Decision 152/2007 | Scottish Information Commissioner

Home Decisions

Decision 152/2007

Decision 152/2007 Mr David Emslie and the Chief Constable of Grampian Police

Request for information concerning the past five Chief Constables of Grampian Police, and if any of them had a criminal record

Applicant: Mr David Emslie
Authority: The Chief Constable of Grampian Police
Case No: 200700014
Decision Date: 23 August 2007

Kevin Dunion
Scottish Information Commissioner

Request for information concerning the past five Chief Constables of Grampian Police, and if any of them had a criminal record ? whether information exempt under section 38(1)(b) of the Freedom of Information (Scotland) Act 2002 ? section 14(2) repeated request

Relevant Statutory Provisions and other Sources

Freedom of Information (Scotland) Act 2002: section 1(1) (General entitlement); 14 (Vexatious or repeated requests); section 38(1)(b), (2)(a)(i) and (b) (Personal information).

Data Protection Act 1998: section 1 (Basic interpretative provisions) (definition of "personal data"); section 2 (Sensitive personal data); Schedule 1, Part 1, paragraph 1 (The first data protection principle); Schedule 2 (Conditions relevant for purposes of the first principle: processing of personal data) (condition 6); Schedule 3 (Conditions relevant for purposes of the first principle: processing of sensitive personal data).

The full text of these provisions is reproduced in the Appendix to this decision. The Appendix forms part of this decision.

Facts

Mr Emslie wrote to the Chief Constable of Grampian Police (Grampian Police) requesting information about Police Officers with Grampian Police who had criminal convictions, whether the present Chief Constable had a criminal record, and if the previous two Chief Constables of Grampian Police had a criminal record.

13 working days after submitting his initial request, Mr Emslie submitted a second request to Grampian Police for "information of the past five Chief Constables of Grampian Police, and if any of them had a criminal record".

In their response to Mr Emslie's initial request Grampian Police provided him with some of the information he had requested, but refused to disclose whether the two previous Chief Constables had a criminal record during their service with Grampian Police. In relation to Mr Emslie's second request Grampian Police were of the view that part of the request constituted a repeat request which they were not obliged to respond to.

Mr Emslie then requested a review of Grampian Police's decision. After carrying out a review, Grampian Police upheld its original decision to refuse Mr Emslie's request in relation to whether the two previous Chief Constables had a criminal record during their service with Grampian Police.

Mr Emslie was dissatisfied with this response and applied to the Scottish Information Commissioner for a decision. Following an investigation, the Commissioner found that Grampian Police had dealt with Mr Emslie's requests for information in line with Part 1 of the Freedom of Information (Scotland) Act 2002 (FOISA).

Background

1. Mr Emslie submitted a request for information by fax to Grampian Police on 29 April 2006. In his fax, Mr Emslie requested information regarding Grampian Police officers who had criminal convictions, whether the present Chief Constable had a criminal record, and if the previous two Chief Constables of Grampian Police had a criminal record.

2. On 21 May 2006, 13 working days after submitting his initial request, Mr Emslie submitted a second request to Grampian Police for "information of the past five Chief Constables of Grampian Police, and if any of them had a criminal record".

3. Grampian Police were of the view that elements of Mr Emslie's second request of 21 May 2006 constituted a repeat request under section 14(2) of FOISA which they were not obliged to respond to. When Grampian Police acknowledged receipt of Mr Emslie's second request on 2 June 2006, they asked him for clarification as to what "information" he required, other than whether any of the previous Chief Constables had a criminal record. Grampian Police informed Mr Emslie that his request would be processed and replied to by no later than 30 June 2006.

4. The first of Mr Emslie's requests was responded to on 29 May 2006, 20 working days after Grampian Police received it. In their response, Grampian Police provided Mr Emslie with some of the information he had requested, but refused to disclose whether the two previous Chief Constables had a criminal record during their service with Grampian Police. Grampian Police refused this request under section 38(1)(b) of FOISA on the basis that it would be unfair to identify whether specific individuals who were deemed suitable to serve as police officers, but were no longer officers of Grampian Police, had criminal convictions.

