Decision 225/2025: Information relating to a previous request about Garages to Homes

Authority: Scottish Borders Council
Case Ref: 202301045
 

Summary

The Applicant asked the Authority for information about its response to a previous information request about Garages to Homes.  The Authority provided some information and withheld other information on the grounds that it was personal data.  It informed the Applicant it did not hold other information.  The Commissioner investigated and required some information which had been withheld as personal data to be disclosed.  He was satisfied that other information had been correctly withheld and that, on balance, it was likely that the Authority held no further information within the scope of the request.

Relevant statutory provisions

Freedom of Information (Scotland) Act 2002 (FOISA) sections 1(1), (2) and (6) (General entitlement); 2(1)(a) and (2)(e)(ii) (Effect of exemptions); 38(1)(b), (2A), (5) (definitions of “the data protection principles”, “data subject”, “personal data” and “processing”, “the UK GDPR”) and (5A) (Personal information); 17(1) (Notice that information is not held); 38(1)(b) (Personal information); 47(1) and (2) (Application for decision by Commissioner).

United Kingdom General Data Protection Regulation (the UK GDPR) articles 4(1) (definition of “personal data”); 5(1)(a) (Principles relating to processing of personal data); 6(1)(f) (Lawfulness of processing).

Data Protection Act 2018 (the DPA 2018) sections 3(2), (3), (4)(d), (5) and (10) (Terms relating to the processing of personal data).

Background

1. On 15 October 2022, the Applicant made a request for information to the Authority.  He asked for information relating to the handling of a previous information request he had made about Garages to Homes, including the Authority’s attempt to recall its response to him after it was issued.  The full text of this request is reproduced in Appendix 1.
2. The Authority responded on 25 November 2022.  It provided information in response to some parts of the Applicant’s request, it gave him notice, under section 17(1) of FOISA, that some information was not held, and it withheld some information under section 38(1)(b) (Personal information) of FOISA.
3. On 16 January 2023, the Applicant wrote to the Authority requesting a review of its response. The Applicant stated that he was dissatisfied with the response because he believed that further information was held and that some of the information which had been redacted was not personal data.
4. The Authority notified the Applicant of the outcome of its review on 20 February 2023.  The Authority provided the Applicant with some further information and informed him that other information was not held.  It upheld its original response in relation to section 38(1)(b) (Personal information) of FOISA and informed the Applicant that it had only redacted personal data under this exemption.
5. On 17 August 2023 the Applicant wrote to the Commissioner, applying for a decision in terms of section 47(1) of FOISA.  The Applicant stated he was dissatisfied with the outcome of the Authority’s review because he believed that some of the information withheld under section 38(1)(b) of FOISA was not personal information.  The Applicant also considered that further information was held. 

Investigation

6. The Commissioner determined that the application complied with section 47(2) of FOISA and that he had the power to carry out an investigation.
7. On 25 August 2023, and in line with section 49(3)(a) of FOISA, the Commissioner gave the Authority notice in writing of the application and invited its comments.
8. The Authority was also asked to send the Commissioner the information withheld from the Applicant.  The Authority provided the information and the case was subsequently allocated to an investigating officer.

Commissioner’s analysis and findings

9. The Commissioner has considered all of the submissions made to him by the Applicant and the Authority.

Background to the Applicant’s request

10. The Applicant had made a previous request for information (on 21 August 2022) to the same authority.  This was the subject of a separate appeal to the Commissioner and resulted in Decision 139/2025[1].
11. The Authority provided some information to the Applicant (in its response to that earlier request) on 8 September 2022.  On 16 September 2022, the Authority emailed the Applicant in an attempt to recall that response.  The Authority stated that the response contained commercially sensitive information which should not have been disclosed.  It asked the Applicant to delete the response, apologised for any inconvenience and stated that a new response would be issued to him as soon as possible.
12. On receipt of this “recall” email, the Applicant sought advice from the Commissioner’s office and was advised that under FOISA (or the EIRs), disclosure of information was disclosure to the public as a whole and the Authority was unable to recall it.
13. The Applicant continued with that request and subsequently made a second request about the Authority’s handling of the first.  That second request is the subject of this appeal.
14. As the Commissioner noted in paragraph 18 of Decision 139/2025, there is no provision in FOISA for the recall of a response to a request for information and he is therefore unable to make a formal finding on the Authority’s attempt to do so.  Equally, on the other hand, he cannot find (as Commissioner) that the Applicant was obliged to comply with that attempt. 

