The Scottish Government

1

Freedom of information in context

• The Freedom of Information (Scotland) Act 2002 provides a right to access information held in Scottish public authorities. This should
  • lead to increased accountability
  • lead to the breakdown of a culture of secrecy and
  • ensure that public bodies look outward to the communities they serve

Module 1

2

Freedom of information in context

• " Freedom of information underpins wider aspirations of making public authorities accountable, building public trust in those authorities and assisting citizens to engage with decision making processes which affect them"

Kevin Dunion Scottish Information Commissioner

Module 1

3

Freedom of information in context

• Questions of disclosure may require a balancing act between the public interest in disclosure and other interests which require that information be withheld
• Information should only be withheld where the interest in withholding it outweighs the interest of openness

Module 1

4

Introduction to FOI Scotland

• The Freedom of Information (Scotland) Act 2002 (FOISA) became law on 28 May 2002
• Scottish Information Commissioner appointed February 2003
• Publication schemes phased in from June 2004 to November 2004
• Full implementation 1 January 2005

Module 2

5

Outline of the FOISA

• An authority subject to the FOISA must
  • Publish information under a publication scheme which has been approved by the Scottish Information Commissioner
  • Respond to specific requests for recorded information held by it and supply the information requested unless an exemption applies
  • Ensure that the records it holds comply with records management standards

Module 2

6

Information available before the FOISA comes into effect

• Information available under other provisions e.g. public registers
• Information available under non-statutory codes of practice
  • Scottish Executive
  • NHS Scotland
  • UK Government

Module 2

7

Scottish Executive code of practice on access to information

• Adopted by the Scottish Executive in July 1999 and reflects the Executive's commitment to openness in Scottish public life
• Applies until 1 January 2005
• Complaints of non-compliance are made to the Scottish Information Commissioner
• Covers publication of information, response to requests and exemptions

Module 2

8

Who is subject to the FOISA?

• The Scottish Parliament
• The Scottish Executive
• Scottish local authorities
• NHS Scotland
• Scottish police forces
• Scottish institutes for higher and further education
• Other Scottish public bodies e.g. The Parole Board for Scotland

Module 3

9

Who is subject to the FOISA?

• Any company wholly owned by the Scottish Ministers or any other Scottish public authority
• Private bodies but only if
  • They are exercising functions of a public nature or providing public services under a contract AND
  • They are designated by Scottish Ministers by an order under the FOISA

Module 3

10

Who is subject to the FOISA?

• The FOISA describes the listed authorities as Scottish public authorities. In the remainder of the slides, unless the context requires, they are referred to simply as authorities or public authorities.

Module 3

11

Relation with the UK Freedom of Information Act 2000

• Freedom of information is a devolved matter
• The UK Act covers bodies subject to the UK Parliament
• Some bodies which operate in Scotland will be subject to the UK Act
• The FOISA and the UK Act have the same structure and effect but there are some differences between the two Acts

Module 3

12

Publication schemes

"Publication schemes will be of considerable benefit to authorities: they will significantly reduce the administrative burden of dealing with freedom of information requests, publicise the work done by public authorities and encourage a spirit of openness and accountability throughout the public sector in Scotland"

Guide to Publication Schemes under the Freedom of Information ( Scotland) Act 2002 - Office of the Scottish Information Commissioner

Module 4

13

Publication schemes

• A Scottish public authority must
  • Adopt a publication scheme
  • Have it approved by the Scottish Information Commissioner
  • Publish information in accordance with the scheme
  • Maintain the scheme
  • Review the scheme from time to time

Module 4

14

Publication schemes

• Timetable for submission
• Scottish Executive, police and local government - 28 February 2004
• NHS and educational establishments - 31 May 2004
• Remaining authorities - 31 August 2004

Module 4

15

Publication schemes

• Schemes must specify
  • The classes of information which the authority publishes or intends to publish
  • The manner in which the information is to be published and
  • Whether the published information is available free of charge or for payment

