12 November 2020
A blog for police forces, public authorities and data protection practitioners.
Here at the ICO, we recognise how hard organisations are working to keep running effective businesses and services in the face of the Covid-19 pandemic.
As the regulator, we’ve been playing our part too. In September, Elizabeth Denham set out how we would continue to support our data protection and freedom of information colleagues and adjust our regulatory approach as needed.
We’ve offered advice, created practical tools and updated guidance to help organisations make changes and improvements to comply with the law. Now, more than ever, we recognise the importance of driving change through education, engagement and support.
Today we’ve published a report into the performance of police forces in England, Wales and Northern Ireland in responding to information access requests within statutory time limits.
Our detailed findings identify areas of good practice in meeting time limits for responding to Freedom of Information, Environmental Information and Subject Access requests from which other forces can learn. Our research has resulted in nine practical recommendations that we consider will drive improvements.
But it also highlights failings. Police forces are improving, but many must do better. Where we found particularly poor practice, we have taken action. We have issued three forces with practice recommendations – Gloucestershire, Northamptonshire and North Yorkshire. Failure to improve could result in further regulatory action.
Our report focusses on the police, but other public authorities should take note and learn from best practice recommendations.
Throughout the pandemic organisations have been, understandably, focussed on what needs to be done. But they must also focus on what has to be done. Enabling people to access information is not optional, it’s a requirement.
A person’s right to access information held about them is a cornerstone of data protection law. And the public’s right to access information from public authorities makes them accountable for their actions, promotes public debate and improves public trust and confidence.
So, we will continue to be a pragmatic and proportionate regulator – focussing our action on those that wilfully, negligently or persistently flout the law – but we expect compliance. The public expects compliance.
We’re here to help – our Freedom of Information self-assessment toolkit launched earlier this year will help identify gaps in compliance. And we have recently updated our guidance for handling Subject Access Requests including a step-by-step guide for small businesses.
These tools, coupled with the report we’ve published today, will help police forces and other organisations understand their position and identify actions they can take to improve or maintain performance.
This is our aim – to help organisations provide the public with better access to information.
Anthony Luhman is Director of High Priority Investigations, Intelligence, Insight & Compliance and the Relationship Management Service. The Directorate focuses on investigations, initiatives and issues that have the most significant and strategic impact on information rights, processing and privacy. He is particularly focused on improving public confidence in information rights by encouraging and promoting compliance with the law.