Requests for personal data on employees

Data inspection iStock 000008204804XSmall 146x219Eleanor Grey QC reviews the Information Commissioner's new guidance on requests for personal data about public authority employees.

On 25 October, the Information Commissioner published guidance on requests for personal data about public authority employees for the first time.

The guidance covers requests made under both the Freedom of Information Act (FOIA) and the Environmental Information Regulations (the EIRS); the requirements are essentially the same. The guidance follows a large number of cases where requestors have asked for information about disciplinary measures, pension payments or compromise agreements following departures from public office.

The guidance does not contain any new advice about what is, or is not, ‘personal data’. On this, and on the issue of when information about employees can be anonymised so that it no longer identifies living individuals and therefore no longer constitutes ‘personal data’, see the recent decision of the Upper Tribunal in the Information Commissioner v Magherafelt District Council [2012] UKUT 263 (AAC).

There, the Upper Tribunal laid to rest a confusion that had arisen out of one interpretation of the House of Lords’ decision in Commons Service Agency v Scottish Information Commissioner [2008] UKHL 47. It had been suggested that the effect of the decision was that even anonymised information remained ‘personal data’ if the data subjects could still be identified by the data controller from information which remained in its possession.

The Upper Tribunal disagreed. What matters is whether individuals can be identified by third parties, from the combination of the anonymised material released, and information which is in the possession of, or is reasonably likely to come into the possession of, the intended recipients of the disclosed material.

So in the Magherafelt District Council case, the Upper Tribunal accepted that, armed with a schedule containing anonymised details of the numbers of officers sanctioned by the Council, “a motivated individual such as an investigative journalist, would have little difficulty in making the necessary enquiries which could lead to the identification of individuals subject to disciplinary proceedings and sanction in the local Council”. As a result of the likely activities of such a newshound, the anonymised information in the schedule still constituted ‘personal data’.

Turning back to the Information Commissioner’s Guidance, it contains a useful summary of the legal principles applicable to requests for personal data about public sector employees. Decision-makers may be most assisted by the specific discussion of disclosure of:

  • Salary details: the IC reminds practitioners of existing requirements to disclose information about public servants’ pay, and the need to consider and justify carefully disclosures going beyond this;
  • Details on the terms on which officers have left their posts. The IC draws attention to the Accounts and Audit (Amendment No 2) (England) Regulations 2009, which sets out when local authorities, fire and police authorities and certain other bodies in England must publish, in their annual accounts, amounts paid to employees if their total remuneration is over £50,000.
  • Details of organizational structures, including the identities of junior members of staff without a 'public-facing' role; these may have a legitimate expectation that their identities will not be made public.
  • The Register of Interests; here, reference is made to Mr Greenwood v IC and Bolton Metropolitan Council EA/2011/0131 & 0137, in which the Tribunal made a 'nuanced' decision distinguishing between the release of information about senior and junior officers, and giving guidance about the release of information about private interests or activities.

In some situations, it may be justifiable even to refuse to confirm or deny whether information is held. The IC gives the example of a question about whether disciplinary action has been taken against a particular member of staff. Revealing that any steps have been taken could let confidential cats out of a bag, where the employee is entitled to expect that all disciplinary matters are kept private. The IC cites his decision notice in the case of a healthcare trust which lawfully took this approach; he might usefully have added that the decision was upheld on appeal by the Information Rights Tribunal: see Lord Dunboyne v IC and Central and North West London NHS Foundation Trust EA/2011/0261 & EA/2011/0303.

This is a useful guide from the IC, in a tricky subject area, and it will help consistency of decision-making. On the other hand, don't expect to rely on it if a case gets to the Information Rights Tribunal. In the recent case of Peter Beswick v IC EA/2012/0040, the Tribunal declined to refer to the Commissioner's guidance on vexatious requests: “Indeed the Tribunal felt that there was a compelling counter-argument that the Commissioner’s guidance should not even guide the Tribunal’s deliberations since this might have the appearance of giving the approach of one party a higher status than those from the other parties.”

Eleanor Grey QC is a barrister at 39 Essex Street. She can be contacted by This email address is being protected from spambots. You need JavaScript enabled to view it..