Category: FOI

New Podcast: How to Succeed as an IG Leader 

Act Now is pleased to bring you episode 5 of the Guardians of Data podcast.  

In information governance, there is no substitute for learning from those who have walked the path before us. Experienced IG leaders bring a wealth of knowledge from years at the frontline of data protection and information rights – navigating challenges, overcoming obstacles and shaping best practice along the way.
By sharing their stories, lessons learned and practical advice, they help both new starters and seasoned professionals grow in confidence, strengthen their practice and prepare for the challenges of tomorrow. 

In this episode we are joined by Raz Edwards, Head of Data Security and Protection at Wolverhampton NHS Trust. Raz has over 17 years of experience as a Data Protection Officer, including more than a decade in the NHS. She is also Chair of the National Strategic Information Governance Network and serves as a member of the Upper Tribunal and First-Tier Tribunal in the Information Rights Jurisdiction. 

In our conversation, Raz shares her journey into Information Governance, the challenges she’s faced and overcome as an IG leader, her advice for both new starters and seasoned professionals and her perspective on the future of the profession.
She also reflects on what she’s learned through her tribunal role and what it takes to succeed as an IG leader. 

 Download and listen here, or on your preferred podcast app. Available on Apple Podcasts, Spotify, and all major podcast platforms. 

Previous episodes of the Guardians of Data podcast have featured Jon Baines, reflecting on his career as a Data Protection Specialist and the hot issues in information governance, Lynn Wyeth discussing the recent controversy around Grok AI, Maurice Frenkel looking back at 20 years of the Freedom of Information Act and Olu Odeniyi analysing recent cyber breaches and discussing the lessons to learn.

Join Our Team – Become an Act Now Trainer! 

We are Hiring – Become an Act Now Trainer! 

Are you an information governance expert with a passion for sharing your knowledge? Do you have experience delivering engaging training on GDPR, FOI, AI or Cyber Security? Do you want to help build a privacy-conscious world? If so, we want to hear from you! 

Why Act Now Training? 

Act Now Training is Europe’s leading provider of information governance training. For the past 24 years, we have been working with government organisations, multinational corporations, financial institutions, and corporate law firms. Our team of expert trainers delivers high-quality, practical courses that make complex topics easy to understand. 

With a comprehensive programme ranging from short webinars and one-day workshops to advanced practitioner certificate courses, we equip professionals with the knowledge and skills they need to navigate the evolving landscape of data protection and privacy. 

Our Mission 

At Act Now, we believe in building a privacy-conscious world. Our goal is to promote trust and respect for privacy, ensuring organisations embed data protection into their operations by default. We break down complex legal concepts, making education accessible and empowering professionals to become leaders in their field. By fostering a culture of responsible data usage, we help build public trust and drive positive change. 

Why Join Us? 

Due to increasing demand, we are expanding our team of expert trainers. With new courses launched in 2026, we are looking for talented trainers to deliver engaging, practical and jargon-free training. 

We offer opportunities for both full-time trainers and those looking to complement their existing roles. We are looking for passionate professionals who bring energy and innovation to their training sessions. 

What We Are Looking For: 

  • Experience of delivering GDPR, FOI, AI or Cyber Security training 
  • A passion for teaching and the ability to simplify complex concepts. 
  • A commitment to delivering interactive, engaging training (no “death by PowerPoint”!). 
  • Availability for two to ten training days per month  

We have opportunities to deliver a variety of courses, including our flagship GDPR Practitioner Certificate and our AI Governance Practitioner Certificate as well as customised in house training. 

Apply Now 

If you are ready to take the next step in your career and join a team dedicated to shaping the future of information governance, we’d love to hear from you! 

Email info@actnow.org.uk your CV, detailing your training and consultancy experience in GDPR, FOI, or Cyber Security. Closing date for applications is 5th May 2026. A full privacy policy is available on our website. 

Transparency and FOI: 20 Years On

Act Now is pleased to bring you episode 3 of the Guardians of Data podcast. This is a show where we explore the world of information law and information governance – from privacy and AI to cybersecurity and freedom of information.  

In the past few weeks, we have had a stark reminder of why transparency in public life is a democratic necessity. The US Government’s release of millions of documents linked to the Jeffrey Epstein investigation has triggered, amongst other things, the arrest of the King’s brother, the sacking and subsequent arrest of a former Government minister, political jeopardy for the Prime Minister and questions about the future of the British monarchy.  

