The Scottish Information Commissioner - It's Public Knowledge
Tweet this page:
Text Size Icon

- Text Size Up | Down

Decision 221/2016: ABW Consultants Ltd and West Lothian Council

Council funding to the Voluntary Sector Gateway

Reference No: 201600166  
Decision Date: 17 October 2016

Summary

On 16 November 2015, ABW Consultants Ltd (ABW) asked West Lothian Council (the Council) for information regarding funding to the Voluntary Sector Gateway (VSG).

The Council disclosed some information, but withheld the remainder. Following a review, ABW remained dissatisfied and applied to the Commissioner for a decision.

The Commissioner investigated and found that the Council had partially failed to respond to ABW's request for information in accordance with FOISA. While the Council correctly withheld some personal data under section 38(1)(b) of FOISA, it was wrong to withhold the majority of the personal data of senior staff members and public figures. The Council also wrongly withheld information as falling outwith the scope of the request (albeit disclosing some of this during the investigation).

The Commissioner ordered the Council to disclose the information which had been incorrectly withheld.

Relevant statutory provisions

Freedom of Information (Scotland) Act 2002 (FOISA) sections 1(1) and (6) (General entitlement); 2(1)(a) and (2)(e)(ii) (Effect of exemptions); 21(4) (Review by Scottish public authority); 38(1)(b), (2)(a)(i), (2)(b) and (5) (definition of "the data protection principles", "data subject" and "personal data") (Personal information)

Data Protection Act 1998 (the DPA) sections 1(1) (Basic interpretative provisions) (definition of "personal data"); Schedules 1 (The data protection principles) (the first data protection principle) and 2 (Conditions relevant for purposes of the first principle: processing of any personal data) (condition 6)

The full text of each of the statutory provisions cited above is reproduced in Appendix 1 to this decision. The Appendix forms part of this decision.

Background

1. On 16 November 2015, ABW made a request for information to the Council. The information requested was:

"Copies of all correspondence relating to the funding provided to the [Voluntary Sector Gateway] from [the Council] for the years 2012-2015. This should include all emails, faxes, letters, briefing notes, complaints, minutes and details of meetings between council officers, elected members, external advisors and consultants, and the [Voluntary Sector Gateway]. Please also provide this information in respect of any communications between [the Council] and the Scottish Government. Information already available on COINS can be omitted. Please provide links where applicable to any other publicly available information not on COINS, but relevant to this request."

("COINS" is the name given by the Council to the section of its website where committee agendas, etc. are published.)

2. The Council responded on 14 December 2015. It disclosed some information, but withheld the remainder on the grounds that some of it was the personal data of third parties (section 38(1)(b) of FOISA) and some of it was confidential information (section 36 of FOISA).

3. The following day, ABW wrote to the Council requesting a review of its decision. To summarise, it considered that:

(i) information such as the names of senior Council officers should be disclosed;

(ii) information withheld under section 36 should be disclosed;

(iii) more information should be held by the Council; and

(iv) the Council had not made it clear which exemptions applied to which parts of the withheld information, making it difficult to understand the context of the information which had been disclosed.

4. The Council notified ABW of the outcome of its review on 15 January 2016. The Council upheld the application of section 38(1)(b) of FOISA to the information that it considered to be personal data and stated that no further information was held. It explained that the information which it had classed as confidential fell outwith the scope of the request and that it had applied section 36 of FOISA in error.

5. On 26 January 2016, ABW wrote to the Commissioner. ABW applied to the Commissioner for a decision in terms of section 47(1) of FOISA. ABW was dissatisfied with the outcome of the Council's review. It did not agree with all of the personal data redactions and also felt that further information should have been disclosed by the Council. ABW was also unhappy that the Council had applied section 36 of FOISA in error and questioned whether the Council might consider its requests to be vexatious.

Investigation

6. The application was accepted as valid. The Commissioner confirmed that ABW made a request for information to a Scottish public authority and asked the authority to review its response to that request before applying to her for a decision.

7. On 15 February 2016, the Council was notified in writing that ABW had made a valid application. The Council was asked to send the Commissioner the information withheld from ABW. The Council provided the information and, at the same time, also disclosed two further documents to ABW. The case was then allocated to an investigating officer.

