Category: FOI

ICO Enforcement Guidance Consultation Launched 

The Information Commissioner’s Office has launched a consultation on new guidance setting out how it approaches investigations and takes enforcement action. Among other things, the guidance explains:  

  • How the ICO decides whether to open an investigation and the other ways it may instead seek to resolve any concerns. 
  • What to expect from the ICO during an investigation. 
  • How it will use its information gathering powers, including new powers under the Data (Use and Access) Act 2025 to require people to answer questions and organisations to provide reports.  
  • How the ICO decides on the outcome of an investigation and use of its enforcement powers, such as warnings, reprimands, and enforcement and penalty notices. 
  • When it considers settlement with a reduced fine is appropriate and the process involved.  

The new guidance, once finalised, will sit alongside the ICO’s Data Protection Fining Guidance published last year. Together they will replace the statutory guidance currently set out in the Regulatory Action Policy.  

The Data (Use and Access) Act 2025 also includes provisions that will bring the ICO’s investigatory and enforcement powers under the Privacy and Electronic Communications Regulations 2003 (PECR) broadly into line with its powers under the data protection legislation.  While there remain some differences, the ICO proposes to generally take the same approach to the use of its powers in relation to PECR as set out in the draft guidance in relation to the data protection legislation.  

The consultation will run for 12 weeks until Friday 23 January 2026.   

Revised GDPR Handbook 

The data protection landscape continues to evolve. With the Data (Use and Access) Act 2025 now in force, practitioners need to ensure their materials reflect the latest changes to the UK GDPR, Data Protection Act 2018, and PECR. 

The newly updated UK GDPR Handbook (2nd edition) brings these developments together in one practical reference. It includes all amendments introduced by the DUA Act, with colour-coded changes for easy navigation and links to relevant recitals, ICO guidance, and caselaw that help make sense of the reforms in context. We have included relevant provisions of the amended DPA 2018 to support a deeper understanding of how the laws interact. Delegates on our future GDPR certificate courses will receive a complimentary copy of the UK GDPR Handbook as part of their course materials.  

If you are looking to implement the changes made by the DUA Act to the UK data protection regime, consider our very popular half day workshop.  

In case you missed it… 

In October, Capita was fined £14 million following a cyber-attack in March 2023 which saw hackers gain access to 6.6 million people’s personal data; from pension and staff records to the details of customers of organisations Capita supports. For some people, this included details of criminal records and financial data. This and other recent cyber-attacks has increased the importance of cyber security training. We have two workshops coming up (How to Increase Cyber Security in your Organisation and Cyber Security for DPOs) which are ideal for organisations who wish to up skill their employees about cyber security. See also our Managing Personal Data Breaches Workshop. 

Also in October, the BBC reported that Gregg Wallace, the former MasterChef presenter, has issued proceedings against the BBC and BBC Studios for failing to respond to his subject access requests (SAR) in accordance with the UK GDPR.  Wallace was sacked by the BBC in July following an inquiry into alleged misconduct. As the saying goes, “Revenge is a dish best served cold!” Any BBC Executives reading this (if you are not too busy at the moment), are advised to attend ourHow to Handle a Subject Access Request workshop. No doubt there will be a few more SARs to the BBC in the coming weeks… 

The Information Commissioner, John Edwards, recently gave evidence to the House of Commons  Science, Innovation and Technology Committee.   Mr Edwards faced some tough questions about his response to the Afghan data breach, in which a Ministry of Defence (MoD) official mistakenly emailed a spreadsheet containing personal details of over 18,000 Afghan nationals who had applied to move to the UK under the Afghan Relocations and Assistance Policy (ARAP). The breach was only discovered in August 2023, when excerpts of the data appeared on Facebook. By then, the damage was done. A new resettlement scheme for those on the leaked list was set up and has seen 4,500 Afghans arrive in the UK so far. The Afghan Relocation Route has cost £400m so far, and the Government has said it is expected to cost a further £450m.  This and other data protection developments will be discussed in detail on our forthcoming  GDPR Update  workshop 

Finally, there are only two FOI Practitioner Certificate courses left till Christmas! This foundation course is designed for those wishing to acquire detailed knowledge of the FOI and develop the practical skills to enable them to become a more effective FOI Officer.  The syllabus has been developed by FOI experts after analysing all the skills, knowledge and competencies required for the FOI Officer role. By the end of the course, you will be able to practically handle FOI requests, apply the exemptions and draft Refusal Notices. You will also be able to differentiate between FOI requests and requests under the Environmental Information Regulations. 

