The Scottish Information Commissioner’s Annual (FOISA) Report 2020


The Scottish Information Commissioner, Daren Fitzhenry, recently published his Annual Report and Accounts for the year 2019-20. It is available to read and download from the Commissioner’s website. Mr Fitzhenry enforces the Freedom of Information (Scotland) Act 2002  (FOISA) as well as the Environmental Information (Scotland) Regulations 2004.  

In publishing, the Commissioner Daren Fitzhenry said: 

“I am publishing my Annual Report at a time dominated by the Covid-19 pandemic.
While freedom of information in Scotland has certainly not been immune from the impact of the pandemic, the importance of the right to information is one clear constant. 

“Inevitably we all have questions about the decisions being made by our governments and public services. Never more so than at a time when those decisions, sadly, may mean the difference between life and death.  

“This is why it is so vital that Scotland’s law ensures everyone has a right to seek information from public authorities and – with only very few, limited exceptions – to receive it.”

Key statistics from the report include:

  • 79,300 FOI requests were made to Scottish public bodies during the year. 12.6% of these were for environmental information (an increase from 10.3% in 2018-19)
  • 76% of requests to Scottish public authorities resulted in full or partial disclosure of information to the requester (an increase from 75% in 2018-19)
  • 251 interventions regarding authority practice improvements were carried out by the Commissioner (compared to 252 in 2018-19 and 234 in 2017-18)
  • There were 494 appeals made to the Commissioner (0.6% of total requests made to Scottish public bodies). 75% of appeals were made by members of the public. 
  • On average, cases appealed to the Commissioner were closed within 3.4 months
  • 23% of valid appeals to the Commissioner related to an authority’s failure to respond
  • 67% of the Commissioner’s decisions found wholly or partially in favour of the requester (an increase from 65% in 2018-19)

Please note that this annual report covers the period 1 April 2019 – 31 March 2020.
The Commissioner will publish an initial insights briefing specifically examining the impact of the Covid-19 on FOI in Scotland later in 2020.

Our most popular FOISA course will take place online in November. Click here for details.

A Matter of Priorities: FOI and DP Deadlines in a Pandemic

round silver colored wall clock
Photo by Oladimeji Ajegbile on

Responding to the Covid-19 pandemic is stretching our public services. Most obviously the NHS is diverting all the resources it can to meeting critical health needs. But local authorities are also struggling to maintain vital services in the face of unprecedented demands and staff who, if not already ill and self-isolating, are obliged to comply with social distancing measures. Other public authorities are facing logistical challenges in maintaining services and some are even having to put some staff on HMRC-funded furlough.

In such challenging circumstances, where does dealing with information requests under Freedom of Information and DataProtection laws sit in the scheme of priorities? Many authorities who are fortunate enough to have staff dedicated to handling FOI requests or data subject access requests will have re-tasked them to undertake more business-critical roles. Where staff have information request handling as only part of their role, other more pressing duties are likely to trump FOI and DP timescales. And where staff are working from home and access to premises either discouraged or forbidden, manual records may remain inaccessible for weeks or months to come.  Where requests are made by post, they may be delivered to offices which will not be staffed for some time.

The response of the Scottish Government has been robust. On 1 April 2020, the Scottish Parliament passed the Coronavirus (Scotland) Bill which, while retaining the statutory requirement to “respond promptly”, extends the timescale for responding to requests under the Freedom of Information (Scotland) Act 2002 from twenty to sixty working days. Moreover, Part 2 of Schedule 6 provides a mechanism for the Scottish Ministers to allow Scottish public authorities to extend the timescale, subject to providing written notice to the applicant, by a further forty working days, where the authority “determines that it is not reasonably practicable to respond to the request within the relevant period because of…  (a) the volume and complexity of the information requested, or (b) the overall number of requests being dealt with by the authority at the time that the request is made.”

The emergency legislation also allows the Scottish Information Commissioner to find that a public authority has not failed in their duties under FOISA if he is satisfied that the failure to respond within timescales was due to the impact of coronavirus and reasonable in the circumstances. The Scottish Information Commissioner for his part is keen to remind public authorities that their duty to respond promptly remains, that the measures are temporary, and that they do not extend to the Environmental Information (Scotland) Regulations 2004 (EISR).

