Decision 134/2006 | Scottish Information Commissioner

Home Decisions

Decision 134/2006

Decision 134/2006 – Mr K and Glasgow Caledonian University

Request for access to recommendations of an internal audit annual report on a review of Oracle Student System and Oracle Financials within Glasgow Caledonian University and a statement of whether there was any abatement of Oracle’s charges as a result of unsatisfactory performance

Request for access to recommendations of an internal audit annual report on a review of Oracle Student System and Oracle Financials within Glasgow Caledonian University and a statement of whether there was any abatement of Oracle’s charges as a result of unsatisfactory performance – partial disclosure – section 33(1)(b): substantial prejudice to the commercial interests of any person – section 24(5): content of review notice

Applicant: Mr K
Authority: Glasgow Caledonian University
Case No: 200502383
Decision Date: 13/07/2006

Kevin Dunion
Scottish Information Commissioner
Kinburn Castle
Doubledykes Road
St Andrews
Fife
KY16 9DS

Facts

Mr K asked Glasgow Caledonian University to provide him with copies of appendices to the University’s most recent annual internal audit report, access to 31 recommendations within an audit report examining project management of the implementation of Oracle Student System and Oracle Financials within the University (‘the Computer Audit report’), any reports upon progress of the University in implementing the recommendations, a total statement of the expenditure with Oracle by the University from 1 August 2002 to 31 July 2004,and a statement regarding whether there had been any abatement of Oracle’s charges as a result of unsatisfactory performance.

The University withheld the statement on abatement of Oracle’s charges and the 31 recommendations and management responses to these, ultimately claiming that this information was exempt under section 33(1)(b) of the Freedom of Information (Scotland) Act 2002 (FOISA), where it deemed that release would prejudice substantially its commercial interests and those of third parties.

Mr K disputed this, and (following a review by the University) appealed to the Scottish Information Commissioner for a decision on the way in which his request was handled.

Outcome

The Commissioner found that Glasgow Caledonian University did not deal with Mr K’s request for information in accordance with Part 1 of FOISA, in that it misapplied the exemption in section 33(1)(b) of FOISA and consequently failed to comply with section 1(1) of FOISA.

The Commissioner also found that the University had failed to comply with section 24(5) of FOISA by failing to specify in its review notice that it had substituted one exemption for another on review, but did not require the University to take any action in this connection.

He required the University to release the detailed auditors’ recommendations and management responses to these, contained within the Computer Audit report, along with an answer as to whether there had been any abatement of Oracle’s charges as a result of unsatisfactory performance as requested by Mr K in his request of 7 June 2005.

Appeal

Should either Glasgow Caledonian University or Mr K wish to appeal against this decision, there is a right to appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days of receipt of this notice.

Background

1. On 7 June 2005 Mr K contacted Glasgow Caledonian University (‘the University’) asking to be provided with the 31 recommendations within an audit report examining project management of the implementation of Oracle Student System and Oracle Financials within the University (‘the Computer Audit report’), any reports upon the progress of the University in implementing the recommendations, a statement of the total expenditure with Oracle by the University from 1 August 2002 to 31 July 2004, broken down by year, and a statement of whether there had been any abatement of Oracle’s charges as a result of unsatisfactory performance. In addition he requested that information
contained within appendices 1-3 of the most recent internal annual audit report, which he had earlier asked for, should be provided electronically.

2. The University replied on 1 July, providing a redacted version of all appendices, including a summary of the Computer Audit report, but excluding a summary of the auditors’ findings and recommendations. The total expenditure with Oracle was also provided as requested.

3. The University refused access to the 31 recommendations and management responses within the Computer Audit report, citing these to be exempt information under section 30 (b)(i) and (ii) of the Freedom of Information (Scotland) Act 2002 (FOISA). This was on the basis that disclosure would be prejudicial to the effective conduct of public affairs as it would, or would be likely to, inhibit substantially the free and frank provision of advice and the free and frank exchange of views for the purposes of deliberation.

4. The University justified its use of these exemptions by stating that section 30(b)(i) was applicable in order to ensure that it could rely on its auditors to provide ‘frank’ advice at a sufficient level of detail, as part of their role in maintaining proper controls to monitor expenditure of public funds. Section 30(b)(ii) was deemed applicable as decisions with respect to management responses were still ongoing and disclosure could inhibit appropriate discussions.

