Dealing with FOI requests
Freedom of Information (FOI) requests and responses are managed by the Freedom of Information Officers, in the Vice Chancellor’s Office.
As an employee of the university, if you receive a non-routine request for information you should forward it immediately to the Freedom of Information Officers firstname.lastname@example.org.
There is a 20 working day legal deadline to respond to requests (starting from next working day after the request is received, wherever it is received in the University).
Please do not attempt to answer the FOI request yourself, especially if information is being withheld using exemptions. Please use the following information for guidance.
Identifying a FOI request
A valid request under FOI has to meet the specific criteria. It must:
- be in writing (however, requests for environmental information can be verbal)
- provide the name of the requester and a contact address (email, postal address or fax number)
- describe the information which is requested (please contact the FOI officers if you are unsure)
Remember that a request does not have to explicitly cite 'FOI'.
The following should not be interpreted as a valid FOI request:
- requests not requesting recorded information (asking for opinions, press statements, making a complaint, etc.)
- requests from an individual for information about themselves. This should be treated as a Data Protection Subject Access Request and forwarded to the Data Protection Officer, email@example.com
- routine or business as usual requests which you would respond to as a matter of course.
If you identify anything that you think may be a valid FOI request, please forward it to the firstname.lastname@example.org as quickly as possible (or in the internal mail to the Freedom of Information Officers if received via post).
If you are unsure, please email or call the Freedom of Information Officers.
Managing FOI requests
The Freedom of Information Officers may contact you to assist with managing the request.
Please co-operate fully if asked to do so. Compliance with FOI is a legal requirement.
You may be asked to provide or gather the information which is subject to the request or asked for guidance, such as whether there are sensitivities around disclosing the requested information.
If you are likely to be unavailable for an extended period of time, please arrange for an alternative contact to be in place - please make this clear on your out of office message.
Implications of FOI - Disclosure of requested information
Requested information must be disclosed unless a legally valid exemption or other exclusion applies. Examples of these included:
- personal information about living individuals whose disclosure would breach Data Protection legislation
- information that might jeopardize the health and safety of staff, students or the public
- information that might prejudice the university's commercial interests or those of other organisations that the university conducts business with
- information held under a legal obligation of confidentiality
- information that is published elsewhere or that is intended for publication at a later date (draft version of documents, information subject to amendment or approval by the appropriate university body)
- information that would take us more than 18 hours to locate and extract
- information not held by or on behalf of the university
- information whose disclosure would prejudice our ability to perform our key functions effectively
- information that could prejudice the prevention or detection of crime
- privileged legal advice.
In some instances, the university will need to consider the public interest before deciding whether information can be disclosed. Some of the exemptions require this.
The right of access under the Freedom of Information Act (FOIA) and the Environmental Information Regulations extends to all recorded information held by the University, regardless of the format or storage medium.
This includes all forms of social media and all forms of communication. For example:
- Teams Chat
- recorded Teams calls
- recorded Teams meetings
- recorded Zoom meetings
- all emails
- written notes
This also includes University business (recorded information that relates to the business of the public authority) held on your own devices (such as laptops or phones).
Using corporate channels for University business
Where possible, you should use corporate channels for official business. However, there are occasions when this is not the case and where another person or organisation holds information on behalf of the University. This information is considered to be held by the University for the purposes of FOIA. ‘Information’ means information recorded in any form, as previously described.
University business, non-corporate channels and FOIA
Information Commissioner’s Office (ICO) guidance states that if official information (University business) is held on a non-corporate channel or location this means it will be considered as ‘information held on behalf of a public authority’. Non-corporate channels or locations include:
- private email accounts as well as your University email account
- private messaging accounts like WhatsApp, Signal or Telegram
- direct messages sent on apps and websites like Twitter or Facebook
- on private mobile devices
For example, official University business held in your private email account on your own device, as well as emails in your University email account on a University device, could potentially be disclosed in response to an information request.
Personal information, non-corporate channels and FOIA
However, personal emails such as those to friends or relatives, which are not work-related, would be exempt from disclosure, as they contain information relating to your private life.
You should not use personal email accounts for University business. Work-related emails in personal accounts are subject to disclosure under FOIA. Information that does not relate to the business of the public authority would not be subject to FOIA.
See the ICO guidance for further details.
Academic research and teaching material
This is quite a complex and contested area. As far as research is concerned, there are a number of exemptions which could potentially apply should a request be received. These include the exemptions in the Freedom of Information Act for:
- information accessible by other means, if the results of the research or the raw data behind it have been published.
- information intended to be published, if an intention to publish the research was formed before the request was received
- personal data information provided in confidence or commercially sensitive information, in respect of certain types of research data (information supplied by interviewees or survey respondents under an obligation of confidence)
- research/teaching materials whose disclosure would harm the commercial interests of the university or third parties.
Any information supplied in response to a Freedom of Information or Environmental Information request will continue to be subject to copyright protection.