FOI Practitioner Certificate: Final Two Courses for 2025 

There are only two FOI Practitioner Certificate courses left till Christmas!  

This foundation course is designed for those wishing to acquire detailed knowledge of the FOI and develop the practical skills to enable them to become a more effective FOI Officer.  The syllabus has been developed by FOI experts after analysing all the skills, knowledge and competencies required for the FOI Officer role. By the end of the course, you will be able to practically handle FOI requests, apply the exemptions and draft Refusal Notices. You will also be able to differentiate between FOI requests and requests under the Environmental Information Regulations. 

The course takes place over four days followed by an assessment. Our teaching style is based on practical and engaging workshops covering the theory alongside hands-on application using real life case studies and exercises. Personal tutor support throughout the course, detailed course materials and a comprehensive online resource lab, ensure the best opportunity for success. 

The FOI Learning Pathway  

The updated FOI Practitioner Certificate is part of our learning pathway for FOI Officers. Once completed they can move on to the Intermediate FOI Certificate. This strengthens the foundations established by the FOI Practitioner Certificate. Topics include interpreting information requests, navigating data repositories for relevant information, handling vexatious requests and applying the exemptions. Time will also be spent discussing the historical development and transformative impact of FOI on transparency, accountability and citizen empowerment. International comparisons with the FOI Act will broaden delegates’ perspectives, while critically evaluating its impact and effectiveness will assist them to appreciate the importance of transparency and accountability. By the end of the course, delegates will gain skills in, amongst other things, effectively interpreting information requests, assessing their scope, retrieving relevant information, overcoming challenges in organisational compliance, applying exemptions and crafting clear Refusal Notices.   
 
If you would like a chat to discuss your suitability for any of our certificate courses, please get in touch. 

Our 23rd Birthday! Celebrate with Us and Save on Training  

This month marks 23 years of Act Now Training. We delivered our first course in 2003 (on the Data Protection Act 1998!) at the National Railway Museum in York. Fast forward to today, and we deliver over 300 training days a year on AI, GDPR, records management, surveillance law and cyber security; supporting delegates across multiple jurisdictions including the Middle East.  

Our success comes from more than just longevity; we are trusted by clients across every sector, giving us a unique insight into the real-world challenges of information governance. That’s why our education-first approach focuses on practical skills, measurable impact, and lasting value for your organisation. 

Anniversary Offer: To celebrate, we are giving you a £50 discount on any one-day workshop, if you book by 30th September 2025. Choose from our most popular sessions like GDPR and FOI A to Z, or explore new topics like AI and Information Governance and the Risk Managment in IG

Simply quote “23rd Anniversary” on your booking form to claim your discount.

Health Sector Data Protection Expert Joins the Act Now Team 

Act Now is delighted to welcome Raz Edwards, a leading expert in health sector information governance, to our team of associates. 

Raz brings over 17 years of experience as a Data Protection Officer, including more than a decade within the NHS. She currently serves as a DPO at a large NHS trust supporting acute, community, and primary care services, as well as research. Before joining the NHS, she spent six years as a Data Protection Officer in local government. 

She is the current Chair of the National Strategic Information Governance Network (SIGN), which brings together 24 regional networks across England and Wales, and also chairs the West Midlands SIGN. Her expertise has been further recognised through her appointment as a member of the Upper Tribunal (Administrative Appeals Chamber, Information Rights Jurisdiction) and the First-tier Tribunal (General Regulatory Chamber, Information Rights Jurisdiction). 

Raz holds master’s degrees in computer science, law, and leadership and is a certified data ethics professional. At Act Now, Raz will be developing new courses in her specialist areas, serving on our curriculum and exam board, and supporting the delivery of training ranging from one-day workshops to advanced practitioner certificate courses. 

Raz joins is the second expert from the Midlands to join our team this year. Dr. Malkiat Thiarai joined us in August.

