Decision 039/2006 Mr Cooper and Aberdeen City Council

Request for a copy of a report commissioned by Aberdeen City Council – withheld on the basis of section 38(1)(b) (personal information) and section 36(2) (actionable breach of confidence) of the Freedom of Information (Scotland) Act 2002 (FOISA) – Commissioner held report exempt under section 30(c) of FOISA

Request for a copy of a report commissioned by Aberdeen City Council

Applicant: Mr Cooper
Authority: Aberdeen City Council
Case No: 200501163
Decision Date: 13 March 2006

Kevin Dunion
Scottish Information Commissioner

Facts

Mr Cooper requested a copy of a report from Aberdeen City Council (the Council). The Council refused this request, citing section 36(2) and section 38(1)(b) of the Freedom of Information (Scotland) Act 2002 (FOISA).

Outcome

I find that Aberdeen City Council complied with Part 1 of FOISA in withholding the information requested by Mr Cooper. I do not require the Council to take any further action as a result of my decision.

Appeal

Should either the Council or Mr Cooper wish to appeal against this decision, there is an appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days of receipt of this notice.

Background

1. On 11 January 2005, Mr Cooper wrote to the Council, asking for a copy of a report written by Meconopsis Limited, which had been commissioned by the Council and which contained proposals for the future of the Council’s Neighbourhood Complaints Unit.

2. The Council responded to Mr Cooper’s request for information on 8 February 2005. The Council withheld the information requested by Mr Cooper on the basis that the information contained within the report was exempt under sections 36(2) and 38(1)(b) of FOISA.

3. Mr Cooper sought a review of this decision on 14 February 2005.

4. The Council subsequently carried out a review of his request and upheld its decision to withhold the information.

5. On 22 March 2005, Mr Cooper applied to the Scottish Information Commissioner for a decision as to whether the Council had dealt with his information request in accordance with Part 1 of FOISA.

6. The case was allocated to an investigating officer.

The Investigation

7. Mr Cooper’s appeal was validated by establishing that he had made a valid information request to a Scottish public authority and had appealed to me only after asking the public authority to review its response to his request.

8. My Office then contacted the Council for its comments on the application and for further information in relation to this case. The Council responded on 20 April 2005, providing:

a copy of the report written by Meconopsis Limited

comments on the reasoning behind the Council’s claim that the report fell under section 36(2) of FOISA and was therefore exempt
comments on the reasoning behind the Council’s application of section 38(1)(b) of FOISA to the report
comments on the Council’s decision not to release a redacted copy of the report and
copies of documents to support its use of the exemptions.

9. During the course of the investigation, Mr Cooper also submitted comments and documentation to illustrate his case.

The Commissioner’s Analysis and Findings

The section 38(1)(b) exemption

10. Section 38(1)(b) of FOISA exempts from release third party personal data if the release of the data would breach any of the data protection principles contained in the Data Protection Act 1998 (the DPA). The DPA defines personal data in section 1(1) as:
“data which relate to a living individual who can be identified:

(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.”

In deciding whether the release of the report to Mr Cooper would be a breach of section 38(1)(b) of FOISA, I first considered whether the information contained in the report was, in fact, personal data under the terms of the DPA.

11. The report provides strategies for handling an internal dispute amongst employees of the Council. I find that large sections of the report contain information which relates to living individuals who can be identified from that information. I also find that further information in the report could be used in conjunction with other information in possession of the data controller (i.e. the Council) in order to identify the individuals concerned. As such, I am satisfied that much of the information contained in the report is personal data.

12. I must now go on to consider whether the release of the information would breach any of the data protection principles.

13. The Information Commissioner, who is responsible for enforcing the DPA, has issued guidance on the consideration of the data protection principles within the context of freedom of information legislation (Freedom of Information Act Awareness Guidance No 1 – Personal Information). In this guidance, the Commissioner recognises that it is likely to be the first data protection principle which is most relevant when considering whether the release of third party personal information would breach the DPA. The first data protection principle provides that information must be processed fairly and lawfully. The Commissioner provides examples of the types of questions which should be considered by authorities when assessing whether the release of personal data would amount to ‘fair’ processing. These include:

a) would disclosure cause unnecessary or unjustified distress or damage to the data subject?
b) would the data subject expect that his or her information might be disclosed to others?
c) has the person been led to believe that his or her information would be kept secret?

14. I consider that the individuals cited within the report would not expect their personal data to be released. Furthermore, releasing personal data contained within the report may be likely to cause distress to the individuals concerned due to the nature of the situation which led to the report being produced. I conclude that to release the personal data contained within the report would be to breach the first data protection principle, and therefore find that the Council was correct to withhold the personal information within the report under section 38(1)(b) of FOISA.

The section 36(2) exemption

15. Section 36(2) of FOISA states that information is exempt if:

a) it was obtained by a Scottish public authority from another person (including another such authority); and
b) its disclosure by the authority so obtaining it to the public … would constitute a breach of confidence actionable by that person or any other person.

16. As I set out in my guidance, there is a two stage test which must be passed before this exemption can be relied on. Firstly, the information must have been obtained by a Scottish public authority from another person. “Person” is defined widely and means another individual, another Scottish public authority or any other body, such as a company or partnership.

17. The report was provided to the Council by an external company and therefore the first part of this test is fulfilled.

18. The second test is that the disclosure of the information by the public authority would constitute an actionable breach of confidence either by the person who gave the information to the public authority or by any other person.

19. Although there was no discussion about the meaning of the word “actionable” when the Freedom of Information Bill was being considered in Parliament, I take the view that actionable means that the basic requirements for a successful action appear to be fulfilled.

