A work colleague had expressed concerns to the claimant in Barton v Royal Borough of Greenwich that his line manager had emailed home “hundreds” of documents containing his personal data and that the manager's personal email was not secure or encrypted.

The claimant reported this to the Information Commissioner’s Office (ICO), which deals with data protection issues, and only subsequently to his line managers. 

The claimant was told that he should have referred the matter to his line managers before raising concerns with the ICO, and was specifically instructed not to contact the ICO or other external bodies about the matter again without the prior authority of his line manager.  He was also informed that his employers would investigate the concerns promptly, which they did.  The investigation subsequently revealed that the information the claimant provided to the ICO was in fact wholly inaccurate.  The manager had emailed just 11 documents to her password protected home email, none of them inappropriately. 

Despite the warning that he should not do so, the claimant telephoned the ICO for advice as to what he should do about his employers' instructions.  The employers regarded this as a serious breach (failing to obey a reasonable instruction) and he was summarily dismissed.  He was at the time subject to a final written warning in relation to an unrelated matter.   

The claimant relied on the original communication with the ICO and the subsequent telephone call as separate protected disclosures for a claim that he had been unfairly dismissed for whistleblowing.

In order for a disclosure to be protected under the whistleblowing legislation, it must be both:

  • "qualifying" – a disclosure of specific facts, as opposed to an allegation; and
  • "protected" – made to a "prescribed" person about a "prescribed" matter (the list includes the ICO in relation to breaches of the Data Protection Act) and in the reasonable belief that there has been a failure to comply with the law.

The Employment Tribunal found that the original referral was not a "protected" disclosure because the claimant did not have the required "reasonable belief" that the information he disclosed tended to show that his employers had failed to comply with its obligations under the Data Protection Act.  The claimant had "jumped the gun" in circumstances where he knew (or could fairly easily have found out) that there was no real urgency and there was time to verify his colleague's allegation. 

As for the subsequent telephone call, that was not a disclosure of information, so it could not be a protected disclosure either.

The EAT agreed with this analysis.  Bolton School v Evans in 2007 established that making a whistleblowing "disclosure" has a particular meaning.  In that case, the whistleblower told his employer that he believed its IT system was not secure and then proceeded to demonstrate this by hacking into it.   The employer duly gave him a misconduct warning.  The Court of Appeal found that the hacking was a separate act which was not protected by the whistleblowing legislation.

Here, the EAT decided that the telephone call to the ICO could not be treated as part of the original referral and could not constitute a disclosure on its own because of the absence of the disclosure of “information”.

The claimant also tried to argue that the instruction not to contact the ICO was illegal – contrary to public policy and a breach of Article 10 of the European Court of Human Rights (freedom of expression).  The EAT refused to consider this because it had not been argued in the Tribunal.   But the EAT did comment that it would have rejected the point because the facts showed a reasonable basis for the belief by those carrying out the dismissal that the instruction not to contact the ICO was legitimate and reasonable (and that the claimant had therefore breached a legitimate and reasonable instruction).