Monday, November 18, 2024
Home > ICO > ICO takes action against two organisations for “risking public trust” by failing to respond to public requests for information

ICO takes action against two organisations for “risking public trust” by failing to respond to public requests for information

We have taken action against two trusted public services after investigations found they’d failed to meet basic information request requirements, as set out under the Freedom of Information Act 2000 (FOIA).

Both Devon and Cornwall Police and Barking, Havering and Redbridge Hospitals NHS Trust have been issued with enforcement notices for their ongoing FOI failings which have seen hundreds of information requests go without a response.

Our Head of FOI Complaints and Appeals, Phillip Angell, said:

“Everyone should have the ability to access public information. When this information is not received or is significantly delayed, it undermines people’s fundamental rights. This lack of transparency can also create unwanted barriers and risking public trust in the organisations we turn to at our most vulnerable.

“The public put trust in the NHS and Police when it comes to health and safety, so why, when those same organisations are asked to supply information, are they not met with the same trust?

“There are very clear legal requirements when it comes to FOI requests and therefore these failures have unfortunately resulted in regulatory action. These authorities must do better to clear their large FOI backlogs and put procedures in place to guarantee the timely response to all FOIs in the future and ensure that the public right to information is upheld.”

Action we’ve taken:

Devon and Cornwall Police

In 2023, as part of our routine work to monitor public authorities’ compliance with the legislation, the Information Commissioner found Devon and Cornwall Police to be performing poorly in terms of their obligation to provide responses to information requests.

It was revealed that between 2022 and 2024 the percentage of requests responded to within the statutory FOI timeframe of 20 working days was consistently low (between 39% and 65%). Their rate of response to internal review requests was also poor, averaging between 0% and 22%.

The Force had a backlog of older FOI requests which had increased from 77 in December 2023 to 251 in June 2024.

Our enforcement notice orders the Force to devise and publish an action plan in the next 30 days which must detail how they will comply with their duties to respond to information requests in a timely manner. The Force has been given six months to clear the existing backlog.

Barking, Havering and Redbridge Hospitals NHS Trust

The Commissioner first contacted this authority in June 2023 due to a number of complaints received about its late compliance with FOI requests.

It was revealed that, over 12 months, the Trust had only responded to 29% of requests during the statutory timeframe, with January 2024 seeing just 2.5% of requests responded to in a timely manner.

The Trust had a backlog of 589 requests in April 2024, which increased to 785 by June 2024.

Our enforcement notice provides the Trust with 35 days to devise and publish an action plan to clear this backlog by the end of the year.

What happens next?

An Enforcement Notice (EN) may be served where the Commissioner is satisfied that a public authority has failed to comply with any of the requirements of Part I of FOIA. If a public authority fails to comply with an EN the Commissioner may commence Court proceedings under section 54 of the Act, which may be dealt with as contempt of Court.

If you would like to make a complaint regarding an organisation and their FOI compliance, please do so here.


Notes to editors:

  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.  
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.   
  3. The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.   
  4. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.


 

Original Source