The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

papers in a filing cabinet

Colleagues from the ICO’s FOI Directorate share their experiences and involvement in raising awareness of our regulation of access to information legislation.

Director’s Update – Looking at the future of Freedom of Information (FOI) through ICO25

The ’Director’s Update’ series from ICO Director of FOI and Transparency, Warren Seddon, provides you with a regular update on the FOI work of the ICO and aims to share some of the key learnings to help FOI practitioners and the wider FOI community understand our developing thinking and carry out their roles.

Yesterday, we published our landmark report, ‘Behind the screens – maintaining government transparency and data security in the age of messaging apps ’. The report highlights the problems that can occur when public authorities fail to make sure their information management policies and procedures reflect the way they are conducting official business in practice.

Read the full blog from Warren Seddon, ICO Director of Freedom of Information and Transparency, about what the ICO are doing.

Director’s Update: Doing more with less – working with the FOI community to improve future FOI regulation

The ’Director’s Update’ series from ICO Director of FOI and Transparency, Warren Seddon, provides you with a regular update on the FOI work of the ICO and aims to share some of the key learnings to help FOI practitioners and the wider FOI community understand our developing thinking and carry out their roles.

The story of our performance regulating the Freedom of Information (FOI) Act is one of doing more with less in real terms. Even before the pandemic we continued to face year-on-year increases in the number of FOI complaints we were receiving against a background of static government funding.

Read the full blog from Warren Seddon, ICO Director of Freedom of Information and Transparency, about what the ICO are doing.

Directors Update - Why Covid-19 has shown the FOI Act has never been more important to UK society - 22 March 2022

The past two years have highlighted how transparency and accountability are fundamental to our democracy - the impact of decisions made by public bodies throughout the pandemic have affected us all in some way.

At the start of the pandemic the ICO made clear, along with our colleagues internationally, that transparency about decision making and good record keeping during this period would be essential and a vital means of maintaining public trust. This remains the case. We also set out how we would take account of the significant pressures some organisations were facing. While being more flexible where appropriate, we continued to make regulatory decisions, uphold the legislation we oversee and provide advice.

Read the full blog from Warren Seddon, ICO Director of Freedom of Information and Transparency.


An update on our FOI and EIR guidance - 10 March 2022

We’ve recently updated our FOI guidance on section 14(1) vexatious requests. The update reflects changes to caselaw in more detail. The guidance provides public authorities with practical advice when deciding if a request is vexatious, and how to handle vexatious requests. Although much of the content remains the same, it covers some new areas, such as:

  • the four part test under the Dransfield Court of Appeal decision; and
  • the circumstances where burdensome requests may be vexatious in their own right, and how to provide advice and assistance to requesters in these circumstances.

This update is part of a continuing project of reviewing and refreshing our FOI and EIR guidance. All of our updated guidance is in the ‘What’s new’ sections of the guide to FOI and the guide to EIR.


Government records communicated through private accounts have always been subject to FOI laws – 4 November 2021

The pandemic placed real and understandable pressures on ways of working across the public sector. Many public servants were forced to work from home, using at times unfamiliar technology, while still working at pace and under immense pressure. At the same time, decisions were being made that reached into all aspects of people’s lives and affected their most basic rights, including whether they could see their friends and family.

The key to the public’s understanding and trust in these decisions was, and remains, transparency about how and why they were needed. Furthermore, it is only through documenting decisions in detail that we can learn the right lessons for the future.

The Freedom of Information (FOI) Act has always been clear: relevant information that exists in the private correspondence channels of public authorities should be available and included in responses to information requests the authority receives.

We’ve recently updated our FOI guidance on official information held in private communication channels. The update reflects the practical realities of some of the changes in our ways of working that have occurred since the guidance was first published in 2013. It now explicitly covers not just private emails, but clarifies that conversations over WhatsApp, Facebook Messenger or other private channels have also always been covered by FOI when they are used for official business.

The UK Information Commissioner, Elizabeth Denham, has authored an article in the Municipal Journal on this topic. You can read the full article on their website.


How the ICO uses its powers to enhance transparency and support public authorities - 23 July 2021

Group Manager Laura Tomkinson discusses how the FOI and Transparency Directorate is using practice recommendations to enhance transparency and accountability of information rights practices.