5. It also refused to provide a statement of any abatement of Oracle’s charges as a result of unsatisfactory performance, citing the exemption detailed in section 33(1)(b), where disclosure would be likely to prejudice substantially the commercial interests of any person (including, without prejudice to that generality, a Scottish public authority). No supporting argument was provided to explain why this exemption was deemed applicable by the University.

6. The University further stated its view that the public interest lay in withholding the information, and elaborated on this by listing factors that had been considered in determining that the public interest in maintaining the exemption outweighed that in disclosure of the information. These were the general public interest that information is accessible, i.e. whether disclosure would enhance scrutiny of decision-making processes and thereby improve accountability and participation, and whether disclosure would contribute to ensuring effective oversight of expenditure of public funds and the public obtaining value for money. It did not state how these considerations applied, or what specific arguments relating to the information concerned favoured the public interest in maintaining the exemptions.

7. On 6 July Mr K requested a review of the University’s decision to withhold the information he requested. He argued that those who serve public authorities either as employees or professional advisers would be much more likely to provide effective advice if they were aware that they may be held accountable for their work by the publication of reports and advice. In contrast he was of the opinion that the University appeared to argue that provision of advice would only be effective if it remained secret and would be inhibited if it was placed in the public domain. In his opinion, this constituted a slight on the University’s auditors, since they should always give best advice, regardless of whether it was to be put in the public domain.

8. He felt that there was a clear public interest in ensuring that accountability and participation in decision making processes were improved, and ensuring that the public obtained value for money. He argued that release of the information requested would serve these interests by maintaining a high quality of service from employees, advisers and suppliers through establishing an awareness of accountability by publication, which would encourage them to act in ways that were more beneficial to the authority and the public.

9. Mr K also noted that the University had claimed that release of the information relating to abatement of Oracle’s charges would be prejudicial to its commercial interests. He argued that it was difficult to see how substantial prejudice would be caused by disclosure, and that the information should be released. As the University had not provided reasons for claiming that the public interest in disclosure did not outweigh the maintenance of the exemption.

10. Upon review the University upheld its decision to withhold the information requested, but changed the exemption applied to the recommendations and management responses to section 33(1)(b), and maintained the use of the same exemption to withhold the statement of any abatement of Oracle’s charges as a result of unsatisfactory performance.

11. With regard to the recommendations and management responses of the Computer Audit report, it argued that the University was a commercial body, and to release the recommendations and management responses (which, it argued, were ongoing management actions, not final decisions) whilst they were of such an active nature would substantially prejudice its commercial interests by inhibiting its ability to address the issues raised properly.

12. It acknowledged that release could enhance scrutiny of decision making processes and ensure effective oversight of public expenditure, as well as the public right to know information held by a public authority. However, it argued that the right to know had been satisfied by release of the summarised appendices, which informed Mr K about the nature of the issues addressed by the recommendations, and that the public interest in releasing the detail of the appendices would be minimal since scrutiny of public expenditure would be unlikely to be served further by release of that detail.

13. In contrast, it expressed the opinion that the public interest in maintaining the exemption outweighed that in releasing the information since release would have a real and foreseeable adverse impact on the University’s ability to carry out its public function by prejudicing management conduct and decision making. It did not state precisely how this would manifest itself.

14. Regarding the application of section 33(1)(b) to the statement about any abatement of Oracle’s charges as a result of unsatisfactory performance the University expressed its view that Mr K’s request had been worded in such a way as to attempt to abuse the rights granted by FOISA, where the rights granted did not create any obligation for the University to issue a subjective judgement on any information to be released. It therefore refused to issue such a judgement.

15. However, it did state that its relations with other commercial bodies were of a highly sensitive commercial nature. It viewed the release of any information regarding its satisfaction or non-satisfaction with its commercial contacts, especially where these were ongoing, as causing unavoidable and substantial prejudice to its ability to contract and negotiate with those parties.

16. Regarding the public interest, it stated that release of this information would not improve the scrutiny of the decision process materially, especially when the University had provided to Mr K the details of its expenditure with Oracle over the last 3 years.

17. In addition the University believed that the release of the information would be likely to substantially prejudice its ability to properly negotiate and contract with the business concerned, and would therefore have an adverse effect on its ability to carry out its public function and provide the best service possible to the public. In its view, this outweighed the public interest in releasing the information.

