The ICO exists to empower you through information.

At a glance

First, read the request carefully and make sure you know what is being asked for. You must not simply give the requester information you think may be helpful; you must consider all the information that falls within the scope of the request, so identify this first. Always consider contacting the applicant to check that you have understood their request correctly.

You should read a request objectively. Do not get diverted by the tone of the language the requester has used, your previous experience of them (unless they explicitly refer you to this) or what you think they would be most interested in.


“Approving the 24-hour licence at the Midnite Bar – can you provide me the details of this completely ridiculous licence application?”

This may still be a valid request, in spite of the language.

What if we are unsure what’s being asked for?

Requests are often ambiguous, with many potential interpretations, or no clear meaning at all. If you can’t answer the request because you are not sure what is being requested, you must contact the requester as soon as possible for clarification.

You do not have to deal with the request until you have received whatever clarification you reasonably need. However, you must consider whether you can give the requester advice and assistance to enable them to clarify or rephrase their request. For example, you could explain what options may be available to them and ask whether any of these would adequately answer their request.


“You have asked for all expenses claims submitted by Mrs Jones and dates of all meetings attended by Mrs Jones in June, July or August last year.

This could mean:
A) all expenses claims Mrs Jones ever submitted, plus dates of meetings she attended in June, July and August; or
B) all expenses claims Mrs Jones submitted in June, July or August, and dates of meetings she attended in the same months.

Please let us know which you mean.”



“You have asked for a copy of our risk assessment policy. We do not have a specific policy relating to risk assessment. However, the following policies include an element of risk assessment:
* Health and Safety at Work policy
* Corporate Risk Strategy
* Security Manual

Please let us know whether you would be interested in any of these documents or what risk assessment information you are interested in seeing.”

The time for compliance will not begin until you have received the necessary clarification to allow you to answer the request.

For further information, read our more detailed guidance;