<< Return to previous view
CILIP HomeCILIP
CILIP
Advanced
Home > Publications > Update magazine > Archive & Indexes > Archive 2003 > December 2003 :

Implementing the Freedom of Information Act

PUBLICATIONS
 
 
 
 
20% discount for members
Freedom of Information - a practical guide from Facet Publsihing
 

This article is from the December 2003 issue of Update.

In 2000, the new Freedom of Information Act became law - with its full implementation delayed until 2005. There is now little over a year left. Can our organisations make the FOIA work, asks Duncan Simpson.

Views are mixed on what effect the new Freedom of Information Act (FOIA) is going to have on the public sector. At one extreme, the thinking is ‘It’s not going to change much; we’ll wait and see’, at the other ‘How on earth are we going to cope, along with all the other things we have to do?’

There is a similar wide range in what organisations are already doing to prepare themselves. The Scottish Executive (Scotland has a very similar act) launched a large-scale procurement exercise, early in the year, for a co-ordinated scheme to get its FOI implementation in place across the board, in good time. Some authorities — for example the police — are giving serious attention to what they need to do, as are some government departments and local authorities. Far too many, across the public sector as a whole, don’t seem to be doing very much, or even thinking of doing much.

So what should you and your organisation be doing?

How many requests will there be?
There has been plenty of time to assess others’ experience of FOI. Sweden was first to legislate on access to information, in 1766, Finland following not too close behind in 1919. Perhaps the first really relevant legislation for the purpose of precedent, though, was the US in 1966, with Australia, New Zealand and Canada following in the 1980s.

The Constitution Unit, of University College London, has looked at the impact of this legislation in practice. Variables are many, including the nature of the legislation (the Republic of Ireland, for example, has an act that is non-retrospective, so nothing prior to the act can be accessed through it). Current events also have a huge impact on the numbers. In 2001, there were close to 60,000 requests made under FOI to defence establishments in the US. It will be interesting to see how that figure moves for 2002 and 2003, in the run up to and aftermath of the Iraq war.

Even without something like Iraq, the indications from a Constitution Unit analysis are that our own MoD might get between 1,000 and 4,000 requests initially, rising to 3,000-6,000 by 2008. In contrast, the Irish defence system, in 2001, attracted just 125 requests. How such figures might translate into requests for information to a typical sizeable local authority is very difficult to say.

One of the first things each organisation must do is to look at the likely workload that FOI could bring, using analysis based on others’ experience and the best assessment of the nature and interest of the information it holds.

If you go for implementation in a big way, there could be a large degree of over-provision and wasted effort. But if you do nothing, you might be badly caught out. Which would be worse? To spend more than you need on initial implementation arrangements, and have a smooth passage? Or to do little or nothing, and find yourself trapped in a high-profile test case in the early days of implementation? The risk of the latter is very low but, should it happen, the impact would be very damaging.

The best way forward is to focus on what the implications for your organisation could be, what issues are likely to attract interest, and what the downside would be if you get it wrong, and plan accordingly.

If you’re a librarian, you may think you’re fairly safe. Libraries are in the information business anyway, and you may not have much that won’t be readily available as part of your everyday services and your authority’s publication scheme, which has already been in existence (I hope) for some time. But equally, as the standard bearer for providing information for whatever umbrella organisation you are part of, you could find yourself in the direct firing line for a much wider range of requests than others will receive.

Certainly, the first thing is for the relevant senior managers — up to and including the chief executive — and elected members as well, to have a clear understanding of what FOI could mean for them, a policy for dealing with it, and the will to commit at least some resources for doing what needs to be done.

‘What’s the problem?’
That sounds embarrassingly obvious, but I did an exercise a few months ago on a group of local authorities (I’m not going to name names), looking at their websites and published information. Most had produced, as required by the act, an FOI publication scheme, using a local authority model. It wasn’t, generally, easy to find. Many of their website search-engines did not produce any returns from a search on ‘FOI’ or, in too many cases, even on ‘publication scheme’.

This seemed very odd — if you’ve done the hard bit, in producing a scheme, why not take the credit? More worryingly, the relatively few search results I found were often references to council minutes. The tone of these was overwhelmingly — this, remember, from senior officials and elected members — of the ‘what’s the problem, what’s all the fuss about?’ variety. None of the authorities had any plan for implementation in 2005. It may be obvious to say that the senior people must be on side, but that doesn’t mean it’s happening.

Since his appointment late last year, Information Commissioner Richard Thomas has taken a direct, sensible and practical line on implementation. I believe, though, that he was being optimistic when he said, in the frank interview in May’s Update,1 ‘… more and more politicians and senior officials see that the real debate about FOI is over. Transparency is a good thing. They want to be open. We will argue about the details of the application in particular areas, but not the principle’. If only!