Of course, the Scottish Parliament cannot legislate with regard to data protection (where EU and UK legislation applies) nor can it amend the timescales for requests under the EISR as they implement the obligations of the Aarhus Convention. But as far as they can do so, the Scottish Government and Parliament have sought to relax the demands of information requests in the face of the pandemic.

For data subject access requests under GDPR (or s 45 of the Data Protection Act 2018 where they relate to law enforcement processing) and requests under the Freedom of Information Act 2000, there is no relaxation of the law. This was despite the call to do so from some quarters, including the Local Government Association who called on Parliament to include measures “temporarily relaxing the requirements on councils in regard to GDPR and FOI”. We rely instead on flexibility from the Information Commissioner as regulator.

While the UK Government did not take the opportunity of the Coronavirus Act to take extend time limits(and would be unable to do so in any case with regard to GDPR as we are still in the transition period), the ICO has made clear they will not penalise organisations who have made understandable decisions to prioritise other tasks. As they state on their website, “We are a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern. Regarding compliance with information rights work when assessing a complaint brought to us during this period, we will take into account the compelling public interest in the current health emergency.”

Organisations should therefore be reassured that they are unlikely to face official censure or significant public criticism if they make reasonable decisions to prioritise other tasks to protect and serve the public ahead of normal levels of service for FOI requests and subject access requests. If your organisation, almost inevitably, is finding it difficult to meet the timescales at this difficult time, we would suggest you take a common-sense and measured approach:

  • Make a record of your decisions to re-allocate resources from handling information rights requests to other service-delivery priorities;
  • Document the practical challenges (such as inaccessibility of manual records or post, and unavailability of key colleagues) which mean that it is “reasonable in all the circumstances” that the organisation is not able to meet normal levels of performance;
  • Manage the expectations of applicants through your website and in your acknowledgements of requests and your automated email responses, and continue to communicate with applicants as far as you are able to do so;
  • At the point at which your organisation, and the rest of humanity, is beginning to recover from the Covid-19 emergency, develop and document an action plan for addressing any backlog of requests which has built up.

At Act Now, we are passionate about the importance of information rights: They are at the heart of our democracy and our human rights. But the right to life must take priority over others, and we would be the first to recognise that organisations and individuals must make decisions which put people first, particularly at a time of global emergency.

Be kind and stay safe.

More on this and other developments in our FREE GDPR update webinar. Looking for a GDPR qualification from the comfort of your home office? Our GDPR Practitioner Certificate is now available as an online option.


The Scottish Information Commissioner’s Annual (FOISA) Report

Scotland Edinburgh Calton Hill

The Scottish Information Commissioner, Daren Fitzhenry, recently published his  annual report  for 2018/19.  Mr Fitzhenry enforces the Freedom of Information (Scotland) Act 2002  (FOISA) as well as the Environmental Information (Scotland) Regulations 2004 

According to the report, Scottish public bodies are receiving record numbers of FOISA requests83,963 requests were reported by them in the year 2018/19a rise of 8% on the year before. Three quarters of these requests led to a full or partial release of information.  

The number of appeals made to the Scottish Information Commissioner also increased; by 10% to 560still just 0.7% of all requests made. Just under two thirds of the Commissioner’s appeal decisions (64%) were either fully or partially in favour of the requester. 

Scottish public authorities must respond promptly to FOISA requests and no later than 20 working days. However, the report shows that they are are increasingly failing to comply with this requirement.  The number of times an authority failed to respond to an FOI request rose from 601 in 2017/8 to 940 in 2018/1926% of valid appeals to the Commissioner were about an authority’s failure to respond. 

The Commissioner has responded to this failure to comply with the FOISA time limits by making more than 250 interventions over the course of the year. A third (33%) of his basic interventions investigated authorities’ compliance with statutory timescales. Often these failures can be indications of other fundamental problems, such as FOISA management and culture issues, staff absences or procedures not working well.  

A poll of Scottish adults, conducted in May 2019found disappointing levels of confidence in public bodies’ ability to respond to requests, which were much lower than the actual performance in practice. 57% of those surveyed were “very” or “fairly confident” they would receive a response from a request to information from a public body. 38% were “not very” or “not at all confident” they would receive a response. Any increases in authorities’ failures to respond are likely to feed this perception. 

FOISA requires authorities to publish information as well as respond to requests. According to the above mentioned poll, 9 in 10 people in Scotland thought it was important for public bodies to publish information about the reasons for the decisions they make, information about contracts with other organisations and information about how they spend their money. 

