Decision 226/2025: Risk regarding child safeguarding

Authority: General Teaching Council for Scotland
Case Ref: 202500359  
 

Summary

The Applicant asked the Authority for information about the risk of child safeguarding identified by the Authority.   The Authority provided some information but withheld other information under various exemptions in FOISA.  The Commissioner investigated and found that the Authority was entitled to withhold some of the information but wrongly withheld other information.  He required the Authority to disclose the wrongly withheld information to the Applicant.

Relevant statutory provisions

Freedom of Information (Scotland) Act 2002 (FOISA) sections 1(1), (2), (4) and (6) (General entitlement); 2(1)(b) (Effect of exemptions); 30(c) (Effective conduct of public affairs); 47(1) and (2) (Application for decision by Commissioner).

Background

1. On 20 December 2024, the Applicant made a request for information to the Authority.  He asked for a copy of the information the Authority held in relation to the specific risk of child safeguarding (to include information used to form this view, plans for mitigation and any entries in the Authority’s risk register).
2. The Authority responded on 23 January 2025.  It advised that some information relevant to the request was already available online (which it provided links to) and thus was exempt under section 25(1) of FOISA. It also disclosed some information to the Applicant but withheld other information under the exemptions in sections 30(b)(ii) and 30(c) of FOISA.
3. On 30 January 2025 and 31 January 2025, the Applicant wrote to the Authority requesting a review of its decision.  He stated that he was dissatisfied with the decision because of the redactions applied by the Authority and because he believed the Authority held further information that it had failed to identify.
4. On 7 March 2025, the Authority advised the Applicant of the outcome of its review in the following terms:

• it advised the Applicant that it had identified some additional information, which it provided to him (subject to redactions under FOISA). 

• it said that it was no longer relying on the exemption in section 30(b)(ii) of FOISA and that it instead wished to rely on the exemptions in sections 25(1), 30(c) and 38(1)(b) to withhold certain information from the Applicant

• it confirmed that it held no internal emails relevant to the Applicant’s request.

5. On 9 March 2025, the Applicant wrote to the Commissioner, applying for a decision in terms of section 47(1) of FOISA.  He stated that he was dissatisfied with the outcome of the Authority’s review because he was dissatisfied with the redactions applied by the Authority and because he considered it held further information that fell within the scope of his request.  

Investigation

6. The Commissioner determined that the application complied with section 47(2) of FOISA and that he had the power to carry out an investigation.
7. On 19 March 2025, the Authority was notified in writing that the Applicant had made a valid application.  The Authority was asked to send the Commissioner the information withheld from the Applicant.  The Authority provided the information, and the case was allocated to an investigating officer.
8. Section 49(3)(a) of FOISA requires the Commissioner to give public authorities an opportunity to provide comments on an application.  The Authority was invited to comment on this application and to answer specific questions related to the searches carried out and the applicability of the exemption in section 30(c) of FOISA.
9. During the investigation, the Applicant confirmed that he did not require a decision regarding the application of the exemption in section 38(1)(b) of FOISA. The Commissioner’s decision notice will therefore only consider the redactions applied under the exemption in section 30(c) of FOISA. 

Commissioner’s analysis and findings

10. The Commissioner has considered all of the submissions made to him by the Applicant and the Authority.

Section 1(1) of FOISA – General entitlement

11. Section 1(1) of FOISA provides that a person who requests information from a Scottish public authority which holds it is entitled to be given that information by the authority, subject to qualifications which, by virtue of section (6) of FOISA, allow Scottish public authorities to withhold information or charge a fee for it.  The qualifications contained in 1(6) are not applicable in this case.
12. The information to be given is that held by the authority at the time the request is received, as defined by section 1(4) of FOISA.