8. Section 49(3)(a) of FOISA requires the Commissioner to give public authorities an opportunity to provide comments on an application. The Council was invited to comment on this application and answer specific questions including justifying its reliance on section 38(1)(b) of FOISA and providing details of the searches it had carried out to locate information falling within the scope of the request.

9. During the investigation, the Council disclosed further documents to ABW. In order to provide context to email correspondence, the Council also provided ABW with fresh copies of the withheld information with notes beside each redacted "@" email address indicating whether an email was internal or external and, if external, who it was from (e.g. "VSG").

Commissioner's analysis and findings

10. In coming to a decision on this matter, the Commissioner considered all of the withheld information and the relevant submissions, or parts of submissions, made to her by both ABW and the Council. She is satisfied that no matter of relevance has been overlooked.

Scope of the investigation

11. The Commissioner cannot investigate ABW's complaint that the Council erroneously cited section 36 of FOISA in its initial response. This is because this was rectified by the Council in its review response, in line with section 21(4) of FOISA, with the Council substituting its initial decision with an amended one (which is it entitled to do). Neither can she investigate whether the Council might consider ABW's requests to be vexatious (under section 14(1) of FOSA). The question of whether the Council considered ABW's requests to be vexatious requests was not raised at any point by the Council.

The scope of the request

12. ABW contends that the Council should have disclosed other information, such as Ministerial and governance information. The Council told the Commissioner that, should any such information be held, it would be outwith the scope of ABW's request.

13. The wording of ABW's request is as follows (emphasis added):

"Copies of all correspondence relating to the funding provided to the VSG from [the Council] for the years 2012-2015. This should include all emails, faxes, letters, briefing notes, complaints, minutes and details of meetings between council officers, elected members, external advisors and consultants, and the VSG. Please also provide this information in respect of any communications between [the Council] and the Scottish Government. Information already available on COINS can be omitted. Please provide links where applicable to any other publicly available information not on COINS, but relevant to this request."

14. The Commissioner is satisfied that, on a reasonable interpretation, ABW's request does not extend beyond information about funding provided to the VSG by the Council and that governance information (provided it does not relate to such funding) does not fall within the scope of the request.

15. The Council also redacted a website link in one of the documents on the grounds that it was already available on the COINS website and, so, fell outwith the scope of the request.

16. The Commissioner does not accept that the web link falls outwith the scope of the request. It is a link to information which is available on COINS, rather than information published on COINS itself. It therefore does fall within the scope of the request. In the absence of any exemptions being applied by the Commissioner to this weblink, she requires it to be disclosed to ABW.

17. In the circumstances, the Commissioner must find that the Council breached the requirements of section 1(1) of FOISA in responding to ABW's request, by failing to supply all the information it held and which fell within the scope of the request until after the investigation had started.

Does the Council hold any further information?

18. The Council provided the Commissioner with an explanation of the searches it had carried out to locate information falling within the scope of the request.

DCEO's office

19. The Council explained that the former Depute Chief Executive had been involved with the VSG funding and that the current Depute Chief Executive became involved after her retirement. However, according to the Council, no notes of such discussions exist. Anything which went before the Committee would be on the COINS website and, accordingly, outwith the scope of the request.

20. The Council had read the paper file on VSG and had searched the emails of the former Depute Chief Executive which were still accessible, using key words "VSG" and "funding". Nothing was found within the emails which had not already been located in the paper file. The Council stated that the paper file was the most relevant place to check because, aside from the information held by Finance Services, that was where everything regarding VSG funding was held, including correspondence between officers and other parties.

Legal Services

21. The Legal Services Department did not hold any records of meetings/discussions. In order to verify this, searches were carried out in the Council's electronic document and records management system (Meridio) in the folder "Third Sector Information". Key words used to search included "CoEx", "council executive", "voluntary sector gateway", "funding", "15 September", "general fund revenue budget". No additional documents were found.

Financial Services

22. With regard to the information provided by Financial Services, an accountant looked at the files within the folder for each period.