The Freedom of Information Reform (Scotland) Bill  

The Scottish Government has always been more willing to extend the scope of FOI legislation than its counterpart in London. Back in 2014, it extended the application of  the Freedom of Information (Scotland) Act 2002 (FOISA) to organisations created by councils to deliver leisure and sporting facilities and in 2019 to registered social landlords. 

More recently though, the Scottish Government has been criticised for refusing to accept suggestions to extend the FOI regime to all bodies providing public services, including social care providers, following a consultation. Opposition MSPs described the decision as “utterly undemocratic” and accused ministers of secrecy.
The Scottish Information Commissioner has also called for reform.  

On 2nd June 2025 MSP, Katy Clark, laid a Private Member’s Bill in the Scottish Parliament which, alongside extending the scope of FOISA, contains a number of provisions to refresh and update the legislation. These are explained in full here

We list below the provisions of the Bill which caught our eye:  

Section 1 – General entitlement 
Introduces a presumption in favour of disclosure when public authorities are considering whether an exemption applies. This would apply to all exemptions, apart from the small number of “absolute” exemptions. 

Section 3 – Publicly-owned companies 
Addresses an anomaly in FOISA to ensure that companies which are jointly and wholly owned by the Scottish Ministers and another public authority are covered. 
 
Section 7 – Time for compliance 
Amends FOISA so that the 20 working day response time is paused, rather than reset, when clarification is requested and received.  It also removes the time extension which is currently available to grant-aided and independent special schools during holiday periods. 

Section 12 – Enforcement Notices 
Gives the Commissioner the power to issue enforcement notices in relation to failures to comply with the FOISAs codes of practice. 

Section 13 – Ministerial Veto 
Removes the First Minister’s power to veto decisions of the Scottish Information Commissioner in some circumstances. 

Section 15 – Proactive publication duty and publication code 
Reforms the FOISA approach to proactive publication, requiring that an authority proactively publishes up-to-date information relating to its functions in an accessible way. Section 15 also gives the Commissioner the power to issue a publication code of practice, and requires that public authorities comply with that code. 

Section 16 – Freedom of Information Officer 
Creates a statutory requirement to appoint an FOI Officer within public authorities. He/she would be responsible for ensuring the fulfilment of a number of duties, including staff training, advising on compliance with FOISA and the codes of practice, and reporting to senior management. 

Section 18 – Offence Amendment 
Enables prosecutions to be taken forward in circumstances where information has been destroyed to prevent disclosure under FOISA, without requiring that an information request for the information has been made.   

Section 19 – Time limit for proceedings 
Changes the time limit for bringing a prosecution for the deliberate destruction or concealment of records to three years from the beginning of a criminal investigation, rather than three years from the date of the offence. 

The Bill contain some interesting proposals (e.g. introducing the FOI Officer and new time limits) but it will be interesting to see if, as a Private Member’s Bill, it makes it on to the statute books.  

The Scottish Information Commissioner, David Hamilton, has welcomed the Bill, noting that “after twenty years, it’s undoubtedly time for a refresh… by taking action to protect and update FOISA now, we can ensure that our vital right to hold public bodies to account remains fit-for-purpose for the future”.  

Are you looking to develop your FOISA skills? The Act Now Practitioner Certificate in Freedom of Information (Scotland) is designed for FOI practitioners wishing to demonstrate that they have the knowledge and skills to handle FOISA requests and implement related information access legislation in Scotland.  

Responding to Format Requests Under FOI 

How does a public authority deal with an FOI request where the applicant requests information in a format in which it is not readily available? Section 11 of the Freedom of Information Act 2000 states: 

“(1) Where, on making his request for information, the applicant expresses a preference for communication by any one or more of the following means, namely— 

(a)the provision to the applicant of a copy of the information in permanent form or in another form acceptable to the applicant, 

(b)the provision to the applicant of a reasonable opportunity to inspect a record containing the information, and 

(c)the provision to the applicant of a digest or summary of the information in permanent form or in another form acceptable to the applicant, 

the public authority shall so far as reasonably practicable give effect to that preference.” 

“(2) In determining for the purposes of this section whether it is reasonably practicable to communicate information by particular means, the public authority may have regard to all the circumstances, including the cost of doing so.” 

