Is there privacy for public sector workers?


Individuals working in the private sector can expect that the personal data they provide to their employer will be kept confidential and only disclosed to third parties in very limited circumstances. However, for individuals working in the public sector, the effect of the Freedom of Information Act 2000 (“FOIA”) is that their employer may be required to disclose their personal data to the public on request

This article considers the factors that are relevant when disclosing information about public servants, and the categories of information that would not be disclosed.

Legal framework

In certain circumstances public authorities may be exempt from the duty to provide information as a result of a request under Section 1 of FOIA. When the complainant requests information that is the personal data of a living individual this may be exempt (Section 40 FOIA).

The exemptions most often relied upon, where information is requested about employees, are those in Section 40 (2) and 40 (3) of FOIA. Under these clauses, no disclosure is required where this would breach one of the data protection principles, or breach an individual’s right to prevent a disclosure likely to cause damage or distress.

In many cases, public authorities will argue that disclosure of employee details would breach one of the data protection principles. The data protection principle most often relied upon is the first data protection principle of fair and lawful processing in Schedule 1, Part 1(1) of the Data Protection Act 1998 (DPA). Factors such as the expectations of the parties are likely to be significant in considering whether processing is fair.

As a general rule the Information Commissioner’s Guidance on the application of this exemption, suggests that “if the information requested consists of names of officials, their grades, jobs or functions or decisions made in their official capacities, then disclosure would normally be made”.

Gross Salary and expenses

The Commissioner’s Guidance suggests that information about employees’ grades can be disclosed, senior employees can also expect disclosure of their gross salaries (e.g. CorbyBorough Council,[1]). The Commissioner favours such disclosure on the basis that senior employees are responsible for policy decisions affecting the public and expenditure of public funds. Employees can expect more scrutiny of their role, in light of this responsibility.

However, seniority and notoriety does not always necessitate disclosure. The Commissioner held that the BBC did not have to disclose information about the salaries of talent, in a decision relating to payments made by the BBC to Michael Parkinson[2]. The Commissioner’s view was that the senior talent at the BBC were not analogous to senior employees. Their salaries were not paid in return for exercising a public function, as they did not have the power to make influential policy decisions. Consequently, the public interest in disclosing their salary details did not outweigh the talent’s expectation that their salary detail would be kept confidential.

In relation to expenses, the seniority of the employee will also be significant (Newry and Mourne Health and Social Services Trust[3]). Another significant factor is whether the personal data in question (i.e. the expenses claim information) relates to a public or private function.

In two decisions before the Information Tribunal (“The Corporate Officer of the House of Commons v Information Commissioner and Norman Baker”[4] and “the Corporate Officer of the House of Commons v The Information Commissioner[5]) the Information Tribunal decided that MPs’ expenses information could be disclosed where they related to the exercise of their public function.

However, in another decision against the House of Commons[6] on MPs’ expenses, the actual receipts and invoices used to claim expenses did not have to be released. This was on the basis that the receipts showed a pattern of travel that could pose a security risk to the high profile MPs involved (the list of MPs included Tony Blair and Gordon Brown). Instead a summary of information was required to be created and disclosed.

This decision is also significant in that it confirms that information about salaries of junior staff does not have to be disclosed. These staff were not public facing and had no expectation that their personal information would be disclosed.


In some circumstances information about the employee’s qualifications can be disclosed, especially if the information is already published. In Calderdale & Huddersfield NHS Foundations Trust[7], information about whether a doctor was on rotation as part of training for General Practice was disclosed. The Commissioner’s view was that, as the doctor would expect information relating to qualifications and experience to be published, it could also be disclosed.

However, where releasing information about qualifications would put the employee’s safety at risk such information does not have to be disclosed. The Commissioner upheld the Home Office’s decision[8] not to disclose the names of those licensed to undertake animal testing, as doing so would risk their safety.

Information about the CVs of individuals applying for a role in the public sector do not have to be released. In HM Treasury[9], information about candidates for the appointment of the governor of the Bank of England did not have to be disclosed. Individuals submitting their CVs do so on the understanding that that the information would be treated as confidential, therefore the Commissioner’s view was that such information could not be disclosed. The same reasoning was applied in a recent request to the House of Commons[10].

