We use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy. Learn more here.Close Me
It's been a busy few weeks for the Scottish Information
Commissioner (SIC), who has released seven decisions in relation to
applications made under the Freedom of Information (Scotland) Act
2002 (FOISA) and the Environmental Information (Scotland)
Regulations 2004 (EIR). Whilst the decisions relate to well trodden
areas of FOISA they do once again provide some useful guidance for
organisations on how to manage requests they receive.
1. Carry out robust searches and keep a record of your
searches!
Mr N and the SPS (Decision Notice 125/2012 issued 30th July
2012) showed how important it is that organisations carry out
robust searches for information in preparing their response to an
FOISA request. SPS performed searches of their electronic records
and resource library, and spoke with employees and other local
establishments in their search for information. Organisations
facing an FOISA request would be wise to follow a similar
procedure, keeping records of all the searches carried out. Such
records will prove useful should an appeal be made to the SIC.
2. Have a procedure in place for dealing with FOI/EIR
requests
The embarrassing length of time it is taking Scottish Ministers
to respond to Mr Severin Carrell's request (Decision Note
126/2012 issued 31 July 2012) serves as a reminder to
organisations that although sending apologies to requestors may be
polite and help with short delays, it serves as no defence for a
failure to adhere to the time limits set under FOISA and EIR, when
investigated by the SIC. Make sure your organisation has a clear
policy in place on responding to such requests so that they are
dealt with effectively and on time!
3. Take care in your review of vexatious requests
Whether a request is vexatious must be considered on a case by
case basis, as made clear by the SIC. Generally requests are
considered vexatious where they impose a significant burden on the
authority, have the effect of harassing the authority, have no
serious purpose or value, are intended to cause disruption to the
authority or are unreasonable/ disproportionate. However, the SIC
has acknowledged that this list is not exhaustive.
Large organisations can also take a breath as the SIC has noted
that simply because an organisation has sufficient resources does
not alone mean that a request is valid. Consideration must be paid
as to whether it is a reasonable/ proportionate use of those
resources.
Organisations should be clear in their reasons when deciding
that a request is vexatious and should be prepared to provide
evidence to the SIC.
4. Considering disclosing personal information? Beware of the
balancing act!
The Highland Council and Strathclyde Police both rejected
requests on the basis that information requested was personal, and
was therefore exempt from disclosure under section 38 FOISA.
The SIC reviewed whether the information was intended for
legitimate interests and so could be disclosed under Schedule 2
Condition 6 Data Protection Act 1998. There is no presumption in
favour of releasing personal information and so a balancing act is
required, weighing up the legitimate interests of the requestor
against those of the data subject(s). Organisations should take
extra care weighing up these interests and should first consider
whether the aim of the requestor can be achieved in a manner less
intrusive upon the privacy of the data subject.
The material contained in this article is of the nature of
general comment only and does not give advice on any particular
matter. Recipients should not act on the basis of the information
in this e-update without taking appropriate professional advice
upon their own particular circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
A US district court in New York has recently ruled that ReDigi, the operator of an online marketplace for pre-owned music downloads, is liable for copyright infringement.
In a decision earlier this month, a US district court in New York has ruled that ReDigi, the operator of an online marketplace for pre-owned music downloads, is liable for copyright infringement.
A number of publications including the Financial Times, have described how US lobbyists, many working for large technology companies such as Facebook and Google, have been seeking to curb the territorial extent of the proposed EU data protection reforms.
The European Data Protection Supervisor (EDPS) is an independent supervisory authority appointed by a joint decision of the European Parliament and the Council for a term of five years.
The Commons Justice Select Committee's recent report on the work of the Information Commissioner's Office (ICO) is a mixed bag when it comes to assessing the performance and future of the ICO.
Further to our article in last month’s newsletter on the EU data protection reforms, the ICO has published an indicative timeline setting out significant milestones in the reform process.
The English Court of Appeal has recently confirmed the commercial and legal importance of database rights and, in particular, their relevance to the sports industry.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