A recent appeal decision of the Upper Tribunal sheds light on the meaning of “reasonably practicable” under section 11 and in particular whether it requires information to be disclosed in the requested format up to the point where it is no longer practicable. 

In Walawalkar v (1) Information Commissioner; (2) Maritime and Coastguard Agency [2025] UKUT 105 (AAC), Mr Walawalkar made an FOI request, on behalf Liberty Investigates, for information to the Maritime and Coastguard Agency (MCA) in the following words: 

“Please can you provide me the following under the FOI Act: 

[1] A copy of the recorded audio of all calls between people at sea in the English Channel and HM Coastguard between 00:01am on 15 November 2021 and 23:59pm on 22 November 2021…Please provide as many of these recordings as is retrievable within the cost limit. 

[2] If retrievable within the cost limit, for each audio recording disclosed in response to point 1 – please specify which HM Coastguard control room handled the distress call (eg Dover Maritime Rescue Coordination Centre). 

[3] If retrievable within the cost limit, please also provide a transcript of audio recording of all calls requested in point 1. 

[4] For each call requested in point 1, please provide the HMCG GIN incident number it relates to.” 

The MCA held 55 such recordings. It estimated that transcribing them would require more than 41 hours of staff time which was not reasonably practicable. Mr Walawalkar argued that section 11 involved a ‘sliding scale’ test of providing transcripts of at least some of the information requested up to the point that it was no longer reasonably practicable for the MCA to do so.  

The Tribunal rejected Mr Walawalkar’s argument. It ruled that section 11(1) involves an ‘all or nothing’ test which involves asking if it was reasonably practicable for the MCA to provide all of the information in the preferred means (i.e. transcripts of all the audio calls falling within the request). The Tribunal agreed with the ICO which had applied an ‘all or nothing’ approach and so had the FTT. 

Judge Wright explained: 

“The ICO referred in argument to “the information” being a unitary concept throughout FOIA. I think this is a helpful perspective.  The point may be tested by considering the application of section 12 of FOIA and its costs cap. Assuming the information would otherwise be disclosable under section 1 of FOIA, section 12 of FOIA only makes sense, in terms of calibrating the cost of complying with the request for information, if the section 12 estimate is based on the cost of providing all the information requested. Were it otherwise and section 12 involved a sliding scale of compliance, estimating the cost of complying on the basis of as much of the requested information up to the “appropriate limit”, section 12 would have no useful application as it would always oblige a public authority to comply with the request in respect of as much of the information requested up to the appropriate limit. That is not a tenable reading of section 12. It has no ‘sliding scale’ language within it. Moreover, on the face of it Parliament plainly intended that section 12 would apply so as to allow a public authority to refuse the request if complying with it exceeded the appropriate limit. A sliding scale (that is, as much of the requested information as is within the appropriate limit), is not consonant with that statutory intention.  The costs estimate in section 12 is about complying with “the request” and that is a request for (all) the information of the description specified in the request.” 

The ruling also restated the accepted principle that format requests should only be considered if and when no exemption from disclosure applies to the requested information. In addition, it rejected an argument that the format request is relevant to whether information is held for the purposes of section 1 of FOI. The latter is a logically prior and separate issue under FOI. 

Are you looking to acquire detailed knowledge of the FOI and develop the practical skills to enable you to become a more effective FOI Officer? 

OurFOI Practitioner Certificate has been developed by FOI experts after analysing all the skills, knowledge and competencies required for the FOI Officer role. By the end of the course, you will be able to practically handle FOI requests, apply the exemptions and draft Refusal Notices. You will also be able to differentiate between FOI requests and requests under the Environmental Information Regulations. 

Supporting Careers in Data Protection Through Apprenticeships 

In today’s digital landscape, data protection and information governance have become critical risk areas for organisations across all sectors. With increasing regulatory demands and evolving threats, the need for skilled professionals in this field has never been greater. Recognising this growing skills gap, Damar Training, with the support of Act Now Training,  launched its innovative Data Protection and Information Governance Apprenticeship programme in late 2022, quickly establishing itself as the leading provider in England.

The programme was developed through extensive consultation with employers, including members of the apprenticeship Trailblazer Group, to ensure it would be commercially attractive, impactful, and of the highest quality. This collaborative approach has led to excellent engagement from employers and individuals, with 243 apprentices starting the programme to date, making Damar the largest provider of this apprenticeship standard in England.

