Decision 212/2011 | Scottish Information Commissioner

Home Decisions

Decision 212/2011

Decision 212/2011 Mr Joe Di Rollo and City of Edinburgh Council

Information related to the dismissal of a Council employee

Reference No: 201002132
Decision Date: 28 October 2011

Summary

Mr Joe Di Rollo requested from City of Edinburgh Council (the Council) information leaked by a Council employee, and the value of an out of court settlement to that employee following their dismissal. The Council responded by withholding this information under several of the exemptions set out in the Freedom of Information (Scotland) Act 2002 (FOISA).

Following an investigation, the Commissioner found that the Council had partially failed to deal with Mr Di Rollo's request for information in accordance with Part 1 of FOISA. He found that the value of the out of court settlement had been correctly withheld under section 38(1)(b) of FOISA (personal information), but that this exemption was incorrectly applied to the information that had been leaked.The Commissioner ordered disclosure of that information.

Relevant statutory provisions and other sources

Freedom of Information (Scotland) Act 2002 (FOISA) sections 1(1) and (6) (General entitlement); 2(1)(a) and (2)(e)(ii) (Effect of exemptions) and 38(1)(b), (2)(a)(i), (2)(b) and (5) (definitions of "the data protection principles", "data subject" and "personal data") (Personal information)

Data Protection Act 1998 (the DPA) sections 1(1) (Basic interpretative provisions) (definition of

"personal data"); Schedules 1 (The data protection principles) (the first principle) and 2 (Conditions

relevant for purposes of the first principle: processing of any personal data) (Condition 6)

The full text of each of the statutory provisions cited above is reproduced in the Appendix to this decision. The Appendix forms part of this decision.

Background

1.In 2005, an employee of the Council was dismissed after confidential information relating to the tendering for a contract to renovate and rebuild a number of schools was disclosed to a potential bidder.That contractor subsequently withdrew from that tendering process.Following his dismissal, the employee initiated employment tribunal proceedings, and it was later reported in the press that he had received a payment from the Council in an out of court settlement.

2.On 28 May 2010, Mr Di Rollo wrote to the Council requesting the following information:

(i)How much was paid to the employee in their out of court settlement following their dismissal.

(ii)What privileged information the employee provided to the contractor.

(iii)The view of the employee's manager as to why sensitive information was provided.

(iv)Details of the Council's email retention policy.

3.The Council responded on 30 June 2010 stating that the information relating to the employee and the contractor was exempt from disclosure under sections 38, 36(1) and 33(1)(b) of FOISA.In response to part (iv) of the request, the Council explained that its records retention is based on subject matter rather than record medium, and that it has no blanket retention period for emails.

4.On 25 July 2010, Mr Di Rollo wrote to the Council requesting a review of its decision. In particular, Mr Di Rollo stated that he did not believe the sum paid to the employee was personal information, nor that the information provided by the employee to the contractor (the leaked information) was commercially sensitive. He also commented that it was important to have access to any formed and documented view on the matter from the employee's manager and he asked the Council for details of its email retention policy specifically in relation to a particular email that he had sent to the Council.

5.The Council notified Mr Di Rollo of the outcome of its review on 29 July 2010.It stated that it held no information in respect of parts (iii) and (iv) of his request, explaining that it held no email retention policy and no records of the employee's manager's view on why privileged information was passed to the contractor.With respect to parts (i) and (ii), the Council no longer applied the exemption in section 33(1)(b) of FOISA.However, it continued to withhold this information on the grounds that it was exempt under sections 38(1)(b) and 36(1) of FOISA.

6.On 12 November 2010, Mr Di Rollo wrote to the Commissioner, stating that he was dissatisfied with the outcome of the Council's review and applying to the Commissioner for a decision in terms of section 47(1) of FOISA.

7.The application was validated by establishing that Mr Di Rollo had made a request for information to a Scottish public authority and had applied to the Commissioner for a decision only after asking the authority to review its response to that request.

Investigation

8.On 13 December 2010, the Council was notified in writing that an application had been received from Mr Di Rollo and was asked to provide the Commissioner with any information withheld from him. The Council responded with the information requested and the case was then allocated to an investigating officer.