Access to information rights remain as important as ever. They support people’s understanding of how our public services are functioning and shine a light on what is working well and what isn’t.

When things do go wrong, we have a range of powers which help us to ensure public bodies comply with their legal obligations. Our decision notices respond to people’s complaints about the handling of individual requests and whether information should be released. Our information notices ensure we secure the information we need to conclude our cases.

Another of our important powers is the ability to issue practice recommendations, setting out broader improvements a public authority should make. We issue these where we have concerns that the codes of practice set by the government are not being adhered to. A recent example of our use of these powers is the practice recommendation we served on Sussex Police.

We saw an emerging pattern of poor compliance from the force resulting in more people seeking our help to get responses to their information requests. This led to us working with the force to support improvements in its practices and reduce the number of complaints brought to us.

Despite this the situation did not improve, and further issues came to light. These included multiple failures to comply with our formal decision notices and information notices in time, as well as poor quality responses to requesters and to our case officers’ investigations.

As a result of this, we concluded Sussex police practices were not good enough and issued a practice recommendation setting out how they should address this. The force must now put a framework in place to:

  • improve its information rights practices;
  • increase transparency; and
  • improve accountability for its information rights handling.

We continue to work with the force to ensure recommendations are put into practice to improve the experiences of people who seek public information from them.

We will also be exploring where practice recommendations will be useful in the future to support public authorities to maintain and improve their request handling capability.


Teacher assessments – what can schools do to enhance transparency? / Asesiadau athrawon – beth all ysgolion ei wneud i wella tryloywder? - 9 June 2021

We aim to ensure public authorities provide the public with timely access to information not only in response to requests they receive but also by publishing information proactively.

Due to the pandemic, teacher assessments have been used instead of traditional exams. In this blog entry, we will look at what information those schools who are subject to the Freedom of Information Act (FOIA) in England, Wales and Northern Ireland can publish proactively about the processes and frameworks they intend to use for teacher assessments. This does not apply to schools in Scotland, which has its own freedom of information regime regulated by the Scottish Information Commissioner.

Schools can expect to receive requests for information about your teacher assessments. You may be able to pre-empt some of these FOIA requests by proactively publishing some of this information, such as the policies, processes and methods you have in place for determining grades.

This is good practice and schools already proactively publish information from their policies and some staff salary information to their performance data. Not only does this aid transparency, it can also reduce the number of requests for information that schools receive and have to respond to.

We recommend that schools get prepared for information requests about how teacher assessments are being carried out by:

  • Having clear procedures in place for identifying and dealing with the information requests you may receive.
  • Pro-actively publish as much detail as you can about your processes for determining grades.
  • After the assessments, publish as much anonymised performance data as you can.

Remember that when publishing information, you’re making this information available to the public. Therefore, you should be mindful of your legal obligations to ensure no personal data are published which could breach the data protection principles.

You may also receive requests from an individual student asking for information about their grades – this is known as a Subject Access Request (SAR) under Data Protection legislation. If you receive one of these requests then you may want to look at the guidance for teachers and schools that we have already published on students’ access to information about their assessment results.


Supporting you to meet your information access requests - 24 February 2021

Our aim at the ICO is to ensure organisations provide the public with timely access to information. We speak regularly about supporting you to meet your requirements, and we’ve published two new products to help you achieve that goal.

We’ve added another topic to our FOI toolkit, which we launched last year. The new topic allows you to self-assess your performance when you refuse requests because they exceed the appropriate cost limit. You can complete the topic in stages or in full, and will receive a report showing an overall rating, action plan and helpful web links to relevant guidance. We know the toolkit is proving its worth, and feedback has been positive. We hope this next topic will provide practical support that will lead to improvements.

The toolkit is part of our ongoing work to support public authorities, particularly through the current challenges brought by the pandemic. As we set out in our regulatory approach, we continue to have a pragmatic approach, recognising the importance of transparency, and also the potential impact on public authorities’ timelines in supplying information. We will continue to take a pragmatic approach to resolving complaints, and would encourage any authorities facing challenges to stay in contact with us.

At the same time, we’ve published top tips for dealing with information access requests. The quick reference guide came about during engagement work carried out with the London Boroughs, where we sought to gain an understanding of compliance rates. During the process examples of good practice were identified and these form the basis of the guide. Born out of our London Boroughs work, the tips can be used across all organisations dealing with information access requests.