A Flexible, Comprehensive Learning Journey

What sets Damar’s apprenticeship apart is its thoughtfully designed modular structure, with carefully sequenced six-week blocks of learning that cater to diverse learning styles and organisational needs. The gradual layering of technical content and learning activity, designed with the assistance of Act Now Training, ensure that apprentices from both public and private sectors receive an outstanding foundation in the knowledge, skills, and behaviours required for success in data protection roles.

The delivery model combines self-directed learning through engaging online resources with regular one-to-one coaching visits and group coaching sessions.
Extended technical workshops (underpinned by Act Now’s expertise) and quarterly review meetings provide additional support, while dedicated forums allow apprentices to stay updated with the latest developments, engage with peers, and consult with coaches.

This comprehensive approach has yielded impressive results. With a retention rate of 68%, an achievement rate of 65%, and an EPA pass rate of 95% – all above national averages – the programme demonstrates exceptional quality, particularly remarkable for a relatively new offering.

Industry-Leading Expertise

A key strength of Damar’s apprenticeship is its partnership with Act Now, an
award-winning data protection consultancy. This collaboration ensures that the programme’s content remains at the cutting edge of industry developments, including emerging areas such as Artificial Intelligence regulation.

Sarah Murray, Data Protection Officer at ClearData, highlights this benefit: 

“One of the particular stand-outs for me is the workshops. With the content supported by
Act Now, who have such a good reputation in this field, the workshops really put all of the theory into real-life practice.”

Real-World Impact for Employers and Apprentices

The programme serves some of the UK’s major employers, including Heathrow Airport, National Express, the BBC, Auto Trader, Betfred, and Dunelm, alongside various NHS Trusts, universities, government departments, and local councils.

For apprentices, the transformation goes beyond technical knowledge. Many begin with only basic data protection skills and limited confidence. Through the programme, they develop not only technical expertise but also a deeper understanding of the “why” behind data protection practices and the confidence to advise others with authority.

This growth translates into tangible career progression, with 99% of apprentices experiencing positive outcomes – 53% remaining in their current roles with enhanced skills, 18% securing permanent positions, and 28% gaining promotions or additional responsibilities. Some have even become data protection officers with overall responsibility for their organisation’s data protection function.

Employers benefit from immediate practical impacts. Apprentices have improved information assurance audits at Lincoln University, created artificial intelligence policies for Norfolk and Waveney Integrated Care Board, and developed triage request processes for data protection requirements at The Christie NHS Foundation Trust.

Stacey Lawrence, Data Protection Manager at Manchester Airport, emphasises this value: 

“The impact that both apprentices have brought to Manchester Airport has been huge. They work on the front line, to manage all enquiries, data protection breaches, and individual rights requests, and without them we simply wouldn’t be able to do the really sterling work that we do every day.”

A Future-Focused Approach

Damar continues to evolve the programme based on feedback from coaches, apprentices, and employers. Recent improvements include enhanced EPA preparation sessions, now embedded into group coaching. The company maintains close ties with the trailblazer group and leverages Act Now’s expertise to stay ahead of legislative developments.

With another 22 apprentices due to commence in April, the programme’s growth trajectory remains strong. Many employers, including Manchester Airport Group and Nottingham University Hospitals, are returning for their second or third data protection apprentice – perhaps the strongest testament to the programme’s value.

For organisations seeking to strengthen their data protection capabilities and individuals looking to build rewarding careers in this critical field, Damar Training’s Data Protection and Information Governance Apprenticeship offers a proven pathway to success.

If you would like to learn more about the DP and IG  Apprenticeship, please get in touch

Survey of Local Government FOI Officers 

Dr Ben Worthy, an academic at Birkbeck College, is looking for FOI officers in local government to complete a survey. 

The survey is part of a joint US/UK research project looking at FOI request burdens, funded by Democracy Fund. They want to know more about requests and burdens on authorities, as well as possible changes such as the use of AI to help make requests.  

The survey should take around 5-10 minutes to complete.  An anonymised summary of the findings will be sent to anyone who wishes to see it.  

You can read more about the project here. The survey can be accessed here.