Section 1(1) – General entitlement

15. Section 1(1) of FOISA provides that a person who requests information from a Scottish public authority which holds it is entitled to be given that information by the authority, subject to qualifications which, by virtue of section 1(6) of FOISA, allow Scottish public authorities to withhold information or charge a fee for it. The qualifications contained in section 1(6) are not applicable in this case.
16. The information to be given is that held by the authority at the time the request is received, as defined by section 1(4).  This is not necessarily to be equated with information an applicant believes the authority should hold.  If no such information is held by the authority, section 17(1) of FOISA requires it to give the applicant notice in writing to that effect.
17. The standard of proof to determine whether a Scottish public authority holds information is the civil standard of the balance of probabilities.  In determining where the balance of probabilities lies, the Commissioner considers the scope, quality, thoroughness and results of the searches carried out by the public authority.  He also considers, where appropriate, any reason offered by the public authority to explain why it does not hold the information.  While it may be relevant as part of this exercise to explore expectations about what information the authority should hold, ultimately the Commissioner’s role is to determine what relevant recorded information is (or was, at the time the request was received) actually held by the public authority.

Does the Authority hold further information?

18. The Applicant stated that no information had been provided to him relating to post-recall discussion, decisions or actions involving the Authority.  He commented that he found this odd for a number of reasons, including that:

    1. the attempt to recall a FOI response was potentially unique;

    2. senior officials were on holiday at the time; and

    3. the Authority had no FOI recall procedure in place.

19. Furthermore, the Applicant stated that the paper trail showed senior officials of the Authority had planned to meet representatives of a third party to discuss his information request.  He noted that he had been informed that this meeting never happened but observed that it did not appear to have been cancelled.  The Applicant stated that he had not been provided with any information relating to the Authority’s potential legal liability to third parties.  He believed some relevant documents relating to how his original information request was processed and then recalled, were missing.
20. The Authority explained that all searches were carried out by officers who were dealing with the Garages to Homes project. The Authority provided the Commissioner with evidence of the searches (by way of providing the search template completed by each officer) and it submitted that those officers’ search templates had also been provided to the Applicant.  It added that the Authority’s information manager at the time had also undertaken searches, and it provided the Commissioner with that search template, which included information on the areas searched and the areas where information was sourced.
21. Furthermore, the Authority provided comments in relation to specific points raised by the Applicant, including that the member of staff who dealt with the attempted recall did so by telephone and did not take notes of the relevant conversations.
22. In his requirement for review, the Applicant had referred to an email he had received as part of the Authority’s response to his information request, which alluded to members (councillors) being briefed on “something similar to this”.  
23. In its submissions to the Commissioner, the Authority reiterated its previous view (provided in its review outcome) that the matter of the members’ briefing was not relevant to the Applicant’s request.  The Authority explained that the members’ briefing was being undertaken by Scottish Borders Housing Association (SBHA) and the Authority therefore held no information in relation to that briefing (and it stated that the data was held by SBHA).
24. The Authority also addressed the Applicant’s query about the meeting (that was referenced in the paper trail that had been disclosed, and) which was planned between senior officials and representatives of a third party.  It submitted that this meeting did not, in fact, take place and that further information relating to the meeting was not held. 

