Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

Public bodies cannot operate a blanket policy of non-disclosure of personal data, says FOI watchdog

Public bodies cannot unilaterally decide that they will not disclose any personal data when asked to hand over information they hold, an information law watchdog has said.24 Aug 2016

The Scottish information commissioner said that public bodies cannot operate a blanket policy that involves withholding all personal data if they wish to comply with freedom of information (FOI) laws and similar rules on disclosure that apply to environmental information.

"In both the FOI Act and the Environmental Information Regulations (EIRs), the exemptions/exceptions relating to personal data include a number of conditions," the commissioner's office said in a recent statement. "In each case, authorities need to be sure these conditions (or at least some of them) can be met. Authorities can't just have a policy excluding all personal data from disclosure. Before they even get to that stage, the authority must also be sure the information falls within the definition of personal data in the Data Protection Act (DPA)."

The reminder to public bodies was issued as the Scottish information commissioner published a decision from a recent case in which it censured West Lothian Council for having "over-redacted" documents relating to a planning application it had handled before disclosing them to ABWCL, a consultancy business that had filed a request for the information.

The Council had engaged in "wholesale redaction of all names and email contact details" which the consultancy business claimed it rendered the information the authority did disclose as "unintelligible".

According to the published decision, West Lothian Council had followed its own data protection policy and guidelines set by its chief solicitor which advised that all personal data should be "fully redacted".

The Scottish information commissioner said, though, that following that approach might lead to future over-redaction of requested information in future and said the Council "was not justified in withholding all the information that it did" from ABWCL. It advised the Council to "revisit" its internal guidance.