The Authority’s change of position

13. During the investigation, the Authority acknowledged that some of the withheld information duplicated information that it had disclosed to the Applicant elsewhere.  It accepted that the specific instances of duplicated information raised by the Commissioner during his investigation should be disclosed.
14. The Authority did not explicitly confirm that it was withdrawing its reliance upon the exemption in section 30(c) of FOISA regarding the duplicated information that had not been specifically identified by the Commissioner.  However, the Authority has provided no explanation of why any duplicated information should be withheld.
15. The Authority also advised the Commissioner that it had reconsidered the sensitivity of a specific risk control and had come to the view that this information could be disclosed.
16. In the circumstances, the Commissioner must find that the duplicated information and the information relating to a specific risk control was wrongly withheld and that the Authority failed to comply with section 1(1) of FOISA by not disclosing this information to the Applicant by the date of the review outcome (at the latest).
17. The Commissioner requires the Authority to provide this information to the Applicant.  He will provide the Authority with a marked-up copy of the information indicating what information should be disclosed to the Applicant.

Does the Authority hold any further relevant information?

18. The standard of proof to determine whether a Scottish public authority holds information is the civil standard of the balance of probabilities.  In determining where the balance lies, the Commissioner considers the scope, quality, thoroughness and results of the searches carried out by the public authority.
19. The Commissioner also considers, where appropriate, any reason offered by the public authority to explain why it does not hold the information.  While it may be relevant as part of this exercise to explore expectations as to what information the authority should hold, ultimately the Commissioner's role is to determine what relevant information is actually held by the public authority (or was, at the time it received the request).

The Applicant’s submissions

20. The Applicant considered it to be neither credible nor believable that the Authority held no meeting minutes, other documentation or emails on a matter that must be a “top priority”.

The Authority’s submissions

21. The Authority explained that it had consulted several members of staff in response to the request, including relevant heads of department and members of the governance team.  It said searches (using the search terms “child protection”, “risk”, “risk register” and public protection”) were carried out individually by numerous staff within their Microsoft 365 environment, as well as a broader search against individuals’ accounts using Microsoft Purview.
22. The Authority provided evidence of these searches, which it said identified no records that were relevant to the Applicant’s request or that had not been previously identified and disclosed to him (subject to redactions under FOISA) at the review stage.  It also noted that it operated a one-year retention policy for Outlook accounts and their mailboxes.
23. In response to the Applicant’s view that it was “not believable or credible” that there were “no meeting minutes”, the Authority explained that it did not consider it necessary or proportionate to minute all internal meetings, whether pre-arranged or spontaneous, and no such minutes existed beyond what was already identified and provided.  It also said that it did not ordinarily record narrative minutes of committee or council meetings (where information relating to risk requested would have been considered.
24. In response to the Applicant's view that it is not “believable or credible” that there were “no internal emails”, the Authority explained that it did not consider it necessary or proportionate to send emails within a process that did not require this communication.  It said that consideration of “Child and public protection” as a “specific risk” occurred through the risk management process that was demonstrated in the information already disclosed (subject to redactions under FOISA) to the Applicant. 

The Commissioner’s view

25. The Commissioner has carefully considered the submissions from both parties, together with the information identified and the supporting evidence and explanation of searches.  Having done so, he is satisfied that the searches carried out by the Authority were adequate and proportionate in the circumstances, and would have been capable of identifying any relevant information.
26. While the Commissioner notes the Applicant’s concern that meeting minutes have not been identified, he is aware that the Authority has consistently advised him that it does not routinely minute the majority of its meetings.
27. The Commissioner therefore concludes, on balance, that the Authority does not (and did not, on receipt of the request) hold further information falling within the scope of the request, beyond that already identified by these searches.
28. While the Applicant believed and expected more information to be held by the Authority, the Commissioner is satisfied that this was not the case.  While making no comment on whether this amounted to good practice in record keeping, the Commissioner cannot require the production of information the Authority has not, in fact, created.

Section 30(c) – Substantial prejudice to the effective conduct of public affairs

29. In this case, the Authority has withheld certain information within a number of risk assessment and management updates and within a paper regarding information sharing and child protection processes.
30. Section 30(c) of FOISA provides that information is exempt information if its disclosure would otherwise prejudice substantially, or be likely to prejudice substantially, the effective conduct of public affairs.  This exemption is subject to the public interest test in section 2(1)(b) of FOISA.
31. The word "otherwise" distinguishes the harm required from that envisaged by the exemptions in section 30(a) and (b).  This is a broad exemption, and the Commissioner expects any public authority applying it to show what specific harm would (or would be likely to) be caused to the conduct of public affairs by disclosure of the information, and how that harm would be expected to follow from disclosure.
32. In order for the exemption in section 30(c) of FOISA to apply, the prejudice caused by disclosure must be substantial and therefore of real and demonstrable significance.  The Commissioner expects authorities to demonstrate a real risk or likelihood of substantial prejudice at some time in the near (certainly foreseeable) future, not simply that such prejudice is a remote or hypothetical possibility.  Each request should be considered on a case-by-case basis, taking into consideration the content of the information and all other relevant circumstances.