In Episode 3, our guest is Maurice Frankel OBE, Director of the Campaign for Freedom of Information. We discuss the remarkable story behind the UK’s Freedom of Information Act. From his early work with the campaigner Des Wilson in the 1980s, to the later attacks launched to weaken FOI’s impact, Maurice shares insights on:

• Life before the Act and how public authorities’ culture has evolved

• The key battles to see the law passed and fully implemented

• Lessons from major disclosures, inquiries and data releases

• FOI shortcomings, from excessive public interest extensions to the need for proactive publication

• Emerging threats to transparency

Hear what still inspires one of the UK’s foremost transparency advocates and why FOI remains a vital tool for public accountability.

Listen via this link, or on your preferred podcast app. Available on Apple Podcasts, Spotify, and all major podcast platforms. 

Previous episodes of the Guardians of Data podcast have featured Jon Baines, talking about his career as a Data Protection specialist and the hot issues in information governance, and Lynn Wyeth discussing the recent controversy around Grok AI.  

Act Now Nominated for IRMS Supplier of the Year Award 

Act Now Training is pleased to announce that it has been nominated for the 2026 Information and Records Management Society (IRMS) awards. 

Each year the IRMS recognises excellence in the field of information management with their prestigious industry awards. These highly sought-after awards are presented at a glittering ceremony at the annual Conference following the Gala Dinner.  

Act Now has been nominated for the Supplier of the Year award which it previously won in 2021, 2022 and 2024. 

Voting is open to IRMS members until Wednesday 18th March 2026. 

If you are an IRMS member, you can login to your account and vote for Act Now here

Thank you for your support!

Listen to the Guardians of Data Podcast for the latest news and views on developments in GDPR, AI, cyber security and FOI

Survey of FOI Officers 

Dr Ben Worthy, an academic at Birkbeck College, is looking for Local Government FOI officers to complete another survey. 

The survey is part of a joint US/UK research project, funded by Democracy Fund, which started last year looking at FOI request burdens.  They want to follow up on the use of AI to help make FOI requests. 

The survey should take around 5-10 minutes to complete.  An anonymised summary of the findings will be sent to anyone who wishes to see it.  

You can read more about the project here. The survey can be accessed here.

Listen to the Guardians of Data Podcast for the latest news and views on data protection, cyber security, AI and freedom of information. 

Former Council Chief Executive Prosecuted under Section 77 FOI 

Section 77 of the Freedom of Information Act 2000 (FOI) makes it a criminal offence for a person to do anything with the intention of preventing the disclosure of information pursuant to an FOI request. The offence can be committed by any public authority and any person who is employed by, is an officer of, or is subject to the direction of a public authority. Regulation 19 of the Environmental Information Regulations 2004 creates an identical offence, albeit with slightly different provisions governing government departments. 

Last week the trial begun of the former Chief Executive of Mid and East Antrim Borough Council who has been charged with three offences relating to records kept by the council. Anne Donaghy faces three charges under section 77 FOI namely; altering a record to prevent disclosure, attempting to alter records, aiding and abetting the alteration of a record. Ms Donaghy denies the allegations and is contesting the charges. 

A BBC Spotlight programme previously reported that the charges were connected to alleged attempts to delete correspondence relating to the decision to withdraw council staff operating under the post-Brexit trade conditions known as the Northern Ireland Protocol. The staff, who were carrying out checks on goods arriving from Great Britain, were removed because of apparent threats from loyalist paramilitaries. 
It later emerged Ms Donaghy, who was chief executive at the time, had written to the Cabinet Office before the decision to remove staff was taken. She told the UK government graffiti had been directly targeting council staff working on checks. 
The then Agriculture Minister, Edwin Poots, subsequently withdrew inspectors performing the checks at ports in Northern Ireland. However, shortly after, all staff had returned to duties. The Police Service of Northern Ireland (PSNI) issued a threat assessment stating it had no information to support claims of loyalist paramilitaries threatening staff safety. 

Prosecutions under section 77 are extremely rare. The main reason for this is that there must be proof (‘beyond reasonable doubt’) of intent to destroy, conceal, deface etc. This may be difficult to do after the event.   