When is Information “Held” under FOI? 

The Freedom of Information Act 2000 (FOI) applies not only to information held by a public authority but also to information held by another person on behalf of the authority (section 3(2)(b)). This includes situations where a third party creates or uses information as part of the provision of a service to a public authority.
However, determining whether such information is held on behalf of the authority is not always straightforward. Relevant factors include: 

  • The nature of the relationship between the parties 
  • The contractual terms 
  • The degree of connection between the information held by the third party and the functions of the public authority 
  • Whether the public authority has routine access to the information 

When a public authority shares information and gives instructions to a solicitors firm, the solicitors may hold information on behalf of the authority, as long as it is not held for their own purposes (e.g. to comply with regulatory requirements or to defend against negligence claims). This is a question of fact depending on the circumstances of each individual case.  

In Francis vs Information Commissioner and South Essex Partnership NHS Foundation Trust, EA/2007/0091 (21 July 2008) the applicant requested information from an NHS Trust about the death of her son, including papers held by the solicitors who represented the Trust at the inquest. The Tribunal noted that some disputed papers were annotated, suggesting they might be the solicitors’ working papers. However, it concluded that the annotations were likely present before the documents were passed to the solicitors. Therefore, the papers were held on behalf of the Trust, and the Tribunal ordered their disclosure. 

However in the more recent case of Robert Angus Hill v  Information Commissioner and Sheffield City Council, FT/EA/2024/0163 (4 February 2025), the Tribunal ruled that information held by a solicitors firm was not held for the purposes of FOI. In this case, Sheffield City Council received an FOI request relating to legal advice about a property development. In accordance with its retention policy, the Council had deleted its records but 28 boxes of files were held by their external lawyers. The Council refused the FOI request on the basis that visiting the solicitors offices to access and review the information would exceed the FOI cost limit. However, the Tribunal chose to go back to first principles and ask whether the information was even held for the purposes of FOI. It concluded that it was not; noting that the Council had no intention of retaining the information or entrusting it to the solicitors firm for safekeeping. 

The Tribunal stated (paragraph 17): 

“The position of the firms of solicitors is straightforward. The firms have their own retention periods for information, determined by risk management concerning potential claims against the firm. As long as they hold the information, they have obligations, notably a duty of confidentiality to the client. However, these are the firm’s records; duties are owed to the former client, but the records do not belong to the client and are not held on behalf of the client.” 

These cases highlight the importance for FOI practitioners asking whether the information is held on behalf of the authority when dealing with FOI requests for information held by third parties. 

Enjoy reading this blog? Help us reach 10,000 subscribers by subscribing today. 

Have you completed our FOI Practitioner Certificate? Are you seeking a higher level qualification? Our FOI Intermediate Certificate strengthens the foundations established by our FOI Practitioner Certificate. It will help you become an adept FOI practitioner by delving deeper into the intricacies of the FOIA, equipping you with the skills and confidence to navigate its complexities. 

What Has the Freedom of Information Act Ever Done for Us? 

1st January 2025 marked the 20th anniversary of the Freedom of Information (FOI) Act 2000 coming into force. FOI advocates argue that the Act has transformed the landscape of public information access, empowering citizens, journalists, and organisations to hold public bodies more accountable while fostering a culture of openness. However, some critics consider it a “snooper’s charter” that has impeded government efficiency. Tony Blair, whose government enacted FOI, expressed regret in his memoirs: 

“Freedom of Information. Three harmless words. I look at those words as I write them, and feel like shaking my head till it drops off my shoulders. You idiot. You naive, foolish, irresponsible nincompoop. There is really no description of stupidity, no matter how vivid, that is adequate. I quake at the imbecility of it.” 

With these differing views in mind, let’s take a closer look at some of the FOI Act’s achievements.  

Greater Transparency 

One of the most significant achievements of the FOI Act is its enhancement of transparency in government operations. By granting individuals the right to request information from public authorities, the Act has helped lift the veil on many aspects of governmental and institutional processes. This increased transparency has led to greater scrutiny of decision-making, financial management, and policy implementation. 

A notable example of this was the 2009 MPs’ expenses scandal. FOI requests exposed widespread misuse of public funds by Members of Parliament, leading to resignations, repayments, and reforms in the parliamentary expenses system. Such revelations underscore how the FOI Act has empowered citizens to hold public officials accountable. 

