Because good research needs good data

Freedom of Information

UPDATE: JISC released a FOI & research data guide in 2010, and the Incremental blog discusses differences in the Scottish and English Acts.

By Mags McGeever, The University of Edinburgh

Published: 4 November 2004

Please cite as: McGeever, M. (2004). "Freedom of Information". DCC Briefing Papers: Introduction to Curation. Edinburgh: Digital Curation Centre. Handle: 1842/3326. Available online: /resources/briefing-papers/introduction-curation

Browse the paper below or download the pdf.

1. Introduction

The Freedom of Information Act 2000 ("the Act") was passed on 30 November 2000. It gives a general right of public access to all types of "recorded" information held by public authorities, sets out exemptions from that general right, and places a number of obligations on public authorities.

Back to top

2. Background

Freedom of Information ("FOI") is not a new idea. On an international level, it has existed on a formal basis for a number of years in many other countries — in Sweden as far back as 1766. The EU culture also tends this way, for example Article 25 of the Amsterdam Treaty gives citizens a right of access to European Parliament, Council and Commission documents and the European Ombudsman works to ensure that citizens have the widest possible access to information relating to the European institutions. In the UK there has been a significant movement towards making information accessible resulting in the Labour party manifesto of 1997 containing a number of constitutional reforms including the introduction of a freedom of information regime. The Act which has subsequently been introduced sets out to promote greater openness and accountability. It covers around 100,000 public authorities such as central government, local government, further and higher education, the police and the NHS [1].

Back to top

3. Scope of FOI

3.1. Differences in jurisdictions

Although the principle of FOI is broadly similar in many countries its application varies with specific legislation. Within the UK there are two separate Acts: The Freedom of Information Act 2000 (the Act with which this paper concerns itself) and the Freedom of Information (Scotland) Act 2002. For further information on the application of the Scottish Act please see the Scottish Information Commissioner's website for a summary of the differences between the Acts.

3.2. Publication Scheme

Under the Act, public authorities have two main responsibilities. The first is to adopt and maintain a publication scheme. This is a guide to the types of information that the authority routinely publishes as well as the format in which the information is available and any applicable charges. Such schemes should act as a catalyst for changing the cultural attitudes of public authorities by encouraging pro-active dissemination of information [2]. To this end the schemes should not remain static and for future amendments of the scheme it is worth considering expanding the types of information included. The advice of the Information Commissioner (Richard Thomas) is:

"The Act is a fact of life. Embrace it positively and exploit the benefits for your organisation. Do not start by looking for exemptions. Work out how much information you can disclose without waiting to be asked. A rich publication scheme under the Act is the best way to avoid problems with individual requests."[3]

3.3. Requests for Information

The second main responsibility of public authorities under the Act is to respond to requests for information. This comes into force on 1 January 2005. The applicant requesting the information can be an individual or an organisation from anywhere and does not have to be the subject of the information or be affected by its holding or use. It is anticipated, based on experience in other countries with similar FOI legislation, that the individual request procedure is likely to be widely used by the media.

Requests for information made under the Act must be in writing, which includes electronic communications. In exceptional circumstances, where the applicant is not able to frame their request in writing, the public authority may offer to take a note of the request over the telephone and then send the note to the applicant for confirmation. Applicants will not be required to mention the Act. In responding to a request for information, authorities will be obliged to provide information recorded both before and after the Act was passed, as it has retrospective effect. In the case of universities this could involve records that are hundreds of years old.

Requests must be dealt with promptly within a maximum time frame of 20 working days [4]. More detail in relation to desirable practice when dealing with requests can be found in the Code of Practice issued by the Lord Chancellor on the discharge of public authorities' functions under Part I of the Act (as required by s45 of the Act). This covers; the provision of advice and assistance by public authorities to any applicant seeking information, the transfer of requests by one public authority to another public authority who may hold the information, consultation with anyone to whom the information relates or those likely to be affected by a disclosure of information and the provision of a complaints procedure [5].

