Decision 214/2011 Mr Peter Cherbi and the Scottish Legal Complaints Commission
Threats made by known individuals
Reference No: 201101233
Decision Date: 27 October 2011
Summary
Mr Cherbi requested from the Scottish Legal Complaints Commission (the SLCC) information relating to any threats received by the SLCC from known individuals. The SLCC responded by withholding one document in terms of the exemptions at sections 30(c) and 38(1)(b) of FOISA. Following a review, Mr Cherbi remained dissatisfied and applied to the Commissioner for a decision.
Following an investigation, the Commissioner found that the SLCC had failed to deal with Mr Cherbi's request for information in accordance with Part 1 of FOISA. He found that the request was narrower in scope than had been interpreted by the SLCC and that the exemptions in sections 30(c) and 38(1)(b) did not apply to this narrower set of information.
Relevant statutory provisions and other sources
Freedom of Information (Scotland) Act 2002 (FOISA) sections 1(1) and (6) (General entitlement); 2(1) and (2)(e)(ii) (Effect of exemptions); 30(c) (Prejudice to the effective conduct of public affairs) and 38(1)(b), 2(a)(i) and (b) and (5) (definitions of "data protection principles", "data subject" and "personal data") (Personal information)
Data Protection Act 1998 (the DPA) sections 1(1) (Basic interpretative provisions) (definition of "personal data")
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Recital 26
The full text of each of the statutory provisions cited above is reproduced in the Appendix to this decision. The Appendix forms part of this decision.
Background
1.Prior to making the information request that is the subject of this decision, Mr Cherbi made a similar request to the SLCC for information pertaining to threats it had received from anonymous individuals.The SLCC's handling of that request was dealt with in Decision 115/2011 Mr Peter Cherbi and the Scottish Legal Complaints Commission.In that decision, the Commissioner noted that certain information which the SLCC had considered to fall within the scope of Mr Cherbi's request did not actually fall within the scope of the request, given that it related to a threat from an individual known to the SLCC.
2.After Decision 115/2011 was issued, Mr Cherbi made a new information request concerning threats received from known individuals.It is this subsequent request which is dealt with in this decision.
3.The new request was made on 10 June 2011.In it, Mr Cherbi asked for information contained in documents and discussions relating to communications received by the SLCC relating to threats made by any known individuals and what action, if any, was taken by the SLCC in response to the threats.
4.The SLCC responded on 4 July 2011, withholding the information in terms of the exemptions in sections 30(c) and 38(1)(b) of FOISA.
5.On the same day, Mr Cherbi wrote to the SLCC requesting a review of its decision, stating that, in his view, it was in the public interest for the information to be disclosed.
6.The SLCC notified Mr Cherbi of the outcome of its review on 5 July 2011.The SLCC upheld its initial decision in full.
7.On 8 July 2011, Mr Cherbi wrote to the Commissioner, stating that he was dissatisfied with the outcome of the SLCC's review and applying to the Commissioner for a decision in terms of section 47(1) of FOISA.
8.The application was validated by establishing that Mr Cherbi had made a request for information to a Scottish public authority and had applied to the Commissioner for a decision only after asking the authority to review its response to that request.
Investigation
9.On 13 July 2011, the SLCC was notified in writing that an application had been received from Mr Cherbi and was asked to provide the Commissioner with the information withheld from him. The SLCC responded with the information requested and the case was then allocated to an investigating officer.
10.The investigating officer subsequently contacted the SLCC, giving it an opportunity to provide comments on the application (as required by section 49(3)(a) of FOISA) and asking it to respond to specific questions. In particular, the SLCC was asked to justify its reliance on any provisions of FOISA it considered applied to the information requested.
11.In response, the SLCC reiterated that it considered the withheld information to be exempt under sections 30(c) and 38(1)(b) of FOISA and it provided its reasoning for coming to this conclusion.
12.Mr Cherbi was also asked by the investigating officer to provide any comments or submissions he wished to make and he provided his reasoning as to why he felt the information should be disclosed. In his submissions, he stated that he did not wish to know the identity of the individual(s) who made any such threats (unless police were involved and a criminal case ensued) and he emphasised that he wanted information contained in the threat(s) and information on any discussions/actions taken in response to the threat(s).
13.The relevant submissions received from the SLCC and Mr Cherbi will be considered fully in the Commissioner's analysis and findings below.
Commissioner's analysis and findings
14.In coming to a decision on this matter, the Commissioner has considered all of the withheld information and the submissions made to him by both Mr Cherbi and the SLCC and is satisfied that no matter of relevance has been overlooked.
