Decision 207/2007 Mr Tom Gordon of The Sunday Times and the Scottish Parliamentary Corporate Body

Offers of work made to the Presiding Officer

Applicant: Mr Tom Gordon of the Sunday Times
Authority: The Scottish Parliamentary Corporate Body
Case No: 200700506
Decision Date: 5 November 2007

Kevin Dunion
Scottish Information Commissioner

Offers of work made to the Presiding Officer - information withheld by the SPCB on the basis of section 38(1)(b) (Personal information) ? decision generally upheld by the Commissioner.

Relevant Statutory Provisions and Other Sources

Freedom of Information (Scotland) Act 2002 (FOISA) sections 1(1) (General entitlement) and 38(1)(b), (2) and (5) (Personal information)

Data Protection Act 1998 (the DPA) sections 1(1) (definition of "personal data") and (2) (Basic interpretative provisions); Schedule 1 Part I (The data protection principles: the first principle) and Schedule 2 (Conditions relevant for purposes of the first principle: processing of any personal data).

The full text of each of these provisions is reproduced in the Appendix to this decision. The Appendix forms part of this decision.

Facts

In February 2007, Mr Tom Gordon asked for all records held by the Scottish Parliamentary Corporate Body (the SPCB) in relation to offers of work made to the Presiding Officer, including correspondence from the Presiding Officer in reply. The SPCB refused to provide the information covered by this request, believing it to be exempt from disclosure under section 38 of FOISA. Mr Gordon was not satisfied with this response and asked the SPCB to review its decision; however, after review the decision was upheld. Mr Gordon remained dissatisfied and applied to the Commissioner for a decision.

Following an investigation, the Commissioner found that the SPCB had partially complied with Part 1 of FOISA in dealing with Mr Gordon's request for information. Most of the information withheld was found to be personal data which was exempt from disclosure under section 38(1)(b) of FOISA, as claimed by the SPCB.However, the Commissioner required the SPCB to disclose some information relating to the role of Presiding Officer or to actions undertaken in relation to that position.

Background

1.Any reference to "the Presiding Officer" in this decision notice is a reference to Mr George Reid, who held this post until May 2007.

2.On 6 February 2007, Mr Gordon sent an email to the SPCB requesting all records relating to offers of work made to the Presiding Officer.He explained that this should include, but not be limited to, offers of outside employment, directorships, consultancy work, and remunerated or unremunerated roles in any other organisations, whether accepted or declined.He asked that any responses from the Presiding Officer should also be provided.

3.On 1 March 2007, the SPCB wrote to Mr Gordon in response to his request for information, stating that the information he had requested was exempt from disclosure under section 38 of FOISA (Personal information).Mr Gordon was advised that the Presiding Officer's recently updated entry on the Register of Interests contained information about his connections with outside organisations.

4.On 2 March 2007, Mr Gordon wrote to the SPCB requesting a review of its decision. Mr Gordon disputed that initial offers of work from third parties could include personal data about the Presiding Officer.He expressed the view that the updating of the Presiding Officer's entry in the Register of Interests on the day before the SPCB replied to his request suggested that there had been a "fair amount" of traffic between the Presiding Officer and third parties about his future engagements.Mr Gordon believed the fact that these engagements were registerable interests showed that the engagements were of public interest, and the associated correspondence ought to be released in full.Finally, Mr Gordon queried the fact that the exemption had been applied wholesale to the information withheld, without releasing redacted versions of the documents, and not even the Presiding Officer's acceptance of the positions now appearing on his register of interests had been released.

5.On 22 March 2007, the SPCB wrote to notify Mr Gordon of the outcome of its review. It had decided to confirm its original decision without modification, explaining that the information requested did not relate to parliamentary business and was personal to the Presiding Officer as it concerned his private affairs outside his official role.

6.The SPCB also considered the issues Mr Gordon had raised about the duty of the Presiding Officer to declare interests about third parties and future engagements.It explained that offers of employment or "future engagements" are not registerable interests: MSPs are required only to register remuneration from employment.An MSP could add further personal details to the Register but such additions would be on a voluntary basis and at the discretion of individual members.The SPCB acknowledged that the Register does contain information which is personal information and which would not otherwise be available or accessible under FOISA, and explained that certain information is required to be included in the Register.[1]However, aside from these requirements, MSPs were entitled to rely on the protections provided under the Data Protection Act 1998 (the DPA) like every other individual.

7.On 4 April 2007, Mr Gordon wrote to my Office, stating that he was dissatisfied with the outcome of the SPCB's review and applying to me for a decision in terms of section 47(1) of FOISA.

8.The application was validated by establishing that Mr Gordon had made a request for information to a Scottish public authority and had applied to me for a decision only after asking the authority to review its response to that request.

9.On 27 April 2007, the SPCB was notified in writing that an application had been received from Mr Gordon and was asked to provide my Office with specified items of information required for the purposes of the investigation. The SPCB responded with the information requested and the case was then allocated to an investigating officer.

The Investigation

10.The investigating officer asked the SPCB to provide comments on Mr Gordon's application, to provide copies of the Presiding Officer's entry on the Register of Interests before and after it was updated, and to explain the distinction it had drawn between the Presiding Officer's official role and his private affairs.

