BAILII is celebrating 24 years of free online access to the law! Would you consider making a contribution?
No donation is too small. If every visitor before 31 December gives just £1, it will have a significant impact on BAILII's ability to continue providing free access to the law.
Thank you very much for your support!
[Home] [Databases] [World Law] [Multidatabase Search] [Help] [Feedback] | ||
Irish Information Commissioner's Decisions |
||
You are here: BAILII >> Databases >> Irish Information Commissioner's Decisions >> Mr X and the Central Statistics Office (FOI Act 2014) (Central Statistics Office) [2017] IEIC 170181 (25 October 2017) URL: http://www.bailii.org/ie/cases/IEIC/2017/170181.html Cite as: [2017] IEIC 170181 |
[New search] [Help]
Case number: 170181
By email dated 20 September 2016, the applicant submitted a request to the CSO for four categories of records, relating to his application for a position as a census enumerator and an incident involving personal data. By email dated 17 October 2016 the CSO decided to grant access to some records and to refuse access to the remaining records, under sections 15(1)(d), 15(1)(i), 29(1), 30(1)(a), 31(1)(a), 32(1)(a), 37(1) and 42(f) of the FOI Act, and under Part 1(f) of Schedule 1. On 15 November 2016, the applicant applied for an internal review of that decision. The CSO issued its internal review decision by email dated 16 December 2016. It affirmed its decision under all of the exemptions referred to above except for Part 1(f) of Schedule 1, which it found did not apply. On 19 April 2017 the applicant sought a review by this Office of the CSO's decision.
In conducting my review, I have had regard to the correspondence between the applicant and the CSO as outlined above. I have also had regard to the correspondence between this Office and both the applicant and the CSO on the matter, and to the contents of the withheld records that were provided to this Office by the CSO for the purposes of this review. During the review, Ms Kenny of this Office invited the Office of the Data Protection Commissioner (the ODPC) to make a submission on records affecting its interests and I have also had regard to that submission. In referring to the records at issue, I have adopted the numbering system used by the CSO in the Schedule of Records it provided to this Office for the purposes of the review.
Having reviewed the content of the records, I consider that the majority of record 1/36 (apart from those paragraphs of record 1/36 which relate to the incident concerned, identifiable by the reference number allocated to that incident) falls outside the scope of this review, as it does not fall within the scope of the applicant's original FOI request.
This review is concerned solely with whether the CSO was justified in refusing access to the withheld records under sections 15(1)(d), 15(1)(i), 29(1), 30(1)(a), 31(1)(a), 32(1)(a), 37(1), and 42(f) of the FOI Act.
Before I consider the exemptions claimed, I wish to make the following points. First, section 22(12)(b) of the FOI Act provides that when I review a decision to refuse a request, there is a presumption that the refusal is not justified unless the public body "shows to the satisfaction of the Commissioner that the decision was justified". Therefore, the onus is on the CSO in this case to satisfy me that its decision to refuse access to the records at issue was justified.
Secondly, my jurisdiction under section 22 of the FOI Act is to make a new decision, in light of the facts and circumstances as they apply on the date of the review. The Courts have endorsed this approach.
Thirdly, section 18 of the FOI Act provides that if it is practicable, records may be granted in part, by excluding the exempt material. Section 18 shall not apply if the copy of the record provided would be misleading. This Office takes the view that the provisions of section 18 do not envisage or require the extracting of particular sentences or occasional paragraphs from records for the purpose of granting access to those particular sentences or paragraphs. Generally speaking, therefore, this Office is not in favour of the cutting or "dissecting" of records to such an extent. Being "practicable" necessarily means taking a reasonable and proportionate approach in determining whether to grant access to parts of records.
Finally, with certain limited exceptions (e.g. section 37(2), which I consider below), the FOI Act does not provide for the limiting of access to records to particular individuals only. When a record is released under the FOI Act, it effectively amounts to disclosure to "the world at large" (H.(E.) v Information Commissioner [2001] IEHC 58). The FOI Act places no restrictions on the type or extent of disclosure or the subsequent use to which the record may be put.
The CSO refused access to certain records on administrative grounds. First, it refused access to certain information which is publicly available online under section 15(1)(d) of the FOI Act. Section 15(1)(d) provides that access to information may be refused where the information is already in the public domain. I note that the CSO provided the applicant with details of the relevant website links in its original decision. I find that the CSO was justified in refusing access to the relevant records available on that site under section 15(1)(d).
Following enquiries from this Office, it transpired that a summary form of Record 2/17 is available online. However, as it is not evident to me that all of this record is available publicly, I find that section 15(1)(d) does not apply to this record.