The Act states that a public authority is not obliged to comply with "vexatious or repeated requests" but does not define "vexatious" [6]. The Act also provides that an authority is not obliged to comply in the case of requests where the estimated costs of doing so would exceed "the appropriate limit". In circumstances where a number of requests are received from individuals who appear to be acting in concert in pursuance of a campaign, the authority may be exempt from supplying information on the basis that the total costs involved exceed such a limit. This is expanded on in the s45 Code of Practice where it is usefully provided that the authority may consider if the information is such that publication on the authority's website, and a brief notification of the website reference to each applicant, would bring the cost within the appropriate limit.

3.4. Exemptions

Although there is an overwhelming presumption in favour of compliance with the supply of information there are 23 possible exemptions and these fall into two categories: those which are absolute and those which are qualified.

Examples of absolute exemptions are:

  • information otherwise accessible (s21) (i.e. in a publication scheme)
  • disclosures resulting in actionable breaches of confidence (s41)
  • personal data relating to the applicant (s40) (this is where FOI crosses over with data protection)

Absolute exemptions are cases where the right to know is wholly disapplied. When applying these there is no further qualification procedure other than fitting within the wording of the exemption itself.

Examples of qualified exemptions are:

  • information intended for future publication (s22) (may include university research programme)
  • trade secrets/commercial interests (s43) (not as wide as may seem)
  • danger to an individual's mental health or safety (s38)

Invoking this category is a two-stage procedure in which the authority must first decide whether the exemption applies and then consider whether there is a greater public interest in providing the information to the applicant than in maintaining the exemption. It is important to remember when applying the public interest test that it is not something "of interest to the public" but something "in the interest of the public". See the Freedom of Information Act Awareness Guidance No 3 for details on how to apply the public interest test.

In certain instances the authority may also have to consider whether disclosure of information would be likely to prejudice certain specified interests, (this is often called the "harm test"[7]) for example the interest of the UK abroad or law enforcement. The Home Secretary has said that the harm should be "real, actual or of substance."

Commentators suggest that it is likely that the exemptions will be a controversial area so it is advisable to treat any use of them with care. In preparation for the full implementation of the Act public authorities should consider spending time on identifying those exemptions which are likely to be of relevance to them and developing general policies regarding when to rely upon exemptions and when to disclose in the public interest.

3.5. Refusal Notices

If a public authority refuses to disclose the information that has been requested they must normally disclose that the information is held and state that an exemption is claimed. They must further identify the applicable exemption and normally why it applies and if they are relying on a qualified exemption state the reason why public interest favours non-disclosure. Then they must inform the applicant of the right to apply to them to seek review and the procedure for escalation of the complaint to the Information Commissioner.

3.6. Charges

It is important not to confuse the charges for material available through a publication scheme with those relating to requests for information.

The publication scheme should state what information is free of charge and what is chargeable. That said, it should not state what the actual charges are because all modifications to a publication scheme need to be approved by the Information Commissioner so it is simpler to refer to a schedule of charges which can be changed without the approval of the Commissioner. There are no provisions relating to the charges that may be levied under a publication scheme however the level of the charges should be compatible with the principle of promoting access to information held by public authorities. Charges may also vary in accordance with the format in which the information is supplied.

Charges for requests for information will be made in accordance with Government regulations. Initial draft fees regulations for requests were recently abandoned and the Guardian reported on 21 September that Tony Blair had agreed to scrap most of the fees levied for making use of the Act as part of an effort to regain disillusioned liberal voters at the next general election [8]. While the Secretary of State for Constitutional Affairs, Lord Falconer, gave further detail on this in October, many authorities are still largely left in the dark in terms of understanding how the charging scheme will operate and are therefore unable to progress with planning in this area. See below at page 10 for more on this.

3.7. Offences

Where a valid request for information is made to a public authority under the Act a person is guilty of a criminal offence if he "alters, defaces, blocks, erases, destroys or conceals any record held by the public authority, with the intention of preventing the disclosure by the authority of all, or any part, of the information to the communication of which the applicant would have been entitled." [9] A person guilty of this offence is liable to a fine of up to £5000 (at current rates).