9.The investigating officer also contacted the Council, giving it an opportunity to provide comments on the application (as required by section 49(3)(a) of FOISA) and asking it to respond to specific questions. In particular, the Council was asked to justify its reliance on any provisions of FOISA it considered applicable to the information requested.

10.In response to this letter, the Council confirmed that it no longer wished to apply the exemption in section 33(1)(b) of FOISA in relation to any of the withheld information.It also withdrew its application of the exemption in section 36(1) of FOISA.It submitted that it now considered the exemption in section 36(2) of FOISA to be applicable to the sum paid to the former employee, and the exemption in section 38(1)(b) of FOISA to all of the withheld information.It provided an explanation of its reasoning when applying each of these exemptions.

11.Mr Di Rollo was also asked for, and provided, his comments and submissions in support of his application. The submissions provided by both the Council and Mr Di Rollo will be discussed further in the Commissioner's analysis and findings section below.

Commissioner's analysis and findings

12.In coming to a decision on this matter, the Commissioner has considered all of the withheld information and the submissions made to him by both Mr Di Rollo and the Council and is satisfied that no matter of relevance has been overlooked.

Scope of this decision

13.Mr Di Rollo asked the Commissioner to investigate the Council's decision to withhold the sum paid to the employee and the confidential information that had been passed to a contractor, as sought in parts (i) and (ii) of his request.

14.Since Mr Di Rollo's application for a decision made no reference to part (iii) of his request (seeking the views of the employee's manager regarding the reasons for information being disclosed to the contractor), this part of Mr Di Rollo's request is not considered any further in this decision.

15.With respect to part (iv) of his request (which sought the Council's policy for the retention of emails), Mr Di Rollo accepted that the Council did not have an email retention policy, but asked the Commissioner to consider the Council's "failure to put in place" such a policy.

16.The Commissioner has not considered this matter, as his role is limited to considering the handling of information requests made under FOISA.FOISA provides a right to request recorded information, or to be notified if the requested information is not held, but it does not oblige public authorities to create or hold particular records.It falls outside the Commissioner's remit, therefore to consider whether the Council should have a retention policy specifically in relation to emails.

The withheld information

17.As noted above, the information under consideration in this decision is the sum paid to the employee (the out of court settlement figure) and the confidential information that was passed to the contractor by that individual (the leaked information).

18.Given that the specific content or nature of the leaked information it is not known to Mr Di Rollo or the general public, the Commissioner is limited in what he can reveal as to details of that information in this decision.He will indicate only in terms that were used in news reports around the time, that the leaked information is confidential information, which could have given the recipient an unfair advantage in the planned tendering process.

19.During the investigation, noting that there were apparently gaps within the information supplied, the investigating officer took steps to confirm that the information provided to the Commissioner was all relevant information held by the Council.The Council's response confirmed that the information provided, so far as it understood, was the information that was provided to the contractor. The Commissioner understands that, although this information appears in some respects to be incomplete, it represents the Council's record of what was disclosed, and it is not possible to establish further whether any additional information was disclosed alongside this information.

20.The Commissioner next considered the Council's application of the exemption at section 38(1)(b) to the withheld information.

Section 38(1)(b) of FOISA

21.The Council applied this exemption to both the leaked information and the out of court settlement figure.

22.Section 38(1)(b) of FOISA, read in conjunction with section 38(2)(a)(i) or (as appropriate) section 38(2)(b), exempts information if it is personal data as defined by the DPA and if its disclosure to a member of the public otherwise than under FOISA would contravene any of the data protection principles laid down in Schedule 1 to the DPA. This particular exemption is an absolute exemption, so is not subject to the public interest test laid down by section 2(1)(b) of FOISA.

23.The Council submitted that disclosure of the information would breach the first, second and sixth data protection principles.

Is the information personal data?

24."Personal data" is defined in section 1(1) of the DPA as data which relate to a living individual who can be identified a) from those data, or b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller (the full definition is set out in the Appendix).

25.In interpreting "personal data", the Commissioner has taken account of the opinions delivered by the House of Lords in Common Services Agency v Scottish Information Commissioner [2008] UKHL 47, by the High Court of England and Wales in Department of Health v Information Commissioner [2011] EWHC 1430 (Admin) and by the Court of Session in Craigdale Housing Association and others v Scottish Information Commissioner [2010] CSIH 43.