Empowering Citizens and Strengthening Democracy 

The FOI Act has also played a pivotal role in empowering citizens. By democratising access to information, it allows anyone to request details from public bodies without needing to justify their reasons. This access enables citizens to engage more effectively in public debates and advocacy efforts, armed with facts and data obtained through FOI requests. 

One example of this empowerment was seen in 2013 when FOI requests helped expose racial disparities in police stop and search practices. This revelation sparked widespread public concern and contributed to reforms in policing policies.
Similarly, FOI requests uncovered the disproportionate closure of public libraries in deprived areas, prompting national discussions on equitable access to public services. 

Accountability Through Public Scrutiny 

Accountability is a cornerstone of good governance, and the FOI Act has played an instrumental role in ensuring that public officials and institutions are answerable to the people they serve. Numerous FOI disclosures have led to public outcry and prompted subsequent reforms.  

For example, in 2006, widespread concern about knife crime, fuelled by several
high-profile cases, led to a highly publicised knife amnesty by the police.
Tens of thousands of knives were handed in. However, an FOI request later revealed that a statistical evaluation of the amnesty in London found that, just weeks after the operation, knife crime rates were back to pre-amnesty levels. This disclosure, which might otherwise have been suppressed, demonstrated how FOI can provide vital, often inconvenient, truths that drive public policy. 

Promoting Ethical Conduct and Integrity 

The FOI Act has not only exposed wrongdoing but also served as a deterrent against unethical behaviour. Public officials are more likely to act with integrity, knowing that their actions could be subject to public scrutiny. 

In 2021, a BBC Panorama investigation revealed serious patient safety issues buried in confidential hospital reports. FOI requests led to the discovery of 111 reports, authored by medical royal colleges, which NHS trusts were legally obligated to share. Of those, only 26 were published, and 80 had not been shared with regulators at all. The resulting public outcry prompted greater attention to transparency within the NHS. 

Challenges and the Road Ahead 

Despite its successes, the FOI Act has faced several challenges, and notable gaps in the framework still need to be addressed. Currently, it does not extend to private entities performing public functions or receiving substantial public funding. Surprisingly, the Labour General Election manifesto made no reference to FOI despite the Party arguing for many years that private contractors delivering public services should be subject to FOI.  This leaves a significant transparency gap, where key information remains inaccessible. Expanding the scope of the FOI to include these entities would help ensure that transparency and accountability are maintained across all sectors receiving public money. 

Another challenge is the slow or inadequate response to FOI requests by some public authorities. While the Information Commissioner has taken action in recent years to hold public bodies accountable for FOI failures, from police forces to local councils and government departments, response times can still be unacceptably long. 

Although FOI contains exemptions to protect sensitive information, there are instances where these exemptions are applied excessively or inappropriately, leading to the withholding of information that could otherwise be disclosed. This undermines the spirit of the Act and hampers transparency. (See the recent article in the Guardian “Dubious’ use of the Freedom of Information Act stopping access to files on Prince Andrew, researchers say”). In 2021 current and former editors of Britain’s leading newspapers expressed concern over the government’s handling of FOI requests. 
In an open letter, they called for an investigation into a Cabinet Office unit – the Clearing House – which is alleged to have profiled journalists and blocked FOI requests.  

As we celebrate the 20th anniversary of the Freedom of Information Act, it is clear that the Act has been a game-changer for transparency, accountability, and democratic engagement in the UK. While there have been notable achievements, the journey is far from complete. To maximise its potential, the FOI Act should be strengthened in key areas, including expanding its coverage and ensuring that public authorities are adequately resourced to handle requests in a timely and efficient manner. The next 20 years will be critical in determining whether the FOI can continue to serve its intended purpose: fostering an informed, engaged, and accountable public. 

Enjoy reading our blog? Help us reach 10,000 subscribers by subscribing today!

Are you an experienced FOI officer wishing to advance your career in 2025. Our FOI Intermediate Certificate strengthens the foundations established by our FOI Practitioner Certificate. It will help you become an adept FOI practitioner by delving deeper into the intricacies of the FOIA, equipping you with the skills and confidence to navigate its complexities.