We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - Advice and guidance

FOI/EIR: Section 60 code of practice

Published
25 March 2026
From
Minister for Parliamentary Business and Veterans, +1 more … Director of Communications and Ministerial Support
Directorate
Communications and Ministerial Support Directorate
Topic
Communities and third sector, Constitution and democracy, Equality and rights, +1 more … Public sector
ISBN
9781807750756

Best practice guidance for public authorities on discharging their functions under the Freedom of Information (Scotland) Act 2002 and Environmental Information (Scotland) Regulations 2004.

View supporting documents Supporting documents

Part 2 - Recomended Best Practice

1. Responsibility for FOI within an authority

1.1 Organisational responsibility

1.1.1 FOI should be recognised as a specific statutory corporate function within an authority. As such, it should receive the necessary levels of organisational support at both strategic and operational levels as well as sufficient resource to ensure compliance with Scotland’s access to information regimes.

1.1.2 It is good practice for authorities to have an overarching FOI policy statement. This policy statement should be published online (in accordance with the publication scheme duty). The policy should clearly define roles and responsibilities, and provide a framework to ensure that the most effective procedures and practices are established to handle requests for information. The policy should identify a person at senior level who has overall strategic responsibility for FOI and should be subject to periodic review.

1.1.3 The policy statement should provide, at an operational and senior level, for the monitoring of compliance with the regimes and relevant codes of practice. It should be endorsed by senior management, for example at board level, and should be readily available to staff at all levels.

1.1.4 Public authorities must have appropriate policies, procedures, systems, training arrangements and resources in place to support and deliver FOI duties. Authorities should review their FOI procedures and practices regularly to ensure arrangements continue to meet both statutory obligations and best practice.

1.1.5 Authorities must ensure that they have robust, proportionate systems to allow them to log, track and monitor the requests for information they receive.

1.1.6 Authorities should also review and report on their FOI performance data regularly. Reporting should identify any issues with the handling of requests (e.g. meeting the statutory timescales) or identifying areas of work and/or types of information which are frequently the subject of requests. It will be good practice to report FOI performance data at senior management level on a regular basis.

1.2 Roles and responsibilities

1.2.1 Meeting the requirements of the legislation and bringing about a culture of openness depends significantly on leadership from the top. Visible and positive support for FOI at a senior level is a key element in ensuring effective compliance across an organisation, while also minimising the risks (reputational and otherwise) associated with poor FOI performance. Authorities should ensure there is a clearly established responsibility at a senior level within the organisation for overseeing compliance with the regimes and creating a culture supportive of the public’s right to know.

1.2.2 It is good practice to have a designated, executive-level, senior member of staff with lead responsibility for FOI within each authority. This lead role should be acknowledged formally within the organisation and reflected in its policies and procedures. Overall responsibility for the effective implementation of FOI should lie with this senior member of staff.

1.2.3 The senior member of staff should have oversight of and be accountable for the authority’s performance in relation to all the statutory duties imposed by FOI (i.e. including the duty to publish information and provide advice and assistance to requesters). All staff should be aware of who has the lead management role for FOI.

1.2.4 The senior member of staff should ensure that appropriate procedures and practices are established and embedded within the organisation to make sure staff are adequately trained and fully supported at all levels in carrying out their FOI duties.

1.2.5 It will also be good practice for public authorities to have a designated member of staff with responsibility for the day-to-day management and implementation of FOI. For some organisations this may be a stand alone role. In other smaller organisations these functions might be combined with other responsibilities.

1.2.6 The staff member with day-to-day responsibility for FOI should lead on matters such as:

  • Ensuring day-to-day compliance with statutory responsibilities under FOI law
  • Delegating responsibility under FOI policies, where appropriate
  • Advising colleagues on FOI compliance
  • Monitoring compliance with organisational FOI policies
  • Raising awareness of FOI and related policies
  • Training staff on FOI and related matters
  • Acting as the day-to-day contact point for the Commissioner
  • Supporting the authority’s compliance with the publication duties under FOI and the EIRs.
  • Conducting assessments and audits
  • Reporting to senior management on FOI practice and performance.

1.2.7 There must be suitable arrangements in place to support staff with day-to-day responsibility for FOI e.g. an escalation process that provides staff with a formal route to report issues to senior staff for example where it is likely that a response will be delayed beyond the statutory timescale for compliance.

1.2.8 Any staff with responsibility for responding to FOI requests, proactively publishing information and advising and assisting those seeking information should have the appropriate skills, knowledge and appropriate levels of authority to perform them.