The withheld information
15.The information withheld by the SLCC in this case is the same as that considered in Decision 115/2011. It consists of an internal email summarising a telephone call received by an employee of the SLCC from a complainant.
16.During the investigation, the investigating officer asked for details of searches undertaken by the SLCC to ensure that this was all of the recorded information it held which was relevant to Mr Cherbi's information request.
17.In response, the SLCC advised that it had conducted thorough searchesin response to the investigating officer's questions, and had searched all electronic and paper files, cases, folders and directories, but it held no relevant information other than the one document referred to above.
18.Having considered the SLCC's submissions, the Commissioner is satisfied that it has conducted reasonable searches, and that there is no further information held by the SLCC falling within the scope of the request.
19.However, when considering what information should be considered to fall within the scope of Mr Cherbi's request, the Commissioner has also noted comments made by Mr Cherbi in his correspondence with the SLCC and during the investigation.
20.In his request for review, Mr Cherbi highlighted the public interest in seeing the information contained in threats from known individuals.In his application to the Commissioner, he indicated that he was not looking for the identity of the individual who had threatened the SLCC, unless the matter had been reported to the police and a criminal case had proceeded.He commented again that he was looking for disclosure of the information contained in the threats, and any discussions or actions relating to them.
21.In the light of these comments, the Commissioner considers that only some of the information contained in the email provided by the SLCC falls within the terms of the request.The initial paragraphs of that email relate to matters other than threats made to the SLCC.The content that is of interest to Mr Cherbi is contained in the final three paragraphs, and also includes the identity of the person receiving the relevant phone call.
22.The Commissioner has therefore limited his consideration in this decision to the information detailed in paragraph 21 above.He considers the rest of the information to fall outside the scope of Mr Cherbi's request, as understood in the light of his comments detailed above.
Section 30(c) of FOISA ? prejudice to the effective conduct of public affairs
23.Section 30(c) of FOISA exempts information if its disclosure "would otherwise prejudice substantially, or be likely to prejudice substantially, the effective conduct of public affairs". The use of the word "otherwise" distinguishes the harm required from that envisaged by the exemptions in section 30(a) and (b). This is a broad exemption and the Commissioner expects any public authority citing it to show what specific harm would be caused to the conduct of public affairs by release of the information, and how that harm would be expected to follow from release.
24.Section 30(c) applies where the harm caused, or likely to be caused, by disclosure is at the level of substantial prejudice. There is no definition in FOISA of what is deemed to be substantial prejudice, but the Commissioner considers the harm in question would require to be of real and demonstrable significance. The authority must also be able to satisfy the Commissioner that the harm would, or would be likely to, occur and therefore needs to establish a real risk or likelihood of actual harm occurring as a consequence of disclosure at some time in the near (certainly the foreseeable) future, not simply that the harm is a remote possibility.
25.The Commissioner has previously stated that it is important for public authorities to treat each request for information on a case by case basis. Release of information in one case should not be taken to imply that communications of a particular type will be routinely released in future. The circumstances of each case, including the content of the specific information under consideration, must be taken into consideration and (where required) the public interest in each case assessed on its own merits.
26.The SLCC submitted that disclosure of the withheld information would be likely to substantially prejudice its management of risks as it would discourage the documentation and reporting by staff members of threats and therefore impact on the ability to appropriately manage risks and ensure the health and well-being of staff.
27.The SLCC stated that if the withheld information were disclosed that there would be a real risk that its staff would be more reticent to report threats made to them out of concern that the details would be put into the public domain. If this were to happen, the SLCC argued, it would prejudice the SLCC's ability to effectively manage risks posed to its staff and to the organisation. The SLCC stated that its staff must be allowed a private forum to report such incidents and any impact on the SLCC to manage such risks would have a significant impact on the SLCC's ability to carry out its statutory function and public affairs.
28.The SLCC also emphasised the nature of its business and the levels of confidential, legally privileged information and sensitive personal data that it holds and processes on a regular basis.It commented that it is essential that those who communicate with the SLCC can do so confident that it will deal with the information lawfully.
29.It also noted that whilst the SLCC has powers to ask the courts to order the release of information, this would be expensive and impact on the quality and services it provides.It commented that it is in everyone's interests that the SLCC is able to operate as efficiently as possible.
30.The Commissioner has carefully considered all of the above submissions made by the SLCC, but when applying them to the small amount of information that he is considering in this decision, he is not persuaded that harm of any of the types envisaged by the SLCC would follow from its disclose.