18. On 9 August Mr K appealed to me for a decision regarding the way in which his request had been handled by the University, on the grounds that it had not proved that release of the information requested would cause it real harm in the near future and that its arguments for the public interest in withholding the information he requested were not sufficient to outweigh those for the public interest in releasing it.

Investigation

19. Mr K’s appeal was validated by establishing that he had made a request for information to a Scottish public authority, and had appealed to me only after asking the authority to review its original decision.

20. I invited comments from the University as I am required to do under section 49(3)(a) of FOISA.

21. I also requested copies of the information requested by Mr K, along with further information about the specific harm that it believed would be caused to the commercial interests of the University, or its reasons for anticipating harm, if the entire appendices of the internal audit Report were to be released. In addition, it was requested to provide its reasons for believing that release of information relating to any abatement of Oracle’s charges would substantially prejudice the University’s ability to properly negotiate and contract with this business. These were provided by the University.

22. In its comments to me, the University stated that the main purpose of its audit function was to evaluate control arrangements within the University, and thereby provide assurance to the Governing Body and its funders that appropriate arrangements were in place for management and use of public funds. It also assisted the University in the process of continuous improvement.

23. It went on to state that audits achieved these aims by looking at ongoing operational matters and identifying good practice and areas where management might wish to consider ways of improving effectiveness. This work was transient in nature and, in the University’s opinion, often confidential in regard to the next steps that it would wish to take. It viewed a requirement to release all audit findings and management responses as an action that would severely curtail the University’s future activity in terms of both scope and span of the audits undertaken.

24. With regard to Mr K’s request, the University restated its view that release of the full recommendations and management responses in the Computer Audit report would be likely to cause real and significant harm to its commercial interests and would not be in the public interest.

25. In particular it stated its view that release of the detailed report would run a real risk of causing serious damage to the negotiating positions of the University and its contracting third party, both with each other and with third parties, since the contents of the report represented the detailed ongoing interactions of the University and a private company.

26. It also stated that the report was a ‘live’ document and not final. Not all management responses would be implemented, as later discussions and further investigations could render them irrelevant or identify better ways of achieving an objective. In its view, premature disclosure posed a real and significant risk that information could be misinterpreted or published in a manner which could inhibit the proper outcome of the audit process and prejudice future management decision making, as well as the commercial position of both the University and its associates.

27. The University was also of the opinion that the management responses reflected possible implications for expenditure and manpower in the University, and was of the view that premature release of these would unavoidably inhibit future management decision-making, and would most likely cause significant disruption amongst the University’s staff.

28. With regard to a statement as to whether Oracle’s charges had been abated as a result of unsatisfactory performance, the University indicated a number of ways that it could suffer detriment.

29. The true issue, in the University’s view, was the public interest in knowing the reasoning behind these charges, which it stated was much narrower than the public interest in knowing the charges themselves. It was of the view that the greater interest in withholding the information allowed it to maintain its commercial negotiating position, avoid potential litigation and provide the best possible service to the public at best value. Accordingly, the public interest in withholding the information outweighed that in release.

The Commissioner’s Analysis and Findings

Was the University correct in making a change to the exemptions it applied in its initial response?

30. The University has chosen to rely upon section 33(1)(b) of FOISA to justify withholding all of the information requested by Mr K, after initially relying upon section 30(b)(i) and (ii) to refuse access to the findings, recommendations and management responses to the Computer Audit report.

31. I will start by addressing the first part of Mr K’s complaint to me, in which he queried the University’s right to change its grounds for withholding information and yet maintain that it was upholding its original decision.

32. Section 21(4)(b) of FOISA allows an authority upon review to substitute a different decision for the decision made in its initial response to the request for information. Indeed, it is fundamental to a review that the authority reconsiders fully its application of any exemptions at first instance. The University therefore acted within its rights and obligations under FOISA in changing its reliance upon section 30(b)(i) and (ii) for withholding the findings, recommendations and management responses to the Computer Audit report to section 33(1)(b).

33. In its review response letter the University stated that it had upheld its decision to withhold the findings, recommendations, and management response to the Computer Audit report and the information relating to abatement of charges from Oracle requested by Mr K. I view this to be a correct statement from the University, since it was still withholding the information, and its statement was not dependent upon which exemption was being applied.