We hope our resources prove useful and we’ll continue to develop tools to help our information access colleagues in achieving their obligations.


Continued support to reflect these unprecedented times - 9 October 2020

Informed by what we are being told by organisations, we have made further changes to our regulatory approach.

This marks another step towards returning to our pre COVID-19 approach, but with the caveats and exceptions that reflect the reality of these unprecedented times. Our approach remains pragmatic and we will continue to support public authorities to ensure people’s information rights are protected.

Our revised regulatory approach states that we will:

  • continue to accept new information access complaints;
  • expect public authorities, with request backlogs, to establish recovery plans to return to compliance with the Freedom of Information Act within a reasonable timeframe;
  • consider unpausing formal monitoring and regulatory action that was in train before the pandemic;
  • encourage public authorities to proactively publish important information; and
  • expect organisations to appreciate the ongoing importance of proper record keeping.

These changes were announced in an open letter to organisations from the Information Commissioner.


FOI and coronavirus – preparing for recovery - 17 July 2020

As the UK’s response to COVID-19 continues to evolve towards recovery we have made changes to our adapted regulatory approach.

We have remained pragmatic and empathetic to the pressures public authorities are facing, and our focus continues to be one of supporting and offering advice on how to respond to the challenges the pandemic brings.

Although we have maintained this approach, we now also want to see public authorities putting clear plans in place to get back on track with their freedom of information work.

To help with this we have launched an FOI toolkit designed to help public authorities self-assess performance in responding to FOI requests. The toolkit can be completed in stages or in full, and generates a bespoke report which helps to identify areas for improvement and where action needs to be taken.

We hope the toolkit will become a staple part of FOI practitioners’ continual learning and that it will promote good practice.

We would also like to thank the Scottish Information Commissioner and his team for their assistance during the toolkit’s development stage.


How we will regulate freedom of information during coronavirus - 16 April 2020

As the coronavirus crisis began to take hold, we blogged about the unprecedented challenges facing public authorities and how redirecting resources and switching priorities would impact on their compliance with freedom of information.

Now we have more detail and further advice. The ICO has published a document setting out our regulatory approach during the COVID-19 pandemic.

This includes deciding how we exercise our enforcement powers, how we deliver technical advice and guidance to organisations, and how we support the public, dealing with their complaints and queries.

We will continue to support transparency in public decision making but our regulation of freedom of information must be pragmatic and empathetic during the pandemic.

Our approach is also aligned with the International Conference of Information Commissioners’ vision, which supports a flexible approach that takes into account the compelling public interest in the pandemic, while safeguarding the values of the right to access information.


FOI and the coronavirus: a measured approach - 16 March 2020

The ICO recognises the unprecedented challenges all are facing during the coronavirus (COVID-19) pandemic.

In particular we understand that resources, whether they are finances or people, may be diverted away from usual compliance or information rights work. Whilst we can’t extend statutory timescales, we will not be penalising public authorities for prioritising other areas or adapting their usual approach during this extraordinary period.

To further support our information rights colleagues, we will tell people through our own communications channels that they may experience understandable delays when making information rights requests during the pandemic.

We are a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern. Regarding compliance with information rights work when assessing a complaint brought to us during this period, we will take into account the compelling public interest in the current health emergency.

We are here to help you, information is available on our website or via our helpline on 0303 123 1113.


What you hear, what you know - addressing common misconceptions of FOIA and EIR - 06 February 2020

Those of us working in public authorities have become accustomed to the processes of the Freedom of Information Act (FOIA), but the law may still seem complex for many members of the general public, so we need to be mindful of that when responding to people who make requests.

This blog post sets out some common public misconceptions and explains how we can smooth the path for people wishing to exercise their information rights.

What you hear

I can use the Freedom of Information Act to request information from any organisation that receives public funding.

What you know

Just because you receive public funds, doesn’t mean you’re a public authority that falls within scope of the FOIA.

Under FOIA, ‘public authority’ means any organisation listed in Schedule 1, designated under section 5 or a publicly-owned company as defined by section 6.

Remember the FOIA may apply to information in the possession of other organisations, like contractors, who hold it on behalf of a public authority.