If a person intentionally obstructs or fails to assist in the execution of a warrant of the Information Commissioner they are also guilty of a criminal offence [10].

Back to top

4. FOI and Digital Curation

4.1. The Digital Perspective

Unlike the Data Protection Act 1998 ("the DPA") the FOI legislation does not specify the way in which records are held. The Act covers all information "held" regardless of the form in which it is recorded. In that way the fact that information is held digitally is irrelevant.

On the other hand, the digitisation of data affects FOI in other ways. It makes information easier to retain and assists in retaining larger amounts of data. Arguably it makes information easier to locate (with the use of good metadata). It follows that the more information that is digitised, stored effectively and available electronically the less work that is involved in administering FOI. On the other hand the durability of digital objects is restricted by the limitations of storage media and the rapid change in hardware and software technologies which raises the issue of reliable digital curation and preservation practices [11]. Problems may also arise in relation to the effective disposal of digital records as further renditions of the same record may be preserved even if the "original" has been destroyed in good faith [12].

4.2. Curation/Records Management

"Any freedom of information legislation is only as good as the quality of the records to which it provides access. Such rights are of little use if reliable records are not created in the first place, if they cannot be found when needed or if the arrangements for their eventual archiving or destruction are inadequate." [13]

Good records management facilitates compliance with the Act. Public authorities should follow an agreed retention schedule so that time expired information is removed and destroyed and does not become part of the institutional archive. For some records there will be statutory limitations governing the time the information should remain available and for others there will be requirements imposed by the institution or external agencies. A Code of Practice on the Management of Records has been issued by the Lord Chancellor under section 46 of the Act, which provides guidance to all public authorities as to the practice which it would, in the opinion of the Lord Chancellor, be desirable for them to follow in connection with the discharge of their functions under the Act [14]. However this is a high level document and for further assistance with compliance see the detailed model action plans drawn up by the National Archives [15] and the JISC guidance for HE/FE Institutions [16].

Poor records management is not in itself a breach of the Act, however the Act sets out strict timetables for compliance with a request for information and asserts that all recorded information held, wherever it is located, is potentially disclosable. If poor records management results in these requirements not being met, it will constitute a breach of the Act and the Information Commissioner may consider using his enforcement powers.

HE organisations may find they have difficulty in this area as records management and archiving are likely to have had a low profile before the introduction of this legislation. While data protection legislation was introduced a number of years ago this was often seen as a technology issue based principally on central systems. In contrast, FOI is a wide ranging and multi faceted requirement which is relevant at all levels of the organisation. It is therefore more dependent on institution-wide cultural change to ensure compliance. In addition, particularly in the large institutions, the diversity of records management practice is likely to cause problems.

A question to ask is whether there is a tension between the preservation of data envisaged by the DCC on the one hand and the advice to destroy certain documents to reduce FOI obligations on the other? [17] Alternatively, is the evaluation of data an inherent part of the curation process which therefore assists with the retention/disposal policy? It is clear that in the light of the introduction of FOI into the UK a crucial part of any modern day curation system would be the evaluation of data to ascertain whether it can be destroyed thereby managing and reducing FOI obligations [18].

Back to top

5. FOI in Action

5.1. Difficulties for Public Authorities

"The Freedom of Information Act is the Taj Mahal of the Doctrine of Unanticipated Consequences, the Sistine Chapel of Cost-Benefit Analysis Ignored." [19]

There will inevitably be some difficulties involved in effectively complying with the Act. A well-established culture of secrecy may be a barrier in some authorities and the "culture of inertia" has been stated as a greater threat in others [20]. Lack of proper training will also be an obstacle as it is not only the FOI officers who need to know about FOI but employees at all levels of the institution. It is important that these people know how to recognise a request and whom to inform or alert. Ensuring that staff have this knowledge may be a costly and time-consuming task. This relates to a further obstacle for many which is lack of resources both in terms of employees' time allocation and funding for the necessary training. Finally, poor information management is a problem common to many public authorities, which means that even if they institute good practice now there may be problems with locating and evaluating retrospective records. See above at page 5 for the importance of records management.