Complaints and Disciplinary Hearings

In general information relating to complaints about individuals do not have to be disclosed. The Valuation Office Agency[11] decision however suggests that overall number of complaints received ought to be disclosed in the interests of openness.

The situation is less clear, however, where there is some evidence of misconduct. In Doncaster Metropolitan Borough Council[12] the Commissioner ordered disclosure of information about employees who had been prosecuted for filing expenses claims fraudulently. However, the Commissioner did not envisage such information being disclosed as a matter of course. In Sheffield Teaching Hospitals NHS Foundation Trust[13] the Commissioner held that the public interest in knowing the details of allegations of financial irregularities against an individual outweighed his interests in maintaining the confidentiality of the data.

This decision should however, be contrasted with Western Cheshire NHS Primary Care Trust[14], where a request was made for information about a doctor held on an investigation file. The Commissioner considered the information to be sensitive personal data, as the information related to the alleged commission and investigation of an offence. In this case there was no justification under the DPA for the disclosure of this sensitive personal data. Consequently, if the information were disclosed under FOIA this would have been a breach of the first data protection principle (of fair and lawful processing). As a result the information was withheld.

Severance and pension

Where individuals have left their employment after some allegation of misconduct, and signed a compromise agreement, their personal information will not always be disclosed. This is on the basis that the individuals have an expectation of confidentiality under the terms of their compromise agreement (Nottinghamshire Healthcare Trust[15] ).

In Calderdale Council[16] information about the early retirement of a senior employee did not have to be disclosed. The Commissioner’s view was that the balance between the public authority’s obligation to be transparent and the employee’s expectation of privacy was in favour of not disclosing the information. It was especially significant that the employee had an expectation of confidentiality relating to the information, and that the employee had objected to the disclosure of the information.

Life outside the office - home addresses

A number of requests have been made relating to the location of employees’ homes. In Wrexham County Borough Council[17] the complainant had requested information about how many senior employees lived in the borough. The Commissioner’s view was that an employee’s place of residence was a private matter. Where an employee lived could not impinge upon the individual’s role within the Authority; therefore it would be unfair to disclose information about a person’s home. A similar approach was taken to a request for the residential addresses of the Commissioner’s salaried staff. (Information Commissioner’s Office[18])


In general, senior employees should expect greater disclosure of their personal data, than junior employees. This could range from their gross salaries and expenses to information about misconduct. Circumstances surrounding complaints and errors at work are more likely to be disclosed where there is public debate and evidence of misdeeds.

However, even senior public sector employees will have some protection of their personal data. Where there is a reasonable expectation that it would not be disclosed, or if the information would be considered to be sensitive data (e.g relating to an offence or investigation), this information will not be disclosed.

In general a public sector employees’ home life and address will also be protected, unless the public servant is a MP. In the case of MPs, where the distinction between public and private lives is less clear, it is likely that some information about home life will be disclosed.

Increasingly we may find that public authorities need to follow a middle path when dealing with personal information: neither responding to a request in full nor refusing a request. Instead authorities may be required to “create” information (in the same way as the most recent House of Commons case referred to above[19]): aggregating information or summarising it to respond to a request, rather than providing the full, private information. The obligation (if any) to create information to respond to a request will be discussed in a further article.

[1] FS50062124 (25 August 2005)

[2] FS50070466 (8 October 2007)

[3] FS50093734 (5 June 2006)

[4] EA 2006/0015 and 0016

[5] EA/2006/0074/0075/0076

[6] FS50083202 and FS50134623 (16 January 2008)

[7] FS50147863 (16 April 2007)

[8] FS50082472 (19 April 2006)

[9] FS50086317 (3 October 2006)

[10]FS50139317(21 January 2008)

[11] FS50082420 (30 July 2007)

[12] FS50074871 (22 January 2007)

[13] FS50116822 (27 September 2007)

[14] FS50102203 (25 June 2007)

[15] FS50116589 (13 August 2007)

[16] FS50074995 (16 May 2007)

[17] FS50114028 (30 April 2007)

[18] FS50128761 (10 October 2006)

[19] See footnote 6 above