Freedom of Information
The Freedom of Information Act 2000 ("FOI") provides public access to information held by public authorities. "Public Authorities" includes maintained schools, and academies were brought into the FOI regime by the Academies Act 2010.
Access to information is to be given in two ways:-
- There is an obligation to publish certain information about your activities; and
- The public are entitled to request information from you.
The FOI covers any recorded information being printed documents, computer files, letters, emails, photographs and sound or video recordings.
The principles behind the FOI mean that :-
- Everyone has a right to access official information. Disclosure should be the norm.
- An applicant does not need to give a reason for wanting the information.
- All requests are to be treated equally, except in certain circumstances relating to vexatious requests and personal data. There is an overlap with the Data Protection Act here. You are also obliged to treat all requesters equally.
- You should only disclose information under the FOI if you would disclose it to anyone else who asked. You should consider information which is released as being released to the world at large. It does not prevent you from voluntarily giving information to other people.
The information includes "datasets". These are collections of factual data gathered as part of the provision of your services, and held in electronic form. It also covers "meta data". These include the author and date of drafting found in the properties of a document.
It does not cover information in someone's head. Therefore there is no obligation for you to ask staff.
As mentioned above you have two main obligations under the FOI. You must:-
- Publish certain information proactively; and
- Respond to requests for information.
There are 3 Codes of Practice which contain recommended good practice when applying the FOI.
- The Section 45 Code of Practice. This gives recommendations about handling requests. It covers the situations in which you should give advice and assistance to those making requests; the complaints procedures you should put in place; and various considerations that may affect your relationships with other public bodies or third parties.
- There is an additional Section 45 Code of Practice on datasets. This provides guidance on how to meet your obligations in relation to the datasets provisions under the FOI.
- The Section 46 Code of Practice covers good records management practice and your obligations under the Public Records Act to maintain your records in an ordered and managed way so that you can readily retrieve information when it is needed.
These codes of Practice are not directly legally binding but failure to follow them is likely to lead to breaches of the FOI Act.
Making information available - Proactive publication
You should publicise your commitment to proactive publication and the details of what information is available. You should also publicise the fact that people can make Freedom of Information requests to you and provide contact details for making such a request, including a named contact and telephone number. You should also tell the public how to make a request. You need to communicate this in a range of ways including websites, notice boards, leaflets or posters in places where people access your services. You should also make your staff, contractors, customers or others you have contact with aware of how the FOI may affect them. Make it clear that you cannot guarantee complete confidentiality of information and that as a public body you must consider for release any information you hold if it is requested.
You should consider each request individually, but it is worthwhile having policies or guidelines for certain types of information, such as information about staff.
Making information available - dealing with FOI request
As mentioned already there is an overlap with the Data Protection Act. The DPA 1998 gives rules for handling information about people. Please see the article on the DPA in this newsletter. To be clear, when a person makes a request for their own information, this is a subject access request under the Data Protection Act and not a Freedom of Information request. The FOI does not give the right to personal information. Therefore you may need to clarify this when responding to a request.
The DPA exists to protect people's right to privacy, whereas the FOI is about getting rid of unnecessary secrecies. These two Acts are not necessarily incompatible, but there can be a tension between them and applying them sometimes requires careful judgement. This is where Lupton Fawcett are able to assist you.
When someone makes a request for information that includes someone else's personal data you will need to carefully balance the case for transparency and openness under the FOI against the data subject right to privacy under the DPA in deciding whether you can release the information without breaching the data protection principles.
Someone making an enquiry under the FOI does not have to say why they want the information, and the request does not have to mention the FOI Act. The request must be in writing, which includes fax or email. The enquirer is entitled to be told whether the School/Academy holds the information (known as the duty to confirm or deny) and, if so, to have access to it. Access can include providing extracts of a document where a summary of the information is sought, or access to the original document. However, the FOI Act recognises the need to preserve confidentiality of sensitive information in some circumstances and sets out a number of exemptions.
There are 4 reasons for not complying with a valid request for information under FOI. These are :-
- The information is not held;
- The costs threshold is reached (costs threshold is currently £450);
- The request is considered vexatious or repeated; or
- One of more of the exemptions apply
The FOI Act provides a series of exemptions. These are available from the ICO website. There are 2 general categories of exemtions; absolute where there is no requirement to confirm or deny that the information is held, disclose the information or consider the public interest; and qualified where, even if an exemption applies, there is a duty to consider the public interest in disclosing information.
