1. 2 Freedom of information in context The Freedom of Information (Scotland) Act 2002 provides a...

2

Freedom of information in context

• The Freedom of Information (Scotland) Act 2002 provides a right to access information held in Scottish public authorities. This should– lead to increased accountability – lead to the breakdown of a culture of secrecy

and– ensure that public bodies look outward to the

communities they serveModule 1

3


• “ Freedom of information underpins wider aspirations of making public authorities accountable, building public trust in those authorities and assisting citizens to engage with decision making processes which affect them”

Kevin Dunion Scottish Information Commissioner

Module 1

4


• Questions of disclosure may require a balancing act between the public interest in disclosure and other interests which require that information be withheld

• Information should only be withheld where the interest in withholding it outweighs the interest of openness

Module 1

5

Introduction to FOI Scotland

• The Freedom of Information (Scotland) Act 2002 (FOISA) became law on 28 May 2002

• Scottish Information Commissioner appointed February 2003

• Publication schemes phased in from June 2004 to November 2004

• Full implementation 1 January 2005 Module 2

6

Outline of the FOISA

• An authority subject to the FOISA must– Publish information under a publication

scheme which has been approved by the Scottish Information Commissioner

– Respond to specific requests for recorded information held by it and supply the information requested unless an exemption applies

– Ensure that the records it holds comply with records management standards

Module 2

7

Information available before the FOISA comes into effect

• Information available under other provisions e.g. public registers

• Information available under non-statutory codes of practice– Scottish Executive– NHS Scotland– UK Government

Module 2

8

Scottish Executive code of practice on access to information

• Adopted by the Scottish Executive in July 1999 and reflects the Executive’s commitment to openness in Scottish public life

• Applies until 1 January 2005• Complaints of non-compliance are made to the

Scottish Information Commissioner• Covers publication of information, response to

requests and exemptions

Module 2

9

Who is subject to the FOISA?• The Scottish Parliament• The Scottish Executive• Scottish local authorities • NHS Scotland • Scottish police forces• Scottish institutes for higher and further education • Other Scottish public bodies e.g. The Parole

Board for ScotlandModule 3

10

Who is subject to the FOISA?

• Any company wholly owned by the Scottish Ministers or any other Scottish public authority

• Private bodies but only if – They are exercising functions of a public

nature or providing public services under a contract AND

– They are designated by Scottish Ministers by an order under the FOISA

Module 3

11

Who is subject to the FOISA?

• The FOISA describes the listed authorities as Scottish public authorities. In the remainder of the slides, unless the context requires, they are referred to simply as authorities or public authorities.

Module 3

12

Relation with the UK Freedom of Information Act 2000

• Freedom of information is a devolved matter

• The UK Act covers bodies subject to the UK Parliament

• Some bodies which operate in Scotland will be subject to the UK Act

• The FOISA and the UK Act have the same structure and effect but there are some differences between the two Acts

Module 3

13

Publication schemes“Publication schemes will be of considerable

benefit to authorities: they will significantly reduce the administrative burden of dealing with freedom of information requests, publicise the work done by public authorities and encourage a spirit of openness and accountability throughout the public sector in Scotland”

Guide to Publication Schemes under the Freedom of Information ( Scotland) Act 2002 – Office of the Scottish Information Commissioner

Module 4

14

Publication schemes

• A Scottish public authority must– Adopt a publication scheme– Have it approved by the Scottish Information

Commissioner– Publish information in accordance with the

scheme– Maintain the scheme– Review the scheme from time to time

Module 4

15

Publication schemes

• Timetable for submission

• Scottish Executive, police and local government - 28 February 2004

• NHS and educational establishments - 31 May 2004

• Remaining authorities - 31 August 2004

Module 4

16

Publication schemes

• Schemes must specify– The classes of information which the authority

publishes or intends to publish– The manner in which the information is to be

published and– Whether the published information is available

free of charge or for payment

Module 4

17

Publication schemes• In adopting and reviewing the scheme an

authority must have regard to – Allowing public access to its information – Providing information on the provision of services,

including the cost and standard of services– Providing information on facts or analyses which are

the basis for important decisions and– Publishing reasons for decisions it makes

Module 4

18

Publication schemes

• The Commissioner may prepare or approve model schemes prepared by others

• An authority which adopts an approved model does not require specific approval from the Commissioner as long as the model remains approved

