The Information Commissioner’s Office (ICO) has issued an enforcement notice to the Department for International Trade (DIT) and a practice recommendation to the Department for Business, Energy and Industrial Strategy (BEIS), for persistent failures to respond to information access requests within the statutory time limit.
The action comes under the ICO’s renewed approach to regulating the Freedom of Information Act 2000 (FOIA), which commits to taking action against public authorities with consistently poor performance. The approach is set out in the ICO’s new FOI and Transparency Regulatory Manual and strategic plan, ICO25.
John Edwards, UK Information Commissioner said:
“For the first time in seven years, the ICO has issued a Freedom of Information enforcement notice, which clearly marks the start of our new approach to regulating the Act.”
“Accountability and transparency in the work of public authorities is fundamental to democracy and it is the ICO’s role to ensure that people’s right to access information is protected.
“I advise public authorities to take note and learn lessons from the action we have taken today, as we will be making greater use of our powers under the Act to drive good practice and compliance.”
Details of DIT Enforcement notice
Freedom of Information statistics for central government show that from January to March 2022 DIT issued late responses in over 50% of requests. This is a breach of both s1(1) and s10(1) of FOIA. The statistics also showed that the Department had the worst response figures for the whole of central government. Its response times also declined in 2021, despite there being no significant increase in requests or known resource issues at the Department.
The DIT has been issued with an enforcement notice as a result of the significant drop in its performance and because the delays that people have experienced were simply due to internal process failings, rather than more significant problems.
The Department is now required to respond to any outstanding requests older than 20 working days, within 35 calendar days of the enforcement notice. It is also required to devise and publish an action plan formalising measures to mitigate any future delays. Failure to comply with the notice could lead to the DIT being found in contempt of court.
Details of the BEIS practice recommendation
The Freedom of Information statistics for central government showed BEIS consistently failed to respond to a significant number of the information access requests received within the statutory time limit.
The statistics also show BEIS has received a 55% increase in requests since 2020, unlike DIT which received relatively stable numbers of requests in a similar period. During discussions with BEIS the ICO found that the Department’s own internal procedures were the cause of many responses being delayed, in addition to the volume increases. BEIS actively engaged in discussions with the ICO regarding its internal procedures, and explained the impact of increased requests on its service. It also highlighted and shared the proactive action it was taking to improve performance.
Although the ICO concluded the Department’s practices did not conform to the Freedom of Information Code of Practice, it took into account the mitigations highlighted by BEIS and the positive engagement it had with the ICO. As a result, the ICO has issued BEIS with a practice recommendation rather than an enforcement notice.
The practice recommendation sets out steps the Department should take, including the development of an action plan detailing how it will improve its performance. It also makes clear that this plan should be published, and that the Department should improve its processes so that any internal consultation does not delay compliance with its legal obligations.
Background to practice recommendations and enforcement notices
A practice recommendation is not enforceable. It is issued when the ICO concludes that the handling of requests by a public authority does not comply with the Freedom of Information Code of Practice. It is issued under s48(1) of FOIA and outlines steps a public authority should take to conform to the Code of Practice. If performance does not improve, this may lead to a failure to comply with FOIA, which can result in an enforcement notice being issued.
An enforcement notice is issued under s52 of FOIA, and requires a public authority to take specific steps to comply with part I of the Act. It is a formal notice issued to address system-wide or repeated breaches. Failure to comply with an enforcement notice may lead to a public authority being found in contempt of court.
Notes to Editors
- The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals. It has its head office in Wilmslow, Cheshire, and regional offices in Belfast, Cardiff, Edinburgh and London.
- The ICO has specific responsibilities set out in the Freedom of Information Act 2000, Environmental Information Regulations 2004, Data Protection Act 2018, the UK General Data Protection Regulation, the Privacy and Electronic Communications Regulations 2003 and a further five Acts / Regulations.
- The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.
- The Cabinet office publishes quarterly figures for central government Freedom of Information activity.