31.He notes that the information he considers relevant to Mr Cherbi's request (considered in isolation from the rest of the email which contains it) simply records details of the nature of threats made by an unidentified complainant.The Commissioner is unable to see any reason why disclosure of this limited information would discourage staff from reporting conversations of this nature in future, and limit the SLCC's ability to manage risks and ensure the health and well-being of staff.
32.In reaching this conclusion, the Commissioner recognised that disclosure of the information under consideration would identify the individual to whom the threats had been communicated.Given the senior status of that individual within the SLCC, he does not consider it to be likely that disclosure of their identity would have been likely to discourage either them or less senior employees from reporting similar conversations in future.
33.The Commissioner does recognise that disclosure in this case might have the effect of discouraging individuals from making threatening comments to employees of the SLCC or any other public authority.However, the Commissioner is unable to consider that to be an outcome prejudicial to the effective conduct of public affairs.
34.The Commissioner is also unable to see any reason why (and the SLCC has provided no explanation of its claim that) disclosure would or would be likely to discourage third parties from providing information on a voluntary basis or otherwise undermine the efficiency of the SLCC's operations.
35.In the light of the above, comments, the Commissioner is unable to accept in this case that disclosure of the information under consideration would, or would be likely to prejudice substantially the effective conduct of public affairs in any of the ways suggested by the SLCC.
36.Given that the Commissioner is satisfied that the section 30(c) exemption does not apply to the information under consideration, he is not required to go on to consider the public interest.
37.The Commissioner will now go on to consider the SLCC's application of the exemption at section 38(1)(b) of FOISA to the withheld information.
Section 38(1)(b) of FOISA ? personal information
38.The SLCC maintained that the withheld information was also exempt from disclosure under section 38(1)(b) of FOISA on the basis that it is personal data, disclosure of which would contravene the first data protection principle in the DPA.
39.Section 38(1)(b) of FOISA, read in conjunction with section 38(2)(a)(i) or (as appropriate) section 38(2)(b), exempts information if it is personal data as defined by the DPA and if its disclosure to a member of the public otherwise than under FOISA would contravene any of the data protection principles laid down in Schedule 1 to the DPA. This particular exemption is an absolute exemption, so is not subject to the public interest test laid down by section 2(1)(b) of FOISA.
40.The SLCC has applied this exemption on the basis that it was the personal data of the complainant, and contained the personal data of the staff member to whom the recipient of the phone call sent an email.
41.As noted above, however, the Commissioner does not consider all of the email identified by the SLCC to be relevant to Mr Cherbi's information request in the light of his comments about this case.Having restricted his consideration to the information detailed in paragraph 21, he notes that this excludes the information that the SLCC considered to be the personal data of the staff member receiving the email.It is therefore not necessary to consider the application of the exemption to that information.
42.The Commissioner has noted that the SLCC's submissions made no comment about personal data relating to the staff member who received the telephone call.Accordingly, he understands that the SLCC considered that disclosure of this data would not breach any of the data protection principles.
43.The Commissioner has consequently focused his consideration of the exemption in section 38(1)(b) of FOISA on its application to the information under consideration insofar as that information is personal data concerning the complainant.
Is the information personal data of the complainant?
44."Personal data" is defined in section 1(1) of the DPA as data which relate to a living individual who can be identified a) from those data, or b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller (the full definition is set out in the Appendix).The DPA gives effect to Directive 95/46/EC on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of Such Data (the Directive) and so this has a bearing on how the DPA should be interpreted.
45.In interpreting "personal data", the Commissioner has also taken account of the opinions delivered by the House of Lords in Common Services Agency v Scottish Information Commissioner [2007] 1 WLR 1550 and the opinion of the High Court of England and Wales in Department of Health v Information Commissioner [2011) EWHC 1430 (Admin).In the Common Services Agency case, the Lords concluded that the definition of "personal data" in the DPA must, in terms of recital 26 of the Directive (recital 26 is set out in full in the Appendix), be taken to permit the disclosure of information which had been rendered fully anonymous in such a way that individuals were no longer identifiable from it, without having to apply the data protection principles.
46.Recital 26 also makes it clear that, when determining whether a person is identifiable, account should be taken of all the means likely reasonably to be used to identify the data subject. As noted by the Court of Session in the case of Craigdale Housing Associations and others v The Scottish Information Commissioner [2010] CSIH 43, the test is whether disclosure of the information would lead to the identification of an individual or what other information when taken with the information would reasonably allow for such identification.
47.The Commissioner therefore considered whether the information under consideration, together with other information already in the public domain (or as a result of action likely to be taken by a determined person to identify the individuals) would reasonably allow the complainant to be identified.If it would, then the information will be personal data, provided that it relates to the individual in question.If it would not, the information is not personal data for the purposes of section 1(1) of the DPA, and the exemption in section 38(1)(b) will not apply.