23. The accountant sought any funding correspondence which referred to the VSG. He searched within the voluntary organisations folder in the Council's electronic document and records management system. He also spoke to Finance colleagues who had been involved in voluntary organisations funding and asked them (verbally) to check for information relating to the request. These individuals were considered relevant as they were directly or indirectly involved in reconciling related budgets (for the voluntary sector) which included VSG.

24. The Council provided the Commissioner with a copy of email correspondence between the accountant, the Head of Finance and the Depute Chief Executive regarding the searches carried out.

Conclusion on searches

25. The Commissioner has carefully considered all of the submissions provided by both ABW and the Council, including the Council's explanations of why the searches it conducted would have located any information falling within the scope of ABW's request.

26. The Commissioner accepts that the Council carried out adequate, proportionate searches in the circumstances to ascertain whether it held any information falling within the scope of ABW's request. She accepts that any information relevant to the request would have been identified using the searches described by the Council. On the balance of probabilities, she accepts that the Council holds no further information falling within the scope of ABW's request.

Section 38(1)(b) of FOISA - personal information

27. The Commissioner will now go on to consider the information which is being withheld under section 38(1)(b) of FOISA.

28. Section 38(1)(b) of FOISA, read in conjunction with section 38(2)(a)(i) (or, as appropriate, (2)(b)) exempts information from disclosure if it is "personal data", as defined in section 1(1) of the DPA, and its disclosure would contravene one or more of the data protection principles set out in Schedule 1 to the DPA.

29. In order to rely on this exemption, the Council must show, firstly, that any such information would be personal data for the purposes of the DPA and, secondly, that disclosure of that data would contravene one or more of the data protection principles to be found in Schedule 1.

30. This particular exemption is an absolute exemption. This means that it is not subject to the public interest test contained in section 2(1)(b) of FOISA.

31. The Council redacted three categories of information under this exemption:

(i) names, email addresses, telephone numbers and job titles of junior staff members;

(ii) names, email addresses, and job titles of senior staff members and public figures; and

(iii) bank account details for money transfers for funding

32. During the course of the investigation, ABW stated that it did not require the information contained within categories (i) and (iii). The Commissioner will therefore consider only the redacted information falling within category (ii).

Is the withheld information personal data?

33. "Personal data" are defined in section 1(1) of the DPA as "data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller" (the full definition is set out in Appendix 1).

34. In this case, the withheld information comprises the names, email addresses and job titles/designations of members of the Council's senior management staff (past and present), of an MSP and of some councillors.

35. The information records the names of the individuals. It is possible to identify living individuals from it. It is about those individuals and so can be said to relate to them. It is therefore those individuals' personal data.

Would disclosure contravene the first data protection principle?

36. In its submissions, the Council submitted that disclosing the personal data would contravene the first data protection principle. This requires that personal data are processed fairly and lawfully. The processing in this case would be the disclosure of the information into the public domain, in response to ABW's request.

37. The first principle also states that personal data shall not be processed unless at least one of the conditions in Schedule 2 to the DPA is met. In the case of sensitive personal data (as defined by section 2 of the DPA), at least one of the conditions in Schedule 3 to the DPA must also be met. The Commissioner is satisfied that the personal data in question are not sensitive personal data for the purposes of section 2 of the DPA, so it is not necessary for her to consider the conditions in Schedule 3.

38. The Commissioner will now consider whether there are any conditions in Schedule 2 to the DPA which would permit the withheld personal data to be disclosed. If any of these conditions can be met, she must then consider whether the disclosure of the information would be fair and lawful.

39. There are three separate aspects to the first data protection principle: (i) fairness, (ii) lawfulness and (iii) the conditions in the schedules. These three aspects are interlinked. For example, if there is a specific condition in Schedule 2 which permits the personal data to be disclosed, it is likely that disclosure will also be fair and lawful.

Can any of the conditions in Schedule 2 be met?

40. In the circumstances, it appears to the Commissioner that condition 6 in Schedule 2 is the only one which might permit the personal data to be disclosed. Condition 6 allows personal data to be processed if that processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject (the individuals to whom the data relate).

41. There are, therefore, a number of tests which must be met before condition 6 can apply. These are:

(i) Does ABW have a legitimate interest in obtaining the personal data?