5. Mr Emslie's second request was responded to by Grampian Police on 15 June 2006. No clarification had been received from Mr Emslie by that date and his request was interpreted as meaning that he required the names of the previous Chief Constables and the dates they served with Grampian Police. This information was provided to Mr Emslie, but the part of his request which referred to whether any of the past Chief Constables had criminal records was partly refused under section 14(2) of FOISA on the grounds that Mr Emslie's initial request which required details regarding the previous two Chief Constables had already been responded to by the Force Records Manager/Archivist in his letter dated 29 May 2006.

6. In their letter of 15 June 2006, Grampian Police informed Mr Emslie that a total of five Chief Constables had served with Grampian Police since Grampian Police Force had been formed in May 1975. The names of each Chief Constable and the dates they served with Grampian Police were provided to Mr Emslie. Grampian Police informed Mr Emslie that in terms of his request there were only 4 past incumbents of that post.

7. The Police Force stated that the remaining part of Mr Emslie's second request concerned whether either of the first two Chief Constables of Grampian Police had a criminal record. As with Mr Emslie's first request, Grampian Police informed Mr Emslie that such information could not be disclosed on the grounds that it was exempt under section 38(1)(b) of FOISA since it would be unfair to identify whether specific individuals who were deemed suitable to serve as police officers, but were no longer officers of Grampian Police, had criminal convictions.

8. On 27 June 2006, Mr Emslie responded to Grampian Police's letter of 15 June 2006, and requested a review of their decision not to supply him with the information he had asked for. Grampian Police acknowledged Mr Emslie's letter on 29 June 2006. In their letter, Grampian Police objected to the tenor of Mr Emslie's letter, stating that they found some of the terminology used to have been manifestly unreasonable and that the letter contained unsubstantiated allegations and offensive remarks against Grampian Police.

9. Grampian Police informed Mr Emslie that they would not accept terminology of this nature and that any future requests for information submitted to Grampian Police by Mr Emslie which contained such terminology would be considered unreasonable, may be treated as vexatious, and consequently would not be responded to in line with section 14(1) of FOISA.

10. On 14 July 2006, Grampian Police wrote to Mr Emslie to inform him that their reply to his request of 15 June 2006 should have informed him that he was entitled to apply directly to me for a decision if he was dissatisfied with their refusal to comply with part of his request for the reasons set out in section 14(2) of FOISA.

11. In their letter Grampian Police informed Mr Emslie that although they were not obliged to conduct a review for the repeated part of his request, a review of his full request was carried out by a senior member of Grampian Police who had not been previously involved with Mr Emslie's request. The review had been carried out as a result of Mr Emslie's rights not having been fully outlined in Grampian Police's letter of reply.

12. Grampian Police's review concluded that they were not obliged to comply with part of Mr Emslie's request on the grounds that it constituted a repeated request in terms of section 14(2) of FOISA, and that the section 38(1)(b) exemption under FOISA which had been cited in relation to the remainder of the information was both relevant and sufficient. The decision not to disclose the information to Mr Emslie was therefore upheld.

13. Mr Emslie was dissatisfied with the outcome of Grampian Police's review and he applied to me for a decision on 3 January 2007. Mr Emslie's appeal was validated on 12 January 2007 by establishing that he had made a valid request to a Scottish public authority and had appealed to me only after asking Grampian Police to review their response to his initial request.

The Investigation

14. My Office wrote to Grampian Police on 12 January 2007, giving notice that an application had been received and that an investigation into the matter had begun. Grampian Police were asked to provide their comments in terms of section 49(3)(a) of FOISA, along with supporting documentation for the purposes of the investigation. The case was then allocated to an investigating officer.

15. Grampian Police responded on 23 January 2007, providing their comments and copies of documentation that related to Grampian Police's handling of Mr Emslie's request and his subsequent request for review.

The Commissioner's Analysis and Findings

16. In coming to a decision on this matter, I have considered all of the information and the submissions that have been presented to me by both Mr Emslie and Grampian Police and I am satisfied that no matter of relevance has been overlooked. Section 14(2) ? Repeated request

17. Mr Emslie's first request for information, of 29 April 2006, concerned whether the two previous Chief Constables had a criminal record during their service with Grampian Police, and was responded to by Grampian Police on 29 May 2006.