Module 4

16

Publication schemes

• In adopting and reviewing the scheme an authority must have regard to
  • Allowing public access to its information
  • Providing information on the provision of services, including the cost and standard of services
  • Providing information on facts or analyses which are the basis for important decisions and
  • Publishing reasons for decisions it makes

Module 4

17

Publication schemes

• The Commissioner may prepare or approve model schemes prepared by others
• An authority which adopts an approved model does not require specific approval from the Commissioner as long as the model remains approved

Module 4

18

Records Management - Introduction

"Any freedom of information legislation is only as good as the quality of the records to which it provides a right of access. Such rights are of limited use if reliable records are not created in the first place, if they cannot be found when needed or if the arrangements for their eventual archiving or destruction are inadequate…"

Module 5

19

"Consequently all Scottish public authorities are expected to have regard to the guidance in this Code to ensure that they are managing their records effectively. For many authorities this will mean a significant culture change for all of their staff - senior managers have a responsibility to lead and promote that change"

Code of practice on the keeping, management and destruction of records issued by the Scottish Ministers ("Section 61 Code")

Module 5

20

Code of Practice on Records Management

• Covers both electronic and paper records
• Provides guidance on desirable practice in respect of
  • Records management policies
  • Records management training
  • Management and destruction of records
  • Transfer of records to the Keeper of the Records of Scotland

Module 5

21

Code of Practice on Records

Management

• The Code is supplementary to the FOISA
• Failure to comply with the Code may lead to a failure to comply with the FOISA
• The Scottish Information Commissioner has an obligation to promote observance of the Code
• The Commissioner may serve a practice recommendation on an authority that does not comply with the Code

Module 5

22

Contents of the section 61 Code

• Records management should be
  • recognised as a corporate function
  • supported by appropriate allocation of staff and other resources including training
  • supported by a records management strategy and policy covering electronic and paper records
• records should be actively managed throughout their lifetime
• records should be disposed of in accordance with the policy

Module 5

23

Records Management - archive transfers

• Part 2 of the section 61 Code applies to authorities which transfer records to the National Archives of Scotland
• Part 3 of the section 61 Code applies to other authorities which transfer records to other public archives
• The Code sets out the appropriate procedures for access, review and transfer

Module 6

24

Rights of Access

• Anyone, anywhere can make a request under the FOISA
• Any information held in a recorded form is covered by the FOISA
• Access requests can be made by children who have sufficient understanding and a child over 12 years is presumed to have such understanding

Module 7

25

Request for access

• Must be in writing or other permanent form
• Must state the name of the applicant and an address for correspondence
• Must describe the information which the applicant seeks
• May express a preference for the information to be provided in a specific way for example by providing copies

Module 7

26

Fees for information

• The authority does not have to charge a fee but may do so
• If a fee is to be charged the authority must tell the applicant of the proposed fee by sending a Fees Notice after it receives the request
• The fees which can be charged are to be set out in Fees Regulations

Module 7

27

Introduction - section 60 Code of Practice

"The Act places a duty on public authorities to provide advice and assistance to applicants and potential applicants as far as it is reasonable to expect the authority to do so. An authority following the guidance in this Code in this respect will be deemed to have complied with its duty to provide advice and assistance".

Module 8

28

Section 60 Code of Practice

• The Code covers :
  • The provision of advice and assistance to those making requests for information
  • The transfer of requests between authorities
  • Consultation with interested parties
  • Terms of contracts entered into by authorities
  • How authorities should handle reviews and complaints
  • Monitoring requests

Module 8

29

Section 60 Code

• The Code is supplementary to the FOISA
• Compliance with the Code means authorities have complied with the duty to provide advice and assistance
• The Scottish Information Commissioner has an obligation to promote observance of the Code
• The Commissioner may serve a practice recommendation on an authority that does not comply with the Code

Module 8

30

Dealing with requests

• The authority has an obligation to provide advice and assistance to applicants
• The authority must deal with requests within 20 working days
• It may require the applicant to supply further information to enable it to find the information requested
• It does not have to comply with repeated or vexatious requests

