JISC

The Freedom of Information Act 2000 (FOIA) came fully into force on 1 January 2005. Many institutions devoted considerable time and resources in the months’ leading up to this deadline preparing their staff for the requirements of the Act and in particular focusing on the systems and processes required to handle the requests for information they would receive under the new legislation.

Now that the 1 January deadline has passed, institutions should take the opportunity to assess how the reality of living with the Act matches expectation and if and where further changes or improvements should be made to ensure compliance. Conducting such a ‘health check’ process may also help limit the risk of institutions’ assuming continued compliance is guaranteed now that the initial target has been met whilst failing to address some of the more background, yet fundamental aspects of the Act.

Conducting a compliance health check

Prior to January 2005 institutions had no choice but to introduce new procedures to deal with the impact of the FOIA based on projected forecasts rather than objective fact. Now the Act has been in place for some months institutions should have amassed some accurate data against which to check the efficiency and suitability of the systems they have introduced.

Analysis of the Freedom of Information request logs that public authorities have been encouraged to maintain should give a precise picture of exactly how many requests the institution is receiving on a weekly and/or monthly basis, the kind of information being requested and the amount of time it is taking to answer them. Such data will prove invaluable for assessing whether the measures established prior to January are proportionate and sufficient to provide an effective and cost-efficient service. Interviews with those involved in the process and who have helped answer requests to date may also help uncover areas where improvements could be made or lessons learnt for the future. 'FOI will not enjoy this high level of visibility for long as the initial prominence it enjoyed inevitably wanes as other priorities and deadlines take its place.'

A review of the institution’s experience to date may help bring to light gaps in current systems which can be addressed and rectified before they cause further problems; for example, if a request had not been addressed for some days because the recipient had not used an ‘out of office’ email assistant to field requests in their absence, or if the institution currently lacks clear procedures for tracking the progress of ‘live’ requests.

Embedding good practice

Preparing for the January 2005 deadline meant that Freedom of Information was a high-profile topic towards the end of 2004. Many institutions rightly undertook a range of measures to help raise awareness of the issues with their staff including briefing sessions, training events and the provision of written guidance material. FOI will not enjoy this high level of visibility for long as the initial prominence it enjoyed inevitably wanes as other priorities and deadlines take its place.

However, even though the publicity surrounding its implementation and first few requests may have died down this does not mean that institutions can afford to assume that the issue has gone away. FOI is here to stay, so 1 January 2005 should mark the beginning, not the end of the process of change required. What institutions must now do is to move away from the situation where compliance issues are seen as ‘special cases’ deserving unusual levels of attention towards one where the core concepts and lessons of FOI compliance are fully integrated into the normal day-to-day practice of the institution and its staff. This is not a process which can be achieved overnight and may take several months, even years to achieve but does represent the best route for achieving a natural state of compliance within the institution.

Tips for embedding Freedom of Information good practice:

• Use different methods to keep the message fresh over the coming months – a poster may attract attention for a couple of weeks but soon fades into the background
• Include FOI training as part of new staff induction sessions – new starters will then assume that this is the norm
• Don’t necessarily use FOI as the main driver for all the changes being introduced. People may become tired of hearing about it and question what is in it for them. Improvements to email management for example can be sold on its own merits as a way of helping staff whilst still helping the institution to meet its compliance obligations
• Make sure FOI issues are considered when scoping the user requirements of new systems or when new procedures are introduced. For example, by designing a template for minutes of meetings which separates open and closed business when a new committee is formed

Focus on information creation and management

In the lead up to January 2005 the focus of most attention was on the mechanisms by which institutions would receive, process and respond to the requests for information they received. The handling of requests represents the most visible test of an institution’s compliance with the Act, making such focus a sensible course of action. However, all public authorities must be careful to also ensure that they take the relevant steps required to manage successfully all phases of the life cycle of the information which may be requested: from creation through active use to final disposition.

That one of the two Codes of Practice issued by the Lord Chancellor’s Department (now the Department for Constitutional Affairs) relates to such matters indicates the seriousness with which the government views records and information management as a crucial element of the overall compliance framework. In particular, institutions should be assessing whether:

• There is a records management policy in place and followed
• Thought is given to the design of documents to aid identification and management
• There are agreed procedures for stating how long records should be kept and for managing their destruction
• There are tools in place to enable the swift and efficient search and retrieval of information from across the entire institution

Achieving such a programme of measures may appear to be a daunting prospect, but will have many advantages to the institution above and beyond legal compliance. JISC and others have also produced a good deal of advice and guidance in this area to help.

Further information and resources

• Records Management infoKit (a web-based introduction to the main aspects of records management produced by the JISC infoNet service)
  The Revised Study of the Records Lifecycle, including both a Function and Activity Model and a records retention Schedule (a JISC initiative which provides a breakdown of the retention periods required for the types of records produced by an average Higher Education Institution. An FE version of the Study is currently under production).
• JISCmail lists  Freedom of Information Act and Records Management UK 

Email this page Bookmark & share this page