Internal correspondence regarding IPSA's decision to redact and remove details of MPs expenses claims

Request

Please disclose all internal correspondence concerning the decision by IPSA to redact and remove details of MPs expenses claims in the wake of Sir David Amess' death.

Please ensure any search includes but is not limited to: email; internal messaging services such as Slack; instant messaging tools such as Whatsapp or SMS; word processing software such as Google Docs or Word.

Response

I can confirm that we hold information relevant to your request and copies of 9 documents accompany this letter.

Some information has been redacted and is subject to a Refusal Notice under sections 31 and 40 of the FOIA.

RFI-202111-01 – Disclosure documents

Section 31(1)(a) – law enforcement

This exemption applies where the disclosure of information would or would be likely to prejudice the prevention of crime. IPSA relies on this exemption to withhold information which could be used to identify those companies who provide support to IPSA’s website and the publication process.

IPSA believes that the disclosure of these details could leave the organisation’s website vulnerable to attack if it was known which companies provide support.

This exemption is subject to a public interest test. IPSA does not consider that the withholding of this information has a negative impact on the understanding of the information or situation. We therefore find that the public interest in withholding this information outweighs the public interest in disclosure at this time.

Sections 40(2) and 40(3A)(a) – personal data

This exemption applies to information which IPSA considers to be personal data within the meaning of Article 4(1) of the UK General Data Protection Regulation 2016 (UK GDPR) which states,

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly

IPSA considered that the following are personal data within this definition: names of non-IPSA staff; names of IPSA staff below the level of director; email addresses and mobile phone numbers. We then considered whether disclosure of this personal data would breach any of the Principles relating to the processing of personal data in the UK GDPR.

The relevant principle falls at Article 5(1)(a),

Personal data shall be:

a. Processed lawfully, fairly and in a transparent manner in relation to the data subject

As IPSA was unable to find a lawful basis on which it could rely, within Article 6 of the UK GDPR, it therefore finds that the information is exempt under section 40.

Is this page helpful?

Ref:
RFI-202111-01: Disclosure:
17 January 2022: Categories:
IPSA - POLICYSECURITY: Exemptions Applied:
Sections 40(2) and 40(3A)(a), Section 31(1)(a)