The Commissioner’s view

25. The Commissioner has reviewed the evidence of searches (including information about the officers who carried out searches and the areas searched) and is satisfied, on balance and in the circumstances of this particular case, that it is likely that no further information is held.
26. In considering the issue of whether or not further information was likely to be held, he also reviewed the circumstances in which the attempted recall of the Authority’s response to the Applicant’s previous request was made.  In the Commissioner’s view, while the attempted recall was unusual, it was not unique.  There have been other occasions where authorities have disclosed information by mistake, under FOISA (or FOI) and have sought to withdraw the information from public view shortly afterwards.
27. This has usually involved the accidental disclosure of personal data and in some cases it has been reported in the media[2].  However, given that there is no provision within FOISA for such a recall the Commissioner considers it is unsurprising that the Authority had no procedure(s) in place for such an eventuality.
28. The Commissioner’s view is that it is understandable that staff would, upon realising that information had been disclosed which potentially ought not to have been, have dealt with this by phone rather than email (possibly because this was quicker and a verbal discussion would have been easier).  While it may not be ideal (from the Applicant’s point of view) that no notes of such conversations were kept, the Commissioner accepts, on balance, the Authority’s position that this is the case.
29. In relation to the meeting between the Authority and a third party organisation which was mooted but which did not happen, the Commissioner accepts that this may simply not have been taken forward, (that is, that it was allowed to slip, or that no-one took the meeting forward) rather than it being cancelled more formally, for example by email.  Given the evidence of searches, the Commissioner accepts that no further information is held relating to the cancellation of that meeting.
30. In light of all the submissions and the particular circumstances of this case, the Commissioner accepts that no further information is likely to be held generally in relation to this request or to the specific examples raised by the Applicant.
31. In relation to the Applicant’s comments in his requirement for review, where he referred to an email suggesting that a similar event had happened previously and sought access to this information, the Commissioner is satisfied that information regarding a previous event does not fall within the scope of this request.  In this case, the Applicant only sought information regarding the Authority’s handling of a previous request he had made; information regarding another party’s information request or another authority’s handling of a request, does not fall within the scope of his request and the Authority was correct to deem it irrelevant. 

Section 38(1)(b) - Personal information 

32. Section 38(1)(b), read in conjunction with section 38(2A) (a) or (b), exempts information from disclosure if it is "personal data", as defined in section 3(2) of the Data Protection Act 2018 (the DPA) and its disclosure would contravene one or more of the data protection principles set out in Article 5(1) of the UK GDPR.
33. "Personal data" is defined in section 3(2) of the DPA as "any information relating to an identified or identifiable living individual". Section 3(3) of the DPA 2018 defines "identifiable living individual" as "a living individual who can be identified, directly or indirectly, in particular with reference to – 

    1. an identifier such as a name, an identification number, location data or an online identifier, or 

    2. one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual."

34. The Authority disclosed information to the Applicant, some of which was redacted under section 38(1)(b) of FOISA.  Some areas of redaction were small, while others covered larger sections of text.

The Applicant’s comments on whether all of the redacted information is personal data

35. The Applicant stated that he believed some of the information redacted under section 38(1)(b) of FOISA was not personal data.  The Applicant highlighted what he considered to be large blanked-out areas on some documents and observed that the wording which followed another redaction did not appear to make grammatical sense (if it was the case that the only information which had been redacted was the name or role of an individual). 

The Authority’s comments on whether all of the redacted information is personal data

36. The Authority submitted that most of the information comprised personal information because it either identified individuals  (i.e. through names, job titles and contact details) or it related to an individual’s thoughts or feelings.
37. The Authority acknowledged that it had also redacted other information on the grounds that it comprised emails that had already been disclosed to the Applicant in redacted form. The Commissioner will consider the Authority’s submissions on this point below.