Module 8

31

Access to Environmental Information

• Environmental information is very widely defined and the current definition covers
  • The state of any water or air, flora, fauna, soil land or other natural site and
  • Any activities or measures which either adversely affect or which are designed to protect any of the above

Module 11

32

Access to Environmental Information

• The Environmental Information Regulations 1992 apply and not the FOISA
• Where a request is made
  • for information which falls within the definition
  • to a public body which has or is under the control of an organisation which has responsibilities in relation to the environment

Module 11

33

Access to Environmental Information

• The rules governing access are different in some ways from the FOISA
  • The request does not have to be in writing
  • The public authority has 2 months in which to respond to the request
  • The authority is able to impose a reasonable charge for the supply of the information
• It is planned to introduce new regulations to remove these differences

Module 11

34

Exemptions from the right of access

• Information may fall outside the FOISA because it is held by the public authority on behalf of another
• Held in confidence from the UK Government or
• Information may be subject to an exemption from the right of access under the FOISA

Module 12

35

Exemptions from the right of access

• There are two kinds of exemptions:
• Absolute exemptions and
• Non-absolute exemptions

Module 12

36

Exemptions from the right of access

• Absolute exemptions

Where an absolute exemption applies the public authority does not have to consider the public interest in the disclosure of the information before it refuses to supply it

Module 12

37

Exemptions from the right of access

• Non- absolute exemptions

Where a non-absolute exemption applies the public authority must always consider whether the public interest in providing the information is not outweighed by the interest served by the exemption. If this is the case the information must be supplied

Module 12

38

Absolute exemptions

• Information which the applicant can reasonably obtain because it is available to members of the public by another route being
  • Available under the authority's publication scheme
  • Made available under an enactment or
  • Made available by the Keeper of the Records of Scotland

Module 13

39

Absolute exemptions

• Information in respect of which there is a legal prohibition on disclosure being
  • Prohibited under an enactment
  • Incompatible with a European Community obligation or
  • Would be a contempt of court

Module 13

40

Absolute exemptions

• Information which is subject to an obligation of confidence that is
  • The information obtained by a public authority from another person (which may include another public authority) and
  • The person who made the disclosure could take court action for an order to stop the public authority disclosing the information

Module 14

41

Absolute exemptions

• Information which is contained in court records being a document
  • Served on a public authority or placed with the court or created by a court for the purpose of proceedings or
  • Held by a public authority solely because it was placed with or created by a person conducting an arbitration or inquiry for the purpose of the arbitration or inquiry

Module 14

42

Absolute exemptions

• Information which relates to a living individual and the application for access to the information is made by that individual
• In those circumstances the individual will be entitled to access the information using his or her rights under the Data Protection Act 1998

Module 14

43

Absolute exemptions

• Information which relates to a living individual other than the applicant for the information will be exempt where the disclosure of the information would breach one of the data protection principles contained in the Data Protection Act 1998

Module 14

44

Non-absolute exemptions

• Information derived from a research programme in respect of which
  • There is an intention to publish and
  • Premature disclosure would substantially prejudice the programme or the interests of the participants
• Information held by the authority or another in respect of which
  • there is an intention to publish
  • within the next 12 weeks and
  • it is reasonable not to give access pending publication

Module 13

45

Non-absolute exemptions

• Information the disclosure of which would prejudice substantially relations between any administration in the UK and any other such administration
• Information held by the Scottish Administration relating to
  • Formulation or development of government policy
  • Ministerial communications or the operation of any private office
  • The provision of advice by Law Officers
  • Statistical and factual information should be provided once decisions have been taken

Module 13

46

Non absolute exemptions

• Information the disclosure of which would or would be likely to prejudice substantially
  • collective responsibility of Scottish Ministers
  • inhibit the provision of advice or exchange of views or
  • Otherwise prejudice substantially the effective conduct of public affairs

Module 13

47

Non absolute exemptions

• Information
  • Which a member of the Scottish Executive certifies is required to be withheld in order to safeguard national security
  • The disclosure of which would prejudice substantially the defence of the British Isles or any colony or the capability effectiveness or security of the armed forces or those cooperating with them

