FOI: A GUIDE FOR BEGINNERS

Are you aware that under the Freedom of Information Act of 2000, not to mention the Environmental Information Regulations, you have the right to request any recorded information held by public authorities? You may also be able to request information from non-public bodies who carry out a public function (via an Environmental Information Request).

FOI requests play a pivotal role in defining the transparency between government agencies and public authorities and the public. At DPAS we recognise the importance of understanding how to both request and process FOIs in line with government compliance. In that spirit, we’ve decided to release a blog series, comprehensively covering everything you need to know about those all-important Freedom of Information requests.

What kind of information can be accessed with an FOI?

In short, any information you think a public authority may hold. There are, however (and somewhat unsurprisingly) caveats to this;

  • Your right to information regards only recorded information, e.g., Information stored on computers, in emails, images, videos, audio recordings and printed or handwritten documents.
  • You may not be afforded access to some information if it qualifies for exemption, e.g., if it would unfairly reveal personal details about someone else.
  • Your request can be made in the form of a question for specific documents. That question, however, does not have to be answered if that would require creating new information or providing judgement or an opinion, previously unrecorded.
  • You do not have to know whether the information you require constitutes a Freedom of Information request or an Environmental Information request, it’s up to the relevant authority to decide which law they need to follow.

What should be considered, before making an FOI request?

Before making an FOI request, it’s worth asking yourself a couple of questions,

  • Can you find this information anywhere else? For example, is the information you’re looking for already available on the authority website?
  • Is the authority in question likely to have the information you require?
  • Does the FOI you’re requesting concern your own personal data? For personal information, e.g., medical records, you may want to make a Subject Access Request instead. More information about SARs can be found on our website here;

https://www.dataprivacyadvisory.com/subject-access-requests-practical-tips/

  • Is the information you’re seeking suitable for general publication? The Freedom of Information Act was made with the intention to make information available to the general public. As such, all information accessed via the FOI Act must be suitable for general viewing.

How do I make an FOI request that complies with the Freedom of Information Act?

There are a couple of steps you should take to ensure your request is processed correctly;

  • Make sure that you contact the relevant authority directly, identifying the information you require as clearly as possible.
  • A FOI request must be made in writing, e.g., via email or letter. It is worth noting that Environmental Information Requests may be made in writing or verbally.

Can a public authority charge for a FOI request?

A public authority may charge a ‘disbursement’, these are charges accrued for sending the information, such as photocopying and postage.

What happens after an FOI is requested?

The relevant public authority contacted must reply to you within 20 working days. In some cases, the request may not be granted, if this occurs the authority should provide you with one of the following explanations;

  • That it does not have the information requested
  • That another authority is in possession of the information required (if this is the case, they should transfer the request on your behalf)
  • That the retrieval of information sought, requires a fee
  • Under the Freedom of Information Act, they have the right to take more time to consider the public interest in either disclosing or withholding information (they can delay their response in this case for an additional 40 days). They can also take more time if the requested information is ‘particularly complex, or there is a lot of information to provide’. In these cases, the time limit can be extended a further 20 working days, providing the authority responds within the original 20 days to explain any further delays.

If you require further clarification or support concerning FOIs, we are currently offering a 1-day course, designed specifically to provide attendants with the knowledge to understand the process within Freedom of Information requests. To secure your place on our course, click the link below! https://www.dataprivacyadvisory.com/arlo/events/46-foundation-certificate-in-freedom-of-information/

You can also check out the second instalment of our series on FOIs, outlining the essential considerations to make when responding to, and processing Freedom of Information requests here.

 

related posts

Jack Penaligon

How to Respond to a Data Breach: A Practical Guide

This blog provides an overview of the practical steps organisations can take to reduce the impact of a data breach once it has been identified. It focuses on the actions that should be taken during the early stages of an incident to contain the breach, protect affected individuals, and meet regulatory requirements.

The article discusses a range of mitigation measures, including contacting unintended recipients of personal data, securing the deletion or recovery of exposed information, isolating compromised systems, and maintaining clear records of actions taken. It also explores the challenges posed by both digital and physical data breaches, highlighting the importance of balancing operational needs with data protection obligations.

Finally, the blog emphasises the value of preparation, explaining how established procedures, communication templates, and predefined response plans can help organisations respond more effectively and demonstrate accountability during a regulatory investigation.

Read More »
Noah de Wild

How to Assess a Data Breach: A Practical Guide

This blog explains how to assess a data breach by identifying its cause, determining what information was exposed, and evaluating the potential impact on affected individuals and the organisation. It outlines common causes of breaches, the importance of understanding the type and scale of compromised data, and how assessing the timeline of an incident can help businesses respond effectively, meet legal obligations, and reduce long-term risks.

Read More »
Noah de Wild

Don’t Panic: A Pragmatic Guide to the June 2026 Enforcement of the Data (Use and Access) Act Changes

With the June 19, 2026 enforcement of the Data (Use and Access) Act approaching, ensuring your business is compliant doesn’t have to be complicated or expensive. In our latest guide, we break down exactly what the new data protection complaint rules mean for you. Cut through the noise and discover our simple, free six-step checklist to update your protocols, designate handlers, and keep your business confidently compliant.

Read More »

Get a Free Consultation