18. On 21 May 2006, Mr Emslie submitted a second request to Grampian Police for "information of the past five Chief Constables of Grampian Police, and if any of them had a criminal record".

19. In their response to Mr Emslie's second request, Grampian Police advised him that only five Chief Constables had served with Grampian Police since Grampian Police Force had been formed in 1975. Therefore, as Grampian Police informed Mr Emslie on 15 June 2006, the part of his second request which pertained to the past two Chief Constables who had served with Grampian Police was a repeated request in terms of section 14(2) of FOISA.

20. I find that Grampian Police were therefore correct to rely upon section 14(2) of FOISA in relation to the part of Mr Emslie's second request which was identical to the information he had asked for in his initial request. Under the terms of section 14(2) of FOISA, Grampian Police were not obliged to comply with that part of Mr Emslie's second request since it was identical to the information initially requested and responded to and a reasonable period of time had not elapsed between the making of the request complied with and the making of the subsequent request. Consequently I uphold Grampian Police's application of section 14(2) of FOISA in relation to the part of Mr Emslie's second request for information which pertained to the last two Chief Constables of Grampian Police.

Section 38(1)(b) ? Personal Information

21. Section 38(1)(b) of FOISA exempts from release personal data, the disclosure of which to a member of the public otherwise than under FOISA would contravene any of the data protection principles contained in the Data Protection Act 1998 (the DPA).

22. The DPA defines personal data in section 1(1) as:

"data which relate to a living individual who can be identified -

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual"

23. In order for a public authority to rely on this exemption it must show that the information which has been requested is personal data for the purposes of the DPA, and that disclosure of the information to a member of the public otherwise than under FOISA would contravene any of the data protection principles laid down in the DPA.

24. It should be noted that the exemption in section 38(1)(b) of FOISA, read in conjunction with section 38(2)(a)(i) or (b), is an absolute exemption in that it is not subject to the public interest test required by section 2(1)(b) of FOISA.

25. In Grampian Police's response to Mr Emslie's request for information about the past Chief Constables who had served with Grampian Police, they provided him with the names of each individual and the periods they were in the post of Chief Constable. This information is already in the public domain and can be found on Grampian Police's website: http://www.grampian.police.uk/force/history/history.cfm.

26. In relation to Mr Emslie's request for information concerning whether any of the past Chief Constables who had served with Grampian Police had a criminal record, Grampian Police advised Mr Emslie that the results of vetting checks and records of criminal convictions held on the Scottish Criminal Record Office Criminal History System were considered to be personal data. In its submission to me Grampian Police stated that it considered the existence, or lack of, a criminal record to be personal data, as was the content of any criminal record.

27. In this instance I am satisfied that the information requested by Mr Emslie constitutes the personal data of the individuals concerned and also, given that the data relates to the commission or alleged commission of an offence, the data falls within the definition of "sensitive personal data" contained in section 2(g) of the DPA. This means that the data is afforded additional protection under the DPA. I will come back to this point below.

28. Having established that the information requested does constitute personal data, I must go on to consider whether the disclosure of such information would contravene any of the data protection principles.

29. Grampian Police informed Mr Emslie that they were of the view that it was unfair to identify whether specific individuals that were deemed suitable to serve as police officers, but were no longer officers of Grampian Police, had criminal convictions. They argued that disclosure of this information would therefore breach the first principle of the Data Protection Act 1998 (DPA) and, as such, Grampian Police were unable to provide the information in terms of section 38(1)(b) of FOISA.

30. The first data protection principle states that personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 is met and, in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

31. With regard to the conditions in Schedule 2 of the DPA, it is my view that condition 6 is the only such condition which might be considered to apply. Condition 6 covers processing (for example, through disclosure to the public) which is necessary for the purposes of legitimate interests pursued by the third party to whom information is disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.

32. I must apply a number of tests to establish whether condition 6 supports disclosure of personal data in this case. The first test is whether it can be established that the third party / parties to whom the data would be disclosed has/have a legitimate interest in the processing of the personal data (in this case by disclosure to a member of the public) to which the request relates. The second is whether the processing is necessary for the purposes of those legitimate interests. The third is whether that processing can be seen to be unwarranted in this particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject. Both competing interests must then be balanced.

