SellafieldBroke Data Rules In Whistleblower Case
David Hencke and Philip Whiteley report on the Information Commissioner’s ruling on letters key to a whistleblower’s defence
The Information Commissioner has ruled that Sellafield, the UK’s state-owned nuclear facility, has broken data laws and put its own security at risk by failing to supply whistleblower Alison McDermott with letters that were critical of her performance when working for the company.
As Byline Times reported last week, the case of McDermott versus Sellafield, the Nuclear Decommissioning Authority and former Sellafield HR director Heather Roberts has been brought under the Public Interest Disclosure Act 1998 – also known as the Whistleblowers’ Act.
Ms McDermott, an HR professional and diversity specialist, claims that the sudden termination of her freelance contract in October 2018 by Sellafield was linked to her protected disclosures containing evidence of systemic bullying, racist and sexist incidents at the Sellafield site in Cumbria.
She had made a subject access request to Sellafield but the nuclear facility decided not to supply her with three letters written by employees on their personal computers at home because they did not consider that Sellafield was the data controller or responsible for them. They then used the critical letters in the employment tribunal case against her.
Now, the Information Commissioner’s Office (ICO) has ruled:
“As these letters were produced on personal email addresses, the processing was unlawful as it likely failed to comply with Article 5 (1) [f], the integrity and confidentiality principle, that is to keep personal data secure.
“Processing this information outside of traditional work systems also creates risks around proper audit trails, as it makes it more difficult to verify when and how information is used/created, and I understand in this case the native documents are no longer available which you have raised concerns about in relation to your tribunal case.
“I intend to write to Sellafield with this outcome, and ask the organisation to consider its processes and update these where necessary to ensure similar incidents do not occur in the future.”
The ICO has said that Ms McDermott can bring a case against Sellafield for its omission: “You remain able to take these matters through the courts to enforce your rights and/or seek compensation. In addition to this… you are able to raise a complaint to the PHSO (Parliamentary and Health Service Ombudsman) via an MP where you feel we have provided a poor service.”
A spokesman for Sellafield told Byline Times: “We understand this is being dealt with by the Information Commissioner’s Office. We cannot comment further at this stage.”
He did not respond to a question about whether Sellafield would implement or appeal the ruling.
The three letters at the heart of the case are central to the defence.
They were presented by Sellafield and purported to complain of the performance of Ms McDermott as equalities diversity and inclusion advisor. But, originally, Sellafield had claimed that severing her freelance contract in October 2018 had been for financial reasons. Sellafield only switched to the claim over competence after Ms McDermott discovered that a significant budget had been allocated to similar HR activities.
The ICO investigation has not been the only inquiry into the provenance of the three letters. When Ms McDermott received copies of the letters, she discovered that metadata had been wiped from one of them while in the possession of DLA Piper, the law firm representing both Sellafield and the third respondent in the case, former HR director Heather Roberts.
Ms McDermott lodged a formal complaint with the Solicitors Regulation Authority on the question of the metadata. In response, the law firm sought to impose a costs order linked to the dispute at the strike out hearing on 7 July 2020 – even though it had not denied that the metadata had been wiped and the Solicitors Regulation Authority had begun an investigation. At the July hearing itself, the judge Marion Batten accused Ms McDermott of acting in a “menacing” way towards DLA Piper for raising the complaint. The Solicitors Regulation Authority investigation is ongoing.
The metadata embedded in the Word document contained evidence directly relevant to the case. Following a request from Ms McDermott, DLA Piper supplied the letter with the metadata intact. She told the reconsideration hearing on 15 January that the metadata revealed that the Word document had been open for more than 173 minutes on the day of its creation, during which time separate evidence proved that the author and Ms Roberts had been speaking to each other.
DLA Piper’s defence was that the wiping of the metadata was an oversight and judge Batten accepted this explanation in her initial ruling, issued last August. A reconsideration hearing may confirm, revoke or revise the initial ruling, and judge Batten has yet to announce her decision in this regard.
Section 47B of the Public Interest Disclosure Act 1998, under which Ms McDermott has brought her claim, explicitly prohibits detriment to be suffered by a whistleblower.
The case continues, with a full hearing scheduled at Leeds Employment Tribunal commencing 15 June 2021.