Decision 156/2021: Covid-19 related payments
Public authority: East Lothian Council
Case Ref: 202100013
Summary
The Council was asked for details of every third-party organisation in receipt of financial support related to the Covid-19 pandemic. The Council provided a summary of the information, but withheld most of the specific details as it considered disclosure would, or would be likely to, cause substantial prejudice to the prevention or detection of crime. During the investigation, the Council explained that it did not hold some of the information requested and argued that some other information was otherwise accessible to the Applicant. Following an investigation, the Commissioner found the Council was not entitled to withhold information from the Applicant under the exemptions claimed. He also accepted that the Council did not hold certain information relating to business registration numbers.
Relevant statutory provisions
Freedom of Information (Scotland) Act 2002 (FOISA) sections 1(1), (4) and (6) (General entitlement); 2(1) and (2)(a) (Effect of exemptions); 17(1) (Notice that information is not held); 25(1) (Information otherwise accessible); 35(1)(a) (Law enforcement)
The full text of each of the statutory provisions cited above is reproduced in Appendix 1 to this decision. The Appendix forms part of this decision.
Background
1. On 14 November 2020, the Applicant made a request for information to East Lothian Council (the Council). The information request was as follows:
Please supply details of every 3rd party organisation that has received financial support from the Council, to date, in relation to the Covid-19 pandemic. For the avoidance of doubt, this means any Covid-19 related payment from January 24th 2020.
Such support could take the form of grants, loans or waived fees or taxes.
Please provide me with the following details for each organisation supported:
a) The name, address and registration number, if known, of the organisation supported.
b) The value of the support provided, the nature of the support (grant, loan, etc), the date payment was made.
c) The name of the funding scheme or funding stream that the organisation qualified for.
The Applicant made it clear that he did not want personal information or information on financial support to individuals.
The Applicant asked that the information be provided to him in machine readable format, such as CSV or MS Excel.
2. The Council responded on 3 December 2020. In response, the Council confirmed it held information falling within scope of the Applicant's request but explained that, while the schemes remained operational, the level of detail requested by the Applicant was considered exempt under section 35(1)(a) of FOISA. It was the Council's view that, if the information were published in response to an information request, there was a possibility that the level of detail provided could be used to support a fraudulent application for support. The Council concluded, on balance, that it was not in the public interest to release information which could enable individuals to commit criminal acts.
3. The Council did, however, provide the Applicant with a summary showing all areas where it had provided support to third parties since lockdown began. The Council noted that the summary information showed the area supported, type of support given, value of support, number supported (where possible) and additional information such as whether the payments were supported by Scottish Government funding.
4. On 3 December 2020, the Applicant wrote to the Council, requesting a review of its decision. He considered there to be a very strong public interest in providing transparency and accountability about the use of public funds associated with the Covid-19 pandemic response. The Applicant also commented that it was not clear why providing information on financial support already provided by the Council would hinder attempts to tackle fraud, or promote criminality.
5. The Council notified the Applicant of the outcome of its review on 5 January 2021. The Council upheld its original decision to withhold the detailed information under the exemption in section 35(1)(a). The Council explained why it considered disclosure of the detail requested might provide fraudsters with the ability to identify those who had already applied for support and been successful, thereby enabling them to pose as such organisations for future support, or to raise applications for similar organisations who might be eligible but had not yet applied for support. The Council commented that it had, therefore, concluded that the public interest in preventing crime outweighed the public interest in accessing the requested information.
6. On 6 January 2021, the Applicant wrote to the Commissioner, applying for a decision in terms of section 47(1) of FOISA. The Applicant stated he was dissatisfied with the outcome of the Council's review because it did not disclose the requested information in the detail asked for and he considered there to be a considerable public interest in greater transparency around these grants. He did not believe the public interest test had been correctly applied by the Council.
Investigation
7. The application was accepted as valid. The Commissioner confirmed that the Applicant made a request to a Scottish public authority and asked the authority to review its response to that request before applying to him for a decision.
8. On 26 January 2021, the Council was notified in writing that the Applicant had made a valid application. The Council was asked to send the Commissioner the information withheld from the Applicant. The Council provided the information and the case was allocated to an investigating officer.
9. Section 49(3)(a) of FOISA requires the Commissioner to give public authorities an opportunity to provide comments on an application. The Council was invited to comment on this application and to answer specific questions. These related to the Council's application of the exemption in section 35(1)(a) of FOISA to the withheld information, together with the Council's consideration of the public interest test.
10. Specifically, submissions were sought from the Council as to whether (and, if so, why) the information requested by the Applicant, and only that information, would be enough to enable a potential fraudster to successfully apply for any of the grants or loans available under Covid-19 schemes.
