Confidential information and subject access disclosure

In February 2021, the High Court handed down judgment London Borough of Lambeth v AM (No. 2) [2021] EWHC 186 (QB), in which Browne Jacobson LLP acted for the Claimant Council.

The judgment is critical reading for public bodies who are required to take action to restrict the use of confidential information in circumstances where that information has been inadvertently disclosed to a third-party. This is most common in response to a request under either the Data Protection Act 2018 or Freedom of Information Act 2000.

Breach of confidence is a complex area of the law. However, the important lesson for public bodies is that steps that can be taken to protect confidential information that has been disclosed to a third-party either by mistake, or due to the improper conduct of a third-party.

London Borough of Lambeth v AM (No. 2) [2021] EWHC 186 (QB)

The background to this case concerned a referral made by the Defendant’s sister (HJ) to the Council’s children’s services department in confidence, under condition of anonymity, in respect of the Defendant’s daughter. After the referral was eventually closed, the Defendant made a subject access request to the Council for a copy of the file held by children’s services.

Unfortunately, the Defendant was able to uncover the confidential information that had been redacted by the Council by copying and pasting the file into Microsoft Word. The Defendant discovered HJ’s identity and threatened to use the confidential information to bring a claim against her for defamation, harassment and various other torts.

The Council commenced a claim for breach of confidence, to restrain the Defendant from using the confidential information. The essential ingredients of the tort of breach of confidence are: (1) the information is confidential; (2) it was imparted to import an obligation of confidence; and (3) there has been or will be an unauthorised use of that information to the detriment of the party communicating it.

Following an interim injunction obtained on behalf of the Council, the matter was set down for an eight-day trial in July 2020. The Defendant’s position was that even if the tort of breach of confidence was made out, he relied on the public interest of iniquity on the basis that his sister had been acting with malice when making the referral. Also, the Council had been a ‘bad actor’ due to the manner it had assessed the referral and handled his personal data (the latter argument was struck out at an interim hearing).

In a detailed judgment, Mr Justice Pepperall held that HJ’s identity was confidential information because of the wider public interest in encouraging members of the public to come forward to help the authorities to protect children. This protection did not come to an end because either the Defendant’s own personal data was involved, or the Council had closed its investigation by the time of the disclosure.

It was clear on the evidence that the Council had attempted to keep HJ’s identity confidential, and the Defendant was aware of that. A duty of confidence will be imposed where obviously confidential information is obtained by design, such as where an individual obtains the information improperly or surreptitiously, or by chance, such as where the document is dropped in a public place and picked up by a passer-by.

While detriment to the referrer of information is required in a claim by a private litigant, the position is different for public bodies. They must establish that the public interest will suffer detriment if an injunction is not granted. In this case, there was no doubt that it was in the public interest to enforce the confidentiality of the identity of an informant who reports their concerns about the care, health and development of a child to the relevant council. Indeed, a failure to do so would undermine public trust in a council’s ability to protect the confidentiality of future informants and therefore put at risk the authority’s effectiveness in protecting the children within its area. The importance of ensuring the protection of both vulnerable children and those raising safeguarding concerns was clearly a fundamental consideration in the judgment.

Even if the referrer had acted maliciously, this alone would not be sufficient to constitute a defence in the public interest, as the public interest also protects untruthful or malicious informants. It is necessary to consider whether the conduct of the informant outweighs the powerful public interest in respecting the confidence of those who make anonymous referrals to a local authority. However, in this case there was no public interest defence because the evidence did not establish that HJ had acted with any malice when making the referral. HJ was found to be a reliable and honest witness, motivated by concern for the child’s wellbeing.

For these reasons, the Court concluded that the Defendant had breached the duty of confidence owed to the Council and therefore the Council was entitled to final injunctive relief to prevent the Defendant from using the confidential information.

This case reinforces that the courts can, and will, prevent the use of information acquired from public bodies, particularly in circumstances where to allow its use would undermine fundamental principles of confidentiality. It provides reassurance to public bodies that where information is acquired from them steps can be taken to prevent that information from being shared more widely.

First published in the Alarm Journal - Stronger in July 2021.