Decision 223/2007 Ms Mary McCallum and the Chief Constable of Strathclyde Police

Copy of report in relation to allegation of police misconduct

Applicant: Ms Mary McCallum
Authority: Chief Constable of Strathclyde Police
Case No: 200700149
Decision Date: 22 November 2007

Kevin Dunion
Scottish Information Commissioner

Request for a copy of a report submitted by Strathclyde Police to Lothian and Borders Police in relation to allegations of misconduct within Lothian and Borders Police? refused under various exemptions ? Commissioner upheld withholding under section 38(1)(b) (personal information)

Relevant Statutory Provisions and Other Sources

Freedom of Information (Scotland) Act 2002 (FOISA) sections 1(1) (General entitlement); 2 (Effect of exemptions) and 38(1)(b), (2)(a)(i) and (b) (Personal information).

Data Protection Act 1998 (the DPA) section 1 (Basic interpretative provisions) (definition of personal data) and Schedule 1 (The data protection principles) (the first data protection principle).

The full text of each of these provisions is reproduced in the Appendix to this decision. The Appendix forms part of this decision.

Facts

Ms Mary McCallum requested from the Chief Constable of Strathclyde Police (Strathclyde Police) a copy of a specified report relating to a complaint against named officers in Lothian and Borders Police. Strathclyde Police refused the information under various exemptions in FOISA. Following a review, in which Strathclyde Police adhered to their reliance on sections 35(1)(g) and 38(1)(b) of FOISA, Ms McCallum remained dissatisfied and applied to the Commissioner for a decision. Following an investigation, the Commissioner found that Strathclyde Police had dealt with Ms McCallum's request for information in accordance with Part 1 of FOISA, the information in the report being personal data which it would not be fair to disclose and which was therefore exempt from disclosure under section 38(1)(b) of FOISA.

Background

1.On 30 June 2006, Ms McCallum emailed Strathclyde Police requesting a copy of the report submitted by an officer of Strathclyde Police to Deputy Chief Constable Tom Wood, Lothian and Borders Police, on 3 November 2003 ? a 40 page document relating to a complaint against Lothian and Borders Police.

2.Strathclyde Police replied to Ms McCallum the following day, refusing the information under the exemptions in sections 30(c), 35(1)(g) and 38(1)(b) of FOISA.

3.On 28 August 2006, Ms McCallum wrote to Strathclyde Police requesting a review of its decision.

4.Strathclyde Police notified Ms McCallum of the outcome of its review on 28 September 2006. Strathclyde Police no longer considered section 30(c) of FOISA to apply but continued to withhold the information requested on the basis of the exemptions in sections 35(1)(g) and 38(1)(b).

5.Ms McCallum wrote to my Office on 30 January 2007, stating that she was dissatisfied with the outcome of Strathclyde Police's review and applying to me for a decision in terms of section 47(1) of FOISA.

6.The application was validated by establishing that Ms McCallum had made a request for information to a Scottish public authority and had applied to me for a decision only after asking the authority to review its response to that request.

The Investigation

7.On 12 April 2007, Strathclyde Police were notified in accordance with section 49(3)(a) of FOISA that an application had been received from Ms McCallum and was asked to provide my Office with specified items of information required for the purposes of the investigation, in particular the information withheld from Ms McCallum. Strathclyde Police responded with the information requested and the case was then allocated to an investigating officer.

8.The investigating officer subsequently contacted Strathclyde Police, asking them to provide comments on the application and to respond to specific questions in relation to it. In particular, he asked for arguments in support of Strathclyde Police's application of the exemptions claimed.

9.I will consider the submissions made by Strathclyde Police fully in my Analysis and Findings below.

10.Ms McCallum submitted that the reasons for Strathclyde Police's refusal appeared contradictory, given that it appeared to be conceded that release might be in the public interest. She argued that some details such as personal information could be blocked out and that this would, in her opinion, suffice to permit the information being disclosed.

The Commissioner's Analysis and Findings

11.In coming to a decision on this matter, I have considered all of the information and the submissions that have been presented to me by both Ms McCallum and Strathclyde Police and am satisfied that no matter of relevance has been overlooked.

Section 38(1)(b) ? personal data of a third party

12.Section 38(1)(b) of FOISA, read in conjunction with section 38(2)(a)(i) or (as appropriate) section 38(2)(b), allows an authority to withhold personal data if disclosure would contravene any of the data protection principles laid down in Schedule 1 to the DPA. This particular exemption is an absolute exemption, in that it is not subject to the public interest test required by section 2(1)(b) of FOISA. This means that where a Scottish public authority considers that information falls within the scope of this exemption, it is not required to consider whether the public interest would be better served by the information being disclosed or withheld.

13.Strathclyde Police argued that the disclosure of the information withheld from Ms McCallum would lead to the personal data of third parties (including the complainer, serving police officers and other witnesses) being processed in a manner which was inconsistent with the first data protection principle. It argued that it should be considered to be the personal data of the individuals concerned in its entirety and that redaction of information identifying those individuals would leave very little meaningful content.

14.Having read the report in question, I am satisfied that all of the information within it is the personal data of either the complainer or other individuals who contributed to the investigation, as defined in section 1 of the DPA. I accept that even where strictly biographical details were to be redacted (as requested by Ms McCallum), the information remaining would still be personal data (in so far as it consists of recollections, opinions, comments and assertions of or about individuals who could be identified from that information), and that the redaction of this personal information would render the report meaningless.

