Responding to, and Processing FOIs

FOI requests play a pivotal role in defining the transparency between government agencies and public authorities and the public. At DPAS we recognise the importance of understanding how to both request and process FOIs in line with government compliance.

In the second instalment of our FOI blog series, we’ll outline the essential considerations to make when responding to, and processing Freedom of Information requests.

Identifying valid requests

Information requests, much like people, are complex and varied – a ‘one-size-fits-all’ approach then, will not suffice. Requestors are not even required to name drop FOIA when they make their information requests. The ICO outlines that; “Any written communications to a public authority, including those sent electronically, could be a request for information. This includes requests made via social media if a real name and valid address for correspondence are supplied.” Public authorities need to provide cohesive and pre-emptive training for any staff, equipping them to recognise FOI requests and consider relevant codes of practice.

Our golden rule for determining valid FOI requests is to always, always, always refer to Section 8 of FOIA (which can be found at https://www.legislation.gov.uk/ukpga/2000/36/section/8).

Whilst compliance with invalid requests is not mandatory, you may wish, out of the goodness of your own heart, to contact the requestor to inform them of this.

Exceptions to criteria for valid requests under FOIA

  • Requestors who are unable to make a request in writing, (e.g., due to a disability) require assistance to make a valid request.
  • Requests made in a foreign language do not require a response – but once again you may choose to contact the requestor and ask if they wish to resubmit in either English or Welsh

Processing Requests

Communication is always required once a request has been made, to let the requestor know whether you hold the information they’re seeking (It’s worth noting that the ICO considers ‘holding information’ to mean “Any recorded information which you hold for the purposes of your business”).

This includes:

  • Information held at the time the request is made.
  • Information stored in off-site servers or cloud storage.
  • Information held by other organisations and authorities on your behalf.

If you do hold the information in question, you are required to communicate it to the requestor, unless it falls under exemptions found in Part II FOIA, section 12 or section 14 of FOIA. If you do not hold the information requested but believe another public authority will, you are required to communicate that to the requestor, detailing the public authority in question, as well as their contact details (if able). It is worth noting that a direct transfer to another public authority may only be conducted with the requestors’ consent. In circumstances such as these, awareness of data protection legislation is vital.

Timescales

One of the most common questions we get asked from practitioners responding to FOI requests, concerns deadlines. The timescale to which most public authorities are held can be found in Section 10(1) of FOIA (https://www.legislation.gov.uk/ukpga/2000/36/section/10).

Essentially, Section 10(1) dictates that:

  • Public authorities have 20 working days to respond to an information request (following the date of receipt of request)
  • If the request was received on a working day, that day itself is the date of receipt.
  • If the request was received on a non-working day (e.g., a weekend or public holiday), the first following weekday becomes the date of receipt.
  • There are some exceptions to this time limit, which apply to certain public authorities (e.g., schools) or in certain circumstances (e.g., a particularly complex request). In these situations, the initial deadline is extended to no longer than 60 working days. These exceptions are subject to scrutiny and may require permission from the Commissioner.

Unclear requests

What is the correct procedure for unclear requests? After all, we’re all only human and not always on the same page as one another! Here are some practical tips for dealing with FOI requests which require further clarification:

  • If you are unsure about the nature of the information requested, you are allowed (and encouraged) to contact the requestor, seeking clarification. You can also request elaboration, should you require more information.
  • The 20-day deadline for response will be suspended until the requestor provides additional information. If they fail to do so after two months (a ‘reasonable’ amount of time) their request may be closed.

Third-Party Consultation

In the interest of efficiency and efficacy, third parties may be consulted to consider the suitability of certain information for disclosure, e.g., if a request may affect the interests of a person or body who is not the requestor. Third-party consultation may also prove necessary if they have created or provided the information requested – they may possess a better understanding of the intricacies of the request. Third-party consultants may assist in cases where there is a need to consider prejudice, public interest tests, or to assist in an appeal against a request refusal.

It is worth noting that even if relying on third party consultation, you will still, typically, be subjected to the time scales outlined in Section 10(1).

 

While far from exhaustive, we hope we have been able to provide you with an understanding of the procedures involved when responding to Freedom of Information requests. If you require further clarification or support concerning FOI requests, we are currently offering a 1-day course, designed specifically to provide attendants with the knowledge to understand the process within Freedom of Information requests. To secure your place on our course, click the link below!

https://www.dataprivacyadvisory.com/arlo/events/46-foundation-certificate-in-freedom-of-information/

RECENT POSTS

Data, a new Direction?

Considerable column inches have been written over “Data, a new direction”, the UKGovernment’s title of their “tweaking” of the existing UK-GDPR provisions within the 2018Data

Read More »