(ii) If so, is the disclosure necessary to achieve those legitimate interests? In other words, is the processing proportionate as a means and fairly balanced as to ends, or could these legitimate interests be achieved by means which interfere less with the privacy of the data subjects?

(iii) Even if the processing is necessary for ABW's legitimate interests, would it nevertheless be unwarranted, in this case, by reason of prejudice to the rights and freedoms or legitimate interests of the data subjects?

42. There is no presumption in favour of disclosure of personal data under the general obligation laid down by section 1(1) of FOISA. The legitimate interests of ABW must outweigh the rights and freedoms or legitimate interests of the data subjects before condition 6 will permit the personal data to be disclosed. If the two are evenly balanced, the Commissioner must find that the Council was correct to refuse to disclose the personal data to ABW.

Does ABW have a legitimate interest in obtaining the personal data?

43. ABW submitted that the names of senior managers and above should not be redacted. It was of the view that disclosure of the names, email addresses and job titles/designations would add context to the information that had been disclosed to it.

44. The Council submitted that it was not aware of any legitimate interest ABW might have in obtaining the information.

45. Having considered these submissions, the Commissioner concludes that ABW does have a legitimate interest in disclosure of this information as it would lend clarity to the background of the correspondence in question. The positions expressed and views put forward in the bodies of email correspondence may be interpreted differently, depending on the identity of the parties to the discussions.

Is disclosure of the information necessary for the purposes of these legitimate interests?

46. The Commissioner must now go on to consider whether disclosure of the personal data would be necessary to meet the identified legitimate interest. This will include consideration of whether the legitimate interest might be met by alternative means which interfere less with the privacy of the data subject.

47. In this case, the Commissioner can see no other way in which the identified legitimate interest can be met in full without the personal data being disclosed. Disclosure is therefore necessary.

Would disclosure nevertheless be unwarranted by reason of prejudice to the rights and freedoms or legitimate interests of the data subjects?

48. In coming to a view on this, the Commissioner has taken account of the submissions by both parties and of her own briefing on the exemptions relating to personal data, published on her website[1].

49. The Commissioner has considered the reasonable expectations of the individuals involved, i.e.:

(i) senior officers of the Council

(ii) a senior member of staff who no longer works for the Council

(iii) MSPs and councillors

50. In the majority of instances where the Council has redacted the information, the Commissioner is satisfied that the individuals concerned would have a reasonable expectation that the personal data would be disclosed in response to ABW's information request, given their seniority or public profile. The information clearly relates to their public and professional lives, as opposed to their private home lives.

51. Moreover, the Council has not provided the Commissioner with submissions as to what, if any, degree of harm would be caused to the data subjects if their personal data were disclosed, nor have any submissions been provided outlining the data subjects' objections to the disclosure.

52. However in one instance, it is the Commissioner's view that the individual concerned would not expect the information to be disclosed into the public domain due to the context in which the information is contained. The individual's name must be looked at in conjunction with the background information in which it is contained. The background information provides context relating to the individual's work based performance and its disclosure may cause distress to the individual.

53. In another instance, the redacted information no longer relates to the individual it is attributed to, and disclosure could effectively mean putting the contact details (the personal data) of a different member of staff into the public domain (should it be the case that the contact details have been recycled and assigned to a different employee).

54. In the above two instances the Commissioner is satisfied that disclosure of the information has the potential to cause considerable harm or distress to the data subject(s), who would have a reasonable expectation of privacy in relation to their personal data. The Commissioner considers that the data subject(s) would expect the information be kept confidential, and not to be disclosed into the public domain in response to a request under FOISA.

55. In these two instances, having considered the competing interests, the Commissioner finds that ABW's legitimate interests are outweighed by the prejudice to the rights and freedoms of the data subject(s) that would result from disclosure. On balance, the Commissioner finds that the requirements of condition 6 of Schedule 2 of the DPA cannot be met.

56. Given this conclusion, the Commissioner finds that there is no condition in Schedule 2 of the DPA which would permit disclosure of the information. In the absence of a condition permitting disclosure, that disclosure would be unlawful. Consequently the Commissioner finds that disclosure of the information would breach the first data protection principle and that the information is therefore exempt from disclosure and was properly withheld under section 38(1)(b) of FOISA.