The Applicant’s submissions

33. The Applicant submitted that he saw no valid reason to withhold the information requested and indicated that there should be “no private conversations” when it comes to matters of “child safety”.

The Authority’s submissions

34. The Authority submitted that disclosure of the withheld information would have the impact of producing a significant “chilling effect” in relation to sensitive work undertaken at the Authority regarding risk assessment and child safeguarding.  It said its application of the exemption in section 30(c) of FOISA was primarily based on the likelihood of such a chilling effect prejudicing its ability to manage risks in sensitive areas as a direct result of disclosure of the withheld information, which would have a consequent indirect effect on the interests it was seeking to protect in the context of its risk management and safeguarding activities.
35. The Authority argued that disclosure of the withheld information would result in those involved in the recording of information in relation to risk assessment and child safeguarding being likely to record information less freely and frankly in future, due to concerns that this information would subsequently be placed in the public domain.  For risk management to be effective and for the Authority to perform certain statutory functions effectively in relation to child safeguarding, it needs a private space to enable information to be recorded freely and frankly.
36. The Authority noted that it already publishes information to provide as much transparency as it can in relation to the management of risks generally and in relation to certain specific risks.  It said that the withheld information went beyond the headline risks already published: it showed the Authority’s evaluation of risks, the likelihood of them occurring and the impact this would have on various interests.
37. The Authority considered that disclosure of the withheld information would significantly impair its ability to undertake risk assessments and prepare risk registers in sensitive areas.  Those involved in this task would be very likely to be concerned that recording information in a free and frank way would result in harm to the interests that the Authority is seeking to protect.  This would likely lead to information being recorded in less frank or specific terms, due to a range of factors, which would impact the Authority’s ability to manage key risks.
38. The Authority noted that previous Commissioners had recognised that risk registers were an important and valuable tool that enable organisations to identify potential risks and to evaluate their approach to those risks, highlighting key areas where further action might be required to mitigate identified risks.  It commented that previous decisions of the Commissioner had noted that such an analysis contributed significantly to the effective conduct of public affairs, as it enabled public authorities to avoid situations which would disrupt or harm their operations.
39. During the investigation, the Commissioner asked the Authority some further questions regarding the sensitivity of certain elements of the withheld information.  In response, the Authority said that, in applying the exemption in section 30(c) of FOISA to information in the form of past or current assessments and control measures to be applied, it was concerned that there was a real risk of a chilling effect on the future preparation of entries for its risk register. It said that disclosure of this information would substantially prejudice the Authority’s ability to identify, control and mitigate risks and so would prejudice its ability to manage risk as a public authority.
40. The Authority stated that it was not relying on the sensitivity of a specific risk for the application of the exemption in section 30(c) of FOISA and noted that sensitivity did not form part of the test contained within that exemption.
41. The Authority said that it had reached its assessment of the risk of a chilling effect of disclosure of the withheld information based on real life experience of those working within the Authority in identifying and managing the many risks that arise in the course of the day-to-day work of the Authority. 