The Commissioner is using the opportunity of his annual report to emphasise the need for authorities to do more to improve their FOISA compliance. He said on his website: 

“We are seeing increasing numbers of information requests being made to Scottish public authorities. 

While many are performing well, there has been a concerning increase in failures to respond to requests for information on time.  Such failures impact on people’s perception of both freedom of information and the authorities themselves.  

Freedom of Information brings significant benefits to authorities who comply with it. Public bodies improving their Freedom of Information practice will make a real difference not only to the requester’s experience but also to the authorities themselves.” 

It’s going to be a busy year ahead for FOISA. The Scottish Parliament’s is due to complete its post-legislative scrutiny of the Act soon. This may lead to legislative changes. From  11 November 2019, registered social landlords (RSLs) in Scotland will become subject to FOISA. 

Act Now has a full programme of FOISA workshops in  Scotland. If you are new to FOI in Scotland or want to boost your career through gaining a qualification, our  FOISA Practitioner Certificate is ideal. Read a successful candidate’s observations.

Records Management in Scottish Public Authorities is Changing


The Public Records (Scotland) Act 2011 (PRSA 2011) requires public bodies in Scotland to develop a Records Management Plan and submit it for the approval of the Keeper of the Records of Scotland. Many of these plans, usually approved on a five year basis, are now approaching the time when they will need to be revised and put through the approval process once again. Moreover, the Keeper’s team have been actively revising their “Model Plan” and will be expecting more from authorities on the submission of their new plans over the next couple of years.


The PRSA 2011 received Royal Assent on 20 April 2011, aiming to fill a gap in information governance which had long existed. Although there had been some sector specific records requirements there was no overall legislative framework guiding the creation, management or retention of information in the Scottish public sector.

The Act came in on the back of the 2007 Shaw Report which blamed poor record keeping for many of the difficulties faced by former residents of residential schools and children’s homes. The Scottish Government took  a broad view of the implications of Shaw; this in turn led to the PRSA covering a broad range of named public authorities including the Scottish Government and Parliament, local authorities, NHS, police and the courts.

Despite concerns, strongly expressed at the time by COSLA among others, that the Act would present yet another onerous burden during a period of particularly harsh austerity, it is probably fair to say that the PRSA has been a success, giving Scotland a solid statutory basis for its record keeping for the first time.

Records Management Plans

The core of the Act is the requirement to develop and maintain a Records Management Plan. This, in theory, can take any form but in practice authorities have tended to closely follow the Keeper’s “Model” comprising (originally) 14 elements:

  1. Senior management responsibility 
  2. Records manager responsibility 
  3. Records management policy statement 
  4. Business classification 
  5. Retention schedules 
  6. Destruction arrangements 
  7. Archiving and transfer arrangements 
  8. Information security 
  9. Data protection 
  10. Business continuity and vital records
  11. Audit trail 
  12. Competency framework for records management staff 
  13. Assessment and review 
  14. Shared information


One significant change to the way that the Keeper will be assessing authorities’ Records Management Plans is that there is now an “Element 15” in the Model Plan, covering third party records. S2 and S3 of the Public Records (Scotland) Act always defined the scope of the legislation broadly so as to cover the records of external agencies carrying out functions on behalf of the public authority, but that is now going to be more explicitly defined and the Keeper will expect to see evidence of policies and procedures under this “Element 15”.

The Keeper is currently undertaking a review of these requirements so it is as yet unclear exactly what will be required. The issue was covered in some detail at the Stakeholders’ forums which the Keeper hosted last year, and there is some guidance and model contractual clauses available from the National Records of Scotland, and from the Scottish Council on Archives and Quality Scotland.

Another significant change in the Keeper’s approach to what will be required from Records Management Plans is a general refocussing on data protection. This had always featured in the Model Plan with element 9 dedicated to the appropriate management of personal data but now data protection runs through the Keeper’s guidance like the writing through a stick of rock. As well as beefing up element 9, each section of the Keeper’s guidance now includes a data protection theme as an example of good practice.

The scope of the PRSA continues to broaden. The Keeper is currently going through the approval process of the Integrated Joint Boards, and (as with Freedom of Information?) there will be pressure to extend the list of bodies covered by the Act. The position of Trusts and some other arms-length authorities remains unclear but all organisations of a public nature would be well advised to get up to speed with the requirements of the Public Records (Scotland) Act 2011.