Certain challenges are more specific to HE organisations. These may include enquiry routing problems caused by an institution's highly devolved structure. Similar routing problems may also result from the fact that there can be significant diversity of activities within an institution meaning that not all parts of the organisation know who deals with what or where to find a relevant person. HE organisations may also find themselves giving inconsistent or contradictory responses to applicants because the person providing the response is not aware of the full picture. Problems may also arise as a result of diversity of practice in information management, web information, IT system use and records management practice.

5.2. Legislative Interplay

FOI legislation will have an impact on a number of other legislative areas such as copyright, data protection, confidential information, human rights, national security, environmental matters and public records. We will look at how it interacts with copyright and data protection law.

5.2.1. Copyright and FOI

The Act does not make explicit reference to any intellectual property right but nevertheless there are implications. Amongst these is the interaction between copyright and FOI. Public authorities are required to make available all of the information that they possess not merely all of the information that they create. It follows that a public authority will not necessarily own the copyright in all of the information that it makes available. The perceived risk is that in complying with an FOI request an authority may infringe a copyright held by a third party in the disclosed records. However reassurance has been given [21] that such disclosure will not be a breach of the Copyright, Designs and Patents Act 1988 ("CPDA") as there is a statutory defence to infringement at s50 of the CDPA where the publication of the material is specifically authorised by an Act of Parliament [22]. The relevant issue is that the recipient of the information is not free to reproduce the material in ways that would breach the rights of the copyright holder of that material. It is therefore advisable for the public authority to include a general copyright statement at the head of a publication scheme and in any response to a request for information which states that most of the information made available is subject to copyright protection and that the supply of documents under FOI does not give the person who receives the information an automatic the right to re-use the documents without obtaining the consent of the copyright holder. Permission to re-use copyright information is generally granted in the form of a licence. HMSO have produced a useful guide on these issues [23].

5.2.2. Data Protection and FOI

Data protection and FOI both relate to information policy and they come together at the point where personal information is considered for disclosure. A single office of Information Commissioner has been created which has oversight of both regimes and is responsible for ensuring the respect of the private lives of individuals whilst also encouraging open and accountable public authorities. By giving the Information Commissioner responsibility for both of these areas the Government hopes that he/she will be able to provide an integrated, coherent approach to good practice bringing together the different strands of information handling covered by both regimes. How the interaction between the two regimes will develop in the future is, as yet, untested.

It is necessary to uphold the rights created under the DPA when considering an enquiry under the Act so that the rights to privacy are not compromised. To this end information concerning identified (or identifiable) individuals should be treated with caution.

The Act exempts most "personal data" from the FOI regime. It also makes a number of amendments to the DPA. One of the most significant is that the definition of "data" is extended, as far as public authorities are concerned, to cover all personal data held, which includes "structured" and "unstructured" manual records.

The main differences between the two regimes are:

  • The access fees — in the case of data protection the fee is up to £10. There will be no charge for FOI requests which cost public authorities less than £450 to administer (£600 in the case of Government departments) as discussed below at page 9;
  • The time limit for responding to requests — for data protection it is 40 calendar days [24] but for FOI it is 20 working days;
  • The exemptions from disclosing. (There are constraints on embarking on a tidying up exercise because the DPA implements an EC Directive whereas the Act does not.)

The DCC will produce a briefing paper on data protection.

5.3. Implications for Business

Despite applying only to public authorities [25] the Act also has implications for the private sector. One example of this is in relation to procurement in that confidential information could become more easily available to competitors, customers or interest groups. Businesses will have to consider the information that their competitors may be able to gain about their business activities from information they have shared with public authorities [26]. It should be noted that the s45 Code of Practice advises that public authorities should refuse to include contractual terms that purport to restrict the disclosure of information relating to the contract beyond restrictions permitted by the Act and that "acceptance of any confidentiality provisions must be for good reasons, capable of being justified to the Commissioner." [27] So businesses cannot look to protect themselves in this way.