Module 4

19

Records Management - Introduction

“Any freedom of information legislation is only as good as the quality of the records to which it provides a right of access. Such rights are of limited use if reliable records are not created in the first place, if they cannot be found when needed or if the arrangements for their eventual archiving or destruction are inadequate…”

Module 5

20

“Consequently all Scottish public authorities are expected to have regard to the guidance in this Code to ensure that they are managing their records effectively. For many authorities this will mean a significant culture change for all of their staff – senior managers have a responsibility to lead and promote that change” Code of practice on the keeping, management and destruction of records issued by the Scottish Ministers (“Section 61 Code”)

Module 5

21

Code of Practice on Records Management

• Covers both electronic and paper records

• Provides guidance on desirable practice in respect of– Records management policies– Records management training– Management and destruction of records– Transfer of records to the Keeper of the

Records of ScotlandModule 5

22

Code of Practice on Records Management

• The Code is supplementary to the FOISA

• Failure to comply with the Code may lead to a failure to comply with the FOISA

• The Scottish Information Commissioner has an obligation to promote observance of the Code

• The Commissioner may serve a practice recommendation on an authority that does not comply with the Code

Module 5

23

Contents of the section 61 Code• Records management should be

– recognised as a corporate function

– supported by appropriate allocation of staff and other resources including training

– supported by a records management strategy and policy covering electronic and paper records

• records should be actively managed throughout their lifetime

• records should be disposed of in accordance with the policy

Module 5

24

Records Management – archive transfers

• Part 2 of the section 61 Code applies to authorities which transfer records to the National Archives of Scotland

• Part 3 of the section 61 Code applies to other authorities which transfer records to other public archives

• The Code sets out the appropriate procedures for access, review and transfer

Module 6

25

Rights of Access

• Anyone, anywhere can make a request under the FOISA

• Any information held in a recorded form is covered by the FOISA

• Access requests can be made by children who have sufficient understanding and a child over 12 years is presumed to have such understanding

Module 7

26

Request for access

• Must be in writing or other permanent form • Must state the name of the applicant and an

address for correspondence • Must describe the information which the

applicant seeks• May express a preference for the information to

be provided in a specific way for example by providing copies

Module 7

27

Fees for information

• The authority does not have to charge a fee but may do so

• If a fee is to be charged the authority must tell the applicant of the proposed fee by sending a Fees Notice after it receives the request

• The fees which can be charged are to be set out in Fees Regulations

Module 7

28

Introduction – section 60 Code of Practice

“The Act places a duty on public authorities to provide advice and assistance to applicants and potential applicants as far as it is reasonable to expect the authority to do so. An authority following the guidance in this Code in this respect will be deemed to have complied with its duty to provide advice and assistance”.

Module 8

29

Section 60 Code of Practice

• The Code covers :– The provision of advice and assistance to

those making requests for information– The transfer of requests between authorities – Consultation with interested parties– Terms of contracts entered into by authorities– How authorities should handle reviews and

complaints – Monitoring requests

Module 8

30

Section 60 Code• The Code is supplementary to the FOISA• Compliance with the Code means authorities

have complied with the duty to provide advice and assistance

• The Scottish Information Commissioner has an obligation to promote observance of the Code

• The Commissioner may serve a practice recommendation on an authority that does not comply with the Code

Module 8

31

Dealing with requests

• The authority has an obligation to provide advice and assistance to applicants

• The authority must deal with requests within 20 working days

• It may require the applicant to supply further information to enable it to find the information requested

• It does not have to comply with repeated or vexatious requests

Module 8

32

Access to Environmental Information

• Environmental information is very widely defined and the current definition covers– The state of any water or air, flora, fauna, soil

land or other natural site and – Any activities or measures which either

adversely affect or which are designed to protect any of the above

Module 11

33


• The Environmental Information Regulations 1992 apply and not the FOISA

• Where a request is made – for information which falls within the definition – to a public body which has or is under the

control of an organisation which has responsibilities in relation to the environment

