Author: Robin Hopkins

Local authorities and NHS Trusts (1): compromise agreements, officers’ identities and gagging clauses

Posted on | by Robin Hopkins

From a FOIA perspective, local authorities and NHS Trusts have this in common: both frequently receive requests for details of compromise agreements and other details about individual officers’ employment and disciplinary records. Three recent cases before the Tribunal confirm the general trend that – absent case-specific and well-evidenced arguments – the Commissioner and Tribunal re reluctant to order disclosure of such personal data, notwithstanding the context of public sector employees.

First, Trago Mills v IC and Teignbridge DC (EA/2012/0028) involved a request for the details of the severance package of a senior planning officer. Based on his dealings with that officer during a number of planning applications, the requester suspected that the stated reason for the officer’s departure from the Council (i.e. early retirement/redundancy) was in fact a ‘shield’, and that the officer had left for reasons of misconduct. The requester had also asked for information on that officer’s handling of planning applications in 2007.

The Council refused the request for the severance information on s. 40(2) grounds. The Commissioner and the Tribunal agreed: the requester’s suspicions were not borne out by the evidence, and the Council had a duty to respect its former employee’s reasonable expectation of privacy. The Tribunal also found that the Council held no further information within the scope of the request given the thoroughness of its searches. I represented the Council in this case, so no further commentary from me. For a detailed analysis of the issues, see the Local Government Lawyer’s article here. 11KBW’s Chris Knight represented the Information Commissioner.

Second, McFerran v IC (EA/2012/0030) involved a police search of a Council residence owned by Shropshire County Council. At the police’s request, two junior Council officers were present, but they had not been involved in any of the decision-making. The requester had concerns about the search and about what the Council may have told the police in the lead-up to the search. He requested the names of the two junior officers as well as their immediate superior. The Council refused, relying on s. 40(2).

The Commissioner ordered disclosure of the name of the more senior officer, but not of the two juniors. The requester’s appeal against the latter finding was dismissed, with the Tribunal observing that “although… there is clearly a legitimate public interest in transparency of activity by public authorities, which impinges on the personal freedom of householders, there is insufficient information provided to add significant weight to the general public interest in transparency in public affairs. The Appellant has not satisfied us, either, that his attempts to have the matter investigated are being thwarted by the absence of the names of the individuals in question. If there is sufficient information about the event to interest those responsible for an investigation the absence of names will not deter them.”

The McFerran decision illustrates that, when it comes to junior officials, general transparency considerations will usually not suffice for the disclosure of personal data: case-specific factors will be needed. Local authorities should, however, avoid the blanket non-disclosure of the names of all officers below a certain level of seniority. What matters is what work they have done, rather than what grade or band they are at.

McFerran also illustrates that requesters will often face the following sorts of objection: even if you have valid grounds for concern or complaint about individuals, there are ways of addressing those without disclosure of personal data to the world at large.

The third recent s. 40(2) arose in the context of NHS Trusts and allegations of Trusts using “gagging clauses” in compromise agreements to silence criticism or whistleblowing from departing employees. In Bousfield v IC and Six NHS Trusts (EA/2011/0212; 0213; 0247; 0250; 0251; 0252), the requester was interested not in any specific individual’s compromise agreement, but in the use of such agreements by NHS Trusts more generally. He asked: “Please provide copies of all compromise agreements you have entered into with doctors of any grade. Please also provide a list of exploratory or illustrator issues covered by the compromise agreements (ie the reasons the compromise agreements were entered into)”. One Trust refused to confirm or deny whether it held such information, relying on s. 40(5) (the argument being that there was a risk of identifying any individuals involved, which would breach the first data protection principle) and s. 43(3) (the argument being that confirmation or denial would prejudice the Trust’s commercial interests). Other Trusts also refused the requests, relying on a combination of s. 40(2) (personal data), s. 41 (actionable breach of confidence), 42 (legal professional privilege) and 36(2) (prejudice to the effective conduct of public affairs).

