Decisions Round-up: 12 to 16 January 2015

 The five decisions we published this week contain some useful learning points for requesters, including advice on why FOI isn't the appropriate route to access your own personal data.


Key messages:


  • The Data Protection Act is the appropriate route for accessing your own personal data: it isn't available under FOI
    Where you're looking for information about yourself, the information is your own personal data. Access to your own personal data is regulated by the Data Protection Act, rather than the FOI Act. This access right is available to you alone, as the person the information is about, while information disclosed under FOI is available to everyone. Where (as in two of this week's decisions) we're asked to look at requests for this kind of information, we must find that it's exempt: it's not that you shouldn't have access to the information, just that FOI isn't the appropriate route. For more information on access personal information, visit:


  • ...on the other hand, the authority still needs to respond under FOI
    Where an authority receives a request for the requester's personal data (and the requester hasn't made it clear that they're exercising their Data Protection rights), the authority's still under a duty to respond under FOI. If it wants to refuse the request because it's for the requester's personal data, it must apply the appropriate FOI exemption and give the requester clear notice that it's doing so. In Decision 005/2015, the authority had given the necessary notice on review, but suggested that this was merely good practice - it's not.


  • Try to be reasonable in your expectations
    While the reporting of an issue in the media may lead you to expect that the authority holds the information you're looking for, be aware that there may still be good reasons why the information isn't held. In Decision 004/2015, the requester had read media reports about an audit of Aberdeen City Council property transactions. She understood the police had carried out a criminal investigation. In fact, the auditors had notified the police of the outcome of the audit, but not that any crime had been committed. In the circumstances, we accepted that the police didn't hold the information the requester was looking for.


  • Be careful when reading and interpreting requests
    Be sure you understand what the requester is looking for, and search for and consider that information in responding to the request. Make sure the request has been properly understood when you carry out a review. In Decision 001/2015 the request wasn't properly considered at either stage, leading to considerable confusion, which could easily have been avoided. In Decision 003/2015, it should have been clear to the authority that the requester was making an information request - and that he was seeking environmental information.

 Decisions issued:

  • Decision 001/2015 Autism Rights and the Scottish Ministers
    Autism Rights asked the Ministers for information about responses submitted to the consultation on the draft Mental Health Bill. The Ministers responded with some information. We found that the Ministers failed to properly interpret Autism Rights' request, resulting in the provision of wrong information, and failed to give Autism Rights notice that they did not hold some of the information requested. However, by the end of the investigation, we were satisfied that the Ministers had provided Autism Rights with the correct response.


  • Decision 002/2015 Mr C and the Scottish Prison Service (SPS)
    Mr C asked the SPS for information about its handling of a complaint. The SPS informed Mr C that some information was his own personal data, which he could request under the Data Protection Act 1998 (the DPA). We accepted that the SPS was correct to withhold some information under section 38(1)(a) of the FOI Act, but found that it had not provided Mr C with other relevant information. As the SPS provided this information during the investigation, we did not require the SPS to take any action.


  • Decision 003/2015 Mr John Flynn and Perth & Kinross Council
    Mr Flynn asked the Council for information regarding his private water supply. The Council responded by providing explanations and answers to the questions Mr Flynn had raised, telling him that it did not hold the recorded information he had requested. We found that not all of Mr Flynn's requests were valid. Where they were, we agreed that the Council had correctly told Mr Flynn that it did not hold the information he requested. We also found, however, that the Council failed to respond a way that complied fully with the Environmental Information (Scotland) Regulations (the EIRs).


  • Decision 004/2015 Ms Suzanne Kelly and the Chief Constable of the Police Service of Scotland
    Ms Kelly asked for information relating to an investigation into Aberdeen City Council's property transactions. Police Scotland told Ms Kelly that it did not hold the information requested. Following investigation, we accepted this.


  • Decision 005/2015 Mr M and the Chief Constable of the Police Service of Scotland (Police Scotland)
    Mr M asked for a comprehensive list of CCTV recovered by Police Scotland during their investigation of a case. Police Scotland informed him that the list had previously been supplied to Mr M's legal representative and he should be able to access it that way. They later confirmed that the information was exempt under section 38(1)(a) of the FOI Act, as it was Mr M's own personal data. We found that Police Scotland were entitled to withhold the requested information under FOI, as it was Mr M's personal data.

Back to Top