26.The Commissioner must therefore consider whether the information requested by Mr Di Rollo relates to and identifies (either alone or in conjunction with other information) any specific individual(s).If not, the information is not personal data for the purposes of section 1(1) of the DPA, and the exemption in section 38(1)(b) will not apply.

27.In relation to the leaked information, having carefully considered this information, the Commissioner cannot accept that it either identifies or relates to any specific individual. He has noted that it is comprised of solely technical, financial and commercial data. While the Commissioner recognises that the fact that the employee leaked information is the employee's personal data (and he notes that this fact is already in the public domain), he does not consider that the actual leaked information relates in a sufficiently significant way to the employee, nor that the employee could be identified from those data together with other information already in the public domain (or as a result of action which is likely to be taken by a determined person to identify an individual).As a result, he has found that the leaked information is not personal data about the employee, or any other person.

28.As the Commissioner has not found this information to be personal data he cannot uphold the application of section 38(1)(b) of FOISA to this information.Since the Council has not claimed that any other exemption applies to the leaked information, he finds that it acted in breach of section 1(1) of FOISA by withholding it.He requires the Council to disclose the leaked information to Mr Di Rollo.

29.The Commissioner considers that the information detailing the out of court settlement figure is however clearly personal data which relates to the employee's finances and the source of the relevant sum.It is information, which (particularly when disclosed in response to a request for information referring to the sum paid to a named individual) clearly identifies and relates to that individual.

30.Having concluded that the out of court settlement figure is personal data as defined in section 1(1) of the DPA, the Commissioner must now go on to consider whether disclosure of this information would contravene any of the data protection principles cited by the Council. The Commissioner will firstly consider the Council's submissions relating to the first data protection principle before going on to consider, if necessary, submissions relating to any of the other data protection principles.

Would disclosure contravene the first data protection principle?

31.The first data protection principle states that personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 to the DPA is met and, in the case of sensitive personal data, at least one of the conditions in Schedule 3 to the DPA is also met.

32.The processing under consideration in this case is disclosure of the personal data into the public domain in response to Mr Di Rollo's information request.

33.There are three separate aspects to the first data protection principle: (i) fairness, (ii) lawfulness and (iii) the conditions in the schedules. However, these three aspects are interlinked. For example, if there is a specific condition which permits the personal data to be disclosed, it is likely that the disclosure will also be fair and lawful.

34.The Commissioner does not consider any of the personal data withheld in this case to be sensitive personal data.He will therefore consider only whether any of the conditions in Schedule 2 to the DPA would permit disclosure of the information.

35.The Commissioner will now go on to consider whether there are any conditions in Schedule 2 to the DPA which would permit the personal data to be disclosed.If he concludes that a Schedule 2 condition can be met he will then go on to consider whether the disclosure of this personal data would otherwise be fair and lawful

Can any of the conditions in Schedule 2 of the DPA be met?

36.The Council has argued that none of the conditions set out in Schedule 2 to the DPA, could be met in this case.Having considered all Conditions in Schedule 2, the Commissioner considers that only condition 6 might be applicable in the circumstances of this case.

37.Condition 6 allows personal data to be processed if the processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject (i.e. the individual to whom the data relates).

38.There are, therefore, a number of different tests which must be satisfied before condition 6 can be met. These are:

Does Mr Di Rollo have a legitimate interest in obtaining the personal data?

If yes, is the disclosure necessary to achieve these legitimate interests? In other words, is the disclosure proportionate as a means and fairly balanced as to ends, or could these legitimate aims be achieved by means which interfere less with the privacy of the data subject(s)?

Even if the processing is necessary for Mr Di Rollo's legitimate interests, would the disclosure nevertheless cause unwarranted prejudice to the rights and freedoms or legitimate interests of the individual in question? There is no presumption in favour of the release of personal data under the general obligation laid down by FOISA. Accordingly, the legitimate interests of Mr Di Rollo must outweigh the rights and freedoms or legitimate interests of the individual concerned before condition 6 will permit the personal data to be disclosed. If the two are evenly balanced, the Commissioner must find that the Council was correct to refuse to disclose the personal data to Mr Di Rollo.