The Commissioner agreed, and the Tribunal has dismissed the requesters appealed. One Trust had conceded that, if there was evidence of gagging clauses being used to prevent former employees from raising any issues concerning patient safety, there would be enormous public interest in disclosing such practices. The decisive issue in this case, however, was that the Tribunal was satisfied on the evidence that no such clauses were being used by these Trusts. Therefore, it concluded that “it is entirely sympathetic to the overall concern that the Appellant feels with regard to the apparently increasing prevalence of gagging clauses but does not find that issue or concern in any way material to the matters which the Tribunal in fact has had to consider”.

It seems that, if the evidence had borne out the requester’s concerns, the analysis may have been very different. This ‘gagging clause’ issue has been considered at Tribunal level before: Bousfield v IC (EA/2009/0113). It may yet resurface.

Robin Hopkins

Meaning of ‘public authority’ under the EIRs: ECJ to consider

Posted on | by Robin Hopkins

The leading authority on the meaning of “public authority” under regulation 2 of the EIR is Smartsource v IC and a Group of 19 additional water companies [2010] UKUT 415 (AAC). In that case, the Upper Tribunal found that the water companies were not public authorities for EIR purposes. Smartsource has been applied in, for example, Bruton v IC and Duchy of Cornwall and Montford v IC and BBC.

The issue has returned to the Upper Tribunal in Fish Legal v IC [2012] UKUT 177 (AAC), again in the context of water companies. As the Upper Tribunal has noted, however, the principles are relevant to other privatised, regulated industries that deliver a once publicly-owned service: electricity, gas, rail and telecoms. As the EIR implement European legislation, the meaning of “public authority” has been referred to the ECJ, which has recently published the questions it will be considering.

These involve the meaning of ‘performing public administrative functions under national law’ (is the applicable law and analysis purely a national one? If not, what EU law criteria should be used?), what does ‘control’ mean (in the context of one person/body controlling another) and does an ‘emanation of the state’ necessarily come within the definition? Another crucial issue is the so-called ‘hybrid authority’ question: if a body falls partly within the definition, do EIR rights apply only to those parts (functions, activities etc) that do, or to the whole of the person/body?

Those are, of course, paraphrases. The actual questions can be found here. The ECJ’s answers will be enormously important to information access rights in the UK.

11KBW’s Rachel Kamm represented the Information Commissioner before the Upper Tribunal.

Robin Hopkins

The Equitable Life collapse: strong public interests needed to trump s. 30

Posted on | by Robin Hopkins

Wynn v IC and Serious Fraud Office (EA/2011/0185) concerned the dramatic closure in late 2000 of the insurer Equitable Life. Both the Ombudsman and the Penrose Inquiry examined the collapse and published their reports. Attempts to compensate those who lost money have been pursued through the courts and considered by parliament.

The Serious Fraud Office became involved to consider whether any criminal charges should be brought against those involved in the collapse. Pursuant to its functions under the Criminal Justice Act 1987, it analysed the material and took legal advice in order to decide whether or not to commence a criminal investigation. In effect, it investigated whether or not to investigate. In December 2005, the SFO announced that it would not commence an investigation.

Mr Wynn was dissatisfied with that decision. Eventually, in 2009, he asked the SFO for all of the information it held on Equitable Life. It provided him with some information – importantly, this included (pursuant to a direction from the ICO) a ‘vetting note’, which summarised the SFO’s reasoning on why successful prosecutions were unlikely. The SFO withheld the remainder of the voluminous information it held, relying on s. 12 (cost of compliance) for some it and ss. 30(1) (investigations) and 42 (legal professional privilege) for the rest. The ICO agreed.

Mr Wynn’s appeal to the Tribunal was dismissed. The Tribunal was satisfied that the s. 12 estimate was reasonable and well evidenced. S. 30(1) was engaged: a preliminary investigation (or, as I have put it above, an investigation into whether to investigate) was an investigation for s. 30(1) purposes nonetheless.

The public interest favoured maintaining that exemption. Case-specific points included the substantial transparency delivered by the Ombudsman and Penrose Inquiry reports and the SFO’s vetting note. There was nothing to suggest that the SFO had got things wrong.

The decision also contains a number of points of more general application. The Tribunal endorsed the account given in Breeze v Information Commissioner (EA/2011/0057) of the concerns protected by s. 30(1): protecting witnesses and informants (including their confidentiality), maintaining the integrity of the prosecution and judicial process, and ensuring that the court remained the sole forum for determining guilt. The ‘safe space’ point was also important: prosecutors need a safe space in which to make their decisions without any fear their frank assessments being publicised too soon after the event.

