Tag: FOI

Supporting Careers in Data Protection Through Apprenticeships 

In today’s digital landscape, data protection and information governance have become critical risk areas for organisations across all sectors. With increasing regulatory demands and evolving threats, the need for skilled professionals in this field has never been greater. Recognising this growing skills gap, Damar Training, with the support of Act Now Training,  launched its innovative Data Protection and Information Governance Apprenticeship programme in late 2022, quickly establishing itself as the leading provider in England.

The programme was developed through extensive consultation with employers, including members of the apprenticeship Trailblazer Group, to ensure it would be commercially attractive, impactful, and of the highest quality. This collaborative approach has led to excellent engagement from employers and individuals, with 243 apprentices starting the programme to date, making Damar the largest provider of this apprenticeship standard in England.

A Flexible, Comprehensive Learning Journey

What sets Damar’s apprenticeship apart is its thoughtfully designed modular structure, with carefully sequenced six-week blocks of learning that cater to diverse learning styles and organisational needs. The gradual layering of technical content and learning activity, designed with the assistance of Act Now Training, ensure that apprentices from both public and private sectors receive an outstanding foundation in the knowledge, skills, and behaviours required for success in data protection roles.

The delivery model combines self-directed learning through engaging online resources with regular one-to-one coaching visits and group coaching sessions.
Extended technical workshops (underpinned by Act Now’s expertise) and quarterly review meetings provide additional support, while dedicated forums allow apprentices to stay updated with the latest developments, engage with peers, and consult with coaches.

This comprehensive approach has yielded impressive results. With a retention rate of 68%, an achievement rate of 65%, and an EPA pass rate of 95% – all above national averages – the programme demonstrates exceptional quality, particularly remarkable for a relatively new offering.

Industry-Leading Expertise

A key strength of Damar’s apprenticeship is its partnership with Act Now, an
award-winning data protection consultancy. This collaboration ensures that the programme’s content remains at the cutting edge of industry developments, including emerging areas such as Artificial Intelligence regulation.

Sarah Murray, Data Protection Officer at ClearData, highlights this benefit: 

“One of the particular stand-outs for me is the workshops. With the content supported by
Act Now, who have such a good reputation in this field, the workshops really put all of the theory into real-life practice.”

Real-World Impact for Employers and Apprentices

The programme serves some of the UK’s major employers, including Heathrow Airport, National Express, the BBC, Auto Trader, Betfred, and Dunelm, alongside various NHS Trusts, universities, government departments, and local councils.

For apprentices, the transformation goes beyond technical knowledge. Many begin with only basic data protection skills and limited confidence. Through the programme, they develop not only technical expertise but also a deeper understanding of the “why” behind data protection practices and the confidence to advise others with authority.

This growth translates into tangible career progression, with 99% of apprentices experiencing positive outcomes – 53% remaining in their current roles with enhanced skills, 18% securing permanent positions, and 28% gaining promotions or additional responsibilities. Some have even become data protection officers with overall responsibility for their organisation’s data protection function.

Employers benefit from immediate practical impacts. Apprentices have improved information assurance audits at Lincoln University, created artificial intelligence policies for Norfolk and Waveney Integrated Care Board, and developed triage request processes for data protection requirements at The Christie NHS Foundation Trust.

Stacey Lawrence, Data Protection Manager at Manchester Airport, emphasises this value: 

“The impact that both apprentices have brought to Manchester Airport has been huge. They work on the front line, to manage all enquiries, data protection breaches, and individual rights requests, and without them we simply wouldn’t be able to do the really sterling work that we do every day.”

A Future-Focused Approach

Damar continues to evolve the programme based on feedback from coaches, apprentices, and employers. Recent improvements include enhanced EPA preparation sessions, now embedded into group coaching. The company maintains close ties with the trailblazer group and leverages Act Now’s expertise to stay ahead of legislative developments.

With another 22 apprentices due to commence in April, the programme’s growth trajectory remains strong. Many employers, including Manchester Airport Group and Nottingham University Hospitals, are returning for their second or third data protection apprentice – perhaps the strongest testament to the programme’s value.