The Commissioner’s view

42. The Commissioner has considered the nature of the withheld information and the submissions from the Applicant and the Authority.
43. The Commissioner recognises that risk registers are important and valuable tools that enable organisations to identify potential risks and to evaluate their approach to those risks, highlighting areas where further action may be required to mitigate identified risks.  It is clear that such analysis contributes significantly to the effective conduct of public affairs, by making public authorities better able to avoid situations which would disrupt or harm their operations.
44. The Commissioner acknowledges that, for risk registers to be effective, they must be based on an honest assessment of the challenges faced by an organisation and how they can be overcome.  In his view, any disclosure which had, or would be likely to have, the effect of undermining the effective operation of the Authority (including the consideration of risks) would also be likely to prejudice substantially the effective conduct of public affairs for the purposes of the exemption in section 30(c) of FOISA.
45. The Commissioner also recognises that issues of child safety will often be most effectively handled in a private space, especially where specific cases are discussed.  While the withheld information does not discuss or identify individual cases, the Commissioner acknowledges that the risks outlined by the Authority are not limited to specific cases.
46. The Commissioner cannot therefore agree with the Applicant that there can be no “private conversation” regarding child safety.  As stated above, each request should be considered on a case-by-case basis, taking into consideration the content of the information and all other relevant circumstances, to ascertain whether disclosure of the specific information requested would demonstrate a real risk or likelihood of substantial prejudice at some time in the near (certainly foreseeable) future.
47. That the disclosure of information relating to risk management can sometimes lead to substantial prejudice does not imply that the disclosure of any information relating to risk management shall lead to substantial prejudice.  Instead, public authorities must consider on a case-by-case basis whether disclosure of the specific information in question would, or would be likely to, actually give rise to the substantial prejudice anticipated.
48. In doing so, the test is, as the Authority correctly noted, not whether the information is itself sensitive, but whether disclosure would substantially prejudice the effective conduct of public affairs.  However, the sensitivity of information can, and often must, be considered as part of the assessment of whether the information should be disclosed.   

49. The Commissioner is aware that explaining his reasoning with specific reference to the withheld information would inevitably disclose details of the withheld information.  As the Court of Session recognised in Scottish Ministers v Scottish Information Commissioner [2007] CSIH 8[1] (at [18]): 

    “It is important, in our view … to bear in mind that the [Commissioner], in giving reasons for his decision, is necessarily restrained by the need to avoid, deliberately or accidentally, disclosing information which ought not to be disclosed.”

50. As far as he can without revealing the content of information that is withheld, the Commissioner will explain his reasons below.
51. Having carefully considered the withheld information, the Commissioner is not satisfied that disclosure of the majority of that information would give, or be likely to give, rise to the prejudice claimed by the Authority.  Much of the withheld information comprises high-level comments or, as stated above, information that the Authority has already disclosed to the Applicant elsewhere.
52. While the Commissioner accepts that the Authority must (in appropriate circumstances) have a private space in which to record information freely and frankly, he is not persuaded that disclosure of this majority of the withheld information would, given its nature, act to inhibit employees of the Authority from recording similar information in future.
53. In the circumstances, having carefully reviewed the Authority’s submissions, the Commissioner does not consider that disclosure of that information would, or would be likely to, substantially prejudice the Authority’s ability to identify, evaluate and manage risks.
54. However, the Commissioner accepts that disclosure of some of the withheld information would, or would be likely to, substantially prejudice the Authority’s risk management processes.
55. Specifically, the Commissioner considers that disclosure of information relating to residual and inherent risks (and similar information calculating the severity of risks) would be likely to result in future risk registers recording information with less accuracy or granularity, which would clearly undermine the process of risk management within the Authority.  Similarly, he considers that disclosure of certain risk controls and updates (which are more specific in nature than the high-level comments described above) would, or would be likely to, prejudice the Authority’s ability to identify, evaluate and record mitigations, which would substantially undermine the process of risk management within the Authority.
56. The Commissioner will provide the Authority with a marked-up version of the withheld information, showing the information to which the exemption in section 30(c) of FOISA was wrongly applied and which should now be disclosed.
57. The Commissioner is satisfied that disclosure of the remaining information withheld under section 30(c) of FOISA would cause, or be likely to cause, substantial harm to the Authority if disclosed and therefore would, or would be likely to, prejudice substantially the effective conduct of public affairs.
58. The exemption in section 30(c) is subject to the public interest test in section 2(1)(b) of FOISA.  The Commissioner must therefore go on to consider whether, in all the circumstances of the case, the public interest in disclosing the information is outweighed by that in maintaining the exemption

The public interest – section 30(c)

59. The public interest is not defined in FOISA but has been described in previous decisions as "something which is of serious concern and benefit to the public", not merely something of individual interest.  It has also been held that the public interest does not mean "of interest to the public" but "in the interests of the public", i.e. disclosure must serve the interests of the public.