1.2.9 Authorities must ensure, as a minimum, that all staff:

  • can recognise a request that has been made to them; and
  • are aware of any procedures for forwarding requests or enquiries to staff who are able to answer them.
  • Are aware of their duty to advise and assist people seeking access to information.
  • Understand the requirement to undertake appropriate searches when asked to support an FOI response, including, where relevant, searches of digital systems, non-digital systems and portable devices.

1.2.10 In addition, authorities must ensure that all staff in contact with the public can explain to requesters how to make a request to the authority. Many requesters may be unaware of their rights or unfamiliar with the legislation and staff should be prepared to explain the key provisions of the regimes to potential requesters.

1.3 Training arrangements

1.3.1 Authorities should provide training to ensure that all staff have a basic knowledge of FOI, and are clear about their own personal responsibility should they receive an information request or be approached by a member of the public wishing to make one. They should also understand the importance of providing timely assistance to colleagues who may be leading on the response to a request.

1.3.2 Staff with responsibility for handling and issuing responses to requests for information must have undertaken appropriate training to ensure that responses meet statutory requirements and this code of practice. Authorities should also ensure that suitable training is provided to staff with responsibility for providing cover during periods of staff absence and/or increased FOI workloads.

1.3.3 Training for all staff should include training on the duty to advise and assist requesters.

1.3.4 Relevant staff should be trained on proactive publication requirements, and should be mindful of, and proactive in, opportunities to publish further information in the public interest.

1.3.5 Authorities should also provide specific training for staff with responsibility for conducting reviews.

1.3.6 The appropriate approach to training within any authority should be proportionate to the authority’s needs, but should always be sufficient to ensure staff members are fully equipped to discharge their statutory obligations.

1.3.7 Authorities should establish procedures to ensure that training is refreshed on a regular basis. Arrangements should also be flexible, allowing the authority to conduct ad-hoc training activity when necessary.

1.4 Staff contingency and cover

1.4.1 Authorities should have in place robust arrangements to ensure that staff absence (whether planned or un-planned), does not affect the authority’s ability to respond to requests for information, and requests for review, within statutory timescales or to adhere to proactive publication duties.

1.4.2 Where practicable, authorities should have a dedicated FOI or general enquiry email inbox for information requests to be sent to. Even so, it is good practice to have in place arrangements to ensure any requests that have been sent directly to individuals are captured (as these would still constitute valid requests to be answered within 20 working days of the email arriving in the inbox).

2. Recording and reporting statistics

2.1 What should be monitored?

2.1.1 It is for each public authority to determine what information can most usefully be recorded under its administrative procedures, while satisfying itself that it is complying with the law (and is able to demonstrate this). Authorities must ensure that their systems provide adequate statistical information to monitor performance effectively.

2.1.2 Monitoring activities should be proportionate to the volume of requests handled by an authority and aligned to its performance monitoring arrangements, but should include collecting information about:

  • the number of requests/requests for review received and whether they fall within FOISA or the EIRs;
  • the proportion of requests answered within statutory timescales (there may also be value in monitoring the length of time it takes to respond to overdue requests);
  • the number of requests that have been refused and the reasons for the refusal;
  • the number of times a fee has been charged;
  • the outcome of reviews including the number of times an initial decision has been upheld, partially upheld or overturned, or where there has been a failure to respond on time to the original request; and
  • the number of cases that are appealed to the Commissioner and the outcome of such appeals;
  • The Scottish Information Commissioner asks that the public bodies covered by FOI provide a statistical return to his office on a quarterly basis, with the data requested informed by the monitoring recommendations in this code. Authorities should, therefore, ensure that as a minimum the monitoring data collected enables them to effectively respond to this request.

2.1.3 It is best practice for authorities to proactively publish and update their own FOI monitoring data online as well as supplying such data to the Commissioner when requested to do so as part of the Commissioner’s routine monitoring of FOI performance. Authorities may also wish to supplement such published information by signposting to cross-sectoral FOI performance information published by the Commissioner.

2.1.4 Reporting may also highlight internally any measures which have led to the proactive publication of new information by the authority. It may also contribute to on the authority’s consideration of current or forthcoming areas where the proactive publication of information in the public interest would be appropriate. This may, for example, include recommendations on the publication of information relating to forthcoming activities or projects which are likely to be of significant public interest to service-users and other stakeholders.