The Commissioner’s view on whether the information is personal data

38. Having reviewed the withheld information, the Commissioner accepts that most of the information which was withheld comprises personal data in the form of names, job titles contact details and personal views and opinions.
39. He accepts that one area of redaction towards the end of the 16 September 2022 email (sent at 18:23) is personal data as it relates to an individual’s thoughts, feelings or opinions.
40. However, the Commissioner is not satisfied that all of the information redacted by the Authority is personal data.
41. In its submissions, the Authority stated that one area of redaction contained the repeated text of an earlier email.  The Commissioner notes that this email began at the foot of page four of the information the Authority previously provided to the Applicant, directly under the email dated 16 September 2022, timed at 18:23.  The redacted document which was provided to the Applicant comprised four pages while the equivalent document provided to the Commissioner comprised five pages, with the fifth page comprising the rest of the duplicated email.
42. The Authority acknowledged that the last page of this five-page email had not been given to the Applicant.  It explained that this page had been fully redacted as it was a duplicate of a redacted email that had previously been released to the Applicant. 
    The Authority explained that the last page would have been removed to reduce the quantity of information given to the Applicant and it apologised for any confusion caused by this omission.
43. The Commissioner acknowledges the Authority’s explanation of the larger section of redacted material and, having examined the text contained on page five, he is satisfied that it is a duplicate of the email disclosed on pages two to three.  However, he considers that not all of the information redacted from page five is personal data and he notes the Authority’s explanation that this email was redacted in its entirety in order to reduce the amount of information provided.
44. To aid the Applicant’s understanding, in addition to the Authority’s comments above, the Commissioner notes that the larger area of redaction was applied to the top section of a duplication of the email of 16 September 2022, timed at 13:51, a redacted copy of which has already been disclosed to him.
45. Given the above, the Commissioner’s view is that some of the information withheld under section 38(1)(b) of FOISA is personal information for the purposes of section 3(2) of the DPA 2018.  However, he finds that the Authority incorrectly applied section 38(1)(b) of FOISA to some text which was not personal information.
46. The Applicant already has a (redacted) copy of the information; however, given the confusion caused by the Authority’s unnecessary redaction to page five, the Commissioner requires the Authority to provide the Applicant with a new copy of the email chain issued in response to question 13, and which contains all five pages (with the redactions to page five limited to personal data redactions under section 38(1)(b) of FOISA.)
47. The Commissioner will now go on to consider that information which he does consider to be personal data. 

Would disclosure contravene one of the data protection principles?

48. The Authority argued that disclosing the personal data would breach the first data protection principle.  This requires personal data to be processed "lawfully, fairly and in a transparent manner in relation to the data subject" (Article 5(1)(a) of the UK GDPR).
49. The definition of "processing" is wide and includes (section 3(4)(d) of the DPA) "disclosure by transmission, dissemination or otherwise making available". For the purposes of FOISA, personal data are processed when disclosed in response to a request.  This means that personal data could only be disclosed if disclosure would be both lawful (i.e. it would meet one of the conditions of lawful processing listed in Article 6(1) of the UK GDPR) and fair.
50. The Authority’s submissions concentrated on the personal data of an external third party (although it also withheld personal information relating to its own staff).  It argued that the data subject was corresponding with it (the Authority) and did not expect that their personal data would be disclosed into the public domain, and that disclosure would therefore be unfair and/or unlawful.

Condition (f): legitimate interests  

51. In considering lawfulness, the Commissioner must consider whether any of the conditions in Article 6(1) of the UK GDPR would allow the personal data to be disclosed.
52. The Commissioner’s view is that condition (f) is the only condition which could potentially apply.  
    This states that processing shall be lawful if it is "necessary for the purposes of the legitimate interest pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data ...”.
53. Although Article 6(1) states that this condition cannot apply to processing by a public authority in performance of its tasks, section 38(5A) of FOISA makes it clear that public authorities can rely on Article 6(1)(f) when responding to requests under FOISA.
54. The three tests which must be met before Article 6(1)(f) can be relied upon are as follows (see paragraph 18 of South Lanarkshire Council v Scottish Information Commissioner [2013] UKSC 55[3] - although this case was decided before the GDPR (and UK GDPR) came into effect, the relevant tests are almost identical):

    1. Does the Applicant have a legitimate interest in obtaining the personal data? 

    2. If so, would the disclosure of the personal data be necessary to achieve that legitimate interest? 

    3. Even if the processing would be necessary to achieve that legitimate interest, would that be overridden by the interests or fundamental rights and freedoms of the data subject? 

Does the Applicant have a legitimate interest in obtaining the personal data?