This means that if academic research or teaching materials have to be released, the person who receives the information will not be able to re-use it without permission except in a very limited way, as permitted by copyright law.
'Confidential' has a particular narrow legal meaning, as far as the Freedom of Information Act is concerned. It means information provided to the university from an organisation or an individual outside the university which carries a common law duty of confidence, and whose disclosure in response to an information request would constitute an actionable breach of confidence (one for which the university would be sued).
Such information is exempt from disclosure under the Freedom of Information Act. However, this exemption does not apply to information created within the university, including information transferred from one part of the university to another, or to information which is merely sensitive.
Sensitive information may be subject to an exemption under the Freedom of Information Act or the Environmental Information Regulation, but it cannot be assumed that all internally generated information labelled as 'confidential' is exempt from disclosure.
The key point is that, regardless of how we classify it, information can only be withheld if a valid exemption applies under the Act or Regulations. For example "confidential" minutes may have to be released in response to a request if there is not a relevant exemption that would justify not providing the information to the applicant.
It should be noted that each request for information must be judged on its own merits (we cannot legally apply blanket exemptions to information).
'Commercial in confidence' information'
There is no blanket 'commercial in confidence' exemption in FOIA. Section 43 contains provisions to withhold information if its disclosure would or would be likely to harm the commercial interests of the university or other organisations we conduct business with. It can apply in the following circumstances:
- The information constitutes a genuine 'trade secret' such as a truly unique working method or intellectual property which is the source of competitive edge in the market place.
- The information would, or would be likely to prejudice the commercial interests of the university or third parties if disclosed.
In both cases, a tangible harm must be identified rather than mere speculation. Once the specified harm has been identified it is then necessary to conduct a public interest test to determine whether the public interest in disclosure outweighs the potential harm to commercial interests.
All our students are automatically members of the Students' Union. The Union has its own constitution and officers. We have certain responsibilities for the Students' Union under the Union's constitution and under the Education Act 1994. However, the Students' Union is a separate legal entity from the university.
This has implications for the position of the Students' Union in relation to the Freedom of Information Act.
- As an unincorporated association of members, the Students' Union is not a "public authority" in the sense of the Freedom of Information Act. This means that records of the Students' Union itself will not be covered by Freedom of Information, and cannot be requested under FOI. It is unlikely that the Union would be considered to be covered by the Environmental Information Regulations (the definition of a "public authority" in the Regulations is broader and vaguer than that in the Freedom of Information Act).
- Records which we hold about the Students' Union, including communications with the Union and information provided to us by the Students' Union, are covered by the Freedom of Information Act and the Environmental Information Regulations, and can be requested.
We will consult with the Students' Union in cases where a Freedom of Information or Environmental Information request may involve the disclosure of information which was provided to the university by the Union, or where the disclosure may affect the commercial interests of the Union. However, the ultimate legal responsibility for deciding whether or not to release the information rests with the university.
The Students' Union is also separately responsible for ensuring that it complies with the requirements of the Data Protection Act.
The Data Protection Act 2018 and General Data Protection Regulation (UK GDPR) regulates the way that the university collects, processes and disclosed information about living individuals. All enquiries relating to the Data Protection Act and UK GDPR (including Subject Access Requests) should be directed to the Data Protection Officers, email@example.com
Access to all types of information created and held within the university is governed by the Freedom of Information Act, 2000 (or Environmental Information Regulations for environmental information). All enquiries regarding access to information, other than personal information, should be directed to the Freedom of Information Officers, firstname.lastname@example.org
Sometimes requests for information may include the personal information of third parties such as staff or students. If this is the case please seek advice from the Freedom of Information Officers, email@example.com
Find information on the Data Protection Act, such as guidelines for staff and students as well as specific advice for staff working in different areas, in our Data Protection guide.
Good records management is important in order to comply with FOI requests because we need to know what we hold and where it is located.
The Records Management Service ensures that recorded information across the university is created, maintained and disposed of in the most effective way possible, in line with the university's records management policy
Meetings of university committees
Most of the university's statutory bodies and principal committees are included in the publication scheme. This generally means that details of membership, terms of reference, and minutes of meetings are published on our website as a matter of routine. Business items not suitable for routine publication are identified as such in the agenda.
Most committees at faculty or department level are not included in the publication scheme but if requested the information would have to be disclosed, subject to the exemptions outlined in the Act.
If you are responsible for servicing meetings of a formal committee it is useful to remember it may be necessary to make the information public at some point in the future. For more information see the Governance templates or email firstname.lastname@example.org.
Publishing information online
The purpose of the Act is to promote greater openness and accountability across the public sector. We make a vast amount of information available to the public via our website during the course of our normal business, but there may be some occasions when it is not appropriate to publish information to a worldwide audience.
If you have any queries about the types of information you publish online, please contact the Freedom of Information Officers.