Local authorities and NHS Trusts (1): compromise agreements, officers’ identities and gagging clauses

Posted on | by Robin Hopkins

From a FOIA perspective, local authorities and NHS Trusts have this in common: both frequently receive requests for details of compromise agreements and other details about individual officers’ employment and disciplinary records. Three recent cases before the Tribunal confirm the general trend that – absent case-specific and well-evidenced arguments – the Commissioner and Tribunal re reluctant to order disclosure of such personal data, notwithstanding the context of public sector employees.

First, Trago Mills v IC and Teignbridge DC (EA/2012/0028) involved a request for the details of the severance package of a senior planning officer. Based on his dealings with that officer during a number of planning applications, the requester suspected that the stated reason for the officer’s departure from the Council (i.e. early retirement/redundancy) was in fact a ‘shield’, and that the officer had left for reasons of misconduct. The requester had also asked for information on that officer’s handling of planning applications in 2007.

The Council refused the request for the severance information on s. 40(2) grounds. The Commissioner and the Tribunal agreed: the requester’s suspicions were not borne out by the evidence, and the Council had a duty to respect its former employee’s reasonable expectation of privacy. The Tribunal also found that the Council held no further information within the scope of the request given the thoroughness of its searches. I represented the Council in this case, so no further commentary from me. For a detailed analysis of the issues, see the Local Government Lawyer’s article here. 11KBW’s Chris Knight represented the Information Commissioner.

Second, McFerran v IC (EA/2012/0030) involved a police search of a Council residence owned by Shropshire County Council. At the police’s request, two junior Council officers were present, but they had not been involved in any of the decision-making. The requester had concerns about the search and about what the Council may have told the police in the lead-up to the search. He requested the names of the two junior officers as well as their immediate superior. The Council refused, relying on s. 40(2).

The Commissioner ordered disclosure of the name of the more senior officer, but not of the two juniors. The requester’s appeal against the latter finding was dismissed, with the Tribunal observing that “although… there is clearly a legitimate public interest in transparency of activity by public authorities, which impinges on the personal freedom of householders, there is insufficient information provided to add significant weight to the general public interest in transparency in public affairs. The Appellant has not satisfied us, either, that his attempts to have the matter investigated are being thwarted by the absence of the names of the individuals in question. If there is sufficient information about the event to interest those responsible for an investigation the absence of names will not deter them.”

The McFerran decision illustrates that, when it comes to junior officials, general transparency considerations will usually not suffice for the disclosure of personal data: case-specific factors will be needed. Local authorities should, however, avoid the blanket non-disclosure of the names of all officers below a certain level of seniority. What matters is what work they have done, rather than what grade or band they are at.

McFerran also illustrates that requesters will often face the following sorts of objection: even if you have valid grounds for concern or complaint about individuals, there are ways of addressing those without disclosure of personal data to the world at large.

The third recent s. 40(2) arose in the context of NHS Trusts and allegations of Trusts using “gagging clauses” in compromise agreements to silence criticism or whistleblowing from departing employees. In Bousfield v IC and Six NHS Trusts (EA/2011/0212; 0213; 0247; 0250; 0251; 0252), the requester was interested not in any specific individual’s compromise agreement, but in the use of such agreements by NHS Trusts more generally. He asked: “Please provide copies of all compromise agreements you have entered into with doctors of any grade. Please also provide a list of exploratory or illustrator issues covered by the compromise agreements (ie the reasons the compromise agreements were entered into)”. One Trust refused to confirm or deny whether it held such information, relying on s. 40(5) (the argument being that there was a risk of identifying any individuals involved, which would breach the first data protection principle) and s. 43(3) (the argument being that confirmation or denial would prejudice the Trust’s commercial interests). Other Trusts also refused the requests, relying on a combination of s. 40(2) (personal data), s. 41 (actionable breach of confidence), 42 (legal professional privilege) and 36(2) (prejudice to the effective conduct of public affairs).