34. I note however, that the University did not state that it had changed the exemption it was applying to the findings, recommendations, and management responses of the Computer Audit report until Mr K contacted it again to ask for clarification. In not doing so, the University failed to comply with section 24(5) of FOISA, which requires that the authority’s notice to the applicant following a review states “what it has done under subsection (4)”, which would include the substitution of one decision for another. In its submission to me the University accepted it should have informed Mr K explicitly of its decision to change the exemption it was applying. I note this and do not consider Mr K to have been prejudiced in the exercise of his rights under FOISA as a consequence of this breach of a technical requirement of the Act: accordingly, I will not require the University to take any further action as a result.

35. As the University has expressly stated it is relying solely on section 33(1)(b) in withholding all of the information under consideration, this is the only exemption I will address in establishing whether the University was justified in withholding the information from disclosure

Did the University apply the exemption in section 33(1)(b) correctly to the internal audits?

36. The University has stated its view that disclosure of the internal audit information withheld and the management responses to the findings and recommendations contained within them, along with a statement of any abatement of Oracle’s charges as a result of unsatisfactory performance would prejudice substantially its commercial interests and in some respects those of its contracting third parties.

37. In considering this exemption, I take “commercial interests” to mean a person's ability to successfully participate in a commercial activity, e.g. the sale and purchase of goods or services. There is no requirement that these activities are profit making before this exemption can be engaged, although it would be normal to expect a commercial enterprise to be organised for that purpose. Public authorities can have commercial interests.

38. A public authority’s commercial interests are likely to be narrower than its financial interests. Issues such as whether it will achieve a financial surplus or deficits, will encompass non commercial activity and sources of income. In this respect, section 33(1)(b) would not apply simply because an authority fears it will suffer financial loss as a result of disclosure; the authority needs to demonstrate what commercial aspect of its activities has been prejudiced substantially before the exemption can be applied.

39. In this particular case the University has not pointed me to specific commercial activities but has simply said that the University is in toto a commercial body.

40. It is possible for a public authority to be organised wholly on a commercial basis - one could imagine wholly owned public companies being formed on that basis. But it is more difficult to see that the University, with its academic Schools of Nursing and Midwifery, and Health and Social Care; its Chaplaincy, its counselling service, its Library; its Academic Registry is wholly a commercial organisation.

41. The University does make clear on its website that it does engage in commercial activity, promoting its willingness to provide formal consultancy to business and the media on commercial terms. It is also keen to use its intellectual property to spin out companies, joint ventures or enter into licence agreements.

42. The accounts for 2004/5 note that the University has a subsidiary company Glasgow Caledonian University Company Ltd which is 100% owned by the University and which was established to develop and control the exploitation of certain non-recurrent grant activities. The accounts note that the company is subject to Corporation Tax and VAT ‘in the same way as any commercial organisation.’

43. By contrast the accounts otherwise declare that the University has been recognised as a charity by the Inland Revenue.

44. More than half the annual income (£50 million) comes as a grant from the Scottish funding Council. Commercial and other income forms only 18.6% of total income.

45. In this circumstance it seems to me that the University would have to identify the specific commercial activity which would be prejudiced substantially if disclosure of the information requested was made. Or if as it claims the whole of the University as a commercial body is affected, it would have to show why disclosure would prejudice substantially the interest of this institution with over £90 million of income and net assets of almost £100 million.

46. In doing so the issues which may be considered are whether the damage or likely damage as a consequence of disclosing the information would be real, not hypothetical; whether the harm caused or likely to be caused was significant, not marginal, and it whether it would occur or be likely to occur in the near future not some distant time.

47. In the case of section 33(1)(b) this might be met by for example providing some estimation of loss of business which might occur if information is disclosed which would be to the advantage of commercial competitors; or the extent of harm which would occur if weaknesses in the commercial operations of the University were disclosed.

48. In this regard, I note that the University has not made any statement to either Mr K, or me, indicating the type of commercial activity that it feels would be substantially inhibited by release of the detailed computer audit report. Instead it has rather focussed on issues which are more generic to the running of an authority such as potential inhibition of future management decision making or whether disclosure would be likely to inhibit the proper outcome of the audit process. I cannot relate these to specific commercial activities of the University. I have not been provided with any information to indicate the extent to which the whole operations of the University, as a commercial body, would be or would likely to be prejudiced substantially.

