Disclosure of public servants’ name and contact details in response to FOI requests
The key principles underlying the development of ideas outlined in the position paper are:
- Transparency and accountability are fundamental to Australian democracy and to the Australian public service. Public servants should be accountable for their decisions, their advice and their actions in the service of the Commonwealth.
- Public servants also have a right to be safe at work and safe from harm as a result of their work.
- The evolution of the digital environment – including its ubiquity, accessibility and longevity – gives rise to new risks for public servants, as well as for citizens. These risks include the traceability and trackability of public servants’ personal lives and the risk of physical or online harassment.
- Previously existing risks have been compounded by the normalisation of digital communications and publication. Risk may be increased when contact details are published to a wider audience, for a longer period of time, and at no cost, on a digital platform.
- This paper recognises changes resulting from the development of the online environment when balancing the accountability and safety of public servants within the context of disclosures required by the FOI Act.
- The following principles will inform updates to Parts 3 and 6 of the FOI Guidelines:
- The FOI Act plays an important role in promoting transparency and accountability in government.
- Public servants are accountable for their decisions, their advice and their actions. Agencies and ministers must ensure staff understand this and that this is made clear in staff induction programs and ongoing training.
- Agencies and ministers should start from the position that including the full names of staff in documents released in response to FOI requests increases transparency and accountability of government and is consistent with the objects of the FOI Act.
- Agencies and ministers who have not identified work health and safety risks associated with disclosure of staff names and contact details should generally continue to provide full access to this information on request.
- Agencies and ministers who have identified work health and safety risks associated with disclosure of staff names and contact details may consider whether the only way to mitigate these risks is by removing this information from documents before release, either because it is outside the scope of the request or because it is exempt from disclosure under the FOI Act.
- Agencies and ministers who have identified work health and safety risks associated with disclosing staff names and contact details can consider asking the FOI applicant whether they seek access to this information, where it is not apparent that this information falls outside the scope of the request.
- If an FOI applicant indicates that they seek access to the names and contact details of staff, agencies and ministers must make a decision about access based on the particular circumstances and context of the FOI request.
- In general it will only be appropriate to delete public servants’ names and contact details as irrelevant under section 22 of the FOI Act if the FOI applicant states, clearly and explicitly, that they do not require this information. Agencies may ask this question of applicants in an access request form.
- It is not generally appropriate to treat non-response to advice that, unless told otherwise the agency or minister will treat this information as being irrelevant to the FOI request, as agreement to this revision of scope (unless the exclusion of names and contact details is apparent on the face of the request).
- If agencies and ministers adopt a practice of asking applicants whether they wish to exclude this kind of information from the scope of FOI requests, this should be published on the agency’s website so there is transparency about their practices.
- Redacting the names and contact details of public servants can increase the time it takes to process an FOI request. This is a factor to be considered when deciding whether to impose a charge; noting that the decision to impose a charge is discretionary.
- In certain circumstances, the management of staff and the discharge of the Australian Government’s legal responsibility to ensure the health and safety of its workforce may be substantially and adversely affected if public servants’ names and contact details are routinely disclosed in response to FOI requests.
- Whether, because of the nature of the work it performs or because of the nature of its client base, disclosure of names and contact information poses a risk to the health and safety of their staff, agencies and ministers may consider whether the conditional exemption in section 47E(c) applies.
- However the circumstances in which disclosure of the names and contact details of public servants may be exempt under section 47E(c) are not unlimited and need to be considered on a case-by-case basis, based on an objective assessment of all available evidence.
Next steps: The OAIC will update Parts 3 and 6 of the FOI Guidelines consistent with the views expressed in this paper. Agencies and members of the public will have the opportunity to provide comment on draft versions of these parts before they are finalised and issued under section 93A of the FOI Act.
In July 2019, the Office of the Australian Information Commissioner (OAIC) published a discussion paper on the disclosure of public servants’ personal information in response to freedom of information (FOI) requests and sought submissions from interested parties.