The Applicant’s submissions

60. The Applicant said that it was in the public interest for the withheld information to be disclosed given the concerns he said members of the public, education subject matter experts and MSPs have with how the Authority is handling safeguarding concerns raised against registered teachers.
61. The Applicant submitted that disclosure of the withheld information was in the public interest to allow the public and Parliament to understand what it is doing in the “critical child safeguarding area” given the concerns he said exist about the Authority.  Specifically, he said it was in the public interest that the public understand the Authority’s position from a risk-scoring perspective on the adequacy and effectiveness of investigations being carried out by councils.  He also argued that the public need to know the level of child safeguarding risk facing children in Scotland and the reasons for this.
62. The Applicant said that the public and Parliament needed to have confidence in the Authority and that the “lack of transparency” from the Authority was of deep concern to him.  He argued that the Authority needed to demonstrate “more openness”, given that it was tasked with an important child safeguarding role. 

The Authority’s submissions

63. The Authority submitted that there is a general public interest in making information accessible, where doing so would enhance scrutiny of decision-making processes in relation to risk management, thereby enabling an enhancing accountability.
64. As the only professional regulatory body for teachers in Scotland, the Authority considered that there is a public interest in disclosing information, where to do so would contribute to ensuring that it is properly discharging its functions.
65. For that reason, the Authority publishes a range of information relation to risk management and safeguarding, carefully assessed to ensure that what is disclosed will impact adversely neither its ability to carry out its functions in relation to these matters nor the interests it seeks to protect.
66. In this case, the Authority considered that the public interest in scrutiny and accountability was outweighed by the substantial prejudice to its ability to undertake the necessary evaluation to manage risk effectively through the chilling effect already identified above and would therefore impact adversely on its ability to manage risks in the future, including in relation to safeguarding.
67. The Authority submitted that there is a strong public interest in ensuring that its ability to manage risk in relation to safeguarding is not adversely impacted in any way whatsoever, including by causing inhibition that would disrupt its effective management of risk.

The Commissioner’s view

68. The Commissioner recognises the general public interest in transparency and accountability, particularly where this might contribute to understanding how the Authority identifies and manages risks relating to child protection and safeguarding.
69. The Commissioner acknowledges that the withheld information (to which he has accepted the exemption applies) might cast some light on these matters, and to that extent, disclosure would be in the public interest.  However, he considers that disclosure of the information that was wrongly withheld (in addition to the information already disclosed by the Authority) will go some way towards satisfying that public interest.
70.  The Commissioner has already accepted that disclosure of the withheld information in question would or would be likely to cause substantial prejudice to the effective conduct of public affairs in this case.  He does not accept that disclosure of the withheld information in question, which he considers would compromise the ability of the Authority to identify, evaluate, manage and record risks, would be in the public interest.
71. Taking all of the submissions into consideration, on balance, the Commissioner accepts that greater weight should be attached to the arguments which would favour withholding the information in the public interest.  Having reached this conclusion, the Commissioner finds that the public interest in disclosing the remaining information is outweighed by that in maintaining the exemption in section 30(c) of FOISA.  He therefore finds that Authority was entitled to withhold the information in question under that exemption.

Decision 

The Commissioner finds that the Authority partially complied with Part 1 of the Freedom of Information (Scotland) Act 2002 (FOISA) in responding to the information request made by the Applicant. 

The Commissioner finds that by correctly withholding some information under the exemption section 30(c) of FOISA, the Authority complied with Part 1.

However, by wrongly withholding other information under the exemption in section 30(c) of FOISA, the Authority failed to comply with Part 1 (and, in particular, section 1(1)). 

The Commissioner therefore requires the Authority to provide the information that was wrongly withheld, by 10 November 2025.  

The Commissioner will provide the Authority with a marked-up copy of the information indicating what information should be disclosed to the Applicant

Appeal

Should either the Applicant or the Authority wish to appeal against this decision, they have the right to appeal to the Court of Session on a point of law only.  Any such appeal must be made within 42 days after the date of intimation of this decision.

Enforcement 

If the Authority fails to comply with this decision, the Commissioner has the right to certify to the Court of Session that the Authority has failed to comply.  The Court has the right to inquire into the matter and may deal with the Authority as if it had committed a contempt of court.

Euan McCulloch 

Head of Enforcement 

26 September 2025