The Commissioner agreed, and the Tribunal has dismissed the requesters appealed. One Trust had conceded that, if there was evidence of gagging clauses being used to prevent former employees from raising any issues concerning patient safety, there would be enormous public interest in disclosing such practices. The decisive issue in this case, however, was that the Tribunal was satisfied on the evidence that no such clauses were being used by these Trusts. Therefore, it concluded that “it is entirely sympathetic to the overall concern that the Appellant feels with regard to the apparently increasing prevalence of gagging clauses but does not find that issue or concern in any way material to the matters which the Tribunal in fact has had to consider”.

It seems that, if the evidence had borne out the requester’s concerns, the analysis may have been very different. This ‘gagging clause’ issue has been considered at Tribunal level before: Bousfield v IC (EA/2009/0113). It may yet resurface.

Robin Hopkins

Important development in local government transparency

Posted on | by Panopticon Blog

The Local Authorities (Executive Arrangements) (Meetings and Access to Information) (England) Regulations 2012 (SI 2012/2089) came into force this week (10 September). The aim is to enhance the transparency of local government decision-making, including through the detailed prescription of what an officer must record in relation to an “executive” decision (see regulation 13(4)). Exactly how far does this extend? What counts as an executive decision? These and other thorny issues under the new regulations have been addressed by 11KBW’s Clive Sheldon QC, whose legal advice is discussed in this piece by Dr Nicholas Dobson of Pannone LLP and in this piece by Philip Hoult in the Local Government Lawyer, which also features commentary on the new regulations by Geoff Wild of Kent County Council here.

Robin Hopkins

Meaning of ‘public authority’ under the EIRs: ECJ to consider

Posted on | by Robin Hopkins

The leading authority on the meaning of “public authority” under regulation 2 of the EIR is Smartsource v IC and a Group of 19 additional water companies [2010] UKUT 415 (AAC). In that case, the Upper Tribunal found that the water companies were not public authorities for EIR purposes. Smartsource has been applied in, for example, Bruton v IC and Duchy of Cornwall and Montford v IC and BBC.

The issue has returned to the Upper Tribunal in Fish Legal v IC [2012] UKUT 177 (AAC), again in the context of water companies. As the Upper Tribunal has noted, however, the principles are relevant to other privatised, regulated industries that deliver a once publicly-owned service: electricity, gas, rail and telecoms. As the EIR implement European legislation, the meaning of “public authority” has been referred to the ECJ, which has recently published the questions it will be considering.

These involve the meaning of ‘performing public administrative functions under national law’ (is the applicable law and analysis purely a national one? If not, what EU law criteria should be used?), what does ‘control’ mean (in the context of one person/body controlling another) and does an ‘emanation of the state’ necessarily come within the definition? Another crucial issue is the so-called ‘hybrid authority’ question: if a body falls partly within the definition, do EIR rights apply only to those parts (functions, activities etc) that do, or to the whole of the person/body?

Those are, of course, paraphrases. The actual questions can be found here. The ECJ’s answers will be enormously important to information access rights in the UK.

11KBW’s Rachel Kamm represented the Information Commissioner before the Upper Tribunal.

Robin Hopkins

The Equitable Life collapse: strong public interests needed to trump s. 30

Posted on | by Robin Hopkins

Wynn v IC and Serious Fraud Office (EA/2011/0185) concerned the dramatic closure in late 2000 of the insurer Equitable Life. Both the Ombudsman and the Penrose Inquiry examined the collapse and published their reports. Attempts to compensate those who lost money have been pursued through the courts and considered by parliament.

The Serious Fraud Office became involved to consider whether any criminal charges should be brought against those involved in the collapse. Pursuant to its functions under the Criminal Justice Act 1987, it analysed the material and took legal advice in order to decide whether or not to commence a criminal investigation. In effect, it investigated whether or not to investigate. In December 2005, the SFO announced that it would not commence an investigation.