Notwithstanding the passage of time between the conclusion of that investigation and the request under FOIA, those factors counted very heavily in favour of maintaining the exemption under s. 30(1). The Tribunal endorsed this general proposition from Public Prosecutor of Northern Ireland v IC (EA/2010/0109): “in order for disclosure to be ordered in such cases public interest factors of at least equal weight would have to be adduced. A general interest in transparency as to a prosecution authority’s decisions will not be sufficient. Something substantial and particular to the information would be required” (paragraph 35).

The general upshot is that, in recent years, s. 30(1) has grown into a ‘strong’ exemption, i.e. one that requires weighty and particular factors to ‘defeat’. ‘Safe space’ arguments have also fared somewhat better in the prosecution context than the policy-making
context (under s. 35 of FOIA) in Tribunal decisions over the last year or two.

Finally, it is long-established that s. 42(1) is a ‘strong’ exemption, requiring weighty factors if disclosure of privileged information is to ordered. None were forthcoming in Wynn.

Robin Hopkins

Section 7(9) DPA is about privacy, not employment disputes

Posted on | by Robin Hopkins

Disputes about subject access requests under section 7 of the Data Protection Act 1998 only rarely make their way to the Higher Courts. The leading – and often bedevilling – case of Durant is, for example, now 9 years old. Given this scarcity of precedent from the High Court and Court of Appeal, up-to-date illustrations of the judiciary’s approach to the DPA are most usefully sought in County Court judgments – see for example Panopticon’s post on the case of Elliot v Lloyds TSB Bank from earlier this year.

The most recent notable judgment is that of the County Court (HHJ May QC) in Professor Karim Abadir v Imperial College.

The applicant is an eminent econometrics professor employed by Imperial and has been since 2005. In 2011, Professor Abadir took issue when another professor at Imperial began to assess the academic staff by means of subjective metrics. The applicant objected to this, considering those metrics to be inappropriate for the academic staff in his department, and sought disclosure of the discussions that had taken place prior to their implementation.  Aggrieved, he made a subject access request. He was given some information, apparently of the human resources variety in the main. He objected to the nature of some of the comments which had been circulated about him and took the view that some of the emails he sought had been deleted. Imperial informed him in July that it would be implementing an email system upgrade and change of server in August. The applicant feared that some of the emails he wished to obtain would be permanently deleted. He sought an injunction preventing the systems work and requiring Imperial to search for and disclose to him “every document where reference is made” to him, including in deleted files.

Professor Abadir’s application was refused for a number of reasons.

Two reasons were matters of form, in that they related to what was missing from the application. The application was “objectionable” on the grounds that the applicant had not specified the nature of the underlying claim he would bring in due course. Also, assuming the underlying intended claim to be under section 7(9) of the DPA, the Judge expected the applicant to provide a draft order specifying exactly what information or searches he sought. The applicant had not done so. Instead, he asked for “generalised search of all computer systems, to include deleted data”.

Two further reasons were fatal in substantive terms. One was that there was no evidence to support the claim that the systems work would lead to the permanent loss of relevant emails. In fact, Imperial’s evidence contradicted that. There was thus no urgency to justify granting an injunction.

The final reason concerned the purpose or motive behind Professor Abadir’s claim. It was confirmed that his purpose was “to obtain disclosure of documents for purposes of deciding how to frame and pursue against Imperial College employment grievances which Prof Abadir believes he has. Put this way, the process by which documents are sought, given the purpose to which they are intended to be put, is much more akin to an application for pre-action disclosure.  It is disclosure, not right of access to personal data, which Prof Abadir is really seeking from Imperial College.”

On this point, HHJ May QC concluded that “disclosure is sought is not for the purposes of protecting Prof Abadir’s privacy but for the purposes of pursuing a claim against his employer.  To use the provisions of the DPA to pursue such a purpose is an abuse: Ezsias v The Welsh Ministers”.