For organisations seeking to strengthen their data protection capabilities and individuals looking to build rewarding careers in this critical field, Damar Training’s Data Protection and Information Governance Apprenticeship offers a proven pathway to success.

If you would like to learn more about the DP and IG  Apprenticeship, please get in touch

Survey of Local Government FOI Officers 

Dr Ben Worthy, an academic at Birkbeck College, is looking for FOI officers in local government to complete a survey. 

The survey is part of a joint US/UK research project looking at FOI request burdens, funded by Democracy Fund. They want to know more about requests and burdens on authorities, as well as possible changes such as the use of AI to help make requests.  

The survey should take around 5-10 minutes to complete.  An anonymised summary of the findings will be sent to anyone who wishes to see it.  

You can read more about the project here. The survey can be accessed here.

When is Information “Held” under FOI? 

The Freedom of Information Act 2000 (FOI) applies not only to information held by a public authority but also to information held by another person on behalf of the authority (section 3(2)(b)). This includes situations where a third party creates or uses information as part of the provision of a service to a public authority.
However, determining whether such information is held on behalf of the authority is not always straightforward. Relevant factors include: 

  • The nature of the relationship between the parties 
  • The contractual terms 
  • The degree of connection between the information held by the third party and the functions of the public authority 
  • Whether the public authority has routine access to the information 

When a public authority shares information and gives instructions to a solicitors firm, the solicitors may hold information on behalf of the authority, as long as it is not held for their own purposes (e.g. to comply with regulatory requirements or to defend against negligence claims). This is a question of fact depending on the circumstances of each individual case.  

In Francis vs Information Commissioner and South Essex Partnership NHS Foundation Trust, EA/2007/0091 (21 July 2008) the applicant requested information from an NHS Trust about the death of her son, including papers held by the solicitors who represented the Trust at the inquest. The Tribunal noted that some disputed papers were annotated, suggesting they might be the solicitors’ working papers. However, it concluded that the annotations were likely present before the documents were passed to the solicitors. Therefore, the papers were held on behalf of the Trust, and the Tribunal ordered their disclosure. 

However in the more recent case of Robert Angus Hill v  Information Commissioner and Sheffield City Council, FT/EA/2024/0163 (4 February 2025), the Tribunal ruled that information held by a solicitors firm was not held for the purposes of FOI. In this case, Sheffield City Council received an FOI request relating to legal advice about a property development. In accordance with its retention policy, the Council had deleted its records but 28 boxes of files were held by their external lawyers. The Council refused the FOI request on the basis that visiting the solicitors offices to access and review the information would exceed the FOI cost limit. However, the Tribunal chose to go back to first principles and ask whether the information was even held for the purposes of FOI. It concluded that it was not; noting that the Council had no intention of retaining the information or entrusting it to the solicitors firm for safekeeping. 

The Tribunal stated (paragraph 17): 

“The position of the firms of solicitors is straightforward. The firms have their own retention periods for information, determined by risk management concerning potential claims against the firm. As long as they hold the information, they have obligations, notably a duty of confidentiality to the client. However, these are the firm’s records; duties are owed to the former client, but the records do not belong to the client and are not held on behalf of the client.” 

These cases highlight the importance for FOI practitioners asking whether the information is held on behalf of the authority when dealing with FOI requests for information held by third parties. 

Enjoy reading this blog? Help us reach 10,000 subscribers by subscribing today. 

Have you completed our FOI Practitioner Certificate? Are you seeking a higher level qualification? Our FOI Intermediate Certificate strengthens the foundations established by our FOI Practitioner Certificate. It will help you become an adept FOI practitioner by delving deeper into the intricacies of the FOIA, equipping you with the skills and confidence to navigate its complexities. 

What Has the Freedom of Information Act Ever Done for Us? 

1st January 2025 marked the 20th anniversary of the Freedom of Information (FOI) Act 2000 coming into force. FOI advocates argue that the Act has transformed the landscape of public information access, empowering citizens, journalists, and organisations to hold public bodies more accountable while fostering a culture of openness. However, some critics consider it a “snooper’s charter” that has impeded government efficiency. Tony Blair, whose government enacted FOI, expressed regret in his memoirs: 

“Freedom of Information. Three harmless words. I look at those words as I write them, and feel like shaking my head till it drops off my shoulders. You idiot. You naive, foolish, irresponsible nincompoop. There is really no description of stupidity, no matter how vivid, that is adequate. I quake at the imbecility of it.” 