2.1.5 Internally, authorities should review and report on their FOI performance data regularly. Performance data should be reported to senior management on a regular basis. Reporting should identify any issues with the handling of requests e.g. meeting the statutory timescales.

3. Proactive publication

3.1 Model Publication Scheme (MPS)

3.1.1 All Scottish public authorities should regard it as a key aspect of their role to make available to people information about their work. This is essential to building trust in public services in Scotland. Public awareness research carried out by the Commissioner consistently shows that members of the public value the proactive publication of information and are more likely to trust organisations which actively make information available about their work.

3.1.2 The Commissioner’s MPS should serve as a starting point for authorities’ efforts to publish and disseminate information about their work, rather than as an end point. However, it is good practice to follow the Commissioner’s recommendation that an authority adopts a MPS and creates its own guide to the information it makes available under the MPS, which forms part of its overall compliance with the publication scheme duty.

3.2 Types of information that should be published

3.2.1 As a minimum, to meet the requirements of section 23 of FOISA, authorities should publish information about:

  • their functions, how they operate (including their decision-making processes), and their performance; and
  • their finances, including funding allocation, procurement and the awarding of contracts. Authorities should also give due consideration to ensuring that the information they publish is findable, accessible and understandable to service users.

3.2.2 However, authorities are free to go further than the minimum requirements and can publish as much information, of whatever type, they consider helpful to the public. Authorities should consider widely how they can use proactive publication effectively in the public interest to enable scrutiny and provide insight into the work of the authority.

3.3 Publication schemes should be kept up to date

3.3.1 Authorities must ensure that they are meeting the commitments made in their scheme, and that the content of their publication scheme remains up to date, with new information being added as necessary.

3.3.2 It is good practice for an authority to also consider regularly what other information is likely to be of interest to the public and could be published proactively, e.g.:

  • information which is regularly the subject of information requests;
  • information relating to forthcoming/recent decisions or announcements;
  • information about current issues which are attracting, or are likely to attract, significant public interest or media coverage; and
  • information disclosed in response to requests (i.e. disclosure log)

3.3.3 Authorities must notify the Commissioner if they are considering removing information from their schemes, or making changes to their charging regime, as this may affect their compliance with an approved publication scheme.

3.4 Advising third parties about publishing information

3.4.1 Where a third party is the subject of information which an authority intends to publish, it is good practice to notify them prior to publication, and inform them when it is published. For example, where authorities routinely publish information relating to procurement exercises, the contractors bidding in a tendering exercise should be made aware at the time of bidding that the information they provide may be made public.

3.5 Publication of environmental information

3.5.1 There is no requirement in the EIRs to produce a publication scheme or its equivalent, but there is a requirement to publish a schedule of charges. However, section 23 of FOISA makes no distinction between environmental and non-environmental information in publication schemes, and so environmental information should feature in the content of publication schemes. Regulation 4 of the EIRs sets out a wide range of environmental information which authorities should actively disseminate to the public, including through proactive publication. Relevant information should generally be signposted and accessible through a public authority’s Guide to Information.

3.6 Relevant private bodies should ensure that appropriate steps are taken to meet the requirements of regulation 4 of the EIRs

3.6.1 The EIRs also apply to other bodies which are not designated under FOISA, including some private sector organisations. For example, those under the control of a public authority and having public responsibilities, functions, or providing services in relation to the environment. As they are covered only by the EIRs, these other bodies are not under the FOISA duty to adopt and maintain publication schemes, but must comply with the requirements of regulation 4 of the EIRs to actively disseminate environmental information.

3.7 Information should be accessible to all and simple to find

3.7.1 Published information should be found readily by the public e.g. on websites, by enabling search functions and/or having an alphabetical directory and/or site map. Information should not be "buried" on a site.

3.7.2 Authorities should ensure that information is also available to people who cannot access the internet. This may be achieved by offering to print out information from the website on request or making it available in another alternative format, where appropriate.

4. Receiving a request for information

4.1 Guidance for the public

4.1.1 It is good practice for authorities to provide guidance for the public which explains how to make a valid information request, and the procedure the authority will follow once a request has been received. In line with the duty under FOI and the EIRs to advise and assist requesters, it will be good practice for guidance to be presented in a clear, and accessible way, in order to support requesters to understand and exercise their rights under FOI law. For guidance provided online, the guidance should be findable and accessible from a public authority’s homepage, either through a direct link, or through a clear and intuitive pathway.

