Staffordshire County Council has been publishing the names of those making Freedom of Information requests to it for the last three years.

The practice could be a breach of the Data Protection Act as it is disclosing the personal details of those asking for information.

Tim Turner, FOI and data protection trainer, has written a brief guide ‘to the main Data Protection issues associated with publishing the names of members of the public on the internet.’

The council has also been widely criticised on social media today for publishing how much it costs to respond to the requests.

This breakdown of costs has included commercial organisations, the press and ‘pressure groups’. It shows how much it estimates requests from each group costs.

The Information Commissioner’s Office is expected to comment in the morning and it would be very surprising if they did not investigate the matter further.

Naming individuals

staffd11As far as I can tell the council has been publishing the names of individual FOI requesters since December 2011. The image above shows a request (redacted by me) from that period.

Previous requests, which are listed on their website, show the names of those asking for information.

Before December 2011 the names of those making requests were not included in the disclosure log.

The council has probably not contacted the requesters to ask for their consent in publishing their names alongside the information it has asked for.

Cost of requests

The estimated costs of requests was flagged up today by the BBC’s Martin Rosenbaum:

Publishing the estimated costs of requests from certain groups/campaigners is, at very least, not in the spirit of the Act, which is intended to be motive and applicant blind.

Aside of any data protection issues, publishing the names of organisations that are frequently asking for information may deter others from making requests.

It also creates the inference the organisations are wasting public money by asking for information.

The council even alleged there was ‘wrongful use’ of the Act by media and pressure groups of in 2012.

The council also included WhatDoTheyKnow, where people can make requests to any authority through an easy to use website, in the category of a campaign group.

Personal data

Also it is very unlikely that any of the information about the identity of requests would be released if it was asked for in a FOI request.

The exemption for personal data (S40) does not allow information to be published which would breach the Data Protection Act.

Paul Gibbons, FOI Man, has previously said: “The fact that you as an individual make an FOI request about a particular subject is enough information in my view to be considered personal information.

“Clearly it’s unfair if a public authority announces that you’ve been making FOI requests to them without your consent.

“Most people wouldn’t expect that to happen, so it would be a nasty surprise if it did.”

Featured image courtesy of Elliot Brown via Flickr/Creative Commons Licence 

I am a journalist and author. I am a journalist at the UK edition of WIRED magazine. In 2015, my first book Freedom of Information: A Practical Guide for UK Journalists, was published. My second book Reed Hastings: Building Netflix, was published in March 2020. I created FOI Directory in 2012 and have maintained it in my spare time ever since.