As I am writing this, I am keeping one eye on the proceedings of the Hutton inquiry. Whatever else, it is hardly a tribute to the readiness of senior officials, and elected representatives, to be open or transparent.

Maurice Frankel, Director of the Campaign for Freedom of Information, stressed, in an article on Hutton in the Guardian on 29 August, how unusual this approach is:

‘The level of disclosure at an inquiry like this goes beyond that which a freedom of information act would normally provide. FOI laws balance the right of access against exemptions, one of which invariably gives government some privacy for its internal thinking. The material we are now seeing is not filtered in this way, and that is what makes the hearings so compelling. Officials explain how scrupulously they have behaved, only to be undermined by the disclosure of a memo or email revealing that what they did was precisely the opposite.’

Things might be easier if legislation were assembled on a rational basis, but it is not. People wonder why we have some information rights, and access to personal information, via the Data Protection Act 1998 and some, to information more generally, via the FOIA 2000. The simple answer to that is that the idea of data protection rights was well established, and the DPA was already there, when FOI came along. It was easier to accommodate and adapt than to change radically. But then, how, while the DPA centres on the right to privacy, and the FOIA centres, equally forcefully, on the right to information, can the two be reconciled?

For my purpose, it is not so important to answer these questions (they can be answered) as to say that they give an important steer as to how organisations must deal with implementation.

Training strategy
The Constitution Unit’s view is that it is essential for FOI implementation to be a corporate responsibility, supported at the most senior levels. A crucial part of that support will be to endorse a training strategy which works at three levels — strategic, awareness and practitioner.

The strategic level
Elected representatives and senior managers need a strategic awareness and understanding of FOI and how it will bear on their own organisation and responsibilities. So they must understand the broad issues, see the need for an overall programme of implementation, and support those implementing it. They will therefore need a short, emphatic programme of strategic level training — no more than an afternoon, if properly structured and presented.

The awareness level
Because any request to an authority for information can be classed as an FOI request, almost all staff need to have a basic awareness of the act and know how to react to requests for information. Above all, they need to be able to identify requests which may be contentious or difficult, and know what to do with them. Normally this will be to pass them quickly to the expert practitioner team, or individual, within their organisation. Awareness level training, again, need only be short (perhaps a day), but has to provide a snapshot of the legislation, focus on the key messages and be tailored to ‘front-line" staff, to give them the knowledge and confidence to deal with FOI. It can also include some basics on data protection if required.

The practitioner level
Each authority is going to need one or more practitioners, the specialists within the organisation who have specific responsibilities for FOI, preferably for DP as well, and detailed special knowledge to deal with the complex and high-profile cases. Training for practitioners needs to bring out the exact purpose and provisions of the legislation. But it must also have a practical focus so that the practitioners can deal (with appropriate senior management support) with potentially complex casework in a professional and informed manner. Practitioners will need detailed procedures for handling cases, including desk instructions.

* * *

Resources

The Constitution Unit, University College London (www.ucl.ac.uk/constitution-unit/foidp). Includes links to useful resources, summaries of latest developments and a free FOI newsletter. The Constitution Unit has a team of experts in FOI and data protection issues. The unit carries out research, runs a range of FOI and data protection conferences and events and offers training and consultancy services. The unit ran a conference on access to information in local government on 15 October 2003 — see its website for details.

Local Government Association (go to www.lga.gov.uk and follow links to ‘our work’, ‘better local government’, ‘foi’). The website has links to all the local government publication scheme pilot authorities.

Association of Council Secretaries and Solicitors (ACSeS) (www.aces.org.uk). See the ACSes paper on the LGA website on the corporate implications of FOI.

National Archives (www.nationalarchives.gov.uk/footer/freedom.htm). National Archives has prepared a model action plan for local authorities for developing records management compliant with Section 46 of the FOI Act.

Department of Constitutional Affairs (www.lcd.gov.uk). Follow links to FOI and data protection.

The Information Commissioner (www. informationcommissioner.gov.uk).

The Campaign for Freedom of Information (www.cfoi.org.uk). See particularly the Campaign’s detailed response to the 2001 ODPM consultation paper on access to information in local government.

Texts

J. Macdonald and C. Jones (eds). The Law of Freedom of Information. Oxford University Press, 2003. See Chapter 15, which deals in detail with local government.

Local Government Association/Constitution Unit. Freedom of Information: practical guide to the Freedom of Information Act 2000 for local authorities, 2001, available from the LGA (see www.lga.gov.uk).