Throughout the process of the passage of the Bill, the Keeper always made a commitment to use the carrot rather than the stick. This has worked well, with the very helpful team at the NRS providing support and guidance on a range of records issues. As the records environment matures, however, and as more is expected of authorities, might we see a more robust approach from the regulator? In retrospect, some of the early schemes which the Keeper approved now look somewhat thin; it may be unlikely that these would have passed had they been submitted today.

Act Now has arranged a series of webinars and full day workshops on the themes raised by the developments within the PRSA. Among other issues, we will be looking at:

  • Records Management Policies. Some authorities conflate “policy” and “Plan”.
    I’d suggest a clear separation, with the Policy simply summarising the case for records management, allocating responsibilities, defining terms and setting out key principles. This element of the plan can also be used to include area-specific policies and procedures which perhaps don’t fit neatly elsewhere.
  • We’ll consider the standards and resources available. What are the standards that you need to know about? In developing or amending your plan, how far can you rely on off-the-shelf resources such as business classification schemes and retention schedules? What do you have to do to make these really work for you?
  • The Keeper has a self-review mechanism for already established Records Management Plans. The “Progress Update Review” mechanism is available and the Keeper has suggested that completing this process will delay the requirement for a full resubmission of your Plan. But what factors should be considered in deciding when to use the PUR and when to complete a full resubmission? 
  • Links to other relevant legislation. In particular, the GDPR, the Data Protection Act 2018 and the Freedom of Information (Scotland) Act 2004. As noted above, the start of the review of the model scheme was at the same time as the implementation of the GDPR and this seems to have very much focussed the Keeper’s attention on data protection. What will authorities need to do to ensure that their RMPs are up to speed with the new DP requirements?
  • Electronic Records Management. In theory, records principles are blind to the media by which the information is created, stored and managed. In practice, however, the Records Management Plan can be an excellent focus to develop and promote policies and practical guidance which relates specifically to information in alternative media.
  • Getting “buy in”. We will consider the best ways to get support for the Records Management Plan within your organisation. It is important that you are able to show the benefits of good records management – and not just in terms of statutory compliance or improved efficiency. By developing a culture of regarding information as a corporate asset you be able to demonstrate that records management is vital in evidencing the rights and responsibilities of the organisation and in maintaining a high quality corporate memory through the development of a proper archive service. 
  • Making it real. The RMP should not just be a paper exercise but should be a functioning set of tools which ensure that the organisation derives maximum value from its information resources. To be of real value, the Plan needs to be embedded throughout the organisation, rather than just a neat stack of policies on a corner of the Chief Executive’s desk. 

Craig Geddes is a qualified archivist and records manager, with 28 years’ experience working across the range of information governance activities. He has recently joined the Act Now team to deliver freedom of information and records management courses in Scotland

Blog Footer Blue and White 2

Freedom of Information comes to Scottish Registered Social Landlords


The social housing sector already prides itself on being open and accountable to tenants. But from  11 November 2019, registered social landlords (RSLs) in Scotland will acquire new transparency obligations under the Freedom of Information (Scotland) Act 2002 (FOISA).

After years of debate and the robust recommendation of successive Scottish Information Commissioners, that housing associations should be in scope of FOISA, a designation order (under Section 5) adds RSLs to the list of public authorities in Schedule 1 of FOISA. The last such order  (S.I. 2016/139) came into force on 2ndMarch 2016and extended coverage of FOISA to contractors overseeing and managing private prisons, bodies providing secure accommodation for children and young people, grant-aided schools, independent special schools and Scottish Health Innovations Limited.

Housing associations are already subject to the Environmental Information (Scotland) Regulations 2004 (EISR) as their scope is broader than FOISA. However, awareness of the EISR is low among the public, and even some housing associations were probably unaware of them. Many of the types of requests which RSLs are likely to receive – around construction and repairs for example – will continue to fall under the EISRs.

Unlike other Scottish public authorities, the scope of FOISA does not apply to all the activities that an RSL may undertake. The designation order only extends FOISA to “housing services” as defined in the Housing (Scotland) Act 2010, which would include activities in support of:

  • the prevention and alleviation of homelessness,
  • the management of housing accommodation (but only where RSL has issued a Scottish secure tenancy or short SST)
  • the provision and management of sites for gypsies and travellers

Other activities undertaken by RSLs – such as factoring for owner-occupiers, repairs and maintenance for non-tenants and care services – would not be in scope. Identifying how much of the organisation is subject to FOISA will be an ongoing challenge for RSLs.

