ICO Slams Government Departments Over FOI Failings

The Information Commissioner’s Office (ICO) has taken action against two government departments for “persistent” failures to respond to Freedom of Information (FOI) Act requests.

The Department for International Trade (DIT) was issued with an enforcement action notice while the Department for Business, Energy and Industrial Strategy (BEIS) was handed a practice recommendation after they failed to respond to FOI requests in time.

From January to March 2022, the DIT issued late responses to over 50% of requests, a breach of sections 1 and 10 of the law and the worst response figures of any central government department, according to official statistics.

Response times declined last year despite there being no increase in the number of FOI requests or noted resource problems at the DIT. Internal process failings were to blame, the ICO said.

Under the terms of the enforcement notice, the department must now respond to any outstanding requests older than 20 working days, within 35 calendar days of the enforcement notice. It is also required to create and publish an action plan formalizing measures to mitigate any future delays.

If it does not comply, the DIT could be found in contempt of court.

BEIS also failed to reply to many FOI requests within the statutory time limit, although it has experienced a 55% surge in requests since 2020.

While its failings were also down largely to poor internal processes, the department’s response was more proactive than DIT’s. It engaged “positively” with the ICO and shared information on the steps it was taking to improve performance.

For this reason, the regulator only handed it a practice recommendation.

Although the recommendation is not enforceable itself, failure to improve performance in the coming months could lead to an enforcement notice being issued.

This is the first time in seven years the ICO has been forced to issue an FOI enforcement notice and marks the start of a more proactive regulatory regime, recently appointed information commissioner John Edwards said.

“Accountability and transparency in the work of public authorities is fundamental to democracy and it is the ICO’s role to ensure that people’s right to access information is protected,” he added.

“I advise public authorities to take note and learn lessons from the action we have taken today, as we will be making greater use of our powers under the act to drive good practice and compliance.”

The UK’s privacy and data protection regulator is better known for enforcing the GDPR/Data Protection Act 2018 and nuisance marketing regulations.

What’s Hot on Infosecurity Magazine?