Module 11

34


• The rules governing access are different in some ways from the FOISA– The request does not have to be in writing– The public authority has 2 months in which to

respond to the request– The authority is able to impose a reasonable

charge for the supply of the information• It is planned to introduce new regulations to

remove these differencesModule 11

35

Exemptions from the right of access

• Information may fall outside the FOISA because it is held by the public authority on behalf of another

• Held in confidence from the UK Government or

• Information may be subject to an exemption from the right of access under the FOISA

Module 12

36


• There are two kinds of exemptions:

• Absolute exemptions and

• Non-absolute exemptions

Module 12

37


• Absolute exemptions

Where an absolute exemption applies the public authority does not have to consider the public interest in the disclosure of the information before it refuses to supply it

Module 12

38


• Non- absolute exemptions

Where a non-absolute exemption applies the public authority must always consider whether the public interest in providing the information is not outweighed by the interest served by the exemption. If this is the case the information must be supplied

Module 12

39

Absolute exemptions

• Information which the applicant can reasonably obtain because it is available to members of the public by another route being– Available under the authority’s publication

scheme– Made available under an enactment or– Made available by the Keeper of the Records

of Scotland Module 13

40

Absolute exemptions

• Information in respect of which there is a legal prohibition on disclosure being– Prohibited under an enactment– Incompatible with a European Community

obligation or– Would be a contempt of court

Module 13

41

Absolute exemptions

• Information which is subject to an obligation of confidence that is – The information obtained by a public authority

from another person (which may include another public authority) and

– The person who made the disclosure could take court action for an order to stop the public authority disclosing the information

Module 14

42

Absolute exemptions

• Information which is contained in court records being a document– Served on a public authority or placed with

the court or created by a court for the purpose of proceedings or

– Held by a public authority solely because it was placed with or created by a person conducting an arbitration or inquiry for the purpose of the arbitration or inquiry

Module 14

43

Absolute exemptions

• Information which relates to a living individual and the application for access to the information is made by that individual

• In those circumstances the individual will be entitled to access the information using his or her rights under the Data Protection Act 1998

Module 14

44

Absolute exemptions

• Information which relates to a living individual other than the applicant for the information will be exempt where the disclosure of the information would breach one of the data protection principles contained in the Data Protection Act 1998

Module 14

45

Non-absolute exemptions • Information derived from a research programme in

respect of which– There is an intention to publish and– Premature disclosure would substantially prejudice

the programme or the interests of the participants • Information held by the authority or another in respect of

which – there is an intention to publish – within the next 12 weeks and

– it is reasonable not to give access pending publication Module 13

46

Non-absolute exemptions

• Information the disclosure of which would prejudice substantially relations between any administration in the UK and any other such administration

• Information held by the Scottish Administration relating to – Formulation or development of government policy– Ministerial communications or the operation of any private

office– The provision of advice by Law Officers– Statistical and factual information should be provided once

decisions have been takenModule 13

47

Non absolute exemptions

• Information the disclosure of which would or would be likely to prejudice substantially – collective responsibility of Scottish

Ministers– inhibit the provision of advice or exchange of

views or – Otherwise prejudice substantially the effective

conduct of public affairs

Module 13

48


• Information – Which a member of the Scottish Executive

certifies is required to be withheld in order to safeguard national security

– The disclosure of which would prejudice substantially the defence of the British Isles or any colony or the capability effectiveness or security of the armed forces or those co-operating with them

Module 13

49

Non-absolute exemptions• Information

– The disclosure of which would prejudice substantially

• Relations between the UK and any other State or international organisation or court

• The interests or the protection of the interests of the UK abroad

– Which is confidential information obtained from another State or an international organisation or court

Module 13

50


• Information – Which constitutes a trade secret or– The disclosure of which would prejudice

substantially the commercial interests of any person

– The disclosure of which would prejudice substantially the economic or financial interests of the whole or part of the UK

Module 13

51

Non absolute exemptions • Information held by a Scottish public

authority – For criminal investigations or proceedings– For enquiries into sudden deaths and fatal

accidents– For civil proceedings related to the above or– From a confidential source in connection with

legal regulatory matters Module 14

52


• Information the disclosure of which would prejudice substantially a range of regulatory, criminal and judicial matters listed in section 35 for example the operation of immigration controls or the maintenance of good order in prisons or other institutions where people are detained