The OAIC has considered the submissions received and monitored the issues arising in applications for Information Commissioner reviews (IC reviews) since that time.
The OAIC received 51 submissions in response to the discussion paper — 34 from Australian Government agencies, nine from individuals, six from other Information Commissioners/Ombudsmen and two from organisations (the OpenAustralia Foundation and the Community and Public Sector Union).
The submissions made by most Australian Government agencies expressed concern about the disclosure of personal information relating to their staff (principally their names and how they can be contacted). In many cases this is because of the potential that disclosure has to expose them to harm. Examples of the consequences of disclosing such information included:
- staff being approached and harassed, abused, physically assaulted and stalked
- staff being subject to online abuse and harassment
- social media being used to identify and pursue staff outside of their place of work, and also their families
- individuals circumventing established channels for contacting the agency which creates additional work for staff who are not trained or authorised to respond to that contact, which may result in unlogged enquiries not being actioned
- the undermining of agency policies that provide staff with the option of not identifying themselves in their dealings with the public, including policies embedded in Enterprise Agreements
- security risks to operational law enforcement and intelligence agencies and employees of law enforcement and intelligence agencies more generally.
The evidence indicates that, in an increasingly digital world, documents released in response to FOI requests can be published without effort and quickly disseminated globally. Further, documents can easily be accessed using standard search engines and effectively made permanently available to the world at large. This increases the risk of harm, not only at the time documents are released, but into the future.
Many of the specific risks outlined above, and the circumstances that give rise to them, are of relatively recent origin and post-date the introduction of the Freedom of Information Act 1982 (FOI Act). Although the world wide web first became available to the general public in 1991, the increase in the use of digital technology, particularly smart phones, has accelerated the possibility of negative impacts of disclosure since the FOI Act reforms of 2010. In this context it is therefore appropriate to reconsider how best to balance the objects of the FOI Act, which include making government-held information available to the Australian community and increasing scrutiny, discussion, comment and review of Government’s activities, with the duty of care the Australian Government has to ensure, as far as is reasonably practicable, the health and safety of its workers. It is also important to keep in mind that these issues are not specific to the release of documents under the FOI Act.
This paper outlines the Information Commissioner’s consideration of how best to balance these interests in the context of processing FOI requests for government held information.
The Information Commissioner notes that there are explicit statutory requirements under the FOI Act for the provision of public servants’ personal information for the purpose of processing or deciding an FOI request. These are set out in the Attachment. This paper does not otherwise refer to those provisions, but rather focuses on the personal information in the form of name and contact details that is included in documents sought by applicants through the FOI Act.
Disclosure of public servants’ names and contact details
A public servant’s name, and information about where they work and how they can be contacted, is personal information. It is information about an identified individual, or an individual who is reasonably identifiable (see section 6 of the Privacy Act 1988).
The Information Commissioner remains of the view that generally it will not be unreasonable to disclose the names and contact details of public servants because this information only reveals that they were performing their public duties. The Information Commissioner considers there are public interest factors, including transparency and accountability of public servants, which favour disclosure of this kind of information.
However, the submissions made in response to the discussion paper and the evidence provided to support those submissions indicate there are circumstances that may lead to real risks to the health, safety and wellbeing of some staff resulting from disclosure of this information.
Section 19 of the Work Health and Safety Act 2011 requires employers to ensure, as far as is reasonably practicable, the health and safety of their workers. This means employers must eliminate risks to health and safety so far as it is reasonably practicable to do, or minimise the risks if it is not reasonably practicable to eliminate them (section 17).
Therefore, as an employer, the Australian Government has a statutory obligation to do what it can to eliminate or minimise known risks to the health and safety of its staff.