48.After careful consideration of the information that is being considered in this decision (which, as noted above, is limited to the parts of the email identified by the SLCC detailed in paragraph 21 above), the Commissioner cannot find that it constitutes personal data concerning the complainant.He notes that, having excluded from consideration the parts of the email which name the complainant and provide details of his wider dealings with the SLCC, that individual is not identified in the information that remains to be considered.
49.The focus of the information is on the substance and manner of the threats themselves, making no actual mention of the complainant. The Commissioner cannot conceive of any way in which the complainant could be identifiable from the limited content of the information under consideration in this decision.
50.The Commissioner recognises that if this information is considered in the full context of the email containing it, it clearly relates to the individual, who is identifiable from that information considered in conjunction with other information contained in the email.However, the Commissioner finds that considering the actual information that is of interest to Mr Cherbi in isolation from the wider context of the email in which it is contained, the exclusion of the contextual information has the effect of rendering the information under consideration fully anonymous.
51.Accordingly, the Commissioner concludes that the information under consideration (as specified in paragraph 21 above) is not the personal data of the complainant.Given this conclusion, he must find that the exemption in section 38(1)(b) does not apply.
DECISION
The Commissioner finds that the Scottish Legal Complaints Commission (the SLCC) failed to comply with Part 1 of the Freedom of Information (Scotland) Act 2002 (FOISA) in responding to the information request made by Mr Cherbi. The Commissioner finds that the request is narrower in scope than interpreted by the SLCC, and that the exemptions in sections 30(c) and 38(1)(b) of FOISA do not apply to the narrower set of information.As such, the SLCC failed to comply with section 1(1) of FOISA.
The Commissioner therefore requires the SLCC to release the information specified in paragraph 21 to Mr Cherbi, by 11 December 2011.
Appeal
Should either Mr Cherbi or the SLCC wish to appeal against this decision, there is an appeal to the Court of Session on a point of law only.Any such appeal must be made within 42 days after the date of intimation of this decision.
Margaret Keyse
Head of Enforcement
27 October 2011
Appendix
Relevant statutory provisions
Freedom of Information (Scotland) Act 2002
1 General entitlement
(1) A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.
?
(6) This section is subject to sections 2, 9, 12 and 14.
2 Effect of exemptions
(1) To information which is exempt information by virtue of any provision of Part 2, section 1 applies only to the extent that ?
(a) the provision does not confer absolute exemption; and
(b) in all the circumstances of the case, the public interest in disclosing the information is not outweighed by that in maintaining the exemption.
(2) For the purposes of paragraph (a) of subsection 1, the following provisions of Part 2 (and no others) are to be regarded as conferring absolute exemption ?
?
(e) in subsection (1) of section 38 ?
?
(ii) paragraph (b) where the first condition referred to in that paragraph is satisfied by virtue of subsection (2)(a)(i) or (b) of that section.
30 Prejudice to effective conduct of public affairs
Information is exempt information if its disclosure under this Act-
?
(c)would otherwise prejudice substantially, or be likely to prejudice substantially, the effective conduct of public affairs.
38 Personal information
(1) Information is exempt information if it constitutes-
?
(b) personal data and either the condition mentioned in subsection (2) (the "first condition") or that mentioned in subsection (3) (the "second condition") is satisfied;
...
(2) The first condition is-
(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998 (c.29), that the disclosure of the information to a member of the public otherwise than under this Act would contravene-
(i) any of the data protection principles; or
?
(b) in any other case, that such disclosure would contravene any of the data protection principles if the exemptions in section 33A(1) of that Act (which relate to manual data held) were disregarded.
?
(5) In this section-
"the data protection principles" means the principles set out in Part I of Schedule 1 to that Act, as read subject to Part II of that Schedule and to section 27(1) of that Act;
"data subject" and "personal data" have the meanings respectively assigned to those terms by section 1(1) of that Act;
?
Data Protection Act 1998
1 Basic interpretative provisions
(1)In this Act, unless the context otherwise requires ?
?
"personal data" means data which relate to a living individual who can be identified ?
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual;
?
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
Recital 26
Whereas the principles of protection must apply to any information concerning an identified or identifiable person; whereas, to determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used either by the controller or by any other person to identify the said person; whereas the principles of protection shall not apply to data rendered anonymous in such a way that the data subject is no longer identifiable; whereas codes of conduct within the meaning of Article 27 may be a useful instrument for providing guidance as to the ways in which data may be rendered anonymous and retained in a form in which identification of the data subject is no longer possible;