Mr Wynn was dissatisfied with that decision. Eventually, in 2009, he asked the SFO for all of the information it held on Equitable Life. It provided him with some information – importantly, this included (pursuant to a direction from the ICO) a ‘vetting note’, which summarised the SFO’s reasoning on why successful prosecutions were unlikely. The SFO withheld the remainder of the voluminous information it held, relying on s. 12 (cost of compliance) for some it and ss. 30(1) (investigations) and 42 (legal professional privilege) for the rest. The ICO agreed.

Mr Wynn’s appeal to the Tribunal was dismissed. The Tribunal was satisfied that the s. 12 estimate was reasonable and well evidenced. S. 30(1) was engaged: a preliminary investigation (or, as I have put it above, an investigation into whether to investigate) was an investigation for s. 30(1) purposes nonetheless.

The public interest favoured maintaining that exemption. Case-specific points included the substantial transparency delivered by the Ombudsman and Penrose Inquiry reports and the SFO’s vetting note. There was nothing to suggest that the SFO had got things wrong.

The decision also contains a number of points of more general application. The Tribunal endorsed the account given in Breeze v Information Commissioner (EA/2011/0057) of the concerns protected by s. 30(1): protecting witnesses and informants (including their confidentiality), maintaining the integrity of the prosecution and judicial process, and ensuring that the court remained the sole forum for determining guilt. The ‘safe space’ point was also important: prosecutors need a safe space in which to make their decisions without any fear their frank assessments being publicised too soon after the event.

Notwithstanding the passage of time between the conclusion of that investigation and the request under FOIA, those factors counted very heavily in favour of maintaining the exemption under s. 30(1). The Tribunal endorsed this general proposition from Public Prosecutor of Northern Ireland v IC (EA/2010/0109): “in order for disclosure to be ordered in such cases public interest factors of at least equal weight would have to be adduced. A general interest in transparency as to a prosecution authority’s decisions will not be sufficient. Something substantial and particular to the information would be required” (paragraph 35).

The general upshot is that, in recent years, s. 30(1) has grown into a ‘strong’ exemption, i.e. one that requires weighty and particular factors to ‘defeat’. ‘Safe space’ arguments have also fared somewhat better in the prosecution context than the policy-making
context (under s. 35 of FOIA) in Tribunal decisions over the last year or two.

Finally, it is long-established that s. 42(1) is a ‘strong’ exemption, requiring weighty factors if disclosure of privileged information is to ordered. None were forthcoming in Wynn.

Robin Hopkins

Data protection & article 8 – a smorgasbord of information law news stories…

Posted on | by Anya Proops KC

A number of interesting news stories engaging information law principles have been hitting the headlines over the last couple of days. First, the Communities Secretary, Eric Pickles, has issued a report condemning the excessive use of surveillance powers by public authorities under RIPA, including local authorities and others (you can read about the report in this Guardian article). Second, the Guardian has reported on information obtained from the Metropolitan Police under FOIA which apparently reveals that around 14m Metropolitan Police intelligence reports and 38m intelligence reports from other forces are being made available to all of Britain’s police agencies on the Police National Database. The reports evidently contain information about not only about convicted offenders but also about individuals who have never been charged or convicted of any crime (see the article here and see further on this issue my post in June of this year on the retention of police custody photos). Third, there has today been discussion in the media of the Legal Services Ombudsman’s decision to publish online the names of solicitors and barristers where either ‘a pattern of complaints’ has emerged in respect of a particular lawyer or where publication is otherwise ‘in the public interest’ (see further today’s Radio 4 ‘You and Yours’ programme where the LSO spelled out his policy on this issue – you can find the programme here; go to the 21st minute of the programme).

Whilst ostensibly disparate in nature, all of these stories raise a common information law question, namely whether the measures which have been adopted by these various public authorities accord with the rights of individuals under the Data Protection Act 1998 (DPA) and Article 8 ECHR. Answering this question entails consideration of a number of different issues including not least whether the particular measure serves a legitimate aim and also importantly whether it constitutes a proportionate means of achieving a legitimate aim (in the case of public authority surveillance further important questions will also arise under RIPA).What all of these stories confirm is a point which will not be news to information lawyers, namely that information law issues have an increasing resonance in debates over the ways in which public authorities operate.