49. Not only has the University not identified the specific commercial harm to its interests, it has not differentiated amongst the information which it is withholding. The information which it has withheld has been treated as a class of information and the elements appear not have been considered for their content, which should determine whether disclosure of the information would meet the requisite harm test.

50. I note in passing that this appears also to be the approach take by the University when withholding information form the Internal Audit Appendices. The redacted information has been treated as a class of information and the elements appear not have been considered for their content, which should determine whether disclosure of the information would meet the requisite harm test. So information which is not critical of the University or which appears innocuous is withheld alongside more frank or critical conclusions.

51. I note too, as a consequence of this approach, that the University has withheld information in response to Mr K’s request of 7 June which it had already released to him in response to an earlier request. The University auditors use an assessment system ranging from 5 ticks to 1 tick to evaluate specific objectives. The criteria applied to each of these ticks 1-5 has been redacted from the internal audit annual report appendices supplied to Mr K, but the criteria was made available in the annual report itself which was already given to Mr K.

52. The University has also suggested that the information may be confidential regarding the next steps which the university would wish to take in response to the computer audit and it would not wish it to release the information beyond its internal structures. That may be so but again it has not indicated what substantial prejudice would arise from the release of the specific information in this case. And whilst it may be custom and practice in the University to regard the reports as confidential i.e. not to be shared outside of a certain group responsible for managing and governing the University, now, following the introduction of FOISA, such historic practices cannot be relied on and it is necessary for the purposes of claiming s33(1)(b) exemption to consider the content of the information and the effect of its release, rather than simply withhold a class or type of information.

53. It is clear that internal audit reports necessarily address internal processes and procedures in order to evaluate arrangements that are in place to manage functions and funds within an organisation. The information in the general internal audit is typical of such audits in which internal auditors establish what action has been taken on their previous year recommendations, review key areas of activity (usually as part of an audit plan agreed with the authority) and set out their findings and recommendations for action. The management would normally be expected to consider the recommendations and to set alongside their response. It would not be unusual to find that auditors had identified weaknesses in systems and controls or areas for continual improvement. The management responses may have consequences for expenditure, staffing or dealings with external contractors.

54. The University has not directed me to specific elements of the redacted appendices in the audit reports which mean that any such weaknesses may be exploited to the commercial disadvantage of the University or indeed any information which if disclosed would cause or would be likely to cause its commercial interests to be prejudiced substantially. However Mr K’s dissatisfaction is not with this, but with the specific matter of the Computer Audit report.

55. The University has entirely withheld what has been called the Computer Audit report, its recommendations and the management response to these. The internal audit summary report, previously provided to Mr K, had clearly indicated that a high proportion of the fundamental recommendations made by the auditors applied to Management Information Systems and the appendices to that report released to Mr K also indicated that the overall assessment of specific objectives in this area was at variance with the level of assessment commonly found for specific objectives in other areas.

56. The University has argued that release of the recommendations and management responses in the Computer Audit report would mean the University and its contracting third party run a real risk of serious damage to their negotiating positions, both with each other and third parties. However the specific information within the management responses to which they direct me does not to my mind run the risk of serious damage if released, and certainly not to the extent of prejudicing substantially the commercial interests of the University or another party.

57. The University also states that the information withheld could if released be capable of misinterpretation, prejudice future management decision making and inhibit the proper outcome of the audit process. Again there is no indication of what the commercial harm would be if this was to happen, and it is not clear to me how this would happen. I do not believe that the auditors would fail to carry out their functions; I do not see that the university responses would be different or would be couched differently.

58. Some of the responses make reference to staffing, but it is not at all clear why disclosure should give rise to significant disruption amongst the university’s staff.

59. Once more I am being asked to accept that a whole document running to over 30 pages should entirely be withheld. Given the nature of the report there are clearly issues of sensitivity. However the issue is what damage would be done by releasing this information. Would it reveal to third parties what the universities intent was before it was in a position to carry this into effect; would it cause the University to have to incur costs or suffer losses which it would otherwise avoid? Even so it would need to be established that these were significant and would actually or be likely to happen (and of course that these related to commercial interests) before it could be judged that substantial prejudice would or would be likely to occur.

60. With respect to the justification which the University has supplied this is not sufficient justification for withholding all of the report. Nor does it demonstrate that their or a third party’s commercial interests would be prejudiced substantially.

61. On the basis of the evidence presented by the University, I find that it applied the exemption in section 33 (1)(b) wrongly to the Computer Audit report requested by Mr K. Therefore I do not have to consider the application of the public interest test.