Secondly, the CSO refused access to records 1/14, 1/25 and 2/2(b) on the ground that they were already available to the applicant. Section 15(1)(i) of the FOI Act provides, insofar as is relevant, that access to information may be refused where the request relates to records already released, either to the same requester or a previous requester, where the records are available to the requester concerned. Records 1/14 and 2/2(b) consist of an email sent by the applicant to a number of TDS. Record 1/25 is an email sent by the CSO to the applicant. However, there is no evidence before me that these records were released previously to this requester and therefore I find that the CSO was not justified in refusing access to these records under section 15(1)(i).
Section 42(f) provides that the FOI Act does not apply to records held or created by the Office of the Attorney General, other than records relating to general administration. Records 1/19 and 1/40 were created by the Office of the Attorney General. I am satisfied that they do not relate to general administration. I therefore find that section 42(f) applies and that the CSO was justified in refusing access to these records.
Section 31(1)(a) of the FOI Act provides that an FOI body shall refuse to grant a request if the record concerned would be exempt from production in proceedings in a court on the ground of legal professional privilege (LPP). In deciding whether section 31(1)(a) applies, I must therefore consider whether the record concerned would be withheld on the ground of LPP in court proceedings. LPP enables the client to maintain the confidentiality of two types of communication:
The former Commissioner has considered records which may not, on an individual basis, satisfy the criteria for the attraction of LPP but which form part of a series of confidential communications regarding the giving or receiving of legal advice. In Case 020281, she referred to the following comments by Mr. Adrian Keane in "The Modern Law of Evidence" [(4th Ed.), Butterworths, 1996, at pp. 521-522]:
"Communications between a solicitor and his client may enjoy privilege even if they do not specifically seek or convey advice. In Balabel v Air India (1988) Ch. 317; [1988] 2 All E.R., 246, CA., ...[t]he Court of Appeal held that in most solicitor and client relationships, especially where a transaction involves protracted dealings, there will be a continuum of communications and meetings between the solicitor and client; and where information is passed between them as part of that continuum, the aim being to keep both informed so that advice may be sought and given as required, privilege will attach."
I adopt this approach and take the view that privilege applies to records which form part of a continuum of correspondence which results from the original request for advice. Records 1/9, 1/10 (only the email from the legal advisor), 1/17, 1/18, 1/31, 1/32, 1/36 & 1/37 (penultimate bullet point containing legal advice received on data incident concerned) 1/39, 1/41, 1/42, 2/2 (only the letter to the legal adviser) consist of correspondence between the CSO and its legal advisers seeking and/or giving legal advice and internal CSO correspondence containing legal advice obtained from its legal advisers. I am satisfied that section 31(1)(a) applies to these records. This is on the basis that these records contain confidential communications between a client and legal adviser for the purpose of seeking and obtaining legal advice or which form part of a continuum of correspondence resulting from the original request for advice.
I therefore find that the CSO was justified in withholding access to the above-numbered records under section 31(1)(a) of the FOI Act.
Section 37(1) of the FOI Act provides that access to a record shall be refused if it would involve the disclosure of personal information. The FOI Act defines the term "personal information" as information about an identifiable individual that would, in the ordinary course of events, be known only to the individual or his/her family or friends, or information about the individual that is held by a public body on the understanding that it would be treated as confidential. The FOI Act details fourteen specific categories of information which is personal without prejudice to the generality of the foregoing definition.
Records 1/4 (all), 1/5 (all), 1/6 (name and address of addressee), 1/7 (all), 1/7a (name of addressee) 1/7b (name of addressee), 1/20 (name of complainant referred to), 1/33 (all), 1/34 (all), 1/43 (name and town of complainant referred to), 1/48 (name of complainant referred to), 1/49 (name and email address of addressee) and 2/3a (name at the end of point 3) contain the names, mobile telephone numbers, email addresses and/or home addresses of named applicants for Census enumerators and/or serving Census enumerators. I consider that this is personal information and therefore exempt from release under section 37(1) of the FOI Act. I have had regard to section 18 of the FOI Act in reaching this conclusion. My finding is subject to the provisions of sections 37(2) and 37(5), which I examine below.
Section 37(2) of the FOI Act sets out certain circumstances in which the exemption at section 37(1) does not apply. I am satisfied that none of the circumstances in section 37(2) apply to these records. That is to say, (a) the information contained in them does not relate to the applicant; (b) the third parties have not consented to the release of the information; (c) the information is not of a kind that is available to the general public; (d) the information does not belong to a class of information which would or might be made available to the general public; and (e) the disclosure of the information is not necessary to avoid a serious and imminent danger to the life or health of an individual. I am then required to consider section 37(5) as it applies to the records.