11. During the investigation, the Council explained that, as it did not hold business registration numbers for all of the organisations to which funding was provided, it was now seeking to rely on section 17 of FOISA in this respect. Where the Council did hold business registration numbers for recipients of funding, it stated that it now wished to rely on section 25(1) of FOISA as it believed this information to be otherwise accessible to the Applicant.
Commissioner's analysis and findings
12. In coming to a decision on this matter, the Commissioner considered all of the withheld information and the relevant submissions, or parts of submissions, made to him by both the Applicant and the Council. He is satisfied that no matter of relevance has been overlooked.
Section 35(1)(a): Law enforcement
13. The Council has relied on the exemption in section 35(1)(a) of FOISA for withholding detailed information sought by the Applicant.
14. Under section 35(1)(a) of FOISA, information is exempt information if its disclosure would, or would be likely to, prejudice substantially the prevention and detection of crime. As the Commissioner's guidance on section 35 notes[1], the term "prevention or detection of crime" is wide ranging. It encompasses actions taken to anticipate and prevent crime, or to establish the identity, and secure prosecution, of people suspected of being responsible for committing a crime. This could mean activities in relation to a specific (anticipated) crime or wider strategies for crime reduction and detection.
15. The exemption in section 35(1)(a) can only apply where disclosure of the information in question would, or would be likely to, prejudice substantially the prevention or detection of crime. FOISA does not define "substantial prejudice", but the Commissioner considers an authority would have to identify harm of real and demonstrable significance. The harm would also have to be at least likely and, therefore, more than a remote possibility. The Council must be able to demonstrate that some causal relationship exists between the potential disclosure of the information being withheld and the prejudice the exemption is designed to protect.
16. This exemption is subject to the application of the public interest test in section 2(1)(b) of FOISA.
Submissions from the Council
17. The Council provided the Commissioner with details of all of the funding schemes and streams that were available to different types of organisations to support them during the Covid-19 pandemic. It also provided copies of application forms which those organisations would have to complete and submit to determine whether they qualified for the funding available. The Council also notified the Commissioner of the date on which each of the funding schemes and streams closed, together with when the last payment was made for each.
18. The Council explained that, at the time it received the Applicant's request, there had been a number of attempted fraudulent applications made for funding, which were the subject of ongoing investigations by Police Scotland. The Council also noted that further fraudulent applications for Covid-related grants had been received. From information on these attempts, it was concerned about organised crime involvement, and that disclosure of the requested data could prejudice the actions of Police Scotland in investigating suspected and confirmed fraud.
19. The Council also expressed concern that, had it disclosed all of the information covered by his request to the Applicant at the time of the request, it would have placed in the public domain a record of all local businesses that had successfully applied for funding under the relevant schemes, thereby leaving the Council open to potentially fraudulent applications from individuals who would use the published information to identify organisations which could apply for funding but had not done so.
20. Furthermore, the Council considered such disclosure, which would have occurred while the schemes in question continued to operate, would have substantially prejudiced its actions to anticipate and prevent crime. The Council submitted that this risk was underscored by guidance received from the Scottish Government, advising the Council to refrain from disclosing this information into the public domain.
21. The Council explained in detail to the Commissioner why it considered disclosure of the specific information requested by the Applicant in this case would enable someone to make a fraudulent application.
Submissions from the Applicant
22. In his submissions, the Applicant argued that (given the considerable sums of public money at stake) greater transparency would help, not hinder, the fight against fraudulent claims. Furthermore, the Applicant was of the view that local authorities should have in place robust due diligence checks before grants were paid, and disclosing information on Covid-19 grants already paid should not impact on that process. On the contrary, the Applicant suggested that it might help other public agencies to identify fraudulent claims.
The Commissioner's conclusions
23. In reaching a decision on this matter, the Commissioner must consider the circumstances surrounding the requested information at the time the Council responded to the Applicant's requirement for review (5 January 2021).
24. Having fully considered all of the submissions from the Council, together with the withheld information, the Commissioner cannot accept that the withheld information would be exempt from disclosure under section 35(1)(a) of FOISA.
25. It is evident to the Commissioner from reviewing the various application forms which had to be completed, depending on the funding sought by the organisation concerned, that the nature and categories of information to be provided went well beyond the specific information requested by the Applicant in this case. Indeed, it appears that photographic or other evidence of the identity of the applicant had to be provided in certain cases, as did (among other information) evidence of the business's financial status, bank account, previous grant payments and business insurance, VAT registration number or HMRC unique tax reference, and screenshots of the business's HMRC Coronavirus Job Retention "Furlough" Scheme account. In the circumstances, even if the withheld information might highlight entities which had not sought funding, the Commissioner is unable to accept that the information requested by the Applicant (either on its own or with other information in the public domain) would be sufficient to enable a potential fraudster to apply successfully for one or more of the grants or funds covered by the request.