What you hear

The Freedom of Information Act and the Environmental Information Regulations can give me access to my personal data.

What you know

A person can’t make a request for their own personal data through FOIA or the Environmental Information Regulations (EIR). As a public authority, you should explain that you need to handle this as a ‘data protection subject access request’ under data protection legislation.

Remember, personal information about a third party can be requested under FOIA or EIR, but you must consider whether disclosure of third party personal data would contravene data protection legislation.

What you hear

I want to make a request for information but I need to know if I use FOIA or EIR first.

What you know

You can’t refuse to deal with someone’s request simply because they don’t know which law to follow. It is your responsibility to process the request under the correct regime, and you should let the individual know which one their request falls under. You should also make it known, perhaps via your website, that people do not need to specify which regime they are making their request under.

What you hear

I’m only going to receive information from a public authority in the format that it was originally recorded.

What you know

A person has the right to specify their preferred means of communication in their initial request and you must make the information available in the requested format, so far as reasonably practicable. What is reasonably practicable will depend on factors such as how the information is held, the cost of complying with the preference, your resources and security. You may also charge a fee to cover the cost of communicating the information.

If you’re not communicating the information by the preferred means, it is good practice to discuss this with the individual to find an acceptable alternative. However, if information is not being disclosed and the request is being refused, you’re not obliged to respond in the format requested (eg by post). In this case, you may provide your response by any means reasonable.


ICO attends the second ICIC FOI case handling workshop -23 January 2020

Hosted by the Gibraltar Regulatory Authority, the annual workshop provides an opportunity for different jurisdictions across the globe to share working practices and ideas. ICO colleagues in attendance provide an overview of the event.

During the two day workshop a number of presentations, Q&A sessions, group discussions, and case studies took place and it was interesting to hear the similarities, but also the differences between the various information access regimes.

We delivered a presentation setting out our new ways of working sharing our new online complaint form, our early resolution pilot, and our draft service guide and service charter. We participated in some interesting group discussions on proactive disclosure, outsourcing, records management, and costs. We found a common theme was a number of the jurisdictions use our external FOI guidance to support the creation of their own lines to take and guidance. Our own guidance is beginning to be reviewed and updated, in line with ‘Opennness by Design: The Information Commissioner’s strategic plan 2019/20-2021/22’.

Many jurisdictions do not have provisions for authorities to refuse a request on the basis of the cost of complying with it. We were asked lots of questions regarding the application of section 12 FOIA in the UK and how we regulate public authorities’ use of this. We explained that when investigating a section 12 case we will usually require a public authority to complete a sampling exercise so that they have some evidence to base their cost estimate upon and to be able to demonstrate that the estimate is reasonable.

Update from our peers:

  • The Freedom of Information Act 2018 will soon be enacted in Gibraltar. Some key differences to our legislation include applicants must be over 18 and a resident of Gibraltar, an applicant must specify that the request is being made under the Freedom of Information Act and there is an application fee for making a request. The legislation does not currently have a cost limit threshold (similar to section 12 FOIA) however this is currently under discussion.
  • In Slovenia responses can be extended to 30 working days where ‘third party’ interests are involved to allow consultation on disclosure / the application of exceptions. When investigating complaints, Slovenian colleagues have the power to inspect and search premises and fines can be imposed if a body does not comply with an investigation or decision. There is no tribunal process to appeal a decision, if a body disagrees with a decision they can only challenge this through the courts.
  • The Cayman Islands highlighted a real culture shift to a much more pro-active release of information such as travel expenses and meeting minutes. In this jurisdiction, it was however interesting to hear that requests can be made using pseudonyms and that 80% of requests come from the media.
  • Hungary delivered an interesting presentation on the impact of the requirements of disclosure of information under other pieces of legislation and how this sits with its Freedom of Information law.
  • The Philippines explained that despite not having FOI legislation, almost all agencies implemented FOI and that they are currently in the process of applying to join the ICIC.

Out attendance at this annual event provides us with an international platform to showcase the working of our office and promote best practice. Indeed it was encouraging to hear that a number of our colleagues across the globe use our guidance in their own policy formation. We also came away with interesting ideas to share across our own FOI Directorate.

The ICO has recently been accepted as a member of the ICIC – something that we would encourage all of our international colleagues to look into doing. Further information can be found on the ICIC website.