15.Having satisfied myself that the report comprises personal data in its entirety, I must go on to consider whether its disclosure would contravene any of the data protection principles. As mentioned previously, Strathclyde Police argued that release of this information would contravene the first data protection principle.

16.The first data protection principle requires that personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 (to the DPA) is met, and in the case of sensitive personal data (as defined in section 2 of the DPA), at least one of the conditions in Schedule 3 (again, to the DPA) is also met.

17.Strathclyde Police submitted that the individuals supplying the information within the report did so in the expectation that it would or could be used for the purposes of misconduct hearing (which would be held in private) and would not be further disclosed. In the circumstances of the case, it was submitted that the individuals in question would not have expected the information to be made public.

18.The Information Commissioner, who is responsible for enforcing the DPA, has provided guidance (Freedom of Information Act Awareness Guidance No 1) on the consideration of the data protection principles within the context of freedom of information legislation. This guidance recommends that public authorities should consider the following questions when deciding if release of information would breach the first data protection principle:

a) would disclosure cause unnecessary or unjustified distress or damage to the data subject?

b) would the data subject expect that his or her information might be disclosed to others?

c) has the person been led to believe that his or her information would be kept secret?

19.In his guidance, the Information Commissioner recognises that an issue which will often arise is whether the DPA prevents the disclosure of information identifying members of staff. The guidance states that if the information consists of the names of officials, their grades, job functions or decisions which they have made in their official capacities, then disclosure would normally be made. On the other hand, information such as home addresses or internal disciplinary matters would not normally be disclosed.

20.Having considered this guidance for the purposes of this particular case, I have taken into account that the report relates to internal disciplinary matters following complaints made against a number of police officers and that information relating to these matters would not generally be released to any member of the public who requested it. As I have indicated in a number of previous decisions where similar issues have arisen, it seems to me that where public sector employees are the subject of a complaint and/or potential/actual disciplinary action that some protection must be afforded to the information in relation to the allegations made and the information supplied as part of that process. This not only protects the integrity of the internal complaints system ? allowing those making complaints and providing statements in relation to allegations to do so in some measure of safety from recrimination and in confidence ? but also protects individuals subject to complaints and ensures that they are treated fairly in investigating complaints. Naturally, there may be circumstances where information relating to a public sector employee in such circumstances could and should be disclosed, but such disclosure should be made within well-defined parameters and strictly on a case by case basis

21.In all the circumstances of this particular case, having considered all of the information withheld, I find that its disclosure would contravene the first data protection principle in that it would be contrary to the reasonable expectations of the individuals concerned and therefore would be unfair. Given that I have found that the disclosure of the information would be unfair, I am not required to go on to consider whether it would be unlawful, or whether any of the conditions in schedule 2 and/or 3 (assuming any of the information were sensitive personal data) of the DPA could be met. I therefore find that Strathclyde Police were correct to withhold the information under the exemption in section 38(1)(b) of FOISA.

22.Section 38(1)(b) of FOISA does not require me to consider the public interest test.Further, given that I have found that the information requested by Ms McCallum should be withheld under section 38(1)(b) of FOISA, I am not required to consider whether the other exemption applied by Strathclyde Police, contained in section 35(1)(g) of FOISA, should also be upheld.

Decision

I find that the Chief Constable of Strathclyde Police acted in accordance with Part 1 of the Freedom of Information (Scotland) Act 2002 (FOISA) in responding to the information request made by Ms McCallum in that he correctly applied section 38(1)(b) of FOISA to the information withheld from Ms McCallum.

Appeal

Should either Ms McCallum or the Chief Constable of Strathclyde Police wish to appeal against this decision, there is an appeal to the Court of Session on a point of law only.Any such appeal must be made within 42 days after the date of intimation of this decision notice.

Signed on behalf of Kevin Dunion, Scottish Information Commissioner, under delegated authority granted on 14 November 2007.

Margaret Keyse
Head of Investigations
22 November 2007

Appendix

Relevant statutory provisions

Freedom of Information (Scotland) Act 2002

1General entitlement

(1)A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.

2Effect of exemptions

(1)To information which is exempt information by virtue of any provision of Part 2, section 1 applies only to the extent that ?

(a)the provision does not confer absolute exemption; and

(b)in all the circumstances of the case, the public interest in disclosing the information is not outweighed by that in maintaining the exemption.

(2)For the purposes of paragraph (a) of subsection 1, the following provisions of Part 2 (and no others) are to be regarded as conferring absolute exemption ?

(a)section 25;

(b)section 26;

(c)section 36(2);

(d)section 37; and

(e)in subsection (1) of section 38 ?

(i)paragraphs (a), (c) and (d); and

(ii)paragraph (b) where the first condition referred to in that paragraph is satisfied by virtue of subsection (2)(a)(i) or (b) of that section.

38Personal information

(1) Information is exempt information if it constitutes-

(b) personal data and either the condition mentioned in subsection (2) (the "first condition") or that mentioned in subsection (3) (the "second condition") is satisfied;

(2) The first condition is-

(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998 (c.29), that the disclosure of the information to a member of the public otherwise than under this Act would contravene-

(i) any of the data protection principles; or

(?)

(b) in any other case, that such disclosure would contravene any of the data protection principles if the exemptions in section 33A(1) of that Act (which relate to manual data held) were disregarded.

Data Protection Act 1998

1Basic interpretative provisions

(1)In this Act, unless the context otherwise requires-

?

"personal data" means data which relate to a living individual who can be identified-

(a)from those data, or

(b)from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual

?

Part I of Schedule 1: The data protection principles

1Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless-

(a)at least one of the conditions in Schedule 2 is met, and

(b)in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.