Section 37(5) of the FOI Act provides that access to the personal information of a third party may be granted where the public interest that the request should be granted outweighs the right to privacy of the individual to whom the information relates, or the grant of the request would benefit the person to whom the information relates.
The FOI Act itself recognises the public interest in ensuring the openness and accountability of public bodies. On the other hand, however, the language of section 37 and the Long Title to the FOI Act recognise a very strong public interest in protecting the right to privacy, which has a Constitutional dimension, as one of the un-enumerated personal rights under the Constitution. Accordingly, when considering section 37(5)(a), privacy rights will be set aside only where the public interest served by granting the request (and breaching those rights) is sufficiently strong to outweigh the public interest in protecting privacy.
I do not consider that releasing the personal contact details of the individuals concerned would assist the openness and transparency of public bodies. On balance, I do not consider that the public interest that the request should be granted outweighs the right to privacy of the individuals to whom the records relate. I therefore find that section 37(5)(a) does not apply in the circumstances. It has not been argued that releasing the records would benefit the people to whom the information relates and I find that section 37(5)(b) does not apply in the circumstances.
I find that the CSO was justified in refusing access to the information to which I have referred above, under section 37(1) of the FOI Act.
The CSO claims that section 29 applies to the remaining records. Section 29(1) of the FOI Act provides that an FOI body may refuse to grant an FOI request if the record contains matter relating to the deliberative processes of an FOI body and granting the request would be contrary to the public interest. These are two independent requirements and the fact that the first is met carries no presumption that the second is also met. It is therefore important for public bodies to satisfy this Office that both requirements are met.
A deliberative process may be described as a thinking process which informs decision making in FOI bodies. It involves the gathering of information from a variety of sources and weighing or considering carefully all of the information and facts obtained with a view to making a decision or reflecting upon the reasons for or against a particular choice. Thus, it involves the consideration of various matters with a view to making a decision on a particular matter. It would, for example, include some weighing up or evaluation of competing options or the consideration of proposals or courses of action.
The exemption at section 29(1) does not apply to a record insofar as it contains factual information (section 29(2)(b)). Section 2 of the FOI Act states that "factual information" includes information of a statistical, financial, econometric or empirical nature, together with any analysis thereof. The Commissioner regards factual information as including material presented to provide a factual background to the central topic in a record, and that factual information is distinguishable from information in the form of a proposal, opinion or recommendation. In its submissions to this Office, the CSO says that the following records are better described as background material and do not reflect its actual deliberations: Records 1/4-7, 1/20, 1/22, 1/28, 1/30, 1/34-35, 1/48, 2/4, 2/7-15, 2/17-18. I will therefore consider section 29 insofar as it applies to the remaining records, other than those just numbered.
The CSO submits that the records describe its overall deliberations in how to handle and respond to an incident involving the applicant and regarding the implications arising from the incident. It says that there is a strong public interest in being able to protect the integrity of its deliberations and that given the material which the applicant has posted online, it is self-evident that granting this FOI request would be contrary to the public interest.
I accept that a deliberative process occurred about how to deal with the incident concerned. However, I believe that the weighing up or evaluation of competing options or consideration of proposals of courses of action is captured in the CSO's correspondence with its legal advisers, which I have found to be exempt above. Having reviewed the remaining records, I consider that they disclose the steps which the CSO took to deal with the data incident, including internal correspondence and outlines of the incident and lessons learned, as well as external correspondence with the individuals affected, the applicant, certain Government departments and the ODPC. They also include correspondence with the applicant about his application for a position as a census enumerator. Even if I were to consider that section 29(1)(a) applied to the remaining records, in view of their content, I do not consider that it would be contrary to the public interest to grant access to them.
Accordingly, I find that the CSO was not justified in refusing access to the records under section 29(1) of the FOI Act.
In its schedule of records, the the CSO claims that section 30(1)(a) to the remaining records. Section 30(1)(a) allows an FOI body to refuse to grant an FOI request if access to the record could reasonably be expected to prejudice the effectiveness of tests, examinations, investigations, inquiries or audits conducted by or on behalf of an FOI body or the procedures or methods employed for the conduct thereof. It is subject to a public interest balancing test in section 30(2).
When a public body relies on section 30(1)(a), it should first identify the potential harm or prejudice to the relevant test, examination, investigation etc and show how releasing the record could reasonably be expected to prejudice the effectiveness of the relevant test, examination, investigation etc. The Commissioner accepts that section 30(1)(a) is not aimed solely at investigations etc. now in progress but may also cover similar exercises conducted in the future. The FOI body should go on to consider the public interest test under section 30(2).