There are 8 absolute exemptions listed in the FOI Act. Even where an absolute exemption applies it does not mean that you cannot disclose in all cases. It means that disclosure is not required by the FOI Act. A decision could be taken to ignore the exemption and release the information taking into account all of the facts of the case. There is still a legal obligation to provide reasonable advice and assistance to the enquirer.
Qualified exemptions, even if it is decided that an exemption applies, there is a duty to consider the public interest in confirming or denying that the information exists and releasing or not releasing the information. Guidance on carrying out the public interest test is available. Many of the “exemptions” are intended to protect sensitive or confidential information. However, some of the “exemptions” are there simply to avoid the legal position where 2 pieces of law cover the same information requested, where the information is already available by some other means. The exemptions most likely to be used by schools/academies are:-
- Information accessible by other means. For example, information available from your publication scheme, or information which other legislation requires you to give.
- Personal information. As stated above a request for personal information is covered by the DPA 1998.
- Environmental information: where information is covered by the Environmental Information Regulations 1992.
What action do you need to take?
Governing bodies and Academy Trusts are responsible for ensuring that schools and academies comply with the FOI Act. The presumption of openness makes it more important than ever that a school/academy decides its policies and conducts its day to day operations on a basis that stands up to public scrutiny.
You should note that wilfully concealing, damaging or destroying information in order to avoid answering an enquiry is an offence and so a Governing Body/Academy Trust or any person who is employed by, or who is an officer of, or is subject to the direction of the Governing Body/Academy Trust may be at risk of criminal proceedings by such unlawful concealment, damage or destruction occurs. Therefore it is important that no action is taken to delete or amend records that are subject to a request for information.
Such requests for information can be directed to the School/Academy through anyone who works there, the Governing Body/Academy Trust will need to ask itself whether all staff are aware of FOI and how the School/Academy handles requests for information. The Governing Body/Academy Trust will need to :-
- Agree the FOI publication scheme and access policy if it has not already done so. They will need to set out how the school proposes to deal with requests and state that all staff should be aware of the process.
- Delegate to the headteacher or other responsible person day to day responsibility for FOI policy and the provision of advice, guidance, publicity and interpretation of the School/Academy's policies.
- Consider designating an individual who is responsible for FOI to provide a single point of reference, coordinate FOI and related policies and procedures, take a view on possible sensitive areas and consider what information and training staff may need.
- Consider arrangements for overseeing access to information and delegation to appropriate persons/committees.
- Ensure that a well-managed record management and information system exists in order to comply with requests
- Ensure a record of refusals and reasons for refusals is kept, allowing the Governing Body/Academy Trust to review its access policy on an annual basis
What action is required to refuse a request?
If the information is not to be provided, the person dealing with the request must immediately contact the person in the School/Academy with delegated responsibility for FOI to ensure that the case has been properly considered and the reasons for refusal are sound. If it is decided to refuse a request you need to send a refusals notice which must contain specified information. A record of all enquiries where all or part of the requested information is withheld and exemptions are claimed must be kept which includes the reasons for the decision to withhold the information. These records should be retained for 5 years. There are no requirements to keep records where you have supplied the information requested.
What do I do if someone complains?
Any written (including email) expression of dissatisfaction, even if it does not specifically seek a review, should be handled through your existing complaints procedure (which needs to be fair and impartial). The procedure should be clear and non-bureaucratic. Where practicable the review should be handled by someone not involved in the original decision. The Governing Body/Academy Trust should set and publish a target time for determining complaints and information on the success rate in meeting that target. You should maintain records of all complaints and their outcome.
When the original request has been reviewed and the outcome is that the information should be disclosed, this should be done as soon as practicable. When the outcome is that procedures within the school/academy have not been properly followed, the school/academy should review procedures to prevent any recurrence. When the outcome upholds the original decision or action, the applicant should be informed of their right to appeal to the Information Commissioner.
The Information Commissioner publishes a Freedom of Information Guide for schools and academies and provides a template to assist schools and academies as to how to meet their publication scheme obligations. This is available from the ICO website. Lupton Fawcett will be able to assist you in drafting your publication scheme. In addition, guidance for Church of England schools and academies is published by the National Society.
We are hosting a Seminar in November which will focus on GDPR in the Education Sector, please click here for further details.
Please note this information is provided by way of example and may not be complete and is certainly not intended to constitute legal advice. You should take bespoke advice for your circumstances.