Steve Bailey. ‘Records management: the challenge to HEIs.’ Library + Information Update, 2(8), August 2003.

* * *

One person in control
But even this approach will only work well if there is one person in control — or at least good communication between the various parties. At its most basic, whoever is to deal with FOI should be dealing with data protection as well, because of the close relationship between the two. They must also have some control over other areas crucial to making a success of implementation, one of the most important being records management.

There’s no point in setting up a wonderful system to handle requests for information, if you can’t then find the information you need to provide, and find it within the time limits that the legislation imposes. The records managers need to be talking to the FOI teams, even if they are not under the same management. That assumes, of course, that your organisation has some ordered processes for creating, managing and storing its records in the first place.

With luck and, more importantly, the right basic training, the average staff member will be able to do two vital things. They will be able to deal with the straightforward requests themselves, as they would already normally do. There is such a thing as common sense. If a caller asks ‘What are your opening hours?’, front-line staff would not think that worth referring upwards although, technically, that might be an FOI request. You could, of course, train your staff to log this request, responding: ‘As you have requested information which, under the Freedom of Information Act 2000, my authority may be required to provide, we need to examine your request to verify whether it may be subject to any of the exemptions provided for within the Act, and where the balance of public interest may lie in meeting it. I will therefore put your request into my authority’s FOI system and you will get a reply within the time period dictated by the Act and subject to the fee the Act permits my authority to charge’.

But that might be a presentational mistake, not to say an administrative nightmare! With luck, the commonsense approach will work for most requests for information you receive.

The second vital task for the front-line staff, and the point where the difficulties will start, is judging when there may be a real need to apply FOI criteria. This may be triggered by who is asking the question — say, the local newspaper’s keen investigative journalist who has been trying for months to nail the Mayor for fiddling his expenses, and who wants to know about last month’s confidential Finance Committee minute about travel budgets. Be careful — the act does not allow you to question the identity or motives of the requester. However, you may want your staff to spot that such a request, though perfectly proper, and one that might eventually have to be met, would be better going through the FOI practitioner and being treated, logged and monitored as a request for information under the FOIA.

Is there anything specific to libraries in all this? In practice, libraries are at the centre of the provision of information. You would hope that their staff would take the view that citizens are entitled to information, and that provision of information should be an efficiently managed and effective public service. What that might mean is that the library finds itself in the hot seat, as the purveyor of information to which other parts of the overall organisation or authority will turn. Don’t forget, also, that it is not just the information you hold in your collections, but your own administrative and corporate records, that might come under scrutiny.

I am aware that this short article will not resolve all your concerns about how to cope with the implementation of the FOIA. Your part of the public sector will have its own particular issues. So it may all sound a bit more speculative than you would like.

The best way to get organisations to act, is to persuade them that it is in their own best interests to do so. Obeying the law on FOI is important, and the Information Commissioner does have powers of enforcement. In reality, though, given the size of the task, these are going to be used sparingly, for the most extreme, blatant or high-profile cases. If the stick is not the best way to get compliance, what are the carrots?

Some to consider might be:

  • FOI requires a culture of openness but (think about Hutton) there may be other real advantages in having a culture of openness, both for your users and your staff.
  • Information is an asset and there are benefits — even potential extra revenues — in using and managing it properly.
  • A better informed and more involved public may lead to more consultative policy making, better informed decisions and more robust policy and operations.
  • If your authority doesn’t have proper records management arrangements then it is not going to be very efficient. There are real business benefits in good record keeping.

To sum up, these are the basics you should have in place to help implement FOI:

  • senior managers need to be aware and involved; this is a way of helping them to achieve that;
  • staff need to be properly trained, according to the demands that will be made on them;
  • everyone needs at least a basic awareness of what FOI is about;
  • the organisational culture needs to be on the side of disclosure and openness as far as possible.

If our organisations all meet at least these minimum requirements, we can be reasonably sure that the implementation of FOI in 2005 will not cause us any major problems.

If yours doesn’t, you may still get away with it. Do you want to take the risk?

Reference
1 Interview with Information Commissioner Richard Thomas. Library + Information Update, 2(5), May 2003. The Information Commissioner’s is an independent role, with responsibility for the implementation of the FOIA in England, Wales and Northern Ireland (there is a separate FOIA and Information Commissioner for Scotland).

Duncan Simpson is Honorary Senior Research Fellow, Constitution Unit, UCL.

 

Updated: 15 October 2004
Registered charity no. 313014
VAT Registration No GB 233 1573 87
© Copyright CILIP 2008
CILIP, 7 Ridgmount Street, London WC1E 7AE
Tel: +44 (0)20 7255 0500 Fax: +44 (0)20 7255 0501