The CSO says that the records describe the material that forms the basis of its investigation into the incident concerned. It submits that there is a strong public interest in public bodies being able to carry out effective investigations where those involved will cooperate fully and provide information without fear that confidences will be breached. It submits that releasing the records at this stage would adversely affect the integrity of its investigation, particularly as the applicant is highly likely to release and publicise these records into the public domain. It says that the public interest would not, on balance, be better served by releasing the records.
The records concern the CSO's handling of and investigation into a data incident. I therefore accept that they relate to an investigation for the purposes of section 30(1)(a) of the FOI Act. I further accept that public bodies must be able to conduct effective investigations and note that section 30 itself reflects this public interest. I agree with other general assertions which the CSO has made about the importance of effective investigations. However, the CSO has not shown me how releasing these particular records could prejudice the effectiveness of its investigation. I note that the applicant states in his FOI request that he intends to publish any material he receives online. However, as noted above, release under FOI is taken as release to the world at large. Therefore I do not consider that the possibility or likelihood of publicity of itself demonstrates the alleged harm. I am not satisfied that section 30 applies to the records. In view of this finding, I am not required to apply the public interest balancing test under section 30(2) of the FOI Act.
I find that the CSO was not justified in withholding access to the records under section 30(1)(a) of the FOI Act.
The CSO claims that section 32(1)(a)(i) and (ii) applies to the following records: 1/20, 1/21, 1/22, 1/23, 1/24, 1/26, 1/27, 1/28, 1/29, 1/30, 1/33, 1/34, 1/35, 1/38, 1/43, 1/44, 1/45, 1/46, 1/47, 1/48 and 2/5. I have already found Records 1/33 and 1/34 and parts of Records 1/20, 1/43 and 1/48 to be exempt under section 37. I therefore do not need to consider this information further.
The CSO says that these records contain matter pertaining to the Data Protection Commissioner's investigation of the incident concerned. It submits that releasing these records at this stage would prejudice the effectiveness of the ODPC's investigation and consequent enforcement of data protection legislation.
As noted above, the ODPC made a submission on the the matter. The ODPC objects to the release of the records, on the basis that releasing records of any previous investigations could prejudice any future investigations into the same matter. Furthermore, it says that while it has completed its investigation into the initial incident, releasing the records would release third party personal data. The ODPC points to a previous decision of this Office in support of its submission that releasing the records could release its processes and procedures, thereby prejudicing future investigations: Case 120613 (Mr X and the Office of the Revenue Commissioners). It also cites Case 000093 (Ms X and the Department of Agriculture and Food), saying that this relates to the disclosure of names and addresses and says that it would like to highlight the similarities in this case with the review.
Some of the above-numbered records disclose details of the incident involving personal data, the steps which the CSO took to deal with that incident, and updates on those steps. Others consist of correspondence between the CSO and ODPC in which the ODPC seeks updates from the CSO or acknowledges its replies, but does not disclose details of the incident or steps taken.
First, I have already found the names and contact details of individuals (other than members of staff of FOI bodies) to be personal information and therefore exempt under section 37 above. Therefore I do not need to consider this point further.
Secondly, the ODPC has not pointed me to the particular investigatory processes/procedures which they say the records disclose and neither are such processes/procedures apparent to me. The communications from the ODPC seek updates from the CSO but do not reveal any particular investigative methodology. The CSO's submissions on this point do not say how releasing the records would prejudice the ODPC's investigation, other than saying that the applicant is likely to publish the information. As noted above, this likelihood does not of itself demonstrate prejudice. In essence, the records reveal the particular steps which the CSO took in order to deal with the incident. They do not, however, reveal details of the ODPC's own investigation. I am not satisfied that releasing them could prejudice any future investigation by the ODPC.
Accordingly, I find that the CSO was not justified in refusing access to the above-numbered records under section 32(1)(a) of the FOI Act.
Having carried out a review under section 22(2) of the FOI Act, I vary the CSO's decision as follows. I affirm its decision in relation to certain records under sections 15(1)(d), 31(1)(a), 37 and 42(f) of the FOI Act, as specified in my findings above. I annul its decision on the remaining records and direct their release. For the avoidance of doubt, my directions are summarised in the appendix to this decision.
Section 24 of the FOI Act sets out detailed provisions for an appeal to the High Court by a party to a review, or any other person affected by the decision. In summary, such an appeal, normally on a point of law, must be initiated by the applicant not later than eight weeks after notice of the decision was given, and by any other party not later than four weeks after notice of the decision was given.
Stephen Rafferty
Senior Investigator