“…investigation by and even adverse comment from the Ombudsman is one of the slings and arrows of local government misfortune with which broad shouldered officials have to cope…” (Feld v London Borough of Barnet  EWCA Civ 1307)
Ombudsmen loom over the actions of many public authorities. Particularly, the NHS and local authorities are subject to the scrutiny of respectively, the Parliamentary and Health Service Ombudsman (PHSO), and the Local Government Ombudsman (LGO). The Ombudsmen themselves must have broad shoulders, subject as they are to the oversight of both parliament, and, because they are public authorities subject to the Freedom of Information Act 2000 (FOIA), the Information Commissioner’s Office (ICO).
The PHSO was recently asked, under FOIA, for the email address and telephone number of the Ombudsman herself, Dame Julie Mellor. The request was refused, on the basis of the exemption at section 40(2) of FOIA – namely that the requested information was Dame Julie’s personal data, and disclosure would breach the first data protection principle in the Data Protection Act 1998. This refusal has now been upheld by the ICO, in a decision notice which explains that
the data requested relates to a living individual who may be identified from that data and that [therefore] it constitutes personal data
That much is uncontroversial: a person’s email address and telephone number will generally be held to be their personal data, even in a professional context, providing that they can be identified from that data. However, the ICO goes on to say
the Commissioner considers that the Ombudsman would have a reasonable expectation that her email address and direct telephone number would not be placed into the public domain by disclosure under the FOIA…
…The Commissioner is aware that the requested email address and telephone number are personal to the Ombudsman but are professional contact details. He considers that their disclosure is unlikely to cause the Ombudsman distress on a personal level. However the Commissioner is satisfied that disclosure would disrupt the running of the organisation and it is apparent that the consequences would have a negative impact upon the PHSO
This seems to conflate two quite separate issues – personal privacy, and organisational impact. As far as I can understand it the argument is that, because this is personal data, and because disclosure would disrupt the running of the organisation, disclosure would not be “fair”, in line with the requirements of the first data protection principle. But, as the ICO’s own guidance on disclosure of personal data under FOIA explains (paragraph 44), the consequences to be taken into account are those to the data subject, not to their organisation, or a third party.
If disclosure of information would disrupt the running of a public authority, there are other, more appropriate FOIA exemptions which might apply. Specifically, section 36(2)(c), for situations where disclosure would prejudice, or would be likely otherwise to prejudice, the effective conduct of public affairs.
But even then I struggle to see how disclosure of such innocuous information would really cause sufficient prejudice to warrant keeping this information secret – shouldn’t the Ombudsman be able to implement systems to deal with a possible increase in emails and calls if the email address and phone number were made public? Isn’t this sort of potential irritation one of the slings and arrows of administrative misfortune with which broad shouldered officials have to cope?
(As a footnote to this piece, neither the section 40(2), nor the section 36(2)(c) are going to carry much weight when the information is readily available online already. I will not link to it, because I’m a cautious soul, but Dame Julie’s email address, at least, has been published on the internet as part of a document created by her, and hosted by a reputable academic institution.)