55. The Authority submitted that it had considered the Applicant’s legitimate interests and had concluded there would be no gain to him in receiving the personal data which had been withheld.  Furthermore, it argued that it had not received the data subjects’ consent to publicly release their personal information.
56. The Applicant argued that he had a legitimate interest in the identity and/or the employment status of the individual who had, in his view, pressured the Authority to recall the previous FOI response. Furthermore, he stated, that his personal data was processed illegally to achieve this.
57. The Applicant also argued that the recall attempt had left him not knowing the status of the previous original information request.  He commented that following the attempt to recall the response, the Authority had never subsequently informed him that the recall had been withdrawn, or that it had no legal basis, and the Applicant viewed this as a potential effort to impede the release and status of the original information request.
58. The Applicant provided an example of the wider confusion over the status of the response to his previous request after the Authority attempted to recall it.  He stated that a newspaper had decided not to publish information from the response when it was informed of the recall attempt and the Applicant argued that this meant that, since then, the information within the response had not truly been in the public domain.

The Commissioner’s view on the Applicant’s legitimate interests

59. The Commissioner has considered the personal information which has been withheld in relation to the legitimate interests of the Applicant.  He accepts that the Applicant has a legitimate interest in some of the personal data insofar as it relates to how the Authority handled his information request.  
    The Commissioner will not give a view on whether the Authority was pressured into recalling the previous FOI response, nor will he comment on the processing of the Applicant’s data, as this is not within his remit.
60. The Commissioner’s view is that the Applicant does not have a legitimate interest in personal data where the individual’s involvement appears to be purely administrative.
61. Furthermore, the Commissioner considers that the Applicant does not have a legitimate interest in personal data which comprises contact details for certain individuals, such as phone numbers or email addresses.  His view is that disclosure of such information would not fulfil the Applicant’s legitimate interests in this matter.  He therefore finds that the contact information has been correctly withheld under section 38(1)(b) of FOISA, and he will not consider it any further in this decision.

Is disclosure of the personal data necessary?

62. Having accepted that the Applicant has a legitimate interest in some of the personal data, the Commissioner must consider whether disclosure of the personal data would be necessary to meet the Applicant's legitimate interests.
63. Here, “necessary” means “reasonably” rather than absolutely or strictly necessary.  The Commissioner must therefore consider whether the disclosure is proportionate as a means and fairly balanced as to the aims to be achieved, or whether the Applicant’s legitimate interests can be met by means which interfere less with the privacy of the named individual.
64. The Applicant has argued that it is in his legitimate interests that the information be disclosed in terms of the identity of the individual who pressured the Authority to recall the previous FOI response.

The Commissioner’s view on whether disclosure is necessary

65. The Commissioner accepts that disclosure of the personal data is necessary to achieve the Applicant’s legitimate interests because he would appear to have no other means of accessing the information concerned and meeting this legitimate interest in full.  The Commissioner considers that disclosure of the information would provide clarity on the background to the action taken by the Authority. 

The data subjects’ interests or fundamental rights and freedoms 

66. The Commissioner must balance the legitimate interests in disclosure of the information, against the data subject's interests or fundamental rights and freedoms.  In doing so, it is necessary for him to consider the impact of such a disclosure.  For example, if a data subject would not reasonably expect that the information would be disclosed to the public under FOISA in response to the request, or if such disclosure would cause unjustified harm, their interests or rights are likely to override any legitimate interests in disclosure.  Only if the legitimate interests of the Applicant outweigh those of the data subject could the information be disclosed without breaching the first data protection principle.
67. The Commissioner's guidance on section 38 of FOISA[4] notes factors that should be taken into account in balancing the interests of parties.  
    He notes that Recital (47) of the General Data Protection Regulation[5] states that much will depend on the reasonable expectations of the data subjects.  These are some of the factors public authorities should consider: 

    1. Does the information relate to an individual's public life (their work as a public official or employee) or to their private life (their home, family, social life or finances)? 

    2. Has the individual has objected to the disclosure?

    3. Would the disclosure cause harm or distress?

68. The Commissioner considers that the personal data in terms of names relates to the data subjects’ professional roles.
69. The Authority stated, as above, that no consent was received from the data subjects to release their data into the public domain.
70. The Commissioner notes that some of the personal information which has been withheld relates to Authority staff and some relates to a senior member of staff of a separate public authority.

