MP expenses (Geoffrey Cox)

I can confirm that we hold information relevant to your request.

Please find attached to this email a copy of the document. Some information has been redacted because it is subject to a Refusal Notice under sections 31, 38 and 40 of the FOIA and in accordance with Section C of IPSA’s Publication Policy.

RFI-202111-03 – Disclosure document

Section 31(1)(a) – law enforcement

This exemption applies where the disclosure of information would or would be likely to prejudice the prevention of crime. IPSA relies on this exemption to withhold the banking details of suppliers and other transactional references. IPSA believes that the disclosure of these details could leave those concerned more vulnerable to financial crime, in particular fraud and electronic crime, especially with the increase in cyber-attacks.

This exemption is subject to a public interest test. IPSA does not consider that the withholding of this information has a negative impact on the understanding of these claims. We, therefore, find that the public interest in withholding this information outweighs the public interest in disclosure at this time.

Section 38(1)(b) – health and safety

This exemption applies where disclosure of information would, or would be likely to, endanger the safety of any individual.

IPSA relies on this exemption to withhold the personal address of the MP’s member of staff. IPSA maintains that the disclosure of this information carries a high risk of endangering the staff member and we believe that the removal of the address does not have a negative impact on the understanding of the information provided in the document. The address is also the personal data of the MP’s staff member (see section 40).

Sections 40(2) and 40(3A)(a) – personal data

This exemption applies to information which IPSA considers to be personal data within the meaning of Article 4(1) of the UK General Data Protection Regulation 2016 (UK GDPR) which states,

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly

IPSA considered that the following are personal data within this definition: banking and financial information of suppliers; names of MPs’ and supplier’s staff. We then considered whether disclosure of this personal data would breach any of the Principles relating to the processing of personal data in the UK GDPR.

The relevant principle falls at Article 5(1)(a):

Personal data shall be:

a. Processed lawfully, fairly and in a transparent manner in relation to the data subject

As IPSA was unable to find a lawful basis on which it could rely, within Article 6 of the UK GDPR, it therefore finds that the information is exempt under section 40.