Law firm loses FoI bid to learn names of complainants

Print This Post

27 July 2015


Freedom of information: complainants' details were personal data

Freedom of information: complainants’ details were personal data

A law firm which demanded the details of people who had contacted the Solicitors Regulation Authority (SRA) to allege misconduct has been firmly rebuffed by the Law Society’s freedom of information commissioner.

But in his first adjudication since taking on the role, Adam Sowerbutts also warned the society that in future it needed to up its game when relying on the public interest exemption that allows it to withhold information about regulatory investigations.

The unnamed firm was told in response to its first request that three complaints about misconduct had been made to the SRA. It then demanded their identities, arguing that if complainants wanted to be anonymous, they should seek a High Court injunction.

But the society refused to provide the details of the complainants, saying to do so would be contrary to the society’s obligations under the Data Protection Act 1998. The firm referred the matter to Mr Sowerbutts.

In its submission to the adjudicator, the society said that not all of the information held in relation to the complaints comprised personal data and additionally cited paragraph 14.5 of its freedom of information code, which allows it to withhold information if relating to specific investigations arising from its regulatory role.

But Mr Sowerbutts noted that the society has to undertake a balancing exercise to determine whether or not the public interest favours maintaining the exemption. It is for the society to establish that the public interest favours withholding the information.

The society argued that the knowledge that details of their complaint could possibly be disclosed in response to a freedom of information request would deter potential complainants.

It was also concerned that disclosure could have the effect of ‘tipping off’ a firm or individual in those cases where an investigation about them was particularly sensitive, such as in relation to an alleged fraud.

Mr Sowerbutts ruled that that society’s code was clear that it must not disclose third-party personal data and found that this covered all of the information requested by the firm.

Even though, as a result, he did not need to go on to consider the submissions in relation to paragraph 14.5, he nonetheless told the society that “the rather generic arguments” advanced only served to “partially argue its case”.

He explained: “Brief generic arguments, expressing anticipated concerns, as opposed to concrete and demonstrable prejudice arising from disclosure, are likely to struggle to fully discharge the burden of proof which paragraph 18 of the code places on the society to show why information should not be disclosed.”

Tags:



Leave a comment

* Denotes required field

All comments will be moderated before posting. Please see our Terms and Conditions

Legal Futures Blog

GDPR and the rise of ‘datanapping’ – the new threat to the pockets of law firms

Nigel Wright

You’ve heard about ransomware – a hacker infiltrates your IT systems, locking them down until you pay a ransom. Some studies now estimate that over 50% of businesses have experienced this type of attack in the last year, and it’s particularly prevalent within the legal sector. Previously, firms could protect themselves by having a solid disaster recovery plan in place to ensure they can get back up and running in the event of a disruption. However, the General Data Protection Regulation (GDPR) – the new EU-wide regime which comes in effect on 25 May 2018, irrespective of Brexit – means that this approach alone is no longer adequate and security measures must be strengthened to prevent attacks.

April 21st, 2017