11.The SPCB provided the information and comments sought on 4 July 2007.

The Commissioner's Analysis and Findings

12.In coming to a decision on this matter, I have considered all of the information and the submissions that have been presented to me by both Mr Gordon and the SPCB and am satisfied that no matter of relevance has been overlooked.

13.The SPCB has withheld the information requested by Mr Gordon under section 38(1)(b) of FOISA, read in conjunction with section 38(2)(a), on the grounds that the information is the Presiding Officer's personal data, and that disclosure of the information would breach the first data protection principle as laid down in the DPA.Section 38(1)(b), read in conjunction with either section 38(2)(a)(i) or (2)(b), exempts third party personal data from disclosure if the disclosure of the information to a member of the public would contravene any of the data protection principles set out in Schedule 1 of the DPA.

14.There are two key questions to consider in reaching a decision on whether the SPCB was correct to withhold the information requested under section 38 of FOISA:

- is the information the personal data of the Presiding Officer?
- if so, would disclosure breach any of the data protection principles?

If the answer to both these questions is "yes", I must find that the SPCB was correct to withhold the information requested under section 38(1)(b) of FOISA.

Is the information personal data?

15.The information withheld comprises a number of letters between the Presiding Officer and organisations which had invited him to participate in their affairs.Some letters were sent to those organisations by staff in his Private Office on his behalf. Some administrative emails relating to this correspondence were also withheld.The SPCB also withheld a copy of a press release relating to one of the offers.

16."Personal data" is defined in section 1(1) of the DPA 1998 as follows:

"data which relate to a living individual who can be identified -

a) from those data, or

b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;"

17.In his application to me, Mr Gordon questioned the SPCB's statement that the information "does not relate to parliamentary business and is personal to the Presiding Officer as it concerns his private affairs outside of his role as PO.", asking why, in that case, the SPCB held the information.He took the view that it was not credible to argue that the information withheld was unconnected to Mr Reid's role as Presiding Officer, reasoning that offers of work had been made to him through his parliamentary office, not at random, but largely because he was Presiding Officer.

18.After examining the information withheld, I am satisfied that it has Mr George Reid as its focus rather than the post he occupied, and that it is his personal data.

19.The DPA does not draw a distinction between personal information relating to an individual's private life, and personal information relating to their professional activities, although this may have a bearing on whether it is fair and lawful to disclose personal data. I shall return to this question later in relation to the information withheld in this case.

Would disclosure breach any of the data protection principles?

20.The SPCB has argued that disclosure of the information would breach the first data protection principle laid down in the DPA, which states that personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 to the DPA is met. (In the case of sensitive personal data, as defined by section 2 of the DPA, at least one of the conditions in Schedule 3 must also be met; however, in this case I am satisfied that none of the information is sensitive personal data.)

21.The SPCB considers that disclosure of the information would be unfair, as the Presiding Officer has a reasonable expectation that the information would not be released.

22.The Information Commissioner, who is responsible for enforcing and regulating the DPA throughout the United Kingdom, has issued guidance (Freedom of Information Awareness Guidance No.1) which states:

"?the more senior a person is, the less likely it will be that to disclose information about him or her acting in an official capacity would be unfair."

23.It is therefore relevant to consider the extent to which the information withheld relates to Mr Reid's position as Presiding Officer, in order to establish whether the correspondence was undertaken by him in his official capacity.

24.The SPCB was asked to explain the distinction drawn between the Presiding Officer's official role and his private affairs, and the involvement of staff in his private office regarding the correspondence in question if this was a matter unrelated to his official role.

25.The SPCB submitted that the role of a Private Office is to ensure that the key individual (in this case, the Presiding Officer) is able to perform their functions in an efficient, effective and knowledgeable manner.The core functions of a Private Office include managing correspondence and communicating the office holder's views to others inside and outwith the organisation.The SPCB explained that there are times when it is necessary to undertake what may be called "non-core" functions to ensure the office holder can focus on the responsibilities and duties of their role; this may occasionally mean dealing with personal correspondence.

26.Regarding the distinction between the Presiding Officer's official role and his private affairs, the SPCB commented that it was very difficult to draw the line between parliamentary, private and constituency life, but that the overarching objective was to ensure that the Presiding Officer is able to function effectively and fulfil his statutory and parliamentary duties. To this end, the SPCB took a pragmatic view of the role of a Private Office.

27.The SPCB went on to explain that because the Presiding Officer is a high profile figure, matters in his private life would be likely to be of public interest and reported or commented upon.As part of the wider responsibility to the SPCB, Presiding Officers therefore discuss such matters with their Private Office and forward correspondence and documents that are essentially personal to ensure that the SPCB could not be damaged in any way by their private actions.This is established practice throughout the civil service and such discussions are kept confidential.

28.The SPCB also noted that, given the Presiding Officer's workload and work patterns, it is not unreasonable that the best way to contact him on both personal and professional matters is through his Private Office.

29.I believe this explanation is sufficient to demonstrate why private matters relating to the Presiding Officer might have been dealt with by his staff.