Balancing competing interests
Australian Government agencies must therefore balance the pro-disclosure objects of the FOI Act, which include increasing public participation in Government processes with a view to promoting better-informed decision-making and increasing scrutiny, discussion, comment and review of Government’s activities, against the potentially serious risks posed to some public servants and the management of personnel, by the disclosure of their identity and contact information. This includes the impact of disclosing the identity of certain staff in law enforcement agencies in relation to particular functions, and the ability to manage insider risk.
Section 11 of the FOI Act provides a right of access to documents, except if they are exempt. Accountability for the work public servants do is part of achieving the objects of the FOI Act to increase scrutiny, discussion, comment and review of the Government’s activities. Public servants should expect to be subject to scrutiny on their advice, recommendations and decisions, whether through complaints and appeal mechanisms, internal and external review, investigation by the Commonwealth Ombudsman, the actions of regulators, or through oversight and review by their supervisor or manager. Members of the public may disagree with decisions which affect their rights and entitlements and they have the right to challenge them and to seek more information about how decisions are made and the evidence on which they are based. Members of the public may also seek information about the basis upon which policy positions are taken, programs are implemented, and public revenue expended by government agencies and Ministers. The FOI Act provides an avenue to seek such documents.
Public servants should therefore come to work with a clear understanding that their actions will be subject to scrutiny, and an understanding of the important role that the FOI Act plays in promoting transparency and accountability in government. Agencies play a critical role in ensuring their staff understand these concepts, through their induction program and ongoing training.
However, and as noted above, the context in which public servants perform their work has changed. There are now risks that have been realised in a small number of cases.
The potential risks of disclosure have increased the possibility of:
- stalking, harassment and intimidation – including outside the workplace
- slander and defamation
- online abuse, insults and trolling.
Some agencies will not have experienced the negative consequences identified above that may be associated with the disclosure of the names and contact details of staff. For these agencies, managing their work health and safety obligations will not impact on their statutory obligation to provide access to documents in response to FOI requests made under the FOI Act. These agencies can continue as they do now – providing full access to the names and contact details of their staff.
However for other agencies, because of the nature of their work or their client base, there may be risks they cannot mitigate other than by excluding the names and contact details of their staff before releasing documents in response to an FOI request – either because they fall outside the scope of the FOI request, or because they are exempt from disclosure under the FOI Act.
Relevance of public servants’ names and contact details
Section 22 of the FOI Act provides that information that would reasonably be regarded as irrelevant to an FOI request can be deleted from documents before they are released to the FOI applicant.
In many cases, the names and contact details of individual public servants will fall outside the scope of the FOI request and this will be apparent on the face of the request. In these cases, deleting public servants’ names and contact details under section 22 of the FOI Act before the documents are released will be appropriate.
However where it is not apparent that names and contact details fall outside the scope of the FOI request, agencies that identify general work health and safety risks associated with disclosure of the names and contact details of their staff can consider asking the FOI applicant whether they seek this information as part of their FOI request. This can be done in the letter acknowledging receipt of the request (under section 15(5)(a)) or by including a check box in an FOI request form giving the option to exclude this information. If the FOI applicant indicates clearly and explicitly that they do not require this information to be provided, it is appropriate to delete it as irrelevant under section 22 of the FOI Act. If the FOI applicant indicates that they do seek this information, the agency must make its decision on release of the information in light of the particular context and circumstances of the request.
In addition, it is the view of the Information Commissioner that there are risks to treating non-response to advice that, unless told otherwise, the agency will treat this information as being irrelevant to the FOI request. The circumstances in which an agency or Minister may delete irrelevant matter include where it decides that giving access to a document would disclose information that would reasonably be regarded as irrelevant to the request for access (see section 22(1)(a)(ii)), and it is not apparent (from the request or from consultation with the applicant) that the applicant would decline access to the edited copy (see section 22(1)(d)).
Accordingly, unless the exclusion of names and contact details is apparent on the face of the FOI request, in order to reasonably regard information as being irrelevant, positive confirmation should be sought from the applicant.
If agencies adopt a practice where they seek confirmation from applicants as to whether they wish to exclude this kind of information from the scope of FOI requests, this should be published on the agency’s website so there is transparency about their practices in this regard.
