's concerns about the behaviour of the individual in question (this information has already been made public). In the absence of more compelling reasons from Ms Sneddon for wanting this information, and taking account of the comments made by Lord Hope (see paragraph 36), the Commissioner does not accept that Ms Sneddon has shown she has a legitimate interest in the disclosure of this personal data.

43. The Commissioner must therefore conclude that disclosure would breach the first data protection principle and that the information is exempt under section 38(1)(b) of FOISA.

Other matters

44. The Council informed Ms Sneddon that the information she had requested was exempt under section 38(1)(b) of FOISA. During the investigation, the Council advised that, having considered matters further, it had redacted all personal information from two withheld documents and disclosed them to Ms Sneddon during the investigation.

45. As the Council disclosed information it had initially considered exempt after Ms Sneddon submitted her application to the Commissioner and the Council did not provide any explanation as to why it now considered the information was no longer exempt, the Commissioner has concluded that the Council failed to comply with section 1(1) of FOISA, by withholding such information when responding to Ms Sneddon's request for review.

DECISION

The Commissioner finds that South Ayrshire Council (the Council) generally complied with Part 1 of the Freedom of Information (Scotland) Act 2002 (FOISA) in responding to the information request made by Ms Sandra Sneddon.

The Commissioner finds that part of the information requested by Ms Sneddon was exempt from disclosure under sections 36(1) and 38(1)(b) of FOISA. However, by initially withholding information to which no exemption was found to apply, the Council failed to comply with section 1 of FOISA.

Given that the Council disclosed the non-exempt information during the investigation, the Commissioner does not require the Council to take any further action in respect of this failure.

Appeal

Should either Ms Sandra Sneddon or South Ayrshire Council wish to appeal against this decision, there is an appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days after the date of intimation of this decision.

Margaret Keyse
Head of Enforcement
15 July 2013

Appendix

Relevant statutory provisions

Freedom of Information (Scotland) Act 2002

1 General entitlement

(1) A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.

(6) This section is subject to sections 2, 9, 12 and 14.

2 Effect of exemptions

(1) To information which is exempt information by virtue of any provision of Part 2, section 1 applies only to the extent that -

(a) the provision does not confer absolute exemption; and

(b) in all the circumstances of the case, the public interest in disclosing the information is not outweighed by that in maintaining the exemption.

(2) For the purposes of paragraph (a) of subsection 1, the following provisions of Part 2 (and no others) are to be regarded as conferring absolute exemption -

...

(e) in subsection (1) of section 38 -

(ii) paragraph (b) where the first condition referred to in that paragraph is satisfied by virtue of subsection (2)(a)(i) or (b) of that section.

36 Confidentiality

(1) Information in respect of which a claim to confidentiality of communications could be maintained in legal proceedings is exempt information.

...

38 Personal information

(1) Information is exempt information if it constitutes-

(b) personal data and either the condition mentioned in subsection (2) (the "first condition") or that mentioned in subsection (3) (the "second condition") is satisfied;

(2) The first condition is-

(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998 (c.29), that the disclosure of the information to a member of the public otherwise than under this Act would contravene-

(i) any of the data protection principles; or

(b) in any other case, that such disclosure would contravene any of the data protection principles if the exemptions in section 33A(1) of that Act (which relate to manual data held) were disregarded.

(5) In this section-

"the data protection principles" means the principles set out in Part I of Schedule 1 to that Act, as read subject to Part II of that Schedule and to section 27(1) of that Act;

"data subject" and "personal data" have the meanings respectively assigned to those terms by section 1(1) of that Act;

Data Protection Act 1998

1 Basic interpretative provisions

(1) In this Act, unless the context otherwise requires -

"personal data" means data which relate to a living individual who can be identified -

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;

Schedule 1 - The data protection principles

Part I - The principles

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless -

(a) at least one of the conditions in Schedule 2 is met, and

(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

Schedule 2 - Conditions relevant for purposes of the first principle: processing of any personal data

6. (1) The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.

[1] (2004) UKHL 48

[2] http://www.publications.parliament.uk/pa/ld200708/ldjudgmt/jd080709/comm-1.htm

[3]http://www.itspublicknowledge.info/nmsruntime/saveasdialog.asp?lID=3085&sID=133