The ICO exists to empower you through information.

Continuing with its commitment to improving freedom of information (FOI) services, the Information Commissioner’s Office (ICO) has launched the third topic in its FOI toolkit to enable public authorities to self-assess how they deal with vexatious requests.

The FOI Act includes a provision that does not oblige a public authority to comply with a request for information if the request is vexatious. That means whether an information request is likely to cause a disproportionate or unjustified level of disruption, irritation or distress.

The appropriate use of this provision protects public authority ability to carry out public functions. Used correctly, it provides a balance between transparency and the protection of resources.

The five module self-assessment course guides FOI practitioners through considering an organisation’s current position, understanding when the provision can be relied on and concludes with learning on how to improve compliance. Each module can be completed in stages, and generates a report providing overall ratings, suggested actions, and links to relevant ICO guidance.

The toolkit forms part of a growing suite of resources the ICO has developed following commitments made in ICO25 to improve its FOI services. At the forefront is a dedicated team focused on assisting public authorities to comply with the Act and promote good practice.

Resources include other topics of the toolkits that can help public authorities assess timeliness of responses and where the costs of compliance exceed the appropriate limit, as well as case studies, training videos, a response rate calculator, and a template action plan, with more to come.

“Analysis of our data shows the application of the vexatious provision leads to the third highest number of complaints we receive each year. This, along with listening to feedback from practitioners, drove our commitment to produce this topic to help public authorities understand how to correctly apply the provision.

“The toolkit is part of our growing resources aimed at supporting public authorities achieve good practice, improve openness and transparency, and build public trust and confidence in the decisions they make.”

- Deborah Clark, ICO FOI upstream regulation manager

During development the toolkit was tested with a group of FOI practitioners who provided input for improvement. We are expanding this feedback process further with the launch of an Upstream feedback group. Practitioners can apply here to join this group.

Supporting public bodies to better deal with FOI requests is one of several recent improvements to the ICO’s regulation of the FOI Act under its ‘Better FOI’ programme. To find out more, read this recent blog post from Warren Seddon, Director of FOI and Transparency at the ICO.

Notes to editors
  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
  3. The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
  4. To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to