Anya Proops

Section 7(9) DPA is about privacy, not employment disputes

Posted on | by Robin Hopkins

Disputes about subject access requests under section 7 of the Data Protection Act 1998 only rarely make their way to the Higher Courts. The leading – and often bedevilling – case of Durant is, for example, now 9 years old. Given this scarcity of precedent from the High Court and Court of Appeal, up-to-date illustrations of the judiciary’s approach to the DPA are most usefully sought in County Court judgments – see for example Panopticon’s post on the case of Elliot v Lloyds TSB Bank from earlier this year.

The most recent notable judgment is that of the County Court (HHJ May QC) in Professor Karim Abadir v Imperial College.

The applicant is an eminent econometrics professor employed by Imperial and has been since 2005. In 2011, Professor Abadir took issue when another professor at Imperial began to assess the academic staff by means of subjective metrics. The applicant objected to this, considering those metrics to be inappropriate for the academic staff in his department, and sought disclosure of the discussions that had taken place prior to their implementation.  Aggrieved, he made a subject access request. He was given some information, apparently of the human resources variety in the main. He objected to the nature of some of the comments which had been circulated about him and took the view that some of the emails he sought had been deleted. Imperial informed him in July that it would be implementing an email system upgrade and change of server in August. The applicant feared that some of the emails he wished to obtain would be permanently deleted. He sought an injunction preventing the systems work and requiring Imperial to search for and disclose to him “every document where reference is made” to him, including in deleted files.

Professor Abadir’s application was refused for a number of reasons.

Two reasons were matters of form, in that they related to what was missing from the application. The application was “objectionable” on the grounds that the applicant had not specified the nature of the underlying claim he would bring in due course. Also, assuming the underlying intended claim to be under section 7(9) of the DPA, the Judge expected the applicant to provide a draft order specifying exactly what information or searches he sought. The applicant had not done so. Instead, he asked for “generalised search of all computer systems, to include deleted data”.

Two further reasons were fatal in substantive terms. One was that there was no evidence to support the claim that the systems work would lead to the permanent loss of relevant emails. In fact, Imperial’s evidence contradicted that. There was thus no urgency to justify granting an injunction.

The final reason concerned the purpose or motive behind Professor Abadir’s claim. It was confirmed that his purpose was “to obtain disclosure of documents for purposes of deciding how to frame and pursue against Imperial College employment grievances which Prof Abadir believes he has. Put this way, the process by which documents are sought, given the purpose to which they are intended to be put, is much more akin to an application for pre-action disclosure.  It is disclosure, not right of access to personal data, which Prof Abadir is really seeking from Imperial College.”

On this point, HHJ May QC concluded that “disclosure is sought is not for the purposes of protecting Prof Abadir’s privacy but for the purposes of pursuing a claim against his employer.  To use the provisions of the DPA to pursue such a purpose is an abuse: Ezsias v The Welsh Ministers”.

Unusually, the Judge also awarded the University costs on an indemnity basis. In part, this was because the applicant had failed to identify the underlying cause of action, or to contact Imperial to make enquiries about its server changes before issuing his application for an injunction. HHJ May QC also concluded as follows: “to the extent that the injunction was sought for the purposes of supporting an intended action for DPA disclosure, it was clearly misconceived.  To seek disclosure under the DPA for the purposes of considering an employment claim is an abuse.  In any event, as DPA proceedings are for the purposes of protecting privacy, deletion/destruction of documents would not be contrary to those purposes, quite the reverse.”

It is apparent, therefore, that Courts continue to be unimpressed by the pursuit of subject access requests motivated by prospective litigation, and that they tend to see privacy concerns (rather than employment grievances) as the underlying rationale for the right of access to personal data. This will be welcomed by many data controllers.

Anya Proops appeared for Imperial College.

Robin Hopkins