Home Decisions

Decision 186/2006

Decision 186/2006 – Ms Katrine Boyle and North Lanarkshire Council

Request for information on Council services provided in respect of the applicant – some information not held under section 17 of the Freedom of Information (Scotland) Act 2002 (FOISA) – other information withheld as personal data of applicant section 38(1)(a) of FOISA.


Information on Council services in relation to applicant


Applicant: Ms Katrine Boyle
Authority: North Lanarkshire Council
Case No: 200503324
Decision Date: 11 October 2006


Kevin Dunion
Scottish Information Commissioner


Relevant Statutory Provisions and other Sources


Freedom of Information (Scotland) Act 2002 section 1(1) (General entitlement); section 10(1) (Time for compliance); section 17 (Notice that information is not held); section 20 (Requirement for review of refusal etc.) section 21(1) (Review by Scottish public authority) and section 38(1)(a) (Personal information).


Data Protection Act 1998 section 1 (Basic interpretative provisions) and section 2 (Sensitive personal data).


The text of each of these provisions is reproduced in the Appendix to this decision. The Appendix forms part of this decision.


Facts


Ms Boyle requested from North Lanarkshire Council (the Council) information about certain Council services. The Council provided Ms Boyle with information, but claimed that some information was personal data, which it withheld on the basis that it was exempt in terms of section 38(1)(a) of the Freedom of Information (Scotland) Act 2002 (FOISA).


Following an investigation, the Commissioner found that the Council had subsequently complied with Part 1 of FOISA by providing all the information it held relevant to Ms Boyle’s requests, although it had breached FOISA by failing to respond to Ms Boyle in line with the timescales set down by FOISA.


Background


1. On 3 October 2005, Ms Boyle submitted three formal complaints on behalf of herself and her family to North Lanarkshire Council (the Council). Within these letters she made a number of information requests to the Council.


2. The Council acknowledged by letter of 11 October 2005 receipt of the request and wrote on 13 October 2005 indicating that some of the documents attached to the letters of complaint had not been received by the Council.


3. On 16 October 2005 Ms Boyle explained her complaint and request for information, and made additional requests for information.


4. The Council acknowledged this by letter of 26 October 2005 and subsequently specified in a letter of 7 November 2006 the personnel within the Council who would be responsible for dealing with her complaint and requests.


5. Ms Boyle wrote to the Council on 7 November 2005 requesting a review under FOISA.


6. The Council responded on 17 November 2005 stating that it would need more time to deal with the issues raised by Ms Boyle in her letters. Ms Boyle again wrote on 29 November 2005 expressing dissatisfaction that none of the information she had requested, by her letters of 3 and 26 October 2006, had been provided by the Council.


7. On 19 December 2005, the Council wrote stating that the majority of Ms Boyle’s request was for information relating to herself and therefore would be dealt with under the Data Protection Act 1998 (“the DPA”) rather than FOISA. The Council wrote again, on 28 December 2005, explaining that it was dealing with the request and stated that FOISA applied only to documentation held by the Council and not to the provision of explanations.


8. On 10 December 2005 Ms Boyle applied to my Office requesting that her case be investigated. The case was allocated to an investigating officer and the application validated by establishing that Ms Boyle had made a valid information request to a Scottish public authority and had appealed to me only after asking the public authority to review its response to her request.


The Investigation


9. The officer formally contacted the Council on 17 January 2006 in terms of section 49(3)(a) of FOISA asking for its comments on the application. The Council responded on 24 January 2006.


10. In the letters of 26 September 2006, and 16 October 2006, Ms Boyle made complaints about services supplied by the Council, asked for explanations, and made several requests for information. The requests were for:

  • The medical qualifications of a named employee of the Council (Request 1);
  • Documents relating to the Council’s position on a diagnosis in respect of Ms Boyle and her family (Request 2);
  • Documentation on the Council’s expenditure in respect of Ms Boyle and her family, in general and with reference to particular items (Request 3);
  • Documentation about requests to access Ms Boyle’s personal data (Request 4);
  • Documents on housing and advocacy in respect of Ms Boyle and family (Request 5);
  • Any documents submitted by the Council on “the abolition of NHS 24” (Request 6);
  • Any documentation about Ms Boyle in respect of issues of direct payment (Request 7);
  • Documentation in respect of the disregard of legal privilege (Request 8) in letter of 16 October 2006;
  • Documentation on “mail tampering” and coercion (Request 9) in letter of 16 October 2006;
  • Documents relating to “ability to ignore legislation” (Request 10);
  • Documentation on questioning of an expert doctor on medical issues (Request 11);
  • Documentation and policies on vulnerable adults (Request 12);
  • Documentation on time limits within Council complaints procedure (Request 13) – in letter of 16 October 2006;
  • Documentation in respect of a meeting of 12 September 2005 (Request 14) - in letter of 16 October 2006.


