Protecting your staff members information in FOI processes

A regular concern for agencies (especially customer service agencies when dealing with aggrieved customer FOI applicants) is whether they must disclose staff information to FOI applicants.

Agency and ministerial records within the scope of FOI requests will often include agency or ministerial staff personal information, e.g. staff names, email addresses, direct telephone numbers, individual IT logon identifiers and signatures.

Agencies are understandably reluctant to disclose staff personal information to FOI applicants, due to concerns about:

  • staff safety and security;
  • exposing the roles played by individual staff members in agency decision-making; and
  • aggrieved customers being likely to contact individual staff members rather than using official channels such as telephone hotlines or online portals.

This e-brief considers the potential for Commonwealth government entities to avoid having to hand over staff personal information when disclosing records under FOI. We discuss:

  • Can agencies rely on FOI exemptions to exempt staff personal information from FOI disclosure?
  • An alternative strategy for avoiding having to hand over staff personal information to FOI applicants.

What the FOI Act says

FOI applicants are entitled to access a document of either an agency or minister unless the document is exempt from disclosure. When seeking to exempt staff personal information, agencies have typically relied upon one or a combination of the following exemptions:

  • Disclosure would involve the unreasonable disclosure of personal information.
  • Disclosure would, or could reasonably be expected to, have a substantial adverse effect on the proper and efficient conduct of agency operations.
  • Disclosure would, or could reasonably be expected to, endanger the life or physical safety of a staff member or other person.

The personal information exemption

Under the FOI Act, ‘personal information’ has the same meaning as in the Privacy Act, namely — information or opinion about an identified individual (or where the person is reasonably identifiable).
Personal information is exempt if its disclosure would involve the unreasonable disclosure of personal information about any person (including a deceased person). Not all disclosures of personal information will be unreasonable.

In deciding whether disclosure would be unreasonable, the decision maker must consider:

  • the extent to which the information is well known;
  • whether the person to whom the information relates is known to be (or to have been) associated with the matters dealt with in the document;
  • the availability of the information from publicly accessible sources;
  • any other matters that the agency or Minister considers relevant.

However, disclosure will not be unreasonable merely because it reveals an individual staff member’s involvement in agency business. The Office of the Australian Information Commissioner’s (OAIC’s) FOI Guidelines state:

Where public servants’ personal information is included in a document because of their usual duties or responsibilities, it would not be unreasonable to disclose unless special circumstances existed. This is because the information would reveal only that the public servant was performing their public duties.

The “substantial adverse effect on the proper and efficient conduct of the operations of an agency” exemption

In an endeavour to avoid disclosing information identifying staff, agencies will sometimes rely on an exemption in section 47E(d) that applies to disclosures that “would, or could reasonably be expected to… have a substantial adverse effect on the proper and efficient conduct of the operations of an agency.”

An agency asserting this exemption will typically argue:

  • There are specific channels for the public to contact the agency or minister, e.g. an enquiries hotline, generic email or web-based contact facility for customer or public enquiries;
  • Releasing staff personal information (e.g. names, telephone numbers and email addresses) would enable members of the public to contact individual staff members directly and outside the agency’s preferred contact points; and
  • If people can contact the agency outside agency preferred methods of contact, the agency is likely to need to allocate additional resources to respond to the unsolicited contact, imposing on agency resources.

However, agencies will need to be careful when relying on this exemption. An agency will need to have a compelling argument about why disclosing a staff member’s details would or could reasonably have a substantial adverse effect on agency resources. When the Department of Human Services relied on similar arguments in ‘BB’ and Department of Human Services [2014] AICmr 11, the Information Commissioner responded:

The report shows the officers acting in the course of their duties as employees in relation to a particular customer. It is not reasonable to conclude that release of these names would divert contact on a scale that is substantial and adverse… For the reasons above, I am not satisfied that the disclosure of the names of Departmental officers… would, or could reasonably be expected to, have a substantial adverse effect on the proper and efficient conduct of the Department’s operations.

The “endanger the life or physical safety of any person” exemption

Where disclosing staff information to an FOI applicant would present a genuine risk of harm to that staff member (or to another person), an agency may assert that its disclosure “would, or could reasonably be expect to… endanger the life or physical safety of any person.”

In considering whether to rely on this exemption, an agency should consider the particular circumstances of each case. To satisfy this exemption, there must be a “reasonable apprehension of danger.” Meeting the bar for section 37(1)(c) is quite difficult and agencies will only be able to rely on this exemption in fairly exceptional circumstances.

For example, in Re Ford and Child Support Registrar [2006] AATA 283, the AAT found that the exemption did apply to documents about a third party where the FOI applicant had written threatening letters to that third party, and the third party had been the main prosecution witness against the FOI applicant who was in gaol.

What else can an agency do to avoid having to disclose staff personal information under FOI?

If staff information is within the scope of a valid FOI request, and unless that information is otherwise exempt from disclosure under the FOI Act, an agency must disclose that information to the FOI applicant.

An agency could seek the FOI applicant’s agreement to exclude agency staff personal information from the scope of the FOI request. Practically speaking, agencies can do this by incorporating a statement into their FOI application acknowledgment letters stating that, unless the applicant otherwise requests, the agency will redact agency staff personal information in accordance with section 22 of the FOI Act. This would have the effect of modifying the scope of the applicant’s FOI request to exclude agency staff information.

Although this approach relies upon an applicants’ passive agreement, some agencies are currently using this approach to avoid having to disclose staff personal information.

Advice on FOI and information law

Meyer Vandenberg has a strong focus on government and administrative law. We regularly advise clients on freedom of information (FOI), privacy and data usage issues.

We have a team of lawyers and paralegals who have recent, extensive experience working in-house with Commonwealth clients advising on FOI and privacy.

For more information, please contact:

Geoff Adams — Partner — Privacy and data usage
(02) 6279 4377
geoff.adams@mvlawyers.com.au

James Pratt — Lawyer — Freedom of Information
(02) 6279 4452
james.pratt@mvlawyers.com.au