Module 13

48

Non-absolute exemptions

• Information
  • The disclosure of which would prejudice substantially
    • Relations between the UK and any other State or international organisation or court
    • The interests or the protection of the interests of the UK abroad
  • Which is confidential information obtained from another State or an international organisation or court

Module 13

49

Non absolute exemptions

• Information
  • Which constitutes a trade secret or
  • The disclosure of which would prejudice substantially the commercial interests of any person
  • The disclosure of which would prejudice substantially the economic or financial interests of the whole or part of the UK

Module 13

50

Non absolute exemptions

• Information held by a Scottish public authority
  • For criminal investigations or proceedings
  • For enquiries into sudden deaths and fatal accidents
  • For civil proceedings related to the above or
  • From a confidential source in connection with legal regulatory matters

Module 14

51

Non absolute exemptions

• Information the disclosure of which would prejudice substantially a range of regulatory, criminal and judicial matters listed in section 35 for example the operation of immigration controls or the maintenance of good order in prisons or other institutions where people are detained

Module 14

52

Non absolute exemptions

• A deceased person's health record
• Information which relates to a living individual where the request is made by a person other than that individual if
  • The information would not be disclosed to the individual him or her self or
  • The individual has lodged an objection which has been accepted by the authority

Module 14

53

Non absolute exemptions

• Environmental information which is available under other legislation
• Information the disclosure of which would endanger the physical or mental health or safety of an individual

Module 14

54

Non absolute exemptions

• Information the disclosure of which would prejudice substantially the exercise of audit functions of a Scottish authority or the examination of the economy, efficiency and effectiveness with which the authorities use their resources

Module 14

55

Non absolute exemptions

• Information which relates to communications with Her Majesty or the Royal Household or
• The exercise of the honours system

Module 14

56

Data Protection Act 1998 (DPA)

• Data protection is not a devolved function - the 1998 DPA applies throughout the UK
• The DPA was passed to give effect to a requirement of the European Community so the UK law has to meet those standards
• The DPA sets standards for the use and handling of any personal data, gives individual rights and has an enforcement regime

Module 15

57

Data Protection Act 1998

• The standards for processing personal data are set out in the Principles which state that personal data must be
  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive in relation to the purpose of the processing
  • Accurate and not kept for longer than is necessary for the purpose

Module 15

58

Module 15

59

Data Protection Act 1998

• Data controllers must notify the (UK) Information Commissioner of the processing they carry out. The notification is entered on a public register
  • The UK Information Commissioner
  • Gives advice and assistance on the DPA
  • Deals with complaints of non-compliance from the public
  • may take action against data controllers for breach of the DPA

Module 15

60

Data Protection Act 1998

• It applies to "personal data" that is information about a living individual
• It applies to automated information or that held on filing systems structured by reference to the data subject
• There are more stringent rules for some types of data known as sensitive data
• Those who process personal data are called data controllers

Module 15

61

Data Protection Act 1998

• Individuals have rights
  • To access data held about them
  • To object to processing for direct marketing and to processing which would cause unwarranted damage or distress
  • To object to automated decisions being made about them
  • To seek rectification of inaccurate data
  • To compensation for damage caused by breach of the DPA

Module 15

62

Data Protection Act 1998

• Not all information will be provided in response to a subject access application - some will be exempt
• An application for subject access must be
  • Made in writing
  • Include a fee of 10 unless the data controller waives the fee
  • Describe the information so that the data controller can locate that required
  • Receive a response within 40 days of receipt

Module 15

63

Interface FOISA and DPA - subject access

• Where an individual asks for access to personal data about him or herself the request does not come under the FOISA. It is covered by an exemption from the FOISA. If the authority is sure of the identity of the applicant it should be treated as an application for subject access under the DPA

Module 16

64

Interface FOISA and DPA - subject access

• The right of subject access will be extended to cover all recorded information which relates to the data subject including filing systems which are structured other than by reference to the individual and unstructured systems
• The data subject will have to describe any information which may be held on unstructured files so that the public authority knows where to look for it

Module 16

65