33. In relation to Mr Emslie, I have not been able to identify any obvious or specific legitimate interest being pursued in this instance which would necessitate the processing of the information requested. However, it could be argued that there is a wider legitimate interest which is shared by the general public in favour of disclosing the personal information of people who hold senior positions in public authorities in instances where it could be established that the public interest in disclosure outweighs the right to privacy. It could also be argued that people who hold such prominent positions should expect that information about them may be more open to scrutiny and that, where relevant, a certain amount of their personal information could be made publicly available in the interests of openness, transparency and accountability. I find, therefore that the first test can be fulfilled.

34. In considering the second test, with regard to whether disclosure is necessary for the purposes of the legitimate interests identified in the preceding paragraph above, I have considered whether these interests might reasonably be met equally effectively by any alternative means. In all the circumstances, I have concluded that the legitimate interests in question cannot be met without carrying out a search of the records of criminal convictions held on the Scottish Criminal Record Office Criminal History System and therefore that disclosure of this data is necessary for the purposes of the legitimate interests.

35. However, any such argument in favour of release has to be balanced against an individual's right to privacy and I must now consider the rights, freedoms and legitimate interests of the data subject (i.e. the Chief Constables in question) in relation to the application of the section 38(1)(b) exemption in FOISA to the information requested.

36. Employees of Grampian Police will normally have a reasonable expectation that information about themselves which they are obliged to supply as part of the requirements for employment within Grampian Police, and especially any information which relates to the commission or alleged commission of an offence, will not be disclosed to anyone outwith the recruitment process.

37. Additionally, if information which related to the commission or alleged commission of an offence by a previous Chief Constable was obtained by Grampian Police in the course of their employment, and such information was not deemed by Grampian Police to bring into question the ability or suitability of those concerned to carry out their functions as Chief Constable, those persons would have a reasonable expectation that such information would not be disclosed to a third party.

38. In this instance the persons concerned have all left the Police Force and any public interest in assessing the integrity of those persons and their fitness to command the Force no longer exists. It therefore seems to me reasonable to conclude that if Grampian Police were to carry out a search on the Scottish Criminal Record Office Criminal History System, in order to determine whether any of the previous Chief Constables had a criminal record, this would constitute an unwarranted invasion of the privacy of the individuals to whom the request related. As such, I am of the view that the countervailing interests of the data subjects outweigh any countervailing legitimate interests, such as those identified above in relation to the general public.

39. As noted above, I consider that information as to whether a person has or has not committed a criminal offence constitutes "sensitive personal data". As a result, it cannot be disclosed to Mr Emslie unless the disclosure is permitted by one of the conditions set out in Schedule 3 of the DPA. I am satisfied that none of the conditions in Schedule 3 of the DPA is satisfied in relation to sensitive personal data and therefore there is no legal basis under Schedule 3 of the DPA for processing the information in question, should it exist.

40. I must also take into account the fact that the data subjects in this instance would have had no expectation that the information, should it exist, requested by Mr Emslie would be disclosed in such circumstances, and that to do so would cause those persons considerable concern.

41. I am therefore of the opinion that Grampian Police were correct to rely upon section 38(1)(b) of FOISA in this instance on the grounds that to disclose whether any of the previous Chief Constables of Grampian Police had a criminal record during their service with Grampian Police would be unfair and would constitute a breach of the first data protection principle.

Decision

I find that the Chief Constable of Grampian Police complied with Part 1 of the Freedom of Information (Scotland) Act 2002 (FOISA) in dealing with Mr Emslie's requests.

Appeal

Should either Mr Emslie or the Chief Constable of Grampian Police wish to appeal against this decision, there is a right to appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days of receipt of this notice.

Kevin Dunion
Scottish Information Commissioner
23 August 2007

APPENDIX

Relevant Statutory Provisions

Freedom of Information (Scotland) Act 2002:

1 General entitlement

(1) A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.

14 Vexatious or repeated requests

(1) Section 1(1) does not oblige a Scottish public authority to comply with a request for information if the request is vexatious.

