24-25/80

I refer to your request for information dated 20 December 2024 (FOI 24-25/80) in which you requested records related to risk registration which we have handled under the Freedom of Information (Scotland) Act 2002 (FOISA).

Specifically, you noted that “in the GTCS annual review child safeguarding is listed as the top risk” and requested “information used to form this view, plans for mitigations and any entries in the GTCS’s risk register” which we address below.

Much of the annual report 2023/24 addresses these queries, specifically how risk management is addressed through the Strategic Plan. For more information, please see the GTC Scotland Strategic Plan 2023: Trusted Teaching which considers planned mitigations and information used in its creation. We have therefore applied section 25(1) of FOISA to the query for the “information used to form this view” and “plans for mitigations” requested as this information is otherwise accessible.

The annual report also explains that we “maintain a risk register that details the most significant risks to the delivery of our strategic priorities.” As a result, the risk entitled “Child and Public Protection” appeared in the annual report due to its current entry on the GTC Scotland risk register.

I have provided a copy of this entry as it appears on the risk register as a record labelled “FOI 24-25_80_Record" accompanying this response.

Where I have withheld portions of the record, I consider it is exempt under section 30(b)(ii) and section 30(c) of FOISA.

Where the records have been withheld under section 30(b)(ii) this has been done as disclosure is likely to inhibit substantially the free and frank exchange of views for the purpose of deliberation.

There is clear public interest in the transparent operation of public authorities, and this is why we made a summary of key risks publicly available and ask for Feedback from all users of our services. However, there is also a significant public interest in GTC Scotland being able to consider its various procedures in private to implement them without the concern that such deliberations and assessment of risk will be made public during the process.

GTC Scotland needs to be able to have free and frank exchanges and reflect consideration of matters in a private space so that these matters can be articulated, scheduled and reviewed. Disclosure of these records would be likely to substantially inhibit the exchange of views and provision of advice if employees knew they could be disclosed under FOISA. We consider the public interest in withholding this information outweighs the public interest in disclosure.

We also consider that releasing the records would otherwise prejudice substantially, or be likely to prejudice substantially, the effective conduct of public affairs under section 30(c) of FOISA.

As stated, while there is a clear public interest in the transparent operation of public authorities it is necessary for their proper functioning that risk assessment be considered internally without public scrutiny. We need to consider all forms of risk in a private space so that these can be properly developed and reviewed. Releasing unredacted versions of these records would prejudice the risk assessment process.

If these records were to be placed in the public domain by disclosing it to you under FOISA, we consider that would prejudice the process substantially. The consideration of risk requires a private space while it remains ongoing.

Disclosure would have a significantly adverse impact upon employees involved in this type of work who need to assess entries on the register and carry out their roles in relation to its risk management. We consider the public interest in withholding this information outweighs the public interest in disclosure.

You may contact informationgovernance@gtcs.org.uk if you are dissatisfied with this response, to request GTC Scotland conduct a review of it. You should describe the original request and explain your grounds of review. You have 40 working days from receipt of this response to submit a review request. When the review process has been completed, if you are still dissatisfied, you may use the Scottish Information Commissioner’s guidance on making an appeal to do so.

I refer to your request dated 30 January 2025 for a review of the response you received on the same day to your original information request to GTC Scotland (FOI 24-25/80), dated 20 December 2024 which we have handled under the Freedom of Information (Scotland) Act (FOISA). Please accept our apologies again for the delay in providing this review response and thank you for your patience while we collate the relevant information.  

You have expressed dissatisfaction with our response to your information request. To enable your review request to be considered afresh and by someone who has not responded to your original request, I have been appointed to undertake the internal review on behalf of GTC Scotland.  

Your original request

In your original request you asked for the following:  

I note in the recent GTCS annual review child safeguarding is listed as the top risk for the GTCS. Can you please provide me in the public interest with a copy of the information the GTCS holds in relation to this specific risk. To include information used to form this view, plans for mitigation and any entries in the GTCS's risk register.

On 23 January 2025, we provided records related to this risk and redacted them in line with section 30(b)(ii) and section 30(c) under FOISA. On 30 January, you sent an email requesting we review our decision in FOI 24-25/80 under section 20(1) of FOISA.  

Your internal review request

In your review request of 30 January, you state:  

I am challenging the exemptions applied in the public interest and would like the data unredacted. The public needs transparency re what the gtcs is doing in this key area.

You later added on 31 January that:  

The public needs to understand the risks children face in schools and what those tasked to protect them are doing about it.  For such a top priority there is a lack of information on this which is concerning.  Are there no internal emails discussing this, meeting minutes etc.  Please check again because I am not convinced an adequate and effective search has been carried out so far.

I have reviewed the original request and the relevant documentation held by GTC Scotland. I note in your review request that you emphasise that you require “internal emails” and “correspondence” to ensure that “an adequate and effective search has been carried out” for these records.  

Our response

I would highlight in the first instance that you have referred to our ‘annual review’ and ‘child safeguarding’ risk. When considering this review, I wish to clarify that we have taken your request to be referring to our most recently published Annual Report 2023/24 and the relevant risk in that report, being the ‘Child and Public Protection’ risk. Our searches and our response are therefore based upon that interpretation of your request.  