71. The Commissioner’s guidance states that:

    “Information about an individual’s private life deserves more protection than information about their public life.  The seniority of their position and whether they have a public facing role will also be relevant.  The more senior a person is, the less likely it is that disclosing information about their public duties will override the interests of the person who made the request. Information about a senior official’s public life should also generally be disclosed unless it also reveals details of the private lives of other people, such as their family.”

72. The Commissioner considers that the withheld information in which he has accepted the Applicant has a legitimate interest relates to the individuals’ public life, specifically to their professional role.  He notes the Authority’s position that it had not received consent from any of the individuals about their personal data being disclosed.
73. The Commissioner considers that the majority of the individuals involved (although not all) would have a reasonable expectation that the personal data would or could be disclosed in response to the Applicant’s request, given that personal data has already been disclosed to the Applicant in response to this request or the previous request or both.
74. Moreover, the Commissioner considers they would (or should) have had a reasonable expectation that the personal data could be disclosed in response to a FOI request given they were aware that this request related to a previous FOI request and that information (including personal data in the form of names and some emails) had already been disclosed in response to the previous request. 

Would disclosure cause harm or distress to the data subject?

75. The Commissioner has also considered the harm or distress that might be caused by disclosure of the information. Disclosure, under FOISA, is a public disclosure.  He has taken this into account when reaching his decision.
76. In discussing the withheld information, the Commissioner must ensure that he does not disclose the contents of that withheld information.  However, in very general terms, some individuals’ personal data has already been disclosed to the Applicant.
77. The Commissioner acknowledges that the circumstances of this request relate to the involvement of particular individuals following the disclosure of information when some of this disclosure was subsequently questioned.
78. He therefore considers that it is possible that disclosure of the information could cause an element of harm or distress to an individual or individuals, if it revealed information about which others could then reach a negative judgement.  In coming to this conclusion, the Commissioner is not making a judgement on whether this would be the case, simply that such an outcome as the result of disclosure is a possibility.
79. However, he also notes (as above) that, where the personal information is the names of Authority staff, some of these names have already been disclosed to the Applicant under FOISA (in relation to this request or the previous request).  The Commissioner also considers that the context in which the personal information occurs is already publicly known.
80. we The Commissioner’s view is that, where the names of Authority staff have already been disclosed to the Applicant (and to the wider public), the chance of further harm or distress being caused (the likelihood of which he already considers to be small) is unlikely.
81. In relation to the personal information of one individual who is not employed by the Authority, the Commissioner notes that they are a senior figure within another public authority.  In all the circumstances of the case, the Commissioner does not consider that any such harm or distress would be likely to be significant (and he notes that the Authority in its submissions has not argued that this would be the case).
82. Having carefully balanced the legitimate interests of the Applicant against the interests or fundamental rights or freedoms of the data subjects, the Commissioner finds that the legitimate interests served by disclosure of the personal data of some personal information  would not be outweighed by any unwarranted prejudice that would result to the rights and freedoms and legitimate interests of the data subjects.
83. The Commissioner has also considered the personal data of  individuals from another external third party organisation which has been withheld.  While the Commissioner considers that the Applicant would have a legitimate interest in knowing a particular organisation was concerned about the release of particular information (and notes that this information has already been disclosed to the Applicant) he does not consider that legitimate interest is further met by releasing the names of the individual members of staff.
84. In the circumstances of this particular case, the Commissioner finds that condition (f) in Article 6(1) of the UK GDPR can be met in relation to some of the withheld personal data. 

Fairness 

85. The Commissioner must also consider whether disclosure would be fair.  He finds, for the same reasons as he finds that condition (f) in Article 6(1) can be met, that disclosure of some of the withheld information would be fair.