(2) Where a Scottish public authority has complied with a request from a person for information, it is not obliged to comply with a subsequent request from that person which is identical or substantially similar unless there has been a reasonable period of time between the making of the request complied with and the making of the subsequent request.

38 Personal information

(1) Information is exempt information if it constitutes-

(?)

(b) personal data and either the condition mentioned in subsection (2) (the "first condition") or that mentioned in subsection (3) (the "second condition") is satisfied;

(?)

(2) The first condition is-

(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998 (c.29), that the disclosure of the information to a member of the public otherwise than under this Act would contravene-

(i) any of the data protection principles; or

(?)

(b) in any other case, that such disclosure would contravene any of the data protection principles if the exemptions in section 33A(1) of that Act (which relate to manual data held) were disregarded.

Data Protection Act 1998

? Basic interpretative provisions

(1) In this Act, unless the context otherwise requires ?

(?)

"personal data" means data which relate to a living individual who can be identified -

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;

(?)

Sensitive personal data

In this Act "sensitive personal data" means personal data consisting of information as to ?

(?)

(g) the commission or alleged commission by him of any offence

(?)

Schedule 1 ? The Data Protection Principles

Part 1 The principles

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless ?

(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

(?)

Schedule 2 ? Conditions relevant for purposes of the first principle: processing of any personal data

(...)

6. ?
(1) The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.

Schedule 3 ? Conditions relevant for purposes of the first principle: processing of sensitive personal data

The data subject has given his explicit consent to the processing of the personal data.

2.?

(1) The processing is necessary for the purposes of exercising or performing any right or obligation which is conferred or imposed by law on the data controller in connection with employment.

(2) The Secretary of State may by order?

(a) exclude the application of sub-paragraph (1) in such cases as may be specified, or

(b) provide that, in such cases as may be specified, the condition in sub-paragraph (1) is not to be regarded as satisfied unless such further conditions as may be specified in the order are also satisfied.

The processing is necessary?

(a) in order to protect the vital interests of the data subject or another person, in a case where?

(i) consent cannot be given by or on behalf of the data subject, or

(ii) the data controller cannot reasonably be expected to obtain the consent of the data subject, or

(b) in order to protect the vital interests of another person, in a case where consent by or on behalf of the data subject has been unreasonably withheld.

The processing?

(a) is carried out in the course of its legitimate activities by any body or association which?

(i) is not established or conducted for profit, and

(ii) exists for political, philosophical, religious or trade-union purposes,

(b) is carried out with appropriate safeguards for the rights and freedoms of data subjects,

(c) relates only to individuals who either are members of the body or association or have regular contact with it in connection with its purposes, and

(d) does not involve disclosure of the personal data to a third party without the consent of the data subject.

The information contained in the personal data has been made public as a result of steps deliberately taken by the data subject.

The processing?

(a) is necessary for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings),

(b) is necessary for the purpose of obtaining legal advice, or

7.?

(1) The processing is necessary?

(a) for the administration of justice,

(aa) for the exercise of any functions of either House of Parliament,

(b) for the exercise of any functions conferred on any person by or under an enactment,

(2) The Secretary of State may by order?

(a) exclude the application of sub-paragraph (1) in such cases as may be specified, or

8.?

(1) The processing is necessary for medical purposes and is undertaken by?

(a) a health professional, or

(b) a person who in the circumstances owes a duty of confidentiality which is equivalent to that which would arise if that person were a health professional.

(2) In this paragraph "medical purposes" includes the purposes of preventative medicine, medical diagnosis, medical research, the provision of care and treatment and the management of health care services.

9.?

(1) The processing?

(a) is of sensitive personal data consisting of information as to racial or ethnic origin,

(b) is necessary for the purpose of identifying or keeping under review the existence or absence of equality of opportunity or treatment between persons of different racial or ethnic origins, with a view to enabling such equality to be promoted or maintained, and

(2) The Secretary of State may by order specify circumstances in which processing falling within sub-paragraph (1)(a) and (b) is, or is not, to be taken for the purposes of sub-paragraph (1)(c) to be carried out with appropriate safeguards for the rights and freedoms of data subjects.

10.

The personal data are processed in circumstances specified in an order made by the Secretary of State for the purposes of this paragraph.