The only other section 77 prosecution was in March 2020. Nicola Young, a town clerk at Whitchurch Town Council, was fined £400 and ordered to pay £1,493 costs following a guilty plea. The facts of the case are that a person had made an FOI request to the Council for a copy of an audio recording of a council meeting. 
They believed that the written minutes of the meeting had been fabricated and so they wanted to listen to the recording of the meeting. Ms Young deliberately deleted the audio recording a few days later and then advised the requestor that the audio file had been deleted as part of the council’s destruction policy. 

This and other FOI developments will be discussed in our forthcoming FOI workshops . If you are looking for a qualification in freedom of information, our FOI Practitioner Certificate is ideal. 

ICO Enforcement Guidance Consultation Launched 

The Information Commissioner’s Office has launched a consultation on new guidance setting out how it approaches investigations and takes enforcement action. Among other things, the guidance explains:  

  • How the ICO decides whether to open an investigation and the other ways it may instead seek to resolve any concerns. 
  • What to expect from the ICO during an investigation. 
  • How it will use its information gathering powers, including new powers under the Data (Use and Access) Act 2025 to require people to answer questions and organisations to provide reports.  
  • How the ICO decides on the outcome of an investigation and use of its enforcement powers, such as warnings, reprimands, and enforcement and penalty notices. 
  • When it considers settlement with a reduced fine is appropriate and the process involved.  

The new guidance, once finalised, will sit alongside the ICO’s Data Protection Fining Guidance published last year. Together they will replace the statutory guidance currently set out in the Regulatory Action Policy.  

The Data (Use and Access) Act 2025 also includes provisions that will bring the ICO’s investigatory and enforcement powers under the Privacy and Electronic Communications Regulations 2003 (PECR) broadly into line with its powers under the data protection legislation.  While there remain some differences, the ICO proposes to generally take the same approach to the use of its powers in relation to PECR as set out in the draft guidance in relation to the data protection legislation.  

The consultation will run for 12 weeks until Friday 23 January 2026.   

Revised GDPR Handbook 

The data protection landscape continues to evolve. With the Data (Use and Access) Act 2025 now in force, practitioners need to ensure their materials reflect the latest changes to the UK GDPR, Data Protection Act 2018, and PECR. 

The newly updated UK GDPR Handbook (2nd edition) brings these developments together in one practical reference. It includes all amendments introduced by the DUA Act, with colour-coded changes for easy navigation and links to relevant recitals, ICO guidance, and caselaw that help make sense of the reforms in context. We have included relevant provisions of the amended DPA 2018 to support a deeper understanding of how the laws interact. Delegates on our future GDPR certificate courses will receive a complimentary copy of the UK GDPR Handbook as part of their course materials.  

If you are looking to implement the changes made by the DUA Act to the UK data protection regime, consider our very popular half day workshop.  

In case you missed it… 

In October, Capita was fined £14 million following a cyber-attack in March 2023 which saw hackers gain access to 6.6 million people’s personal data; from pension and staff records to the details of customers of organisations Capita supports. For some people, this included details of criminal records and financial data. This and other recent cyber-attacks has increased the importance of cyber security training. We have two workshops coming up (How to Increase Cyber Security in your Organisation and Cyber Security for DPOs) which are ideal for organisations who wish to up skill their employees about cyber security. See also our Managing Personal Data Breaches Workshop. 

Also in October, the BBC reported that Gregg Wallace, the former MasterChef presenter, has issued proceedings against the BBC and BBC Studios for failing to respond to his subject access requests (SAR) in accordance with the UK GDPR.  Wallace was sacked by the BBC in July following an inquiry into alleged misconduct. As the saying goes, “Revenge is a dish best served cold!” Any BBC Executives reading this (if you are not too busy at the moment), are advised to attend ourHow to Handle a Subject Access Request workshop. No doubt there will be a few more SARs to the BBC in the coming weeks… 

The Information Commissioner, John Edwards, recently gave evidence to the House of Commons  Science, Innovation and Technology Committee.   Mr Edwards faced some tough questions about his response to the Afghan data breach, in which a Ministry of Defence (MoD) official mistakenly emailed a spreadsheet containing personal details of over 18,000 Afghan nationals who had applied to move to the UK under the Afghan Relocations and Assistance Policy (ARAP). The breach was only discovered in August 2023, when excerpts of the data appeared on Facebook. By then, the damage was done. A new resettlement scheme for those on the leaked list was set up and has seen 4,500 Afghans arrive in the UK so far. The Afghan Relocation Route has cost £400m so far, and the Government has said it is expected to cost a further £450m.  This and other data protection developments will be discussed in detail on our forthcoming  GDPR Update  workshop 

Finally, there are only two FOI Practitioner Certificate courses left till Christmas! This foundation course is designed for those wishing to acquire detailed knowledge of the FOI and develop the practical skills to enable them to become a more effective FOI Officer.  The syllabus has been developed by FOI experts after analysing all the skills, knowledge and competencies required for the FOI Officer role. By the end of the course, you will be able to practically handle FOI requests, apply the exemptions and draft Refusal Notices. You will also be able to differentiate between FOI requests and requests under the Environmental Information Regulations. 