ICO accepted as an International Conference of Information Commissioners (ICIC) member - 09 January 2020

2020 signals fifteen years since the Freedom of Information Act 2000 came fully into effect. Gill Bull, the ICO’s Director of Freedom of Information Complaints and Compliance, notes a further milestone as the ICO is formally accepted as a member of the ICIC.

We’re delighted to start the decade by being formally accepted as a member to the ICIC, the global network that fosters the protection and promotion of access to information. Following on from the establishment of a the new formal governance framework for the ICIC, known as the Johannesburg Charter, it’s important for the ICO to play its part in this growing network.

Indeed in her recent speech for Mexico City’s National Transparency Week conference, Information Commissioner Elizabeth Denham said:

“Access to information is a growing right. Data that UNESCO has compiled shows the number of states with Freedom of Information laws has risen by almost a third in the past five years.

“But it remains a fragile right. Statute, secrecy exemptions or under-use can all contribute to the erosion of that right. By sharing our experience and expertise internationally we guard against that.

“Such a responsibility is an important part of the work of the International Conference of Information Commissioners – the ICIC. The group brings together countries from all over the world, brought together to share best practice, to learn how we can improve, and to defend, promote, protect and develop access rights.

“Our role is to protect and promote access to public information around the world. We are a collective voice in the international community, raising awareness of issues that impact upon access to public information

“Crucially, we discuss how to bring information access statute to life. How do we make it work on the ground? How are we working with people requesting information, to make the process as straightforward as possible? How are we making sure this is a right available to every level of society and to every community?

“Because access to information is a human right, only where people believe it is their right to use.”

We look forward to working with our international colleagues in the pursuit of protecting and promoting access to public information. We also encourage other Information Commissioners to join the growing ranks of the ICIC. It’s easy to do and further information is on the ICIC website.

Gill Bull is Director of Freedom of Information Complaints and Compliance at the Information Commissioner’s Office where she is responsible for the ICO’s Freedom of Information and Environmental Information casework and compliance.



Access to Information in Turbulent Times - 19 November 2019

This is the first in a series of blog posts covering our regulation of access to information legislation. The first post is by Gill Bull, ICO’s Director of Freedom of Information Complaints and Compliance, who delivered the 2019 Bond Lecture at the British Records Association on 13 November 2019.

Last week, I was delighted to present the annual Maurice Bond lecture for the British Records Association at the Paul Mellon Centre in London. Maurice Bond was Clerk of the Records for the House of Lords Record Office from 1946-1981 and he is regarded as one of the most innovative and influential archival figures of the post-war period.

I wanted to use the lecture to reflect on the many intersections between the work of archivists and access to information within the context of ‘everyday FOI’. I also wanted to take a step back and reflect on how issues of trust and trustworthiness and the current public debate about the notion of kindness in public policy, relate to access to information. 

And of course I began by challenging the view that access to information can be seen as a dry topic and one that is principally about systems. For me, this is about people. And rather than being just about the past, it is as much about the future. I spoke about the role that access to information has in creating trust and in democracy itself and quoted UNESCO’s Guy Berger who described access to information as an issue that “goes with the grain of history”.

I spoke about the ICO’s call for contractors carrying out public services to be held accountable under the Freedom of Information Act and the Environmental Information Regulations. The law has not kept pace with the way services are provided or with public expectations. Next year, 2020 will be the fifteenth year since the legislation came into force. It is inevitable that the environment in which the legislation operates has changed.

People must be able to feel that outsourced services are trustworthy. FOI can shine a spotlight and create the conditions for where it is reasonable for us to place our trust. It stands to reason that where that spotlight is not allowed to shine, trust is less likely to follow.

I questioned whether we need to develop some new framing for access to information rights. The information we hold as organisations isn’t ours. If we’re a public authority, it’s the public’s information and while there will always be a request and receive aspect of access to information rights, I queried whether we need to start talking about a more fundamental duty to provide information. 

The full text of the lecture is available here, and it will also be published in the British Records Association journal.

Gill Bull is Director of Freedom of Information Complaints and Compliance at the Information Commissioner’s Office where she is responsible for the ICO’s Freedom of Information and Environmental Information casework and compliance.


Previous entries