ICO to play hard but fair on FOIA Enforcement - August 2010
The Information Commissioner’s Office has issued a “Regulatory Action Policy” explaining how it will use its powers to enforce the Freedom of Information Act 2000 (FOIA), the Environmental Information Regulations 2004 (EIR) and their supporting codes of practice:
- The Section 45 Code of Practice (on compliance with the FOIA)
- The Regulation 16 Code of Practice (on compliance with the EIR) and
- The Section 46 Code of Practice (on the maintenance of public records).
The Policy sets out the ICO’s approach to any public authority which does not meet expected standards, and significantly its intention to take “purposeful regulatory action” where appropriate.
Whilst stressing its commitment to the principles of transparency, accountability, proportionality and consistency, and indicating its preference for non-coercive forms of intervention (such as negotiation and the issuing of recommendations), the ICO also makes it clear that it will use its coercive powers where necessary - and seek their enforcement by the courts.
The ICO’s prime targets will be authorities whose conduct demonstrates disregard for the FOIA / EIR, rather than isolated lapses: the Policy points specifically at authorities which “repeatedly or seriously fail” or “continue to fail” to comply with their legal obligations. This is borne out by illustrative examples of the kind of behaviour likely to trigger “regulatory action”, which include
► “repeated or serious failure” to respond to requests within appropriate timescales / provide compliant refusal notices
► failure to adopt an approved publication scheme / comply with an approved publication scheme / institute and comply with a records management policy
► “obvious disregard” for FOIA / EIR access provisions
► “obvious lack of understanding” of FOIA / EIR requirements
Not surprisingly, the Policy warns that the ICO will be particularly unimpressed where any such failure occurs or persists despite the authority having undergone a period of monitoring by the ICO, or “when the ICO’s attempts to provide advice and support have been ignored”.
As one would expect, a more lenient approach will be taken to “minor, non-repetitive” failings, and to offending authorities which are small, but swift to act once the failure is brought to their attention.
The ICO evidently agrees with Voltaire on the need to “encourager les autres”: criteria for deciding whether / what regulatory action is called for in a given case include the likelihood of “a wider educative or deterrent effect” and whether “an example needs to be created or a precedent set”.
The Policy warns that the ICO “will build up intelligence based on the number and nature of complaints received about particular authorities”, but it can and will take regulatory action of its own volition. The ICO will take notice of what it sees and hears across the media (including social media), as well as information from Government or the Information Tribunal.
The clear message is that if a public authority doesn’t pay attention to its FOIA / EIR compliance, the ICO will.
To discuss any of the issues please contact:
Deryck Houghton
Tel: 0845 070 3810
Email: deryck.houghton@freethcartwright.co.uk