GDPR Implications

And there is a double whammy for RSLs. Under section 7 of the Data Protection Act 2018, schedule 1 of FOISA is the basis in Scotland for designating public authorities under GDPR. Therefore, from November, RSLs will be subject to the obligation, under Article 38 and 39 of GDPR, to designate and provide appropriate support for a Data Protection Officer. While many larger RSLs have already done so, this is going to be a challenge to resource for smaller associations.

So, in preparation for November, RSLs should “Act Now” to:

  • Gain senior management support and buy-in for the compliance tasks;
  • Identify and designate a Data Protection Officer if they haven’t already done so;
  • Designate a lead officer for FOISA compliance;
  • Develop procedures and guidance for staff, including a log for tracking requests and templates for responses;
  • Ensure training is in place: Specific compliance training for DPOs and FOI leads and awareness training for all staff;
  • Review records management procedures to ensure appropriate retention periods are applied and records are retrievable;
  • Inform tenants and the wider public of their rights, including having a guide to information on their website.


Our FOISA expert, Frank Rankin, is delivering a free webinar for RSLs in Scotland to bring them up to speed with FOISA and what they need to do now before the implementation date. Book now as places are limited.

Act Now can support RSLs with our range of public training courses, including the only FOISA practitioner certificate course and our GDPR practitioner course, geared towards supporting DPOs. We can also provide in-house training and consultancy support.

Act Now Launches New FOI Practitioner Certificate


FOI Certificate Banner

Act Now is pleased to announce the launch of its brand new FOI Practitioner Certificate.

This course is one of the first of its kind, in a way that only Act Now delivers – practical, on the ground skills to help you fulfil your role as an FOI Officer.

This new certificate course is ideal for those wishing to acquire detailed knowledge of FOI and related information access legislation (including EIR) in a practical context. It has been designed by leading FOI experts including Ibrahim Hasan and Susan Wolf – formerly a senior lecturer on the University of Northumbria’s LLM in Information
Rights Law.

The course uses the same format as our very successful GDPR Practitioner Certificate. It takes place over four days (one day per week) and involves lectures, discussion and practical drafting exercises. This format has been extremely well received by over 1000  delegates who have completed the course. Time will also be spent at the end of each day discussing what issues delegates may face when implementing/advising on the FOI topics of the day.

The four teaching days are followed by an online assessment and a practical project to be completed within 30 days.

Why is this course different?

  • An emphasis on practical application of FOI rather than rote learning
  • Lots of real life case studies and exercises
  • An emphasis on drafting Refusal Notices
  • An online Resource Lab with links, guidance and over 5 hours of videos
  • Modern assessment methods rather than a closed book exam

 Who should attend?

This course is suitable for anyone working within the public sector who needs to learn about FOI and related legislation in a practical context, as well as those with the requisite knowledge wishing to have it recognised through a formal qualification. It is most suitable for:

  • FOI Officers
  • Data Protection Officers
  • Compliance Officers
  • Auditors
  • Legal Advisers

Susan, says:

“FOI and EIR are almost 14 years old. Since the Act and Regulations came into force there have been many legal developments and court decisions that have given practitioners a much greater understanding of the legal provisions and how they should be applied in practice. With this in mind, we have written this course to ensure that it equips public sector officers with all the necessary knowledge and skills they need to respond to freedom of information requests accurately and efficiently. This course, with its emphasis on the law in practice, will enable trainees to become more accomplished and confident FOI practitioners”

Susan will share her vast experience gained through years of helping organisations comply with their information rights legislation obligations. This, together with a comprehensive set of course materials and guidance notes, will mean that delegates will not only be in a position to pass the course assessment but to learn valuable skills which they will be able to apply in their workplaces for years to come.

This new course builds on Act Now’s reputation for delivering practical training at an affordable price:

This new course widens the choice of qualifications for IG practitioners and advisers. Ibrahim Hasan (Director of Act Now Training) commented:

“We are pleased be able to launch this new qualification. Because of its emphasis on practical skills, we are confident that it will become the qualification of choice for current and future FOI Officers and advisers.”

To learn more please visit our website.

All our courses can be delivered at your premises at a substantially reduced cost.
Contact us for more information.