Module 14

53


• A deceased person’s health record

• Information which relates to a living individual where the request is made by a person other than that individual if – The information would not be disclosed to the

individual him or her self or – The individual has lodged an objection which

has been accepted by the authorityModule 14

54


• Environmental information which is available under other legislation

• Information the disclosure of which would endanger the physical or mental health or safety of an individual

Module 14

55


• Information the disclosure of which would prejudice substantially the exercise of audit functions of a Scottish authority or the examination of the economy, efficiency and effectiveness with which the authorities use their resources

Module 14

56


• Information which relates to communications with Her Majesty or the Royal Household or

• The exercise of the honours system

Module 14

57

Data Protection Act 1998 (DPA) • Data protection is not a devolved function - the

1998 DPA applies throughout the UK• The DPA was passed to give effect to a

requirement of the European Community so the UK law has to meet those standards

• The DPA sets standards for the use and handling of any personal data, gives individual rights and has an enforcement regime

Module 15

58

Data Protection Act 1998

• The standards for processing personal data are set out in the Principles which state that personal data must be – Fairly and lawfully processed– Processed for limited purposes– Adequate, relevant and not excessive in

relation to the purpose of the processing– Accurate and not kept for longer than is

necessary for the purposeModule 15

59

– Processed in accordance with the rights of data subjects

– Held securely and not disclosed without proper authority and

– Not transferred to countries outside the European Economic Area without adequate protection being provided to the data

Module 15

60


• Data controllers must notify the (UK) Information Commissioner of the processing they carry out. The notification is entered on a public register

• The UK Information Commissioner – Gives advice and assistance on the DPA– Deals with complaints of non-compliance from the

public– may take action against data controllers for breach of

the DPAModule 15

61


• It applies to “personal data” that is information about a living individual

• It applies to automated information or that held on filing systems structured by reference to the data subject

• There are more stringent rules for some types of data known as sensitive data

• Those who process personal data are called data controllers

Module 15

62

Data Protection Act 1998 • Individuals have rights

– To access data held about them– To object to processing for direct marketing and to

processing which would cause unwarranted damage or distress

– To object to automated decisions being made about them

– To seek rectification of inaccurate data – To compensation for damage caused by breach of the

DPAModule 15

63

Data Protection Act 1998 • Not all information will be provided in response to a

subject access application – some will be exempt• An application for subject access must be

– Made in writing– Include a fee of £10 unless the data controller waives the

fee– Describe the information so that the data controller can

locate that required – Receive a response within 40 days of receipt

Module 15

64

Interface FOISA and DPA – subject access

• Where an individual asks for access to personal data about him or herself the request does not come under the FOISA. It is covered by an exemption from the FOISA. If the authority is sure of the identity of the applicant it should be treated as an application for subject access under the DPA

Module 16

65


• The right of subject access will be extended to cover all recorded information which relates to the data subject including filing systems which are structured other than by reference to the individual and unstructured systems

• The data subject will have to describe any information which may be held on unstructured files so that the public authority knows where to look for it

Module 16

66


• A new subject access exemption will apply to information held in an unstructured way and that held on the new category of structured files

• The exemption covers information relating to personnel matters of any staff employed in the armed forces or Crown service or any other part of the public sector

Module 16

67

Interface FOISA and DPA – third party access requests

• Where a third party asks for access to information about another person it is an access request under the FOISA. However the information may be exempt from the right of access if disclosure would involve – Breach of the DPA

– Health records of those who are deceased

– Census information in the last 100 years

Module 17

68

Interface FOISA and the DPA – third party access requests

• Information will be exempt under FOISA if– The disclosure would involve a breach of the data

protection principles– The information would not be provided to the data

subject himself because of the application of a subject access exemption or

– Where the information would fall under the DPA, the individual has exercised his right to object to processing and the objection has been accepted by the data controller

Module 17

69

Human rights and freedom of expression

• Human Rights is not a devolved function – the Human Rights Act 1998 (HRA) applies throughout the UK

