GDPR has taken the limelight from other information governance legislation especially Freedom of Information. In July 2018, the Cabinet Office published a new code of practice under section 45 of the Freedom of Information Act 2000(FOI) replacing the previous version.
In July 2015 the Independent Commission on Freedom of Information was established by the Cabinet Office to examine the Act’s operation. The Commission concluded that the Act was working well. It did though make twenty-one recommendations to enhance the Act and further the aims of transparency and openness. The government agreed to update the S.45 Code of Practice following a consultation exercise in November 2017.
The revised code provides new, updated or expanded guidance on a variety of issues, including:
- Transparency about public authorities’ FOI performance and senior pay and benefits, to mandate the FOI Commission recommendations for greater openness in both areas.
- The handling of vexatious and repeated requests. The FOI Commission specifically recommended the inclusion of guidance on vexatious requests.
- Fundamental principles of FOI not previously included in the code, e.g. general principles about how to define “information” and that which is “held” for the purposes of the Act.
In the latter section the code makes a number of interesting points:
- Information disclosed as part of “routine business” is not an FOI request. Section 8of the Act sets out the definition of a valid FOI request. Judge for yourself if this advice is accurate.
- Information that has been deleted but remains on back-ups is not held. This goes against a Tribunal Decision as well as ICO guidance.
- Requests for information made in a foreign language are not valid FOI requests. Again refer to section 8 above. It does not say a request has to be in English!
The code is not law but the Information Commissioner can issue Practice Recommendations where she considers that public authorities have not complied with it. The Commissioner can also refer to non -compliance with the code in Decision and Enforcement Notices.
As well as giving more guidance on advice and assistance, costs, vexatious requests and consultation, the code places new “burdens”:
- Public authorities should produce a guide to their Publication Scheme including a schedule of fees.
- Those authorities with over 100 Full Time Equivalent (FTE) employees should publish details of their performance on handling FOI requests on a quarterly basis.
- Pay, expenses and benefits of the senior staff at director level and equivalents should be published quarterly. Of course local authorities are already required to publish some of this information by the Local Government Transparency Code.
- The public interest test extension to the time limit for responding to an FOI request (see S.10(3)) should normally be no more than 20 working days.
- Internal reviews should normally be completed within 20 working days.
Furthermore, the other S.45 Code covering datasets has been merged with the main section 45 Code so that statutory guidance under section 45 can be found in one place. There is also an annex explaining the link between the FOI dataset provisions and the Re-use of Public Sector Information Regulations 2015.
Public authorities need to consider the new code carefully and change their FOI compliance procedures accordingly.
We will be discussing this and other recent FOI developments in our forthcoming FOI Update webinar.