Unusually, the Judge also awarded the University costs on an indemnity basis. In part, this was because the applicant had failed to identify the underlying cause of action, or to contact Imperial to make enquiries about its server changes before issuing his application for an injunction. HHJ May QC also concluded as follows: “to the extent that the injunction was sought for the purposes of supporting an intended action for DPA disclosure, it was clearly misconceived.  To seek disclosure under the DPA for the purposes of considering an employment claim is an abuse.  In any event, as DPA proceedings are for the purposes of protecting privacy, deletion/destruction of documents would not be contrary to those purposes, quite the reverse.”

It is apparent, therefore, that Courts continue to be unimpressed by the pursuit of subject access requests motivated by prospective litigation, and that they tend to see privacy concerns (rather than employment grievances) as the underlying rationale for the right of access to personal data. This will be welcomed by many data controllers.

Anya Proops appeared for Imperial College.

Robin Hopkins

The Data Protection Act in defamation cases: increasingly relevant, potentially primary?

Posted on | by Robin Hopkins

The Data Protection Act 1998 is increasingly being deployed as part of a claimant’s arsenal in defamation claims. The Information Commissioner has historically resisted policing DPA breaches in the context of allegedly defamatory expressions of opinion by one person about another.

Courts, on the other hand, have accepted that expressions of opinion about individuals are (as the definition at section 1 of the DPA makes clear) personal data, and that the DPA can therefore bite. This has arisen, for example, in the context of Norwich Pharmacal claims seeking the disclosure of the identities of users posting allegedly defamatory material. See for example Applause Store Productions Ltd and another v Raphael [2008] EWHC 1781 (QB), on which Anya posted here.

The use of the DPA in defamation claims (or cases which, though brought under the DPA, look in substance like defamation claims) has, it seems, gathered momentum. In late 2011, Tugendhadt J gave judgment in a case about the ‘solicitors from hell’ website:  The Law Society and others v Rick Kordowski [2011] EWHC 3185 (QB), on which Rachel Kamm posted here.

Last month, the DPA was again successfully relied upon as founding an arguable defamation-type claim. Desmond v Foreman, Shenton, Elliott, Cheshire West and Cheshire Council and Cheshire East Council [2012] EWHC 1900 (QB), involved a cover teacher who was suspended and ultimately dismissed following allegations that he had conducted himself in an inappropriate sexual manner towards a sixth-form student. The case involved a number of communications: meetings to discuss the allegations; requests for information from the police and previous employers; referrals to the Independent Safeguarding Authority, and queries about his home situation made by an officer of one local authority to an officer at another.

The claimant contended that a number of these communications implied that he was actually guilty of and had actually committed various serious offences (including rape, of which he had been accused in 2001 but exonerated through court proceedings). He brought a defamation claim, also contending that the allegedly defamatory statements infringed his rights under Article 8 and the DPA (in particular, breaches of data protection principles 1, 2, 3, 4 and 6).

The defendants – two local authorities, a headmaster and two local authority officers – sought summary judgment. They said the communications complained of were no more than expressions of concern that matters needed investigating, they asserted qualified privilege (based on the performance of their public duties) and justification.

The judge – as in Kordowski, Tugendhadt J – dismissed the application for summary judgment in part, finding that the claimant’s case under Article 8 and the DPA had a real prospect of success in relation to some of the communications complained of.

The judgment is of interest not only as an illustration of the difficulties of lawfully sharing sensitive information (including opinions) in the context of safeguarding children. It also illustrates that the DPA is increasingly – and realistically – being pressed into the service of types of complaint traditionally brought under other heads. The DPA and Article 8 are, of course, long-standing and natural complements to each other. Defamation, however, is slightly more alien territory for the DPA. Copyright infringement (on which, see a post of mine from last year here) is another area to which the DPA is increasingly relevant.

What, it is sometimes wondered, does a claim under the DPA add which is not already covered by claims under Article 8, defamation and so on? After all, as the defendants in Desmond argued, if someone is aggrieved at DPA breaches, then he has another remedy available, namely a complaint to the ICO. Interestingly, Tugendhadt J’s judgment in Desmond reverses this: what, he asked, would an Article 8 or defamation claim add to the DPA claim – at least with respect to one of the communications complained of? In particular, he was concerned with how best to deal with the claim that information about the 2001 rape allegation had been processed (retained, communicated) without reference to the judgments exonerating the claimant.