57. With regard to the remaining personal data redactions, the Commissioner is satisfied that, in the circumstances, any infringement on the data subjects' rights, freedoms or legitimate interests would be insignificant. Having balanced the respective interests, she is satisfied in this case that disclosure would not be unwarranted by reason of prejudice to the rights and freedoms or legitimate interests of the data subjects. She is aware of no reason why disclosure should be otherwise unfair or unlawful and therefore has concluded that disclosure of the information would not breach the first (or, indeed, any other) data protection principle. As such, she finds that the information is not exempt under section 38(1)(b) of FOISA.

58. The Commissioner therefore requires the Council to disclose to ABW the names, email addresses and job titles/designations of the specific individuals noted in the table provided to the Council with this decision.

Decision

The Commissioner finds that West Lothian Council partially failed to comply with Part 1 of the Freedom of Information (Scotland) Act 2002 (FOISA) in responding to the information request made by ABW Consultants Ltd. (ABW).

The Commissioner finds that the Council, while correctly applying section 38(1)(b) of FOISA to some of the withheld information, incorrectly applied it to the majority of the personal data of senior staff members and public figures and also failed to comply with section 1(1) of FOISA by withholding other information as being outwith the scope of the request, some of which it disclosed during the investigation.

The Commissioner therefore requires the Council to disclose to ABW the information which was incorrectly withheld, by 1 December 2016.

Appeal

Should either ABW Consultants Ltd. or West Lothian Council wish to appeal against this decision, they have the right to appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days after the date of intimation of this decision.

Enforcement

If the Council fails to comply with this decision, the Commissioner has the right to certify to the Court of Session that the Council has failed to comply. The Court has the right to inquire into the matter and may deal with the Council as if it had committed a contempt of court.

Rosemary Agnew
Scottish Information Commissioner

17 October 2016

Appendix 1: Relevant statutory provisions

Freedom of Information (Scotland) Act 2002

1 General entitlement

(1) A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.

(6) This section is subject to sections 2, 9, 12 and 14.

2 Effect of exemptions

(1) To information which is exempt information by virtue of any provision of Part 2, section 1 applies only to the extent that -

(a) the provision does not confer absolute exemption; and

(2) For the purposes of paragraph (a) of subsection 1, the following provisions of Part 2 (and no others) are to be regarded as conferring absolute exemption -

(e) in subsection (1) of section 38 -

(ii) paragraph (b) where the first condition referred to in that paragraph is satisfied by virtue of subsection (2)(a)(i) or (b) of that section.

21 Review by Scottish public authority

(4) The authority may, as respects the request for information to which the requirement relates-

(a) confirm a decision complained of, with or without such modifications as it considers appropriate;

(b) substitute for any such decision a different decision; or

(c) reach a decision, where the complaint is that no decision had been reached.

….

38 Personal information

(1) Information is exempt information if it constitutes-

(b) personal data and either the condition mentioned in subsection (2) (the "first condition") or that mentioned in subsection (3) (the "second condition") is satisfied;

(2) The first condition is-

(a) in a case where the information falls within any of paragraphs (a) to (d) of the definition of "data" in section 1(1) of the Data Protection Act 1998 (c.29), that the disclosure of the information to a member of the public otherwise than under this Act would contravene-

(i) any of the data protection principles; or

(5) In this section-

"the data protection principles" means the principles set out in Part I of Schedule 1 to that Act, as read subject to Part II of that Schedule and to section 27(1) of that Act;

"data subject" and "personal data" have the meanings respectively assigned to those terms by section 1(1) of that Act;

Data Protection Act 1998

1 Basic interpretative provisions

(1) In this Act, unless the context otherwise requires -

"personal data" means data which relate to a living individual who can be identified -

(a) from those data, or

Schedule 1 - The data protection principles

Part I - The principles

1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless -

(a) at least one of the conditions in Schedule 2 is met, and

(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

Schedule 2 - Conditions relevant for purposes of the first principle: processing of any personal data

...

6. (1) The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.


[1] http://www.itspublicknowledge.info/nmsruntime/saveasdialog.aspx?lID=661&sID=133

PDF IconLink to PDF file of decision 221/2016 (261 kb)

Back to Top