Does Mr Di Rollo have a legitimate interest in obtaining the personal data?

39.When invited to comment on whether he had a legitimate interest in accessing the withheld information, Mr Di Rollo highlighted the seniority of the employee concerned and the effect of his actions in delaying and increasing the costs of the Council's tendering process, leading to delay and disruption also for children and parents.

40.He also commented that the Council's decision to reach an out of court settlement with the employee had the effect of preventing the full circumstances surrounding his dismissal being aired in public, and so, had the effect of covering up alleged corruption.

41.The Council submitted that Mr Di Rollo did not have a legitimate interest in obtaining the information.It provided some background information regarding its history of communications with him and expressed the view of the Council that Mr Di Rollo's interest was neither legitimate not based in fact and was founded on an idea that there was a conspiracy to conceal Council corruption.

42.While he does not consider that the disclosure of this sum would provide any evidence of corruption by the Council (and so he cannot accept that there is any legitimate interest in this particular information on those grounds), the Commissioner accepts that Mr Di Rollo, like any other tax-payer, does have a legitimate interest in the disclosure of the sum paid from public funds in an out of court settlement with the employee concerned.He recognises that this disclosure would provide further insight into the actions of the Council in response to those of the employee and the costs incurred following the disclosure of information to the contractor.

Is disclosure necessary for the purposes of those legitimate interests?

43.The Commissioner must now consider whether disclosure is necessary for Mr Di Rollo's legitimate interests, and in doing so he must consider whether these interests might reasonably be met by any alternative means.

44.Having accepted that there is a legitimate interest (shared by Mr Di Rollo and the wider public) in understanding the actions of the Council following the leaking of information, including the sum that was paid to the employee,the Commissioner also accepts that disclosure of the settlement figure is necessary for the purposes of that legitimate interest.

45.This information is not otherwise available, and the Commissioner can envisage no way of meeting Mr Di Rollo's legitimate interest in a way that would be less intrusive.

Would disclosure cause unwarranted prejudice to the legitimate interests of the data subject?

46.The Commissioner must now consider whether disclosure would nevertheless cause unwarranted prejudice to the rights, freedoms and legitimate interests of the data subject. As noted above, this involves a balancing exercise between the legitimate interests of Mr Di Rollo and those of the employee. Only if the legitimate interests of Mr Di Rollo outweigh those of the employee can the information be disclosed without breaching the first data protection principle.

47.It was Mr Di Rollo's view that as the employee in question was a senior officer, if the Council was a public listed company using international financial reporting standards then the out of court settlement figure would be publicly available. He submitted that the public's right to obtain the information outweighed the data subject's right to privacy.

48.The Council submitted that disclosure of the information would resurrect the subject of the employee's dismissal, causing distress to both the employee and his family, and that disclosure would cause unwarranted prejudice to the employee's rights.

49.The Commissioner has weighed up these arguments carefully. He has also taken into account the guidance on this point in his own briefing on the section 38 exemption[1], which identifies relevant factors as including:

whether the information relates to the individual's public or private life

the potential harm or distress that may be caused by disclosure

whether the individual has objected to disclosure

the reasonable expectations of the individual as to whether their information would be disclosed.

50.Having considered the terms of the agreement between the Council and the employee with respect to the out of court settlement, the Commissioner recognises that the employee would have held a clear expectation that the information would not be made publicly available.

51.The Commissioner also recognises that where an out of court settlement of this type is achieved, it is normally considered to be a private matter between the parties, and there will routinely be a clear expectation that information about that agreement will remain confidential. The Commissioner accepts that public disclosure of the out of court settlement figure in response to Mr Di Rollo's information request under FOISA would cause a significant intrusion into the privacy of the employee and would be likely also to be distressing for the employee's family.He recognises that this would be contrary to the employee's expectations in the light of the agreement reached with the Council.

52.While the Commissioner can accept that the employee's dismissal, subsequent initiation of employment tribunal proceedings and out of court settlement relate directly to employee's actions in his public life, he must also acknowledge that the out of court settlement directly affected the employee's private life, and involved an agreement in relation to which the Council has demonstrated there was an explicit expectation of confidentiality.