With these differing views in mind, let’s take a closer look at some of the FOI Act’s achievements.  

Greater Transparency 

One of the most significant achievements of the FOI Act is its enhancement of transparency in government operations. By granting individuals the right to request information from public authorities, the Act has helped lift the veil on many aspects of governmental and institutional processes. This increased transparency has led to greater scrutiny of decision-making, financial management, and policy implementation. 

A notable example of this was the 2009 MPs’ expenses scandal. FOI requests exposed widespread misuse of public funds by Members of Parliament, leading to resignations, repayments, and reforms in the parliamentary expenses system. Such revelations underscore how the FOI Act has empowered citizens to hold public officials accountable. 

Empowering Citizens and Strengthening Democracy 

The FOI Act has also played a pivotal role in empowering citizens. By democratising access to information, it allows anyone to request details from public bodies without needing to justify their reasons. This access enables citizens to engage more effectively in public debates and advocacy efforts, armed with facts and data obtained through FOI requests. 

One example of this empowerment was seen in 2013 when FOI requests helped expose racial disparities in police stop and search practices. This revelation sparked widespread public concern and contributed to reforms in policing policies.
Similarly, FOI requests uncovered the disproportionate closure of public libraries in deprived areas, prompting national discussions on equitable access to public services. 

Accountability Through Public Scrutiny 

Accountability is a cornerstone of good governance, and the FOI Act has played an instrumental role in ensuring that public officials and institutions are answerable to the people they serve. Numerous FOI disclosures have led to public outcry and prompted subsequent reforms.  

For example, in 2006, widespread concern about knife crime, fuelled by several
high-profile cases, led to a highly publicised knife amnesty by the police.
Tens of thousands of knives were handed in. However, an FOI request later revealed that a statistical evaluation of the amnesty in London found that, just weeks after the operation, knife crime rates were back to pre-amnesty levels. This disclosure, which might otherwise have been suppressed, demonstrated how FOI can provide vital, often inconvenient, truths that drive public policy. 

Promoting Ethical Conduct and Integrity 

The FOI Act has not only exposed wrongdoing but also served as a deterrent against unethical behaviour. Public officials are more likely to act with integrity, knowing that their actions could be subject to public scrutiny. 

In 2021, a BBC Panorama investigation revealed serious patient safety issues buried in confidential hospital reports. FOI requests led to the discovery of 111 reports, authored by medical royal colleges, which NHS trusts were legally obligated to share. Of those, only 26 were published, and 80 had not been shared with regulators at all. The resulting public outcry prompted greater attention to transparency within the NHS. 

Challenges and the Road Ahead 

Despite its successes, the FOI Act has faced several challenges, and notable gaps in the framework still need to be addressed. Currently, it does not extend to private entities performing public functions or receiving substantial public funding. Surprisingly, the Labour General Election manifesto made no reference to FOI despite the Party arguing for many years that private contractors delivering public services should be subject to FOI.  This leaves a significant transparency gap, where key information remains inaccessible. Expanding the scope of the FOI to include these entities would help ensure that transparency and accountability are maintained across all sectors receiving public money. 

Another challenge is the slow or inadequate response to FOI requests by some public authorities. While the Information Commissioner has taken action in recent years to hold public bodies accountable for FOI failures, from police forces to local councils and government departments, response times can still be unacceptably long. 

Although FOI contains exemptions to protect sensitive information, there are instances where these exemptions are applied excessively or inappropriately, leading to the withholding of information that could otherwise be disclosed. This undermines the spirit of the Act and hampers transparency. (See the recent article in the Guardian “Dubious’ use of the Freedom of Information Act stopping access to files on Prince Andrew, researchers say”). In 2021 current and former editors of Britain’s leading newspapers expressed concern over the government’s handling of FOI requests. 
In an open letter, they called for an investigation into a Cabinet Office unit – the Clearing House – which is alleged to have profiled journalists and blocked FOI requests.  