Redacting the names and contact details of public servants can increase the time it takes to process an FOI request. Where an agency gives applicants the option to exclude the names and contact details of staff from the scope of their FOI request, processing of the request should not be delayed because of this. Further, the removal of this information to protect staff from potential harm may be a factor to consider when deciding whether to impose a charge; noting that the decision to impose a charge is discretionary.
Subsection 47E(c) — Substantial adverse effect on the management of personnel by the Commonwealth or an agency
Specific concerns about the health, safety and wellbeing of staff are most appropriately addressed under the conditional exemption in section 47E(c) of the FOI Act, which is subject to the public interest test. The inclusion of a public interest test under section 47E(c) ensures that the public interest in disclosure remains at the forefront of decision making involving this provision. This is generally more appropriate than section 47F (personal privacy) for specific concerns about the health, safety and wellbeing of staff for the reasons discussed above. The personal privacy exemption may continue to be more appropriately considered where documents are sought that relate to an individual’s disposition or private character, such as reasons for taking personal leave, information about performance management, or whether the person was unsuccessful during a recruitment process.
Section 47E(c) provides:
- A document is conditionally exempt if its disclosure under this Act would, or could reasonably be expected to, do any of the following:
- (c) have a substantial adverse effect on the management or assessment of personnel by the Commonwealth or by an agency;
- Note: Access must generally be given to a conditionally exempt document unless it would be contrary to the public interest (see section 11A).
The conditional exemption in section 47E(c) of the FOI Act is applicable when disclosure of a document  would have a substantial adverse effect on the management of staff. For a document to be exempt from disclosure under this provision, it must also be contrary to the public interest to disclose it.
In certain circumstances, the management of staff and the discharge of the Australian Government’s legal responsibility to ensure the health and safety of its staff may be substantially and adversely affected if public servants’ names and contact details are routinely disclosed in response to FOI requests. Agencies must take all reasonable steps to minimise the risk of harm to staff to be compliant with their statutory obligations under section 19 of the Work Health and Safety Act 2011. As discussed, these known risks have evolved over time as a result of the changing digital environment.
If an agency has identified that, because of the nature of the work it performs or because of the nature of its client base, disclosure of names and contact information may pose a risk to the health and safety of its staff, consideration may be given to whether the conditional exemption in section 47E(c) applies.
However the circumstances where disclosure of the names and contact details of public servants may be exempt under section 47E(c) are not unlimited and need to be considered on a case-by-case basis, based on an objective assessment of all available evidence. A finding that a document is conditionally exempt from disclosure under section 47E(c) cannot be based solely on the subjective wishes of individual public servants.
In assessing whether disclosure will have a substantial adverse effect on the health and safety of their staff, the following factors are relevant:
- the nature of the functions discharged by the agency – for example law enforcement functions
- the nature of any restrictions imposed by the agency to limit the dissemination of identifying details of staff, such as limitations on the ability of staff to disclose publicly where they work
- the type of work undertaken by the particular public servant
- the relationship between the individual public servant and the exercise of powers and functions discharged by the agency (i.e., are they a decision maker or do they provide advice/make recommendations in relation to decisions)
- whether the FOI applicant has a history of online abuse, trolling or insults
- whether the FOI applicant has a history of harassing or abusing staff
- the personal circumstances of the particular public servant, such that they may be vulnerable to, or at greater risk of harm, if their name and contact details are disclosed – for example, circumstances of family violence, mental health issues or other factors
- whether the name and contact details of the public servant are already publicly available, including Senior Executive Service details available on the Government Online Directory.
If an agency decides, based on an objective assessment of all relevant factors based on the available evidence, that the name and/or contact details of a public servant are exempt from disclosure under section 47E(c), the notice of decision issued under section 26 of the FOI Act should clearly explain how the decision was reached and refer to the evidence on which the decision is based. On review, the Information Commissioner will require the decision to be justified and supported by evidence, with the public interest factors for and against disclosure clearly articulated.
