FOI release

Request for email addresses of senior SIA staff

Published 13 April 2026

Request

Hi there, I am a principal analyst at GlobalData and responsible for research and analysis in the central government vertical for public sector IT, tech, and procurement news/policy. I just wanted to clarify the emails for key employees who would be the point of contact for supplier queries or relationship building.

Please could you clarify the email addresses for:

• Chief Executive, Michelle Russell
• Chief Operating Officer, Debbie Bartlett
• Chief Digital and Data Officer, Philip Urquhart

I would greatly appreciate the help. Many thanks in advance, and I look forward to your reply.

Response

We confirm that the SIA holds this information.

The information you have requested is exempt under section 40(2) and 40(3A)(a) of the Freedom of Information Act 2000, as the information requested amounts to personal information (personal data) and disclosure of that personal information to a member of the public otherwise than under this Act would contravene any of the data protection principles. Personal data is defined under section 3(2) and (3) of the Data Protection Act 2018.

The personal data you have requested relates to the email addresses of our Chief Executive Officer, Michelle Russell, Chief Operating Officer, Debbie Bartlett, and Chief Digital & Data Officer, Phil Urquhart, and therefore constitutes third party personal data.

We have concluded that disclosing these email addresses would contravene Article 5(1)(a) UK General Data Protection Regulations (UK GDPR) which states that personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject.

Lawfulness of processing

Article 6 of the UK GDPR sets out 6 lawful bases for processing and at least one of the following must apply:

• consent – the data subject has given consent
• contract – processing is necessary for a contract you have with the data subject(s)
• legal obligation – processing is necessary for you to comply with the law
• vital interests – processing is necessary to protect life
• public task – processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law
• legitimate interests – processing is necessary for your legitimate interests or the legitimate interests of a third party

The lawful basis that is relevant to FOI requests is Article 6(1)(f) UK GDPR, which provides that processing is necessary for the purposes of legitimate interests pursued by the controller or by the third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

There is a 3-part test which assesses whether there is a legitimate interest. This was applied in the Supreme Court’s case of South Lanarkshire Council v Scottish Information Commissioner [2013] UKSC 55, where Lady Hale outlined three questions:

Question 1 – legitimate interest test: is there a legitimate interest in requesting information?

We do not believe there is a legitimate interest in providing the email addresses of SIA staff for the purpose of supplier queries or relationship building. The email addresses of SIA staff members are not available to the public and disclosure of such information may result in high volumes of unsolicited emails, which would have the effect of detracting from core responsibilities.

The SIA Procurement does not have a single point of contact but does operate a departmental email address where enquiries can be allocated depending on the subject matter. This address is: sia.procurement@sia.gov.uk. This address is not for FOI requests but acts as an access point for the supply base.

To ensure transparency and fairness, we do not accept unsolicited invites or appointments, as we publish all requirements publicly. Information about contracts above £10,000 is reasonably accessible and readily available online.

Contracts up to a value of £139,688 can be accessed through the Contracts Finder.

Contracts over the value of £139,688 can be accessed through the Find a Tender service.

Question 2 – necessity test: is disclosure necessary to meet those interests?

We do not believe sharing the personal email addresses of the requested SIA staff is necessary for supplier queries or relationship building. We have direct channels of communication as described above.

Question 3 – balancing test: do the legitimate interests outweigh the interests and rights of the individual?

The legitimate interests in disclosing the email addresses requested is for transparency and accountability as it enables members of the public to make direct contact with senior members of the SIA.  However, this must be balanced with the impact on efficiency of receiving unsolicited emails as a result of placing these email addresses into the public domain and the measures put in place by the SIA for the direction of queries as described above.

Conclusion

We have concluded that the processing of personal data in this instance would contravene Article 5(1)(a) UK GDPR as there is no legitimate interest in your request in accordance with Article 6(1)(f) UK GDPR and that no other lawful basis under Article 6 UK GDPR applies.  As we have deemed it unlawful to process the personal data, we have not gone on to consider whether it would be fair and transparent to do so.

The information you have requested has therefore been withheld under section 40(2) and (3A)(a) of the Freedom of Information Act 2000 as we believe that it is not necessary to share the email addresses of the requested SIA staff members for the purpose of supplier queries or relationship building. To assist you, you have been provided with the appropriate direct channels for communication with the SIA. The first condition is therefore satisfied, meaning that the exemption is an absolute exemption and not subject to the public interest test.

[Ref: FOI 0590]