On the other hand FOI presents businesses with a number of opportunities such as the ability to find out more about the market both within and outside government, about government policies and about other key players in the market [28].

5.4. Likely Requests

The University of Edinburgh has compiled a list of the subjects on which they believe they are most likely to receive FOI requests [29]. These include: subjects which attract attention from enthusiasts (such as parapsychology), subjects of interest to campaigning groups (such as environmental issues and animal experiments), topical issues (such as Dolly the sheep and Professor Ian Wilmut's recent application for a license to clone human embryos), policies and procedures relating to student issues that might be relevant to an appeal or a complaint (such as examinations or admissions), subjects of interest to the local community (such as building plans), and subjects of interest to the student community (such as ethical investment).

It may be useful to look at examples of requests made in other countries where FOI legislation is in force. A searchable database of requests received in Canada is available. Requests received by The Department of Communications, Marine and Natural Resources in Ireland are also available.

5.5. Potential for Results

Examples of the kind of things FOI has been able to achieve are available from other countries. For instance, in New Delhi, residents have used the Right to Information Act to compel authorities to finish long pending civic projects. In the low-income areas of the city the change is apparent as development projects that have been pending for over 20 years are finally being completed. One resident who was tired of waiting for the authorities to finish installing a sewer that had been under construction since 1983, applied for documents to progress the project. The sewer was quickly completed.

In Ireland, reporter Carl O'Brien was able to procure copies of letters that contradicted the Finance Minister's claim during the last general election campaign that "no significant overruns are projected and no cutbacks whatsoever are being planned secretly or otherwise." The documents showed that other departments were instructed to cut a total of 32 million from their budgets to fund initiatives of the Department of Health and Justice and the expansion of a primary school building programme to be announced during the election campaign [30].

Back to top

6. Recent Developments

There have been signs that government departments and local authorities may not be ready to implement the Act in January. Following a meeting on 14 September, Alan Beith, the Chairman of the Constitutional Affairs Select Committee announced an urgent enquiry and said it would consider "whether there has been sufficient time given for that preparation and whether support from central government has been effective and timely. [31]" This took place on 12 and 19 October. Once available, the report of this inquiry will be found on The House of Commons — Constitutional Affairs Reports page.

The uncorrected oral evidence is already available.

The Secretary of State for Constitutional Affairs, Lord Falconer, made an announcement 18 October about the fees for requests made under the Act [32]. He stated that under new plans there will be no charge for information which costs public bodies less than £450 to retrieve and collate. The Department for Constitutional Affairs estimates that this is equivalent to two and a half days work. Government departments will only be able to charge where costs rise above £600 (which equates to about three and a half days work). All public authorities can charge the full cost of copying, printing, postage and other disbursements. In local government, councils have received reassurance from the Government that the new costs incurred under the Act will be reimbursed in full. The Department for Constitutional Affairs has confirmed that this does not include other public authorities.

While the information that Lord Falconer gave was helpful, practitioners are complaining that they are still unable to see how the fees arrangements will work in practice and will be unable to do so until they have seen the draft fees regulations. See the full text of Lord Falconer's speech.

Back to top

7. Additional Resources

For further information on this topic please contact the DCC helpdesk on 0131 651 1239 or e-mail

Back to top


  1. Pedley, An Introduction to Freedom of Information, Free Pint report, p 5.
  2. Ibid p 7.
  3. Office of the Information Commissioner News Release 14th May 2003.
  4. There are exceptions to this rule, for e.g. where further info is required by the public authority from the requester or where a charge is levied and the public authority is waiting for payment.
  5. Secretary of State for Constitutional Affairs' Code of Practice on the discharge of public authorities' functions under Part I of the Freedom of Information Act 2000, Issued under section 45 of the Act, November 2004, Presented to Parliament by the Secretary of State for Constitutional Affairs pursuant to section 45(5) of the Freedom of Information Act 2000.
  6. Freedom Of Information Act 2000 (FOIA) s 14. For a discussion of what is meant by "vexatious" see the JISCmail Freedom of Information archives on the strand "examples of vexatious requests?"