The Information Tribunal has agreed with the Information Commissioner that the Defence Export Services Organisation ("DESO") which is part of the MoD, must disclose their staff contacts directory to a Guardian newspaper journalist under the Freedom of Information Act ("FoI").
The MoD appealed against the Information Commissioner's decision on various grounds including that disclosing the information would endanger the physical or mental health of the staff members and the information is Personal Data and its disclosure would contravene the Data Protection principles.
The key reason for rejecting the first of these points, is that the information was disclosed elsewhere such as the Civil Service Yearbook, military lists and other publicly available information. Although details on junior staff should be redacted as they are more susceptible to harm.
In relation to the Data Protection point a key factor was the distinction between data about someone's professional life and their personal life. The information concerned job titles, names, and work contact details and so staff should expect a lesser degree of protection for this. Although all telephone numbers and email addresses, where they are not already publicly available, should be redacted. This is due to the risk of misuse by protest groups interfering with DESO working practices.
The Information Commissioner published useful guidance in 2005 for public authorities on responding to FoI requests to access information about their employees. Other than the professional/personal life distinction other factors to consider are:
- Whether the requested information can be given without personally identifiable information;
- Whether employees are aware that information may be disclosed;
- Whether they rejected to the information being disclosed;
- Whether they would be likely to suffer any damage; and
- How sensitive the information is.
This technical guidance is available on the Information Commissioner's office website.