Did the University apply the exemption in section 33(1)(b) correctly to the request for a statement on any abatement of Oracle’s charges?

62. The University stated its view that release of a statement of whether or not Oracle’s charges had been abated as a result of unsatisfactory performance would unavoidably harm its negotiating stance with current and potential future providers by alerting the market place, which could potentially place it in a difficult or untenable negotiating position for a new Student System.

63. It should be noted that Mr K did not ask for details or the reasoning behind any abatement of charges, but just a positive or negative response as to whether the charges had been abated or not, as he asked ‘Can (the University) also advise if there has been any abatement of Oracle’s charges as a result of unsatisfactory performance?’. However, in its comments to me, the University stated that it felt that the real issue was the public interest in knowing the reasoning behind the charges, which was much narrower than knowing the charges themselves. This suggests that it considers the question to involve a statement of whether the charges had been abated; if so, why this occurred; and what amounts were involved if the charges were abated.

64. The phrasing of Mr K’s request, however, shows that this is not the case. It is clearly a closed question, where only a positive or negative response is required to answer if the charges were abated as a consequence of unsatisfactory performance. I will therefore only concentrate upon the response required by Mr K’s request in considering the University’s application of section 33 (1)(b).

65. If there was provision for abatement for unsatisfactory performance and this occurred then the University will have this as recorded information, and would be able to confirm that such abatement took place. If no abatement took place for such a reason then it would also be able to confirm this. The University would not have to go beyond such a simple response although it could choose to expand upon its answer or provide contextual information.

66. When Mr K asked whose interests would be substantially prejudiced by the disclosure of the information on abatement of charges the University replied on 4 July that it would be the University’s interests which would be so affected.

67. However the University has since told me that it believes that the information is highly sensitive in relation to the commercial interests of both it and of a third party from which it purchased the Oracle system.

68. The University, however, has also stated that it “could potentially” find itself in breach of contract regarding confidentiality through release of such information. In order for information to be deemed confidential, I take the view that it must first satisfy 2 basic requirements: that it was obtained by another person, which can include another body or organisation, and that disclosure would constitute an actionable breach of confidence by the person who supplied that information or another person.

69. The University have not made any such claim; nor have they sought to apply the exemption at section 36 of FOISA Confidentiality

70. Further to this, it must also be noted that that the University has only cited the possibility of breach of contract (I do not think it could be put any stronger than that from the terms of its response to me on this point) and I would therefore not take this to be a real enough threat to the commercial interests of the University, since it is only a remote hypothetical threat.

71. With regard to such a disclosure adversely affecting its negotiating stances with current and future providers of the Student System, the University has not stated how or why this would manifest itself, other than to say that disclosure would ‘alert the market place’ to an extent that would make future negotiations for a new Student System difficult or untenable.

72. Whilst the University has provided me with information to show that there are issues of sensitivity regarding the Oracle system and in its dealings with third parties I do not see how a simple yes or no answer to Mr K’s question will adversely affect these dealings to any serious extent, and certainly not to the extent of prejudicing substantially the whole commercial interests of the University

73. As I can find no justification for the University to apply section 33(1)(b) to the abatement of charges, there is no need for me to consider the application of the public interest test in the context of this exemption.

Decision

I find that Glasgow Caledonian University (the University) has not dealt with Mr K’s request for information in accordance with Part 1 of the Freedom of Information (Scotland) Act 2002, in that it misapplied the exemption in sections 33(1)(b) of FOISA to the information withheld and consequently failed to comply with section 1(1) of FOISA.

I require the University to release the detailed auditors’ recommendations and management responses to these, contained within the Computer Audit report, along with an answer as to whether there was any abatement of Oracle’s charges as a result of unsatisfactory performance as requested by Mr K in his request of 7 June 2005.

I find that the University failed to comply with section 24(5) of FOISA by not specifying in its review notice that it had substituted one exemption for another on review. I do not require the University to take any action as a consequence of this breach.

I cannot require the University to take any action until the time allowed for an appeal to be made to the Court of Session has elapsed. I therefore require Glasgow Caledonian University to release the information to Mr K within 2 months of the date of this decision notice.

Kevin Dunion
Scottish Information Commissioner
13 July 2006

PDF Icon Link to PDF file of decision 134/2006 (88.3 kb)