As we celebrate the 20th anniversary of the Freedom of Information Act, it is clear that the Act has been a game-changer for transparency, accountability, and democratic engagement in the UK. While there have been notable achievements, the journey is far from complete. To maximise its potential, the FOI Act should be strengthened in key areas, including expanding its coverage and ensuring that public authorities are adequately resourced to handle requests in a timely and efficient manner. The next 20 years will be critical in determining whether the FOI can continue to serve its intended purpose: fostering an informed, engaged, and accountable public. 

Enjoy reading our blog? Help us reach 10,000 subscribers by subscribing today!

Are you an experienced FOI officer wishing to advance your career in 2025. Our FOI Intermediate Certificate strengthens the foundations established by our FOI Practitioner Certificate. It will help you become an adept FOI practitioner by delving deeper into the intricacies of the FOIA, equipping you with the skills and confidence to navigate its complexities. 

Former ICO Auditor Joins the Act Now Team 

We are excited to welcome Robert Weston to our growing team of associates at Act Now Training. With extensive experience in the data protection field, Robert brings a wealth of knowledge and expertise to our clients. 

Robert has previously worked at the Information Commissioner’s Office (ICO), where he conducted audits and advisory visits, guiding organisations to better compliance with their data protection responsibilities. His hands-on experience at the ICO gives him unique insight into the inner workings of regulatory compliance; knowledge that few consultants possess. 

Robert is also a law graduate and a retired Chartered Accountant, specialising in forensic accounting. His strong analytical background, combined with his ability to break down complex legal and regulatory issues into clear, actionable insights, makes him an invaluable asset to any organisation looking to strengthen their data protection strategies. 

In addition to his role at the ICO, Robert has served as the Data Protection Officer for a £170 million turnover not-for-profit organisation, as well as a consultant to NHS Trusts, where he advised on sensitive and high-stakes data protection matters.
This diverse background equips Robert with a deep understanding of both private and public sector challenges, helping clients navigate even the most intricate data protection landscapes. 

Ibrahim Hasan, Director at Act Now Training, had this to say about Robert’s arrival: 

 “We’re thrilled to have Robert join the team. With his wealth of experience from both sides of the fence, regulator and practitioner, Robert is perfectly positioned to guide our clients through the complex world of DP implementation. His skill set is a rare combination, and I’m confident he’ll bring immense value to our clients.” 

Tailored Data Protection Services for Your Organisation 

At Act Now Training, we understand that data protection is not a one-size-fits-all approach. That’s why we offer a flexible consultancy service designed to meet the specific needs of your organisation; whether you’re looking for a light-touch review or a comprehensive audit. 

Our services, led by Robert Weston, include: 

  • Desktop Reviews: A focused review of your key documents, policies, and procedures to assess data protection compliance. 
  • Onsite Audits: A deeper dive into your operations, combining desktop reviews with onsite assessments to identify risks and areas for improvement. 

Why is this important? Data protection failures can result not only in regulatory fines, but also serious reputational damage. A breach could lead to negative media coverage, eroding customer trust and impacting your brand. Our services help you avoid these risks by ensuring your data protection practices are robust and compliant with the latest legislation. 

What We Offer: Tailored Solutions for Data Protection Compliance 

Our consultancy services are designed to be flexible and scalable, offering the right level of support based on your needs: 

  • Half-Day Consultation: We’ll discuss your organisation’s approach to data protection, reviewing key documentation and ensuring compliance with legal bases for processing, data subject rights, and breach prevention. 
  • In-Depth Audit (3-4 Days): A comprehensive service where we assess your data protection practices, identify gaps, and provide practical steps to minimize risks, using a detailed review of your policies and procedures. 

During our assessments, we utilise ICO’s toolkits, which provide a structured approach to monitor ongoing compliance. These toolkits, often designed for larger organisations, include trackers to help you keep an eye on your progress. Having worked in the ICO’s assurance department, Robert is intimately familiar with these tools, and he’ll guide your team in implementing them effectively. 

Next Steps: Protect Your Organisation’s Future 

By working with Robert Weston and Act Now Training, you’ll gain peace of mind knowing your data protection practices are thoroughly assessed and enhanced to meet today’s rigorous compliance standards. Whether you’re looking for a quick health check or a detailed audit, we have the expertise and tools to support your organisation’s needs. 