It may be helpful to provide a little context. While the original response has provided information in relation to the specific reference in the 2023/24 Annual Report and as such is limited to that entry, I have taken your request more broadly as to relate to the risk itself.  This specific risk, in the form as it appears in the Annual Report 23/24, first appeared on our Risk Register in September 2021 and remained until a refreshed approach to our risk register was adopted in February 2024.  

I would further clarify that we have interpreted your request and review to be seeking information in relation to the ‘specific risk’ of the ‘Child and Public Protection’ risk noted in the Annual Report 23/24 and the formulation and management of that risk. As discussed further below, this is therefore limited to the formal consideration of the risk as contained within the risk register.  

As a result, additional information has been located and is attached.

You will find attached records relating to the relevant risk registers and extracts of the relevant Committee and Council papers, redacted as necessary. The records have been provided in this way to ensure that you have access to the information requested, however the vast majority of those papers were not considered to be in scope and therefore have not been included. Where duplicated information has been identified, we have only provided one version of that relevant information. In addition, our Committee and private Council sessions are held in a private space and are therefore not disclosable. As such, providing relevant extracts preserves that privacy.  You will note that elements of these records have been redacted. Where the redaction is in black, the exemptions under s30(b)(ii) – free and frank exchange of views for the purposes of deliberation - and section 30(c) – effective conduct of public affairs - of FOISA have / has been applied. The application of these exemptions are discussed below, in line with your review request. Where the redaction is in red, the information is not within the scope of your request.  

You specifically question in your review response: “Are there no internal emails discussing this, meeting minutes etc.  Please check again because I am not convinced an adequate and effective search has been carried out so far.” Having carried out an additional search, I can confirm that I apply s17 – no information held, to this element of your request. It may be helpful to explain that the organisation has an email retention policy of 1 year. In addition, I would clarify that it is unlikely (and certainly no such records have been located) that such discussions would take place via email and instead would take place during internal colleague meetings. It is not GTC Scotland practice to minute internal meetings, unless considered absolutely necessary in specific circumstances. Therefore, in response to your request no such information is held.  

In addition, I would direct you to our website, in particular to the ‘corporate publications’ part of our website. There you will find additional documentation that discusses this specific risk. I therefore apply s25 of FOISA – information otherwise available.  

Application of exemptions

I have decided that the original decision to withhold those sections of the records in the initial response and this review response should be upheld, for the reasons set out below and having considered the public interest in disclosure balanced against the public interest in maintaining the exemptions that apply. However, I would clarify that I do not uphold the application of s30(b)(ii) and instead consider the applicable exemption in this case to be s30(c) to all elements of the documentation to which redaction has been applied.  

Where the records have been withheld under section 30(c) (redacted in black) this has been as the document includes sensitive information that is not appropriate for publication under FOISA but is necessary for those involved with the work of risk management. In the interest of transparency, we have considered it appropriate in this instance to provide elements of the records in order to respond to your request as comprehensively as possible, however, it is essential that GTC Scotland can ensure it has a private space for the consideration of sensitive and confidential matters for the organisation, in order to fulfil its public function effectively.  

If this was to be placed in the public domain by disclosing it under FOISA, we consider that there would be a reluctance to record risks in an open and transparent manner to ensure our effective governance and risk management processes and so more restrained, and less helpful, contributions would be made over time. This would have a significantly adverse impact upon the effective conduct of the organisation, its leadership teams and governing Council which each need access to a complete risk profile where required, for the purpose of undertaking their functions in relation to our statutory duties. All of the information provided is extracted from private documentation to be considered in private sessions of our Committees and Council. GTC Scotland must ensure it maintains the privacy and confidentiality of these meetings, and associated papers, in order to ensure it can continue to effectively manage and consider risk, in a private space. Disclosure under FOISA in this way would endanger our risk management process and substantially prejudice our effective conduct.

Public interest test  

We are required to consider the public interest test when applying the above exemptions. While we accept of course, as noted above, that there is a public interest in transparency, accountability and scrutiny of decisions and decision-making processes of public authorities we would argue that this must be balanced against the public interest in our ability to hold internal discussions, deliberations, and consider risk in a private space. We consider this to be an essential element of ensuring that the organisation is enabled to make well-informed, fully considered decisions, bringing in the expertise of relevant members of the organisation as required.    

Additionally, the records contain personal data of third parties (redacted in blue) that identifies them and relates to them, which we do not consider disclosable under FOISA, as it would be beyond their reasonable expectations and unreasonable to disclose their personal data, as per section 38(1)(b) of FOISA.  

If you are dissatisfied with this response to your review request, you have a right of appeal to the Scottish Information Commissioner within 6 months of this review response. The Scottish Information Commissioner’s guidance on making an appeal describes the process, including the application form. Further information, including relevant contact details is available on its website.  If you are dissatisfied with the decision of the Commissioner, following an appeal to the Commissioner, you have a right of appeal to the Court of Session on a point of law.