Section 47E(d) — Certain operations of agencies
The OAIC has considered submissions made by some agencies that disclosure of public servants’ contact details can have a substantial adverse effect on their operations by allowing members of the public to circumvent established methods and dedicated points of contact, including general enquiry email addresses and telephone numbers.
The OAIC has not received evidence that would support a position, as a general proposition, that the impact to an agency of disclosing this information in response to an FOI request is likely to have both a ‘substantial’ and an ‘adverse’ effect on an agency’s operations. In most cases the impact can better be described as an inconvenience or distraction for an individual officer, rather than something that impacts substantially on the operations of the agency. Should an agency have evidence that provision of such information would, or could reasonably be expected to, have a substantial adverse effect on the proper and efficient conduct of the agency’s operations, a case may be more likely to be made.
Further, for future conduct to amount to a risk that requires mitigation by exempting contact details from disclosure in response to an FOI request, that conduct must be reasonably expected to occur.
Attachment: Circumstances in which public servants’ names are required to be disclosed under the Freedom of Information Act 1982
The FOI Act requires that a name be included in a document created by an agency for the purpose of processing or deciding an FOI request in specific circumstances. These circumstances include:
- the requirement to state the name and designation of the decision maker in FOI decisions (section 26(1)(b) of the FOI Act),
- the name and designation of the person rejecting a contention that a charge should be reduced or not imposed (section 29(9) of the FOI Act), and
- the name of a contact person (and details of how the applicant may contact the contact person) in notices initiating a request consultation process under section 24AB of the FOI Act.
Request consultation notice
The purpose of section 24AB is to give an applicant a meaningful opportunity to understand the access refusal reason so they have the opportunity to address it. To do that, the applicant requires access to the contact person.
What is required to satisfy section 24AB(2)(c), and to ensure the validity of the notice, is sufficient detail of the contact person's name to allow the applicant to contact the contact person so the applicant can be given the assistance required to be provided under section 24AB.
The full name of the contact person and their direct telephone number or email address (section 24AB(2)(d)) certainly satisfies this requirement. The minimum identifying information that must be included to comply with section 24AB is the first name of the contact person. In addition, details of how the applicant may contact the contact person should include at least a generic FOI contact email address, depending on how the email inbox is managed and whether the person named can be readily identified. See for example, Jack Waterford and Department of Human Services (Freedom of information)  AICmr 21 (5 June 2019) and Justin Warren and Department of Human Services (Freedom of information)  AICmr 22 (5 June 2019).
Decisions under sections 26 and 29 of the FOI Act
The same principles apply to the requirement to state the name of the decision maker in notices issued under sections 26 and 29 of the FOI Act. Notices that do not contain this information will not be valid.
In so far as it relates to documents or notices issued by agencies and ministers under the FOI Act, there are no further requirements in the FOI Act to include a person’s name or contact details. Nevertheless, consistent with the objects of the FOI Act, agencies should start from the position of including full names in documents to increase transparency and accountability. Where there are circumstances particular to the risk profile of the agency, and sound public policy reasons for diverting from that practice, some agencies may decide to develop their own protocols about the inclusion of names and contact details in certain documents created by staff of the agency. If an agency develops a protocol about the inclusion of names and contact details, the protocol should be published on the agency’s website to ensure transparency in relation to its processes. However, in such circumstances, it is important that there is a process in place to ensure the ability of the agency to identify the person mentioned in a document, for accountability purposes.
 Where the personal information does not relate to a public servant’s usual duties and responsibilities, but relates to their disposition or private characteristics, the general rule about disclosure does not apply (see Part 6.157 of the FOI Guidelines).
 Section 4 of the FOI Act defines ‘document’ to include ‘any of, or any part of’ a document. This means that part of a document may be exempt from disclosure without requiring access to the whole document to be refused when requested under the FOI Act.