The Assistant Information Commissioner for Wales (the Commissioner) has ruled that a public authority was correct in refusing to confirm or deny whether it held information relating to complaints against two of its named individual officers on the basis of section 40 of the Freedom of Information Act 2000 (FOIA). Section 40(5) of the FOIA provides that a public authority's duty, under section 1 of the FOIA, to confirm or deny whether requested information exists does not arise in relation to information to the extent that providing such confirmation or denial would breach the principles set out in the Data Protection Act 1998 (DPA). The Commissioner held that if the public authority were to confirm or deny whether the requested information existed, this would breach the principles of the DPA because it would reveal whether or not complaints had been made about the individual officers, which constituted personal data, and this would amount to unfair processing of that personal data because it was reasonable for employees to expect that complaints against them would be kept confidential.

Source: ICO press release, 30 May 2007; ICO decision notice, 14 May 2007.