The ICO exists to empower you through information.

We contacted this public authority after the publication of the Freedom of Information statistics for central government bodies in 2022. They receive a relatively high volume of requests and we were interested to see how they maintained a high level of compliance.

ICO comment: what this case study means

It’s important to have the right tools for managing requests – in this instance, a case management system. It’s also important to have the right processes. Confirm a list of named contacts across your organisation to ensure efficient communication and clear accountability. Target training so staff receive the appropriate level according to their role. Talking openly about the ways you’re working smarter and more efficiently can boost the profile of information rights compliance within your organisation.

Using a case management system

Ofgem’s FOI requests are sent to the Information Rights team inbox. They are triaged into three categories, either:

  • a valid request;
  • a BAU request; or
  • case correspondence.

Staff log valid requests on Ofgem’s case management system. Ofgem has found that using software specifically designed for handling information requests increases efficiency and reduces human error.

The team aims to log and acknowledge requests within two working days. The casework system allows Ofgem to:

  • link similar cases, or other requests from the same requester;
  • identify the best area or team within Ofgem to deal with the request; and
  • tag requests with key terms.

Assigning requests across the organisation

The team assigns cases to the relevant team or person who has responsibility for locating and gathering the requested information. The Information Rights team encourage their colleagues to review requests as soon as possible. This is so they can move quickly if necessary to reassign the request to a different team or to ask the requester for clarification. Staff log any internal communications about requests against the case in the casework system.

The team maintains a list which details specific points of contact (SPOCs) who are either individual staff members or team inboxes. The list also details back-up contacts and the relevant senior manager for each team or subject area in Ofgem.

Internal deadline

Staff drafting responses work to an internal deadline of 15 working days from the date they received the request. This gives the Information Rights team five working days to review the responses and make necessary amendments.

Ofgem has found that this balance of deadlines works best for the type of request they receive. Many of the requests are complex or are about Ofgem’s regulatory duties. Staff often have to apply exemptions to the information.

The Information Rights team follow up with colleagues who have failed to respond within the 15 working day limit. If the deadline is missed repeatedly, the team escalate the matter to senior managers.


The Information Rights team have received training from an external FOI expert and have undertaken formal FOI qualifications. Members of the SPOC list have received bespoke training relevant to their role. Ofgem recorded this training and it is available for new staff or staff wanting a refresher.

The creation of the SPOC list, and delivery of bespoke training for the members of the list, has led to an improvement in Ofgem’s general compliance culture. Training and structured involvement in the FOI process helps to demystify FOI and EIR, and gain buy-in.

Ofgem’s recommendations for other public authorities

  • Hold regular process improvement meetings within your Information Rights team to discuss recurring issues and ways to solve them.
  • Keep a backlog of potential improvements which team members can work on when they have capacity.
  • Communicate improvements and process changes to senior management and across the organisation more widely, to develop visibility and awareness of your work across the organisation.