Conclusion on the data protection principles

86. In the absence of any reason for finding disclosure to be unlawful other than a breach of Article 5(1)(a) and given that the Commissioner is satisfied that condition (f) can be met for some of the withheld information, he must find that disclosure for that information would be lawful in this case.  The Commissioner therefore finds that disclosure of certain of the withheld information would not breach the first data protection principle, and the Authority was therefore not entitled to withhold this information under the exemption in section 38(1)(b) of FOISA.
87. The Commissioner requires the Authority to disclose some of the withheld information to the Applicant.  He will provide the Authority with a marked-up document which details the exact information that it is required to disclose.

Decision 

The Commissioner finds that the Authority partially complied with Part 1 of the Freedom of Information (Scotland) Act 2002 (FOISA) in responding to the information request made by the Applicant. 

The Commissioner finds that by relying on the exemption in section 38(1)(b) for withholding certain information, the Authority complied with Part 1 of FOISA.

However, by wrongly relying on section 38(1)(b) to withhold other information, and by wrongly withholding page five of an email string without applying any exemptions to it, the Authority failed to comply with Part 1 (and, in particular, section 1(1)) of FOISA. 

The Commissioner therefore requires the Authority to disclose to the Applicant the information which was incorrectly withheld, by 10 November 2025.

Appeal

Should either the Applicant or the Authority wish to appeal against this decision, they have the right to appeal to the Court of Session on a point of law only. Any such appeal must be made within 42 days after the date of intimation of this decision.

Enforcement

If the Authority fails to comply with this decision, the Commissioner has the right to certify to the Court of Session that the Authority has failed to comply.  The Court has the right to inquire into the matter and may deal with the Authority as if it had committed a contempt of court.

Euan McCulloch 

Head of Enforcement 

25 September 2025
 

Appendix 1

I have been advised that a Freedom of Information Response recall or destroy request is a very rare, possibly unique occurrence, and feel it is in the public’s interest to know how this transpired and what the ramifications of such a recall might be. 

I would like to be furnished with all the information you hold relating to how you processed my August 2022 Freedom of Information request.  I would like to know many SBC Staff were involved in the process and their roles within SBC, and their actions taken.

I would like to be furnished with all the information you hold relating to the decision that was taken to call me in August 2022 in an effort to progress my Freedom of Information request.  All documents, transcripts, and recordings you hold relating to the actual call that took place between myself I will redact part of his name but refer to him as Mr I (Roads Section) from SBC.

I would also like to be furnished with all the information you hold relating to the decisions that were taken not to release any information.

I would also like to be furnished with all the information you hold that related to the decisions that were taken in relation as to what was to be included in the Freedom of Information Release

I would also like to have access to all the information you hold relating to what checks that were conducted to ensure that all information released was correct, including any discussions that took place relating to the issue of commercially sensitivity being weighed against the public’s right to know. 

I would also like to have access to all information you hold relating to who or what organisation apparently brought to the attention of SBC, the idea that SBC had released commercially sensitive information to me. 

I would like to be furnished with all information you hold relating to any discussions or correspondence that took place including the actual presentation of this accusation and any subsequent discussions or correspondence that took place relating to this issue including the date and time this accusation was made to the council and which organisation or person made it.

I would like to be furnished with the SBC policy and guidance that relates to Freedom of Information Requests including guidance relating to recalling a Freedom of Information release. 

I would also like to be furnished with all the information you hold relating to how many people were involved in the recalling of the Freedom of Information response that I received via email on 16 September 2022, the relevant positions they hold, and their actions taken. 

I would also like to be furnished with all subsequent information you hold that involved any discussions or correspondence that took place either internally or with external agencies involving my Freedom of Information Request after the destroy or recall notice was issued. 

I would also like to be furnished with all the information you hold relating to remedies you offered to any third party for the potential breach of GDPR legislation that was allegedly caused by your staff. 

I would also like to be furnished with all the information you hold relating to any subsequent discussions or correspondence that took place either internally or with third parties to address the issue of SBC now potentially being liable to the parties whose data you might have accidentally released. 

I would also like to be furnished with any discussions or correspondence relating to how SBC might be able to address issues that this might cause when having to make future unbiased decisions involving these agencies, organisations, or companies.