• The HRA requires all public authorities to respect and comply with a set of individual rights called Convention Rights

• These include the right to respect for private life and the right to freedom of expression

Module 18

70


• Public authorities must respect an individual’s right to private and family life, home and correspondence

• Public bodies can interfere with these if the public body – Has a legal basis for its action – Is acting in one of a list of specified interests– Acts reasonably or proportionately

Module 18

71


• Public authorities must respect the right to freedom of speech

• Public bodies can interfere with the right if the public body – Has a legal basis for its action – Is acting in one of a list of specified interests– Acts reasonably or proportionately

Module 18

72


• The right to private and family life is protected by the DPA as well as the Convention Rights

• Freedom of information, that is the right to access information held by the public sector, is not protected by European law.

• Freedom of expression is not the same as freedom of information

Module 18

73

Scottish Information Commissioner

• The Commissioner must– Promote good practice by Scottish public authorities

in following the FOISA and the codes of practice– Consider what information it is desirable to have

made available to the public about the FOISA, its operation and good practice in relation to it and ensure that such information is made available. Where it concerns the records management code he must consult the Keeper of the Records of Scotland

Module 19

74


• The Commissioner may– Give advice on the FOISA to any person– Assess whether a public authority is following

good practice– Charge for the provision of his services– Propose bodies as suitable to be covered by

the FOISAModule 19

75


• The Commissioner has enforcement powers. He may also make a “practice recommendation” to a public authority where he considers that the practice of the authority does not conform to the codes of practice issued under the FOISA.

• It must be in writing and set out how the authority is failing and what steps it must take to rectify the situation

Module 19

76

Requirement for review

• An applicant who is not satisfied with the response of an authority to an access request may, within 40 days, require the authority to review the decision

• The authority must do so, usually within 20 working days

• If the request was vexatious or repeated the authority need not review it but must respond to the request for review

Module 19

77

Requirement for review

• An applicant who remains unsatisfied may complain to the Commissioner

• The applicant must either have exhausted the review procedure or have had no response to the request for a review

• Complaints should be lodged within 6 months of the review decision but the Commissioner may accept complaints outside that period

Module 19

78

Decision of Commissioner• If the complaint is frivolous or vexatious the

Commissioner may reject it

• The Commissioner must contact the authority and invite its comments on any complaint which he handles

• The Commissioner may seek to resolve the complaint

• If the complaint is not withdrawn or settled he must issue a decision notice stating whether the authority has complied with the FOISA

Module 19

79

Information powers

• In order to deal with complaints and to assess whether authorities are complying with the FOISA in other ways the Commissioner may require the authority to supply information by the use of – An Information Notice or– A warrant of entry to premises

• It is an offence to make a false statement or to fail to respond to an information notice

Module 19

80

Information notice

• Must– Describe the information required– Explain why the information is required for

example that the Commissioner has received a complaint of non-compliance

– State the time by which the information must be supplied and

– Explain the right of appeal to the Court of Session

Module 19

81

Criminal offences

• It is a criminal offence to alter, deface, erase, destroy or conceal a record held by an authority after a request has been received unless the authority would not have had to provide the record to the person requesting it

• Any person who carries out or is responsible for such an action can be brought before the court

Module 19

82

Enforcement notice

• Decision notices are used to deal with specific complaints

• The Commissioner may serve an Enforcement notice if he considers that an authority has not complied with the FOISA setting out – How the authority has failed– What it must do to remedy the situation and – The authority’s right of appeal

Module 19

83

Power to override

• The First Minister may override an information notice served on the Scottish Administration where an exemption is claimed on grounds relating to national security or other security-related exemptions apply and he considers that the material is of exceptional sensitivity

Module 19

84

Failure to comply

• If an authority fails to comply with an information notice, decision notice or enforcement notice the Commissioner may bring the authority before the Court of Session which may deal with the failure as a contempt of court

Module 19

1. 2 Freedom of information in context The Freedom of Information (Scotland) Act 2002 provides a...

Documents

Transcript of 1. 2 Freedom of information in context The Freedom of Information (Scotland) Act 2002 provides a...