Get in touch today to find out how we can help reduce your data protection risks, protect your reputation, and secure your stakeholders’ personal data. 

Enjoy reading our blog? Help us reach 10,000 subscribers by subscribing today!

  

New Information and Records Management Practitioner Certificate 

Act Now Training is delighted to announce the launch of the Information and Records Management Practitioner Certificate.  

Effective information and records management is vital for all organisations. It ensures compliance with legal requirements, enhances decision-making, mitigates risks, preserves institutional memory, supports accountability and facilitates efficiency.  

This new certificate programme meets the need of information management professionals to equip themselves with practical skills to navigate the full information and records lifecycle. The course is one of the outcomes of our work to develop a comprehensive IG skills and competency framework.  

Course Content and Format 

Our comprehensive course syllabus has been designed by leading records management specialists. By the end of the course, delegates will gain skills in, amongst other things, legal frameworks and terminology to data auditing, retention schedules, and digital preservation.  

Scott Sammons will be teaching the first course starting in November. Scott is a recognised expert on records management. He was previously the Chair of the Information and Records Management Society (2016-2020) and now leads the IRMS work on accreditation. Scott said: 

“Records management is essential good business practice as well as a key component of compliance with IG legislation such as GDPR and FOI. Using practical hands on teaching methods, I aim to inspire delegates to implement records management best practice in their workplace.” 

The course is structured over four days, approximately one day per  month, and can be undertaken online or in the classroom. Each day includes engaging discussions, exercises and case studies. Upon completion, delegates must submit a practical assessment within 30 days. Personal tutor support is provided, throughout the course, together with comprehensive training materials. 

Special Introductory Price 

Whether you are a records manager, Freedom of Information Officer or Data Protection Officer this practitioner level certificate will teach you the theory of records management alongside practical hands-on application. The first course starts in October with a special introductory price. Places are limited, so please book now  to avoid disappointment.  

New Information and Records Management Practitioner Certificate 

Act Now Training is delighted to announce the launch of the Information and Records Management Practitioner Certificate.  

Effective information and records management is vital for all organisations. It ensures compliance with legal requirements, enhances decision-making, mitigates risks, preserves institutional memory, supports accountability and facilitates efficiency.  

This new certificate programme meets the need of information management professionals to equip themselves with practical skills to navigate the full information and records lifecycle. The course is one of the outcomes of our work to develop a comprehensive IG skills and competency framework.  

Course Content and Format 

Our comprehensive course syllabus has been designed by leading records management specialists. By the end of the course, delegates will gain skills in, amongst other things, legal frameworks and terminology to data auditing, retention schedules, and digital preservation.  

Scott Sammons will be teaching the first course starting in November. Scott is a recognised expert on records management. He was previously the Chair of the Information and Records Management Society (2016-2020) and now leads the IRMS work on accreditation. Scott said: 

“Records management is essential good business practice as well as a key component of compliance with IG legislation such as GDPR and FOI. Using practical hands on teaching methods, I aim to inspire delegates to implement records management best practice in their workplace.” 

The course is structured over four days, approximately one day per  month, and can be undertaken online or in the classroom. Each day includes engaging discussions, exercises and case studies. Upon completion, delegates must submit a practical assessment within 30 days. Personal tutor support is provided, throughout the course, together with comprehensive training materials. 

Special Introductory Price 

Whether you are a records manager, Freedom of Information Officer or Data Protection Officer this practitioner level certificate will teach you the theory of records management alongside practical hands-on application. The first course starts in October with a special introductory price. Places are limited, so please book now  to avoid disappointment.  

ICO Issues Two FOI Enforcement Notices

Under the Freedom of Information Act 2000, an Enforcement Notice may be served where the Information Commissioner is satisfied that a public authority has failed to comply with any of the requirements of Part I of the Act. If a public authority fails to comply with a Notice, the Commissioner may commence court proceedings under section 54 of the Act, which may be dealt with as contempt of Court.

The ICO recently served an Enforcement Notice on both Devon and Cornwall Police and Barking, Havering and Redbridge Hospitals NHS Trust for their ongoing FOI failings which have seen hundreds of information requests go unanswered.