11. During the investigation, the Council responded on 2 February 2006 to Ms Boyle’s requests by providing information, withholding other information under section 38(1) of FOISA, and stating that it did not hold the remainder of the requested information. The Council apologised that Ms Boyle’s request had not been dealt with in accordance with its procedures for dealing with information requests.


The Commissioner’s Analysis and Findings


12. During the investigation the Council provided, and withheld, information in respect of the requests contained in Ms Boyle’s letter of 26 September 2005.


13. The Council claimed that it held no documents in respect of:

  • Documentation submitted by the Council to central government in “an effort to abolish NHS 24” (Request 6);
  • Documents on the ability to breach legal privilege (Request 8);
  • Documents relating to coercion into illegal activities, for example mail tampering (Request 9);
  • Documents relating to the ability of the Council “to ignore” legislation (Request 10);
  • Copies of Minutes of a meeting of 12 September 2005 (Request 14).


14. I have considered the submissions and information provided to me by both Ms Boyle and the Council and I am satisfied that the Council does not hold any information in respect of requests 6, 8, 9, 10 and 14.


15. The Council’s response of 2 February 2006 provided to Ms Boyle the following information:

  • Answer to question about medical qualifications of a named Council employee (Request 1);
  • A photocopy of legislation permitting a civil servant to question a doctor (Request 11);
  • A copy of the Council’s policy on vulnerable adults (Request 12);
  • A copy of the complaints procedure of the Council (request 13).


I have considered the submissions and information provided to me by both Ms Boyle and the Council and I am satisfied that the Council has now provided all the information it holds in respect of requests 1, 11, 12 and 13.


Application of section 38(1)(a)


16. The Council claimed that the following documents fell within the exemption of section 38(1)(a) of FOISA and refused to provide the information to Ms Boyle in respect of:

  • Her medical care (Request 2);
  • The cost of providing any medical care to Ms Boyle (Request 3);
  • Documentation about the Council’s request to access Ms Boyle’s personal data (Request 4);
  • Documents on housing and advocacy in respect of Ms Boyle and her family (Request 5);
  • Any documentation concerning direct payment in respect of Ms Boyle (Request 7).


17. Where an applicant makes a request for information that relates to the applicant and is held by a public authority, this will usually be a subject access request to be considered under the provisions of the Data Protection Act 1998 (“the DPA”). Section 38(1)(a) of FOISA states that information is exempt information if it constitutes personal data of which the applicant is the data subject.


18. The term “personal data” is defined in section 1(1) of the DPA as data which relate to a living individual who can be identified – a) from those data, or b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.


19. I will now decide whether requests 2, 3, 4, 5 and 7 are requests for personal data. The definition of personal data is subject to the interpretation contained in Durant v Financial Services Authority [2003] EWCA Civ 1746. In this decision, the Court of Appeal held that if information is to be viewed as personal data, the information has to be biographical in a significant sense, i.e. going beyond the recording of the individual’s involvement in a matter or event that has no personal connotations. The individual also has to be the focus of the information, rather than some other person with whom that individual may have been involved. The Court of Appeal summarised these two aspects as information affecting a person’s privacy whether in his personal or family life, business or professional capacity.


20. In considering the information, I accept that the information covered by requests 2, 3, 4, 5 and 7 falls within the definition of personal data, and possibly sensitive personal data in terms of section 2 of the DPA. Ms Boyle is the focus of each of these pieces of information and clearly can be identified by them.


21. The exemption in section 38(1)(a) of FOISA is an absolute one and there is no need to consider the data protection principles or the public interest. This exemption has the purpose of ensuring that personal data is, on the whole, accessible only to the individuals to whom it concerns and not to the world at large. FOISA exists to promote public access to information and consequently must contain provisions to exempt information which relates to the private lives of particular individuals and is properly the preserve of those individuals alone.


22. In response to Ms Boyle’s initial request, the Council should have supplied her with a refusal notice, citing section 38(1)(a) of FOISA, and explaining how to make a subject access request. This was done by the Council in its response of 19 December 2005.


23. Ms Boyle may now wish to consider making a subject access request to the Council for her personal data. As I have said in previous decisions – for example, at paragraph 27 of Decision 070/2005, Mrs R and the Scottish Tourist Board (Operating as VisitScotland) – I have no powers in respect of requests considered under the DPA. In such cases, dissatisfied applicants must have recourse to the Information Commissioner based in Wilmslow who has responsibility for data protection on a UK-wide basis.