30.As noted previously, Mr Gordon takes the view that the offers would not have been made if Mr Reid had not served as Presiding Officer, and so the correspondence was inextricably connected to the role of Presiding Officer. It is clear that all except one of the offers made to the Presiding Officer were for positions commencing after his expected retirement date of May 2007.I accept that these offers were therefore essentially private matters.There has been no suggestion that the approaches made to the Presiding Officer had any effect on the way in which he carried out the functions of his post and (with a couple of exceptions, discussed below) I do not accept that the information withheld would otherwise relate to actions undertaken by the Presiding Officer in his official capacity.

31.I accept that it would be unfair to disclose personal data where this relates to a private matter unconnected to the official functions of the Presiding Officer and that disclosure would therefore contravene the first data protection principle.

32.However, I have found that document 10, which consists of a press release and three annexes, and was issued from the Presiding Officer's constituency office, cannot reasonably be seen as personal information which it would now be unfair to disclose.The press release is marked "for release" and carries the Scottish Parliament logo.The annexes consist of information which is either published on the internet or is otherwise in the public domain.I therefore do not accept that disclosure of this information would be unfair or unlawful.

33.As noted previously, one of the positions offered to the Presiding Officer commenced before he left office.I have found that two of the documents withheld refer to the relationship between the position of Presiding Officer and this offer.On the basis of the Information Commissioner's guidance outlined in paragraph 22 above, I do not consider that it would be unfair or unlawful to disclose the following personal information, which relates to the position of Presiding Officer: paragraphs 4 and 5 of document 5 (as numbered on the schedule of documents provided to me), together with the name of the organisation the letter was sent to, and the email sent on 22 August 2006 which forms part of document 4. In my view if the Presiding Officer takes up a position whilst he is still in office then it is fair, and to be expected, that this information should be disclosed.

34.Although I have found that it would be fair and lawful to release this information, I cannot order the release of the information unless I find that at least one of the conditions in Schedule 2 of the DPA is met. Having considered these conditions, I note that condition 6 of Schedule 2 allows information to be processed (in this case, disclosed) where:

"The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject."

35.I have found that for the purposes of transparency and accountability there is a legitimate interest in disclosing the information specified in paragraphs 32 and 33.I am satisfied that disclosure of this information will not prejudice the rights and freedoms or legitimate interests of the former Presiding Officer.

Decision

I find that the Scottish Parliamentary Corporate Body (the SPCB) partially complied with Part 1 of the Freedom of Information (Scotland) Act 2002 (FOISA) in responding to the information request made by Mr Tom Gordon.

I find that by withholding most of the information requested under section 38(1)(b) of FOISA, the SPCB complied with Part 1.

However, in applying this exemption to some of the information, I find that the SPCB failed to comply with section 1(1) of FOISA.

I therefore require the SPCB to provide Mr Gordon with a copy of the information specified in paragraphs 32 and 33 above within 45 days of receipt of this decision notice.

Appeal

Should either Mr Gordon or the SPCB wish to appeal against this decision, there is an appeal to the Court of Session on a point of law only.Any such appeal must be made within 42 days of receipt of this decision notice.

Kevin Dunion
Scottish Information Commissioner
5 November 2007

Appendix

Relevant statutory provisions

Freedom of Information (Scotland) Act 2002

1General entitlement

(1)A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.

38Personal information

(1) Information is exempt information if it constitutes-

(?)

(b) personal data and either the condition mentioned in subsection (2) (the "first condition") or that mentioned in subsection (3) (the "second condition") is satisfied;

(?)

(2) The first condition is-

(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998 (c.29), that the disclosure of the information to a member of the public otherwise than under this Act would contravene-

(i) any of the data protection principles; or

(ii) section 10 of that Act (right to prevent processing likely to cause damage or distress); and

(b) in any other case, that such disclosure would contravene any of the data protection principles if the exemptions in section 33A(1) of that Act (which relate to manual data held) were disregarded.

(?.)

(5) In this section-

"the data protection principles" means the principles set out in Part I of Schedule 1 to that Act, as read subject to Part II of that Schedule and to section 27(1) of that Act;

"data subject" and "personal data" have the meanings respectively assigned to those terms by section 1(1) of that Act;

"health record" has the meaning assigned to that term by section 1(1) of the Access to Health Records Act 1990 (c.23)

(?)

Data Protection Act 1998

1.Basic interpretative provisions

(1) In this Act, unless the context otherwise requires

(?)

"personal data" means data which relate to a living individual who can be identified-

(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;

(?)

(2)In this Act, unless the context otherwise requires-

(a)"obtaining" or "recording", in relation to personal data, includes obtaining or recording the information to be contained in the data, and
(b)"using" or "disclosing", in relation to personal data, includes using or disclosing the information contained in the data.

SCHEDULE 1

THE DATA PROTECTION PRINCIPLES

PART I

THE PRINCIPLES

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless-

(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

SCHEDULE 2

CONDITIONS RELEVANT FOR PURPOSES OF THE FIRST PRINCIPLE: PROCESSING OF ANY PERSONAL DATA

6. -(1) The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.

---