Scottish Information Commissioner’s Annual Report

edinburgh castle

2014/15 saw the 10th anniversary of FOI in Scotland. In September the Scottish Information Commissioner, Rosemary Agnew, published her annual report for 2014/15.  Ms Agnew enforces the Freedom of Information (Scotland) Act 2002 (FOISA).

Highlights of the report include:

  • Public awareness of FOI is at its highest ever level, at 84%
  • 474 FOIA appeals were received across the year, 59% of which were from members of the public
  • The Commissioner found wholly or partially in favour of requesters in 64% of her decisions
  • The proportion of appeals received under the Environmental Information (Scotland) Regulations 2004 rose to its highest ever level
  • Public bodies reported receiving 66,804 information requests in 2014/15
  • 94% of the public think that FOI is important in holding public bodies to account

In an excellent example of Open Data, the Commissioner has also published detailed information on the appeals received since 2005, broken down by public authority, region and sector, in Excel spreadsheets on her website.

Last year additional bodies were made subject to FOISA.

Act Now has a full programme of FOISA workshops in Scotland.

If you are new to FOI in Scotland or want to boost your career through gaining a qualification, our FOISA Practitioner Certificate is ideal. The four day course is endorsed by the Centre for FOI , based at Dundee University.

The next course in Edinburgh, starting next week, is fully booked but we have places in Aberdeen.

If you’re considering enrolling on the course, what can you expect? Read a successful candidate’s observations and have a go at the FOISA test.

Aberdeen NOW! Act Now Training comes to Aberdeen!


Are you based in Aberdeen? Is travelling to Edinburgh time consuming and expensive? Well we have some great news for you… Act Now Training is coming to Aberdeen!

Act Now Training is the UK’s leading provider of seminars and workshops on all aspects of Data Protection, Freedom of Information, Surveillance Law and Records Management. We are pleased to announce new workshops in Aberdeen which:

· are very competitively priced at just £265 plus vat

· run for a full day from 10am to 4pm

· refreshments and lunch provided

· include comprehensive delegate training materials

Log on to our website or click on the links below for all our available courses coming up in September. Book early to avoid disappointment.

Data Protection Act: An A-Z Guide

Freedom of Information (Scotland) Act: An A-Z Guide

Practitioner Certificate in The Freedom of Information (Scotland) Act

Managing Subject Access Requests

All our courses will be held at the Jury’s Inn Hotel. Adjoining the Union Square Shopping Centre, this modern, city-centre hotel is a 3-minute walk from Aberdeen Railway Station making it the perfectly placed, centrally located venue for all your training needs.

We look forward to seeing you!

A Decade of FOI in Scotland: Celebrating Success, Securing Rights for the Future

Erin Ferguson examines the Scottish Information Commissioner’s special report…capture-20150211-092345

Freedom of information (FOI) legislation has recently celebrated its tenth anniversary in the United Kingdom. Overall, the UK FOI regime has been deemed successful. 400,000 requests for information have been made in the past ten years, leading to some notable disclosures and helping to establish a greater culture of transparency in public services.

Nevertheless, the Scottish Information Commissioner Rosemary Agnew recently warned that the scope of FOI in Scotland (under the Freedom of Information (Scotland) Act 2002) has reduced and that people now have less access to information than they did a decade ago.

On 19 January Agnew published a special report entitled “FOI 10 Years On: Are the Right Organisations Covered?” The report is limited to the Scottish experience, but addresses a challenge faced throughout the UK. That is, how can FOI obligations be extended to cover the wide range of organisations that now have responsibility for public service delivery?

Agnew called the introduction and implementation of the FOI Act one of Scotland’s “major success stories,” but warned that changes in public service delivery are eroding information access rights. As functions are outsourced or transferred to arm’s-length organisations, they no longer fall within the scope of the FOI Act. The transfer of social housing, for example, from local authorities to housing associations means that 15,000 households in Scotland have now lost information access rights. This affects not only access to information, but also access to justice. The loss of appeal rights to the Scottish Information Commissioner means that the public are faced with the more costly option of appealing through the courts. It is clear that FOI plays an important role in encouraging transparency and promoting civic engagement, so how can this be preserved?