26. Furthermore, having considered the dates provided by the Council as to when specific funds closed to new applications and made final payments, it is clear that several of these had already both closed and made final payments at the time of the Applicant's request. As a consequence, the Commissioner cannot agree that disclosure of the information requested by the Applicant would have enabled a potential fraudster to make a successful application for payment from these funds.
27. With respect to certain of the other funding streams, the Commissioner understands that these were only open to applicants who had been both identified and approved by the Scottish Government. Therefore, the Commissioner cannot accept that it would have been possible to make a successful fraudulent application in these cases if the requested information were disclosed.
28. Whilst the Commissioner recognises that there were some funding streams for which the applications had not closed at the time of the Applicant's request and final payments had not been made, it is apparent from reading the appropriate application forms that the nature of the information that required to be submitted was far more detailed than that covered by the Applicant's request. It is not apparent to the Commissioner that simply making it known, by exception, that an entity had not sought funding from one of these streams would be of real value to any criminal in seeking to pursue a successful fraudulent application for funding. If any of the relevant processes were significantly open to fraud, the Commissioner is not satisfied that the possibility of identifying entities, to enable someone to masquerade as another entity, could reasonably be said to form a material element of the relevant risks.
29. For the reasons given above, the Commissioner is unable to uphold the Council's assertion that disclosure of the requested information, at the time of the Applicant's requirement for review, would have enabled a potential fraudster to make a successful application for funding. The Commissioner does not accept that the concerns raised by the Council regarding the disclosure of the information were justified, or that the anticipated harm would have been likely to occur should the information have been disclosed.
30. With regard to the Council's view that disclosure of the requested information could prejudice Police Scotland's actions in investigating potential fraud, the Council has not provided the Commissioner with any specific submissions as to how this would happen, nor has it provided any comment from Police Scotland to substantiate its position.
31. The Commissioner would also note that there is really nothing in the substance of the Council's submissions which is particularly specific to the present pandemic. If sound, much the same argument could, presumably, be deployed against the disclosure of similar information - quite basic building blocks when it comes to transparency in relation to public funding - in any circumstances. It is quite surprising, therefore, that similar arguments do not appear to have arisen previously in a Freedom of Information context - and that other (non-FOI) measures do not appear to have been taken previously to mitigate the risks identified in this case.
32. The Commissioner is therefore unable to accept that disclosure of the withheld information, at the time the Council responded to the Applicant's requirement for review would have prejudiced, or would have been likely to prejudice, substantially the prevention or detection of crime.
33. Because the exemption has not been found to apply, the Commissioner is not required to go on to consider the public interest test in section 2(1) of FOISA in relation to this information.
Section 17 - Information not held
34. In terms of section 1(4) of FOISA, the information to be provided in response to a request under section 1(1) is that falling within the scope of the request and held by the authority at the time the request is received, subject to certain qualifications which are not applicable in this case. Under section 17(1) of FOISA, where an authority receives a request for information it does not hold, it must give the applicant notice in writing to that effect.
35. During the investigation, the Council informed the Commissioner that it did not hold business registration numbers as requested by the Applicant.
36. The Council explained that not all of the application forms that required to be completed asked for the inclusion of a business registration number and, in some cases, provision of the information was optional. While this information might have been provided by businesses, it was not needed or relevant to the application process and so was not processed by the Council. It used another identifier where one was required. The Council stated that it was under no duty or statutory obligation to hold business registration numbers for the purposes of processing applications for the funding streams and schemes covered by the request.
37. The Council provided the Commissioner with examples of the application forms in use, to demonstrate what specific information required to be provided by applicants, depending on the fund or funding stream they were applying for.
38. Having carried out searches to determine whether it held business registration numbers for any of the organisations which had applied for funding support, the Council identified this information in respect of 63 applications made for specific funding. For this information, the Council stated that in respect of this information it was seeking to rely on the exemption in section 25(1) of FOISA as it considered this to be otherwise accessible to the Applicant. The application of this exemption will be considered later in the Decision Notice.
39. The standard of proof to determine whether a Scottish public authority holds information is the civil standard of the balance of probabilities. In determining whether a Scottish public authority holds information, the Commissioner will consider the scope, quality, thoroughness and results of the searches carried out by the public authority. He will also consider, where appropriate, any reason offered by the public authority to explain why the information is not held.
40. Having considered all of the relevant submissions, the Commissioner accepts that the Council did not hold the business registration numbers for the majority of the organisations which received funding. He acknowledges that this was not information for which the Council had any business need, even if it was obtained in some cases. He is not aware that every entity covered by the request would necessarily have a unique registration number in any case. To the extent that the information was not held, the Commissioner accepts that Council was entitled (and indeed required) to give the Applicant notice in terms of section 17(1) of FOISA. The Council breached section 17(1) in failing to give such notice.
