Mr X and Houses of the Oireachtas Service (FOI Act 2014) [2016] IEIC 160212 (19 August 2016)


BAILII is celebrating 24 years of free online access to the law! Would you consider making a contribution?

No donation is too small. If every visitor before 31 December gives just £1, it will have a significant impact on BAILII's ability to continue providing free access to the law.
Thank you very much for your support!



BAILII [Home] [Databases] [World Law] [Multidatabase Search] [Help] [Feedback]

Irish Information Commissioner's Decisions


You are here: BAILII >> Databases >> Irish Information Commissioner's Decisions >> Mr X and Houses of the Oireachtas Service (FOI Act 2014) [2016] IEIC 160212 (19 August 2016)
URL: http://www.bailii.org/ie/cases/IEIC/2016/160212.html
Cite as: [2016] IEIC 160212

[New search] [Help]


Mr X and Houses of the Oireachtas Service (FOI Act 2014) [2016] IEIC 160212 (19 August 2016)

Mr X and Houses of the Oireachtas Service (FOI Act 2014)

Case Number: 160212

Whether the Service was justified in its decision to refuse access to two records relating to a data protection breach containing legal advice under section 31(1)(a) of the FOI Act, and whether it was justified in redacting certain third party personal information from records released under section 37 of the FOI Act

Conducted in accordance with section 22(2) of the FOI Act by Stephen Rafferty, Senior Investigator, who is authorised by the Information Commissioner to conduct this review

Background

On 24 March 2016 the applicant submitted a request to the Service for all records relating to a data protection breach which occurred on 10 February 2016 in which information relating to him was released to a third party.

The Service issued a decision on 15 April 2016 in which it part granted the applicant's request. It redacted the identity of a third party from a number of the records and also refused access to correspondence with the Office of the Parliamentary Legal Advisor. The applicant sought an internal review of that decision on 27 April 2016. The Service issued its internal review decision on 10 May 2016 in which it affirmed its original decision.

The applicant sought a review by this Office of the Service's decision on 10 May 2016. During the course of the review, and following correspondence with this Office on the matter, the Service confirmed that it held two records relating to its contacts with the Parliamentary Legal Advisor and it released an updated schedule to the applicant.

In conducting this review, I have had regard to the correspondence between the Service and the applicant as outlined above and to communications between this Office and both the applicant and the Service on the matter. I have also had regard to the contents of the records at issue in this review.

Preliminary Matters

During the course of correspondence with this Office, the applicant expressed his dissatisfaction with the manner in which the Service dealt with his FOI request, and other matters relating to the handling of the aforementioned data protection breach. More specifically, he was dissatisfied with the manner in which the Service completed the schedule attached to the records released to him, and the contents of the updated schedule issued to him during the course of this review.

It is important to note this Office's remit does not extend to commenting on the manner in which an FOI body performs its functions generally, or to investigating complaints against an FOI body. In relation to the schedules prepared by the Service, the applicant stated that he was of the view that the schedules provided to him were not in compliance with the provisions of the FOI Act. It should be noted that the preparation of a schedule is not required by the FOI Act. Notwithstanding this, I would refer the Service to the Central Policy Unit's manual on dealing with FOI requests, which contains a sample schedule and guidance on preparing schedules, and would expect FOI bodies to comply with best practice. It is clear from the manual that the schedule of records is intended to be an essential reference point, both for the person seeking access to records and for this Office should the matter be reviewed.

Although I am obliged to give reasons for my decision, section 25(3) requires all reasonable precautions to be taken in the course of a review to prevent disclosure of information contained in an exempt record. This means that the description which I can give of the records at issue and the material that I can refer to in the analysis is limited.

Scope of Review

This review is solely concerned with whether the Service was justified in its decision to refuse access to two records relating to its correspondence with the Parliamentary Legal Advisor and to redact certain third party information from the records released.

Analysis and Findings

Legal Advice
The Service refused access to two records on the ground that they contain legal advice which is exempt from release under section 31(1)(a) of the FOI Act. The records comprise correspondence between the Service's HR Unit and the Office of the Parliamentary Legal Advisor. That Office is essentially an in-house legal adviser.