This last point about fair and accurate records of serious allegations is important: see an older post of mine here.

For the moment, back to Desmond and how best to deal with legal claims about this sort of complaint. Tugendhadt J said this:

“81. How and why it is that the references to the 2001 incident came to be recorded, but recorded without mentioning the public judgments of the court containing the police’s explanation for not charging the Claimant, is a question for which the proceedings under the DPA may provide the most appropriate form of investigation (as the Court of Appeal suggested in para 51 of their judgment). It is for consideration whether claims under the HRA or in defamation would add any benefit to the Claimant over and above a claim under the DPA. And as noted above, a claim under the DPA appears to raise no issues of limitation.

82. I invited the parties to consider why the Court should not direct that the claim under the DPA proceed first and separately from the other two claims, and give directions as to the filing of evidence (or agreed statements of facts) so that the matter could be determined in accordance with the overriding objective, and in particular with the objective of allotting to the case an appropriate share of the court’s resources.”

This demonstrates that, at least in some circumstances, the DPA may appropriately play the lead role rather than a supporting one in a complaint about unjustifiable and damaging communications about individuals. It looks as if the DPA will continue to flex muscles it did not even know it had.

Robin Hopkins

The BBC in the Tribunal: not a public authority under the EIR; strong arguments for disclosure of licence fee legal advice

Posted on | by Robin Hopkins

In Montford v IC and BBC (EA/2009/0114), the appellant had asked the BBC various questions about its expenditure in relation to Cambridge Media and Environment Program, which researched and planned a programme of seminars that had been running since 2005 at which BBC editorial staff discussed issues such as environmental change and world development, with the objective of improving BBC journalism in those areas.

The BBC is a public authority within Schedule 1 of FOIA only within the following parameters: “The British Broadcasting Corporation, in respect of information held the purposes other than those of journalism, art or literature”. The Supreme Court addressed this “derogation” from FOIA in Sugar v BBC [2012] UKSC 4: see our post here. Montford concerned not only the application of Sugar to this request, but also an argument that, given the subject matter of the request and the BBC’s activities, the BBC was a public authority within the meaning of regulation 2 of the EIR.

The Tribunal considered the leading cases on the latter point (Smartsource, Port of London, Network Rail, Bruton) and – applying the multifactorial approach from Smartsource – concluded that the BBC was not a public authority under the EIR. Further, the requested information was not environmental: that requires more than a remote link to the environment, and in the present case there was no link. It was therefore FOIA which applied, and Sugar meant that the requested information fell within the derogation. The BBC therefore did not have to provide it.

The BBC also featured – though not as a party – in another Tribunal decision of late. Crawford v IC and DCMS (EA/2012/0018) concerned the conclusion of the ‘BBC settlement’, ie the funding arrangements (freezing of the licence fee, BBC taking over World Service funding and so on) agreed with extraordinary speed between Jeremy Hunt and BBC Trust chair Michael Lyons in October 2010. The requester – a BBC journalist – sought information about that agreement. By the time of the hearing, the only disputed information was legal advice, which fell within section 42(1) of FOIA. The argument focuses on the public interest.

As readers will be aware, information falling within section 42(1) has very rarely been ordered for disclosure by the Tribunal. One gets the sense from the Tribunal’s decision in Crawford that the appellant here came closer than most to getting the information he sought.  The Tribunal noted the unprecedented speed with which negotiations about matters of great public interest were concluded in 2010. In the circumstances, there were “weighty factors in favour of disclosure of any information which can shed light on how this speedy settlement which affects so many people was reached. In other words there is a significant public interest in transparency and accountability in this case”. The stumbling block, however, was that the disputed legal advice shed only limited light on those concerns. Disclosure was thus not ordered. The Tribunal concluded on a note of sympathy with the requester:

“We would observe that we can understand why Mr Crawford has pursued this matter to a hearing despite disclosure of most of the information originally requested. It seems to us, that despite the exceptional nature of the CSR, the haste of the negotiations and lack of record of what took place means that Mr Crawford has quite understandably had to challenge the DCMS into providing whatever contemporaneous record there might be to help him in his journalist pursuit to provide the public with the facts of this unprecedented Licence Fee Settlement with its far reaching effects.”

Robin Hopkins