Section 25(1) - Information otherwise accessible
41. Under section 25(1) of FOISA, information which an applicant can reasonably obtain other than by requesting it under section 1(1) is exempt from disclosure. This exemption is not subject to the public interest test in section 2(1)(b) of FOISA. Section 25(1) is not intended to prevent or inhibit access to information, but to relieve public authorities of the burden of providing information that an applicant can readily access without asking for it.
42. The Council relied on section 25(1) of FOISA for the business registration numbers associated with 63 of the organisations which applied for funding support. The Council explained that this information was publicly available via Companies House.
43. Having accessed the Companies House website, the Commissioner acknowledges that carrying out a search using the name of a company will return results including that company's registration number. However, there would clearly be a need for the Applicant to know the name of the company concerned before he could carry out a successful search to identify their registration number.
44. In all the circumstances of this case, while the Commissioner can accept that the registration number of a specific company can be identified from a search of the Companies House website, he is unable to accept that the registration numbers held by the Council and under consideration here could be considered otherwise accessible to the Applicant in this case. The Council's argument appears to presuppose that the names of the companies concerned are available to the Applicant, which cannot be the case while they are being withheld by the Council under another exemption. The Council cannot simultaneously withhold information while claiming it can be used to access other information (which, by implication, is what it is doing here).
45. The Commissioner therefore finds that the Council was not entitled to rely on the exemption in section 25(1) of FOISA for this aspect of the Applicant's request. He requires disclosure of this information along with the rest of the information withheld from the Applicant.
46. The Commissioner would draw the Council's attention to the Applicant's statement that he is not seeking any personal information or information on financial support to individuals. The Commissioner is not, therefore, requiring the Council to disclose any information in these categories.
Decision
The Commissioner finds that East Lothian Council (the Council) failed to comply with Part 1 of the Freedom of Information (Scotland) Act 2002 (FOISA) in responding to the information request made by the Applicant.
The Commissioner finds that the Council was entitled (and indeed required) to notify the Applicant, in terms of section 17(1) of FOISA, that it did not hold certain information (business registration numbers) requested by the Applicant. In failing to do so in response to the Applicant's request or requirement for review, it failed to comply with section 17(1).
The Commissioner also finds that the Council failed to comply with section 1(1) as it was not entitled to withhold information under sections 25(1) and 35(1)(a) of FOISA.
The Commissioner therefore requires the Council to disclose all of the information it holds covered by points a), b) and c) of the Applicant's request, taking account of the Applicant's exclusion from the request of any personal information or information on financial support to individuals, by 22 November 2021.
Appeal
Should either the Applicant or the Council wish to appeal against this decision, they have the right to appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days after the date of intimation of this decision.
Enforcement
If the Council fails to comply with this decision, the Commissioner has the right to certify to the Court of Session that the Council has failed to comply. The Court has the right to inquire into the matter and may deal with the Council as if it had committed a contempt of court.
Margaret Keyse
Head of Enforcement
6 October 2021
Appendix 1: Relevant statutory provisions
Freedom of Information (Scotland) Act 2002
1 General entitlement
(1) A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.
…
(4) The information to be given by the authority is that held by it at the time the request is received, except that, subject to subsection (5), any amendment or deletion which would have been made, regardless of the receipt of the request, between that time and the time it gives the information may be made before the information is given.
…
(6) This section is subject to sections 2, 9, 12 and 14.
2 Effect of exemptions
(1) To information which is exempt information by virtue of any provision of Part 2, section 1 applies only to the extent that -
(a) the provision does not confer absolute exemption; and
(b) in all the circumstances of the case, the public interest in disclosing the information is not outweighed by that in maintaining the exemption.
(2) For the purposes of paragraph (a) of subsection 1, the following provisions of Part 2 (and no others) are to be regarded as conferring absolute exemption -
(a) section 25;
…
17 Notice that information is not held
(1) Where-
(a) a Scottish public authority receives a request which would require it either-
(i) to comply with section 1(1); or
(ii) to determine any question arising by virtue of paragraph (a) or (b) of section 2(1),
if it held the information to which the request relates; but
(b) the authority does not hold that information,
it must, within the time allowed by or by virtue of section 10 for complying with the request, give the applicant notice in writing that it does not hold it.
…
25 Information otherwise accessible
(1) Information which the applicant can reasonably obtain other than by requesting it under section 1(1) is exempt information.
…
35 Law enforcement
(1) Information is exempt information if its disclosure under this Act would, or would be likely to, prejudice substantially-
(a) the prevention or detection of crime;