The report noted that the FOI Act was introduced with the intention of extending coverage to additional bodies. A Section 5 Order allows Ministers to designate additional organisations as public bodies, but Agnew reported that this mechanism has been ‘woefully underused.’ Ministers have only exercised these powers on a handful of occasions (e.g. on 1st April 2014), and whilst it is difficult to say why they have not made greater use of this mechanism, the report speculated that lack of political will and misunderstandings over what constitute a public function might be among the reasons. Therefore, Ministers will need support in order to make greater use of the Section 5 Order.

Whereas previous debates on whether to extend FOI coverage have focused too narrowly on the structure of institutions and how they are funded, greater consideration should be given to the nature of the functions performed. As it is ultimately up to the Ministers to decide what constitutes a function of a public nature, a factor based approach can help to determine whether an organisation should be designated a public body for FOI purposes. Factors would include whether the organisation is taking the place of a public authority in carrying out a particular function and whether the functions are derived from or underpinned by statute. (A full list of factors can be found on p.18 of the report.)

The factor based approach would make the designation of additional bodies more open and transparent, and might also help to alleviate some of the challenges that have arisen from extending FOI coverage. Academies and Free Schools, for example, were brought in under the UK FOI Act in 2010. Since then, there have been some notable releases of information, but also some well-known instances in which information has been withheld, leading to lengthy appeals. The Department for Education (DfE) has withheld information on free school applications, relying on exemptions under Section 35 (information related to formulation of government policy) and Section 43 (information likely to prejudice the commercial interests of any party) to withhold information. Although this is merely one example and should not be understood of evidence of a widespread phenomenon, it does demonstrate that a tension remains when balancing the public interest in disclosure against the public interest in withholding information. Will extending FOI coverage to additional bodies simply lead to greater use of exemptions? Or will the factor based approach help to clarify which functions should be covered and why?

There is no straightforward answer to these questions, but the report suggested that support for newly designated bodies can help to ensure smoother implementation. Likewise, the public will need support as the gaps and inconsistencies created by changing models of service delivery has led to some confusion over which rights they hold. After all, as page 9 of the report says, ‘the existence of a right is one thing; making it straightforward to use is something else entirely.’

Erin Ferguson is a PhD Researcher at University of Strathclyde Law School. She blogs ( and tweets (

Act Now Training runs the Practitioner Certificate in the Freedom of Information (Scotland) Act 2002 which is endorsed by the Centre for FOI (based at Dundee University). The course structure is designed to thoroughly examine the law as well as the practical aspects of dealing with FOISA (and EI(S)R) requests on a day-to-day level. Read what the tutor has to say and have a go at the FOISA test.

Scottish Information Commissioner’s Annual Report


In September the Scottish Information Commissioner, Rosemary Agnew, published her annual report for 2013/14.  Ms Agnew enforces the Freedom of Information (Scotland) Act 2002 (FOISA). In her own words, “The report documents our achievements and challenges across the year, while also providing a snapshot of the wider picture of FOI in Scotland.”

Key facts are as follows:

  • Appeals to the Commissioner fell slightly during 2013/14, with 578 appeals received compared to 594 in 2012/13.  The slight fall appears to be due to a fall in the number of appeals made because an authority had failed to respond within the statutory time limits.
  • The Commissioner received the highest number of enquiries to date, at 2,008.  This was an 11% rise on last year.
  • 62% of appeals were from members of the public.
  • In 67% of decisions the Commissioner found wholly or partly in favour of the requester.
  • Public awareness of FOISA in Scotland is at 78%.
  • Scottish public authorities reported that they received over 60,000 FOISA requests in 2013/14.
  • 75% of appeals took less than 4 months to resolve.
  • There were no appeals to the Court of Session against decisions issued by the Commissioner in 2013/14.
  • The Commissioner launched a new programme of regional “roadshows” , which saw the Commissioner and her staff deliver FOISA training to over 200 participants from a range of backgrounds.

In an excellent example of Open Data, the Commissioner has also published detailed information on the appeals received since 2005, broken down by public authority, region and sector, in Excel spreadsheets on her website.

The Commissioner is currently working on a Special Report on the scope of FOISA and whether all the right organisations are covered. The report will be laid in the Scottish Parliament in early 2015, to coincide with the 10th anniversary of the Act coming into force.

If you are new to FOI in Scotland or want to boost your career through gaining a qualification, our FOISA Practitioner Certificate  is ideal for you. The four day course is endorsed by the Centre for FOI , based at Dundee University.

If you’re considering enrolling on the course, what can you expect? Read what the tutor has to say and have a go at the FOISA test.

%d bloggers like this: