The Information Commissioner’s Office (ICO) has issued guidance on the disclosure of the personal data of public sector employees when faced with a Freedom of Information (FOI) request. Under the Freedom of Information Act, a member of the public can request the disclosure of information held by a public sector entity, although disclosure can be refused in certain circumstances provided that the public sector entity has performed a “public interest test” to decide whether or not the disclosure is warranted.
The guidance sets out that the disclosure of personal data must be “necessary” even if the public authority has decided that the disclosure would be “fair”; the public authority must balance up the requirement for disclosure under FOI laws and the requirement to avoid disclosing personal data, and to protect the rights of the individual, under data protection laws.
The ICO has suggested that there may be other ways of meeting the requirements of a FOI request that do not involve the disclosure of personal data. It added that generally organisations are likely to be more justified in revealing the names of senior staff than more junior employees and the disclosure of sensitive personal data (such as health information, religion, criminal records or sexuality) is less likely to be justified. Public bodies must both look after personal data and comply with FOI laws, so they should have general policies on releasing personal data in response to FOI requests, although each request must be considered on its own merits.