THE high-powered watchdog responsible for promoting and enforcing Scotland’s freedom of information laws has issued an unreserved apology to a retired Borders journalist after admitting three breaches of the Data Protection Act (DPA).

But the Scottish Information Commissioner (SIC) will not be hit with any form of punishment after an investigation by the English-based Information Commissioner’s Office (ICO) concluded there was no need for further action.

A second complaint against the SIC by former Scotsman reporter Bill Chisholm from Jedburgh - that it released around 200 pages of personal correspondence to a Freedom of Information (FoI) requester without asking his permission and without consulting him - was not upheld.

Earlier this year Mr Chisholm submitted a petition to the Scottish Parliament seeking an addition to the Freedom of Information Scotland Act (FOISA) which would force councils and other public authorities to provide “honest and accurate” responses to requests for information.

But the petition met stiff opposition from Scottish Information Commissioner Rosemary Agnew and from the Scottish Government. Both claimed there was no need to amend the legislation and, in any case, Mr Chisholm’s proposals would be “unworkable”.

Last week MSPs on the Public Petitions Committee agreed unanimously to close down Mr Chisholm’s petition which means it will receive no further consideration.

While his petition was still “live”, Mr Chisholm decided not to disclose details of the SIC’s triple breach of the Data Protection Act.

But now he has decided to reveal all.

Mrs Agnew, who gave evidence to the Petitions Committee in May, received an FOI request asking for copies of all documents and email exchanges relating to Mr Chisholm’s petition. The extensive collection of correspondence was then released by the SIC and its contents were subsequently published on an internet website.

But in providing the information to the requester, Ms Agnew’s office failed to redact Mr Chisholm’s email address from three separate documents, thereby committing clear breaches of Data Protection regulations.

Before lodging a complaint with the SIC, Mr Chisholm rang the ICOs helpline in June for advice.

“At this stage I did not identify the SIC as the offender,” Mr Chisholm told the Border Telegraph this week.

“I was told several times by the person who took my call that the public authority concerned had no right to release any information without contacting me first. I was thus advised to seek an explanation [from the public body] before asking for an investigation.” The SIC subsequently carried out its own internal enquiry which confirmed the three breaches of the Data Protection Act but dismissed the rest of the complaint.

Margaret Keyse, head of enforcement at the SIC, told Mr Chisholm in a written decision: “I examined the information we disclosed and what we told the requester. It was clear from the response that we intended to withhold your email address, because it was your personal data and because we considered that disclosure would breach the DPA. We redacted it in most places were it appeared but, through a clerical error, we failed to redact it in three places.

“I am very sorry that this happened and apologise unreservedly for any distress this has caused you.

“Although the accidental disclosure was the result of a clerical error rather than procedural failure, the SIC will also reflect on this and incorporate any lessons learned in the review of our internal procedures for responding to information requests.” Mr Chisholm, however, was not satisfied and referred the case to the ICO for its consideration.

In a decision notice sent to Mr Chisholm last week, the ICO’s lead case officer Rachel Webster said: “Given that your email address should have been withheld, it appears unlikely that the SIC has complied with the Data Protection Act 1998. In particular, it appears that the SIC has contravened the first principle by disclosing your email address.

“The SIC has explained in their response the changes they have made to their procedures to try and prevent any future recurrence of this problem. I am satisfied at the changes they have made and do not anticipate taking any further action at this time.” Mrs Webster went on the say that the SIC had not broken FOI rules by passing the 200 pages to the requester.

“It appears from the information provided that the personal data released by the SIC was limited,” she wrote. “As such, it is likely in this case, given that some of your personal data was already in the public domain as a result of your petition, that the SIC believed it was in the legitimate interests of the requester to be provided with the information that contained your personal data. In our view, it was reasonable for this to be released.” Mr Chisholm told us: “The advice I was given by the ICO in June appears to have been flawed or just plain wrong. I maintain that the SIC had no right to issue correspondence I had with them without even having the courtesy to inform me beforehand.

“The decision by the ICO to take no further action simply emphasises the point I was trying to make via my petition – that public authorities can flout FOISA or breach the DPA without fear of punishment.

“The entire system lacks credibility but, clearly, there are too many vested interests to allow any strengthening of the law.”