FOI Practitioner Certificate: Final Two Courses for 2025 

There are only two FOI Practitioner Certificate courses left till Christmas!  

This foundation course is designed for those wishing to acquire detailed knowledge of the FOI and develop the practical skills to enable them to become a more effective FOI Officer.  The syllabus has been developed by FOI experts after analysing all the skills, knowledge and competencies required for the FOI Officer role. By the end of the course, you will be able to practically handle FOI requests, apply the exemptions and draft Refusal Notices. You will also be able to differentiate between FOI requests and requests under the Environmental Information Regulations. 

The course takes place over four days followed by an assessment. Our teaching style is based on practical and engaging workshops covering the theory alongside hands-on application using real life case studies and exercises. Personal tutor support throughout the course, detailed course materials and a comprehensive online resource lab, ensure the best opportunity for success. 

The FOI Learning Pathway  

The updated FOI Practitioner Certificate is part of our learning pathway for FOI Officers. Once completed they can move on to the Intermediate FOI Certificate. This strengthens the foundations established by the FOI Practitioner Certificate. Topics include interpreting information requests, navigating data repositories for relevant information, handling vexatious requests and applying the exemptions. Time will also be spent discussing the historical development and transformative impact of FOI on transparency, accountability and citizen empowerment. International comparisons with the FOI Act will broaden delegates’ perspectives, while critically evaluating its impact and effectiveness will assist them to appreciate the importance of transparency and accountability. By the end of the course, delegates will gain skills in, amongst other things, effectively interpreting information requests, assessing their scope, retrieving relevant information, overcoming challenges in organisational compliance, applying exemptions and crafting clear Refusal Notices.   
 
If you would like a chat to discuss your suitability for any of our certificate courses, please get in touch. 

Our 23rd Birthday! Celebrate with Us and Save on Training  

This month marks 23 years of Act Now Training. We delivered our first course in 2003 (on the Data Protection Act 1998!) at the National Railway Museum in York. Fast forward to today, and we deliver over 300 training days a year on AI, GDPR, records management, surveillance law and cyber security; supporting delegates across multiple jurisdictions including the Middle East.  

Our success comes from more than just longevity; we are trusted by clients across every sector, giving us a unique insight into the real-world challenges of information governance. That’s why our education-first approach focuses on practical skills, measurable impact, and lasting value for your organisation. 

Anniversary Offer: To celebrate, we are giving you a £50 discount on any one-day workshop, if you book by 30th September 2025. Choose from our most popular sessions like GDPR and FOI A to Z, or explore new topics like AI and Information Governance and the Risk Managment in IG

Simply quote “23rd Anniversary” on your booking form to claim your discount.

Health Sector Data Protection Expert Joins the Act Now Team 

Act Now is delighted to welcome Raz Edwards, a leading expert in health sector information governance, to our team of associates. 

Raz brings over 17 years of experience as a Data Protection Officer, including more than a decade within the NHS. She currently serves as a DPO at a large NHS trust supporting acute, community, and primary care services, as well as research. Before joining the NHS, she spent six years as a Data Protection Officer in local government. 

She is the current Chair of the National Strategic Information Governance Network (SIGN), which brings together 24 regional networks across England and Wales, and also chairs the West Midlands SIGN. Her expertise has been further recognised through her appointment as a member of the Upper Tribunal (Administrative Appeals Chamber, Information Rights Jurisdiction) and the First-tier Tribunal (General Regulatory Chamber, Information Rights Jurisdiction). 

Raz holds master’s degrees in computer science, law, and leadership and is a certified data ethics professional. At Act Now, Raz will be developing new courses in her specialist areas, serving on our curriculum and exam board, and supporting the delivery of training ranging from one-day workshops to advanced practitioner certificate courses. 

Raz joins is the second expert from the Midlands to join our team this year. Dr. Malkiat Thiarai joined us in August.