53.Having balanced Mr Di Rollo's legitimate interests against the rights, freedoms or legitimate interests of the data subject, the Commissioner has found that the legitimate interests served by release of the out of court settlement figure would not outweigh the prejudice that would be caused to the rights, freedoms or legitimate interests of the data subject, and so the disclosure would be unwarranted.

54.The Commissioner therefore finds that condition 6 cannot be met in relation to the out of court settlement figure. He concludes that since no Schedule 2 condition has been found to apply, disclosure of this information would breach the first data protection principle. This information is therefore exempt from disclosure under section 38(1)(b) of FOISA.

55.As the Commissioner is satisfied that the first data protection principle would be breached by disclosure of the out of court settlement figure, and so the exemption in section 38(1)(b) has been correctly applied to this information, he has not gone on to consider whether the other data protection principles cited by the Council would also be breached by disclosure.

56.As the Commissioner has found that the out of court settlement was correctly withheld under section 38(1)(b) of FOISA, he is also not required to consider the Council's application of the exemption in section 36(2) to this information.

DECISION

The Commissioner finds that City of Edinburgh Council partially complied with Part 1 of FOISA in responding to the information request made by Mr Di Rollo.

The Commissioner finds that the Council complied with Part 1 of FOISA by withholding the out of court settlement figure under the exemption in section 38(1)(b) of FOISA. However, he finds that this exemption was incorrectly applied to the leaked information, and so the Council acted in breach of section 1(1) of FOISA by withholding this information.

The Commissioner requires the Council to provide Mr Di Rollo with the leaked information as described in part (ii) of his request by 12 December 2011.

Appeal

Should either Mr Di Rollo or the Council wish to appeal against this decision, there is an appeal to the Court of Session on a point of law only.Any such appeal must be made within 42 days after the date of intimation of this decision notice.

Kevin Dunion
Scottish Information Commissioner
28 October 2011

Appendix

Relevant statutory provisions

Freedom of Information (Scotland) Act 2002

1 General entitlement

(1) A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.

(6) This section is subject to sections 2, 9, 12 and 14.

2 Effect of exemptions

(1) To information which is exempt information by virtue of any provision of Part 2, section 1 applies only to the extent that ?

(a) the provision does not confer absolute exemption; and

(2) For the purposes of paragraph (a) of subsection 1, the following provisions of Part 2 (and no others) are to be regarded as conferring absolute exemption ?

(e)in subsection (1) of section 38 ?

(ii) paragraph (b) where the first condition referred to in that paragraph is satisfied by virtue of subsection (2)(a)(i) or (b) of that section.

38 Personal information

(1)Information is exempt information if it constitutes-

(b) personal data and either the condition mentioned in subsection (2) (the "first condition") or that mentioned in subsection (3) (the "second condition") is satisfied;

(2) The first condition is-

(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998 (c.29), that the disclosure of the information to a member of the public otherwise than under this Act would contravene-

(i) any of the data protection principles; or

(b) in any other case, that such disclosure would contravene any of the data protection principles if the exemptions in section 33A(1) of that Act (which relate to manual data held) were disregarded.

(5) In this section-

"the data protection principles" means the principles set out in Part I of Schedule 1 to that Act, as read subject to Part II of that Schedule and to section 27(1) of that Act;

"data subject" and "personal data" have the meanings respectively assigned to those terms by section 1(1) of that Act;

Data Protection Act 1998

1 Basic interpretative provisions

(1) In this Act, unless the context otherwise requires ?

"personal data" means data which relate to a living individual who can be identified ?

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;

Schedule 1 ? The data protection principles

Part I ? The principles

1 Personal data shall be processed fairly and lawfully and, in particular, shall not be processed

unless ?

(a) at least one of the conditions in Schedule 2 is met, and

(b)in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

Schedule 2 ? Conditions relevant for purposes of the first principle: processing of any personal data

...

6 (1)The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.

[1] http://www.itspublicknowledge.info/Law/FOISA-EIRsGuidance/section38/Section38.aspx