Technical Breaches of FOISA


24. Section 10(1) of FOISA gives Scottish public authorities a maximum of 20 working days from the receipt of the request to comply with the request for information. The Council did not respond to Ms Boyle’s request for information within this timescale.


25. Section 21(1) of FOISA gives authorities a maximum of 20 working days from receipt of the requirement to comply with a requirement for review. The Council failed to conduct a review of Ms Boyle’s request within the timescales specified in FOISA


26. The Council stated that Ms Boyle’s requests were within extensive correspondence, some of which raised sensitive issues, and possibly would involve several agencies. Authorities should be aware that requests for information can be contained within a document serving an additional purpose: for example, a complaint or a request for an explanation, and should have processes in place to deal with such FOISA requests. I accept that the Council is aware of this: it supplied to my Office a copy of an internal email (dated 23 December 2004) distributed to Administration employees of the Council explaining the nature of an information request and alerts employees to the fact that such a request may not be addressed to a central Freedom of information department within the Council.


27. The Council explained that its letter of 19 December 2005 was clarification of the requests within the applicant’s letters of 26 September 2005 and of 16 October 2005. Where an authority requires further information in respect of a request, section 1(3) of FOISA is relevant as to the authority’s obligations. I have looked at the Council’s letter of 16 October 2005 and whilst it does seek clarification, and permissions in respect of certain documentation, it is not requiring further information in order to identify and locate the requested information – in the sense of section 1(3) of FOISA - of the information requests. Likewise, having considered the Council’s letter of 19 December 2006, this letter indicates that the Council considers the applicant’s letters of 3 October 2005 and 16 October 2005 as comprising requests for personal data, and seeks the applicant’s view on this. I do not regard the letters of 16 October 2005 or 19 December 2005 as the authority requiring further information in order to identify and locate the requested information.


28. Despite the fact that Ms Boyle’s request was not dealt with correctly, I am satisfied that Ms Boyle has received all the information requested by her under FOISA in respect of her request of 26 September 2005.


Decision


I find that the Council has now provided all of the information it holds relevant to Ms Boyle’s requests.


I find that the Council failed to comply with Part 1 of the Freedom of Information (Scotland) Act 2002 (FOISA) by failing to respond to Ms Boyle’s request for information within 20 working days as required by section 10(1).


I also find that the Council failed to respond to Ms Boyle’s request for a review within the 20 working day timescale set out in section 21 of FOISA.


As I am satisfied with the steps taken by the Council during this investigation to locate the information requested, I do not require the Council to take any further action as a result of his decision.


Appeal


Should either the Council or Ms Boyle wish to appeal against this decision, there is an appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days of receipt of this notice.


Kevin Dunion
Scottish Information Commissioner
11 October 2006


APPENDIX


Relevant statutory provisions


Freedom of Information (Scotland) Act 2002


1 General entitlement


(1) A person who requests information from a Scottish public authority which holds it is entitled to be given it by the authority.


(3) If the authority-


(a) requires further information in order to identify and locate the requested information; and


(b) has told the applicant so (specifying what the requirement for further information is),


then, provided that the requirement is reasonable, the authority is not obliged to give the requested information until it has the further information.


10 Time for compliance


(1) Subject to subsections (2) and (3), a Scottish public authority receiving a request which requires it to comply with section 1(1) must comply promptly; and in any event by not later than the twentieth working day after-


(a) in a case other than that mentioned in paragraph (b), the receipt by the authority of the request …


17 Notice that information is not held


(1) Where –


(a) a Scottish public authority receives a request which would require it either –


(i) to comply with section 1(1) …


if it held the information to which the request relates; but


(b) the authority does not hold that information,


it must, within the time allowed by or by virtue of section 10 for complying with the request, give the applicant notice in writing that it does not hold it.


20 Requirement for review of refusal etc.


(1) An applicant who is dissatisfied with the way in which a Scottish public authority has dealt with a request for information made under this Part of this Act may require the authority to review its actions and decisions in relation to that request.


21 Review by Scottish public authority


(1) Subject to subsection (2), a Scottish public authority receiving a requirement for review must (unless that requirement is withdrawn or is as mentioned in subsection (8)) comply promptly; and in any event by not later than the twentieth working day after receipt by it of the requirement.


38 Personal information


(1) Information is exempt information if it constitutes -


(a) personal data of which the applicant is the data subject


Data Protection Act 1998


1 Basic interpretative provisions


(1) "personal data" means data which relate to a living individual who can be identified-


(a) from those data, or


(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,


and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual


2 Sensitive personal data


In this Act "sensitive personal data" means personal data consisting of information as to-


(e) his [the data subject’s] physical or mental health or condition


PDF IconLink to PDF file of decision 186/2006 (51.2 kb)