Devon and Cornwall Police

In 2023, as part of the ICO’s routine work to monitor public authorities’ compliance, the ICO found that between 2022 and 2024 the percentage of requests responded to by Devon and Cornwall Policewithin the statutory FOI timeframe (20 working days) was consistently low (between 39% and 65%). Their rate of response to internal review requests was also poor, averaging between 0% and 22%. The Force had a backlog of older FOI requests which had increased from 77 in December 2023 to 251 in June 2024.

The ICO Enforcement Notice orders the Force to devise and publish an action plan in the next 30 days which must detail how they will comply with their duties to respond to information requests in a timely manner. It has also been given six months to clear the existing backlog.

Barking, Havering and Redbridge Hospitals NHS Trust

The ICO first contacted the Trust in June 2023 due to a number of complaints received about its late compliance with FOI requests. The ICO found that, over 12 months, the Trust had only responded to 29% of requests during the statutory timeframe, with January 2024 seeing just 2.5% of requests responded to in a timely manner.

The Trust had a backlog of 589 requests in April 2024, which increased to 785 by June 2024. The ICO Enforcement Notice gives the Trust 35 days to devise and publish an action plan to clear this backlog by the end of the year.

Since last year, the ICO has pursued a tougher FOI enforcement policy. Recently it issued Enforcement Notices against three other police forces for poor FOI performance which has led to significant backlogs in their responses.

Our FOI Intermediate Certificate strengthens the foundations established by our FOI Practitioner CertificateIt will help you become an adept FOI practitioner by delving deeper into the intricacies of the FOIA, equipping you with the skills and confidence to navigate its complexities.

First Damar IG Apprentices Successfully Achieve Qualification

In 2022, Act Now Training teamed up with Damar Training to support their delivery of the new Data Protection and Information Governance Practitioner Apprenticeship. The aim was to develop individuals into accomplished data protection and information governance practitioners with the knowledge, skills and competencies to address future IG challenges.

Damar Training recently announced that the first Data Protection and Information Governance apprentices have successfully achieved their qualification. 13 apprentices have passed their End Point Assessment (EPA) with many more completions due over the coming months. 

Damar is now England’s largest provider of this apprenticeship, with 176 apprentices enrolling on the programme at companies such as BBC, National Express, Dunelm and Auto Trader, as well as a range of universities, NHS trusts, councils and government departments. Act Now is pleased to continue to support Damar through the design and delivery of specialist workshops and training materials.

Congratulations to all the apprentices who have passed the EPA. Best of luck to those who have their EPAs coming up. 

More on the apprenticeship here. Feel free to get in touch with us to discuss further.

FOI Enforcement Action Against the Police

Under section 10 of the the Freedom of Information Act 2000 (FOI) public authorities, have 20 working days to answer a request for information. Last week we wrote about a new report by openDemocracy, Transparency Under Threat: Monitoring FOI compliance in the UK, which claims that many authorities are consistently failing to comply with the statutory deadline. 

Since last year, the Information Commissioner’s Office (ICO) has pursued a tougher FOI enforcement policy. Recently it issued Enforcement Notices against three police forces for poor FOI performance which has led to significant backlogs in their responses:

  • Dyfed Powys Police (DPP) – Compliance levels fell as low as 6% (June 2023) and the Information Commissioner received 13 complaints in 2023 in relation to timeliness of responses. By 9 November 2024, DPP is required to respond to all information requests which were outside of 20 working days when the Enforcement Notice was served on 9 May 2024.
  • Metropolitan Police Service (MPS) – Compliance levels were consistently low between 60% to 67% from April 2023 to February 2024. By 1 November 2024, MPS is required to respond to the backlog of 362 cases which were outside of 20 working days when the enforcement notice was served on 1 May 2024.
  • South Wales Police (SWP) – Compliance levels fell to 45% in July 2023 and as of 31 April 2024 167 requests were overdue, with one case being 122 days old. By 20 December 2024, SWP is required to respond to all information requests which were outside of 20 working days when the enforcement notice was served on 20 June 2024.

This and other FOI developments will be discussed in detail on our forthcoming FOI Update workshop.