20. There are three main requirements, all of which must be met before a claim for breach of confidentiality can be established. These are:

a) the information must have the necessary quality of confidence;
b) the public authority must have received the information in circumstances which imposed an obligation on the authority to maintain confidentiality; and
c) there must be a disclosure which has not been authorised by the person who communicated the information but which would cause damage to that person.

21. Taking into account the specifications set out above, I considered whether if by releasing the information an action could be raised against the Council for breach of confidence.

22. I am satisfied that the information requested has the necessary quality of confidence to be actionable, as is it is not currently in the public domain and Mr Cooper would not be able to produce the report himself.

23. However, as set out above, in order for the breach of confidence to be actionable, the Council must have received the information in circumstances which imposed an obligation on the authority to maintain confidentiality. The report consists of Meconopsis Limited’s recommendations for the future of the Neighbourhood Complaints Unit of the Council. It arrived at these recommendations by conducting a series of diagnostic interviews with the members of the Unit at the time. The Council argued that the individuals concerned had taken part in the interviews on the basis that the subsequent report would be confidential, and that Meconopsis Limited produced the report on the understanding that it was confidential.

24. Both the Council and Meconopsis Limited were asked for evidence to support these claims during the course of my investigations. In its response, the Council submitted a copy of correspondence between Meconopsis Limited and the Council which took place prior to the diagnostic interviews. In it, Meconopsis Limited makes it clear that the interviews with the individuals concerned should take place on a confidential basis.

25. Meconopsis Limited stated in its response that it is reliant on the confidentiality it afforded the participants of the interviews it conducted. From these submissions I conclude that while the content of the diagnostic interviews can be seen to be confidential, the report produced as a result of the interviews has no clear obligation of confidentiality attached to it.

26. I note that the report is marked “Private and Confidential”. In my guidance on section 36, however, I make clear that the inclusion of such a statement within a document does not automatically impose an obligation of confidentiality. A great deal of correspondence is marked “private and confidential” etc., but this does not mean that all of the correspondence is in fact confidential. The information must still pass the three tests set out in paragraph 20 above in order for it to be confidential.

27. Finally, for a breach of confidence to be actionable, there must be a disclosure which has not been authorised by the person who communicated the information but which would cause damage to that person. The Council argues that disclosure of the report would cause damage to the individuals interviewed by Meconopsis Limited. Meconopsis Limited argues that disclosure of the report would cause considerable damage to its professional standing. However, I am not satisfied that the Council received the information in circumstances which imposed an obligation on it to maintain confidentiality and therefore do not consider the release of the report to be actionable.

28. Consequently I find that the report is not exempt by virtue of section 36(2) of FOISA.

The section 30(c) exemption

29. During my investigation, I have considered the exemption under section 30(c) of FOISA, even though this exemption was not relied upon by the Council. While I am entitled to take account of exemptions not relied upon by a public authority in deciding whether a request for information has been dealt with in accordance with Part 1 of FOISA, I will generally only consider the application of those exemptions on which a public authority has sought to rely. I have departed from this practice in this case due to the particular circumstances of this case.

30. Section 30(c) of FOISA states that information is exempt if its disclosure under FOISA would prejudice substantially, or would be likely to prejudice substantially, the effective conduct of public affairs. In order to decide whether the information requested should be disclosed, I must first consider whether it falls under section 30(c). Should it fall under section 30(c) of FOISA, I am then obliged to consider whether it is in the public interest to disclose the information regardless.

31. The information requested is a report commissioned by the Council from an external consultant, giving recommendations on action the Council should take following a serious internal dispute between employees of the Council.

32. If the report requested by Mr Cooper were to be disclosed, Scottish public authorities will not be able to rely on the assumption that such reports are private documents. It could be argued that if authorities believe these documents would be put in the public domain, they will not produce such information in the future. This would be likely to prejudice substantially the conduct of public affairs within the authorities, as it is imperative that authorities are able to conduct full investigations into internal disputes in order to resolve matters and prevent such situations occurring in the future. Consequently, I find that the report is exempt under section 30(c) of FOISA.

33. The exemption in section 30(c) is subject to the public interest. This means that although I consider the information to be exempt under section 30(c), I must go on to consider whether, in all the circumstances of the case, the public interest in the release of the information is outweighed by the public interest in the information being withheld.

The Public Interest Test

34. Mr Cooper advises me that there is an ongoing dispute in relation to the way in which the Council attempted to resolve the issues which led to the report being commissioned. He clearly believes that the matter has not been handled as well as it could have been, and is pursuing separate actions in order to take this further. He has argued that disclosure of the information requested would lead to greater transparency in the manner in which the Council conducted itself in attempting to resolve the dispute. This is clearly an argument in favour of release.

35. However, I find that there is a difference between accusations of wilful misconduct on the part of an authority, and a dispute as to whether that authority was correct in accepting or rejecting recommendations that have been made in good faith. There is clearly a public interest in the transparency of the actions of public authorities. This is increased where there have been allegations of misconduct. While I accept that there is a general public interest in disclosure of the information requested in order to clarify the process the Council has used to come to its decision, I do not accept that in this matter disclosure would necessarily serve to highlight incidences of misconduct.

36. It must be understood that there is a difference between what is in the interest of one person and what is in the public interest as a whole. While I can understand that Mr Cooper and perhaps others who were involved in the dispute have a natural interest in understanding the methods the Council used to attempt to resolve it, I do not find that this constitutes a specific public interest in disclosure.

37. Consequently, I have decided, on balance, that the public interest would be better served by the information being withheld than by it being released.

Decision

I find that Aberdeen City Council complied with Part 1 of FOISA in withholding the information requested by Mr Cooper.

Kevin Dunion
Scottish Information Commissioner
13 March 2006

Link to PDF file of decision 039/2006 (61.8 kb)