Section 31(1)(a) of the Act is a mandatory exemption which provides that a head shall refuse to grant an FOI request if the record concerned would be exempt from production in proceedings in a court on the ground of Legal Professional Privilege (LPP). In deciding whether section 31(1)(a) applies, I must consider whether the records would be withheld on the ground of LPP in court proceedings. LPP enables the client to maintain the confidentiality of two types of communication:

(a) confidential communications made between the client and his/her professional legal adviser for the purpose of obtaining and/or giving legal advice (advice privilege); and
(b) confidential communications made between the client and a professional legal adviser or the professional legal adviser and a third party or between the client and a third party, the dominant purpose of which is the preparation for contemplated/pending litigation (litigation privilege).

The Commissioner accepts that, provided the ingredients of the relevant type of LPP are present in any given case, the fact that the professional legal adviser concerned is employed as an in-house legal adviser does not prevent the client from being able to assert the privilege over the communications at issue.

The Service submits that the two records are protected by legal advice privilege. Having carefully examined both records, I am satisfied that they comprise confidential communications made between the Service and its professional legal adviser for the purpose of obtaining and/or giving legal advice and are protected by legal advice privilege. I find, therefore, that the Service was justified in refusing access to these records under section 31(1)(a).

Personal Information
The Service redacted the name, email address and other information relating to another individual from 20 records released to the applicant under section 37(1) of the FOI Act. For the purposes of the Act, personal information is information about an identifiable individual that (a) would, in the ordinary course of events, be known only to the individual or his/her family or friends, or (b) is held by an FOI body on the understanding that it would be treated by it as confidential.

The individual whose details were redacted is the same individual to whom the applicant's information was released, which gave rise to the data protection breach. Given the subject matter of the records, I am satisfied that this information consists of the personal information of that individual. I find, therefore, that section 37(1) of the FOI Act applies.

Section 37(2) of the FOI Act sets out certain circumstances in which 37(1) does not apply. However, I am satisfied that none of those circumstances arise in this case. Section 37(5) provides that a request that would fall to be refused under section 37(1) may still be granted where, on balance (a) the public interest that the request should be granted outweighs the right to privacy of the individual to whom the information relates, or (b) the grant of the information would be to the benefit of the person to whom the information relates.

As no evidence has been presented to this Office to suggest that the release of the information at issue would be to the benefit of the third party concerned, I find that section 37(5)(b) does not apply. On the matter of whether section 37(5)(a) applies, the question I must consider is whether the public interest in granting the request outweighs, on balance, the public interest in protecting the privacy rights of the person to whom the information relates.

The FOI Act recognises a public interest in ensuring the openness and transparency of FOI bodies in how they perform their functions, which would include how they deal with data protection breaches. However, it seems to me that this interest has been met to a large extent in this case through the release of the redacted records to the applicant.

On the other hand, the FOI Act also recognises the public interest in the protection of the right to privacy both in the language of section 37 and in the Long Title to the Act (which makes clear that the release of records under FOI must be consistent with "the right to privacy"). It is also worth noting that the right to privacy has a constitutional dimension, as one of the unenumerated personal rights under the Constitution. Privacy rights will therefore be set aside only where the public interest served by granting the request (and breaching those rights) is sufficiently strong to outweigh the public interest in protecting privacy.

I am conscious that the applicant is already aware of the identity of the third party in this case as it was disclosed by the Service in accordance with data protection processes. Nevertheless, when considering the release of records under the FOI Act, I must have regard to the fact that the Act places no restrictions on the type or extent of the subsequent use to which a record may be put and that release under FOI effectively amounts to disclosure to the world at large.

Accordingly, I am satisfied that the public interest in disclosure of the redacted information does not outweigh, on balance, the countervailing public interest factors in protecting the privacy of the third party in this case. I find, therefore, that section 37(5)(a) does not apply to the redactions at issue and that the Service was justified in its decision to refuse access to the third party personal information redacted from the records at issue under section 37(1) of the Act

Decision

Having carried out a review under section 22(2) of the FOI Act, I hereby affirm the decision of the Service to refuse access to two records under section 31(1)(a) of the FOI Act, and to redact information from records released to the applicant under section 37 of the FOI Act.

Right of Appeal

Section 24 of the FOI Act sets out detailed provisions for an appeal to the High Court by a party to a review, or any other person affected by the decision. In summary, such an appeal, normally on a point of law, must be initiated not later than four weeks after notice of the decision was given to the person bringing the appeal.

 

Stephen Rafferty,
Senior Investigator



The Office of the Information Commissioner (Ireland) ©


BAILII: Copyright Policy | Disclaimers | Privacy Policy | Feedback | Donate to BAILII
URL: http://www.bailii.org/ie/cases/IEIC/2016/160212.html