4.1.2 Guidance for the public should include:

  • an address (including an email address and any other appropriate method of contact) to which requesters may direct their requests for information or ask for assistance;
  • where possible, the telephone number of someone who can provide advice and assistance
  • procedures, and information about the authority’s charging regime;
  • a link to the Commissioner’s guidance for requesters.[16]

4.1.3 The guidance for the public should be referred to in an authority’s Guide to Information produced under the Publication Scheme duty.

4.1.4 An authority may designate a central contact point for requesters to make requests for information but must recognise that a request received by any individual staff member is, in terms of the legislation, received by the authority.

4.2 Valid and invalid requests

4.2.1 Authorities’ FOI procedures should include steps to establish the validity of each request.[17]

4.2.2 Where an authority rejects a request on the basis that it is invalid, it must still advise the requester of the right to request a review of the authority’s decision and, if the requester remains dissatisfied, the right to make an appeal to the Commissioner for a decision on the handling of their request. Under the duty to advise and assist requesters, authorities should also provide advice and guidance, where appropriate, on how a valid request may be made to the authority.

4.3 Validity of requests submitted through social media

4.3.1 Authorities with official accounts or pages on social networking websites (e.g. Facebook, X, LinkedIn and Instagram), websites for the publishing of media (e.g. Flickr and YouTube), or blogging sites (e.g. Blogger or Wordpress) must be alert to the possibility of receiving valid requests for information through these channels, rather than through email. If an authority chooses to have an official presence on such a network or website, it has a responsibility to ensure that any potential requests submitted via those sites are considered.

4.3.2 If an authority has an account on a social media site, it is good practice to ensure that the site/account is monitored on a daily basis for information requests. Alternatively, where available, notification emails should be enabled, with the emails sent to a regularly monitored mailbox. For example, within the settings of many social media platforms, email notifications can be activated for whenever the account is mentioned in a post.

4.3.3 As the Commissioner’s guidance to requesters[18] notes, valid requests can be made through social media. However, in order to be valid, they must include the requester’s full name or an initial/title and surname (unless the request is for environmental information) (see 4.7), a means of responding to the requester in writing and a description of the information they seek (see 5.3). If a request submitted by social media does not specify the name of the requester, public authorities should, in line with their duty to provide advice and assistance, advise the requester on how to make the request valid.

4.4 Requests constructed with the use of artificial intelligence (AI)

4.4.1 Requesters are entitled to use artificial intelligence (AI) tools to assist them in the construction or issuance of information requests. The suspected or confirmed use of AI tools does not in itself create any ground for refusing a request.

4.4.2 However, it is recognised that AI tools can be misused by a minority of requesters in order to engage in behaviour that might be considered vexatious in terms of the provisions of section 14(1) of FOISA e.g. to make requests or reviews (by virtue of section 21(8)(a)) intended to cause significant disruption to the work of an authority or which otherwise represent an unreasonable or disruptive approach to the seeking of information.

4.4.3 The provisions of section 14(1) of FOISA in relation to vexatious requests should not be used lightly. However, where an authority has good grounds to consider that AI tools are being used to facilitate unreasonable behaviour by a requester, their use may be considered to protect the resources of the authority.

4.5 Validity of telephone, videocall, in person and audio-recorded requests

4.5.1 There are some differences between FOISA and EIRs in relation to the form a valid request for information must take. Section 8 of FOISA specifically sets out that for a request for to be valid it must be made in writing or some other form capable of being used for subsequent reference. The EIRs contain no such stipulation. This means that a purely verbal request for environmental information does create a statutory obligation on an authority, whilst a similar verbal request for other types information does not directly create a similar obligation.

4.5.2 However, the practical differences between the two regimes in this regard should not be over emphasised. Under both regimes the duty to advise and assist requesters requires authorities to provide reasonable assistance to any person seeking to make a request. Such assistance should consider the needs of requesters. Whilst encouraging requesters to make requests in writing where possible should be the norm authorities should be aware that this may be more difficult for some individuals than for others. Language abilities and barriers, disability, economic disadvantage and digital connectedness are all factors which may affect how easy it would be for an individual to make their request in writing.

4.5.3 Where a member of the public requires assistance with formulating or communicating a request, one approach to providing advice and assistance would be to signpost them to others in the community who may be able to assist e.g. their elected representatives, advocacy or advice charities or family, friends etc. However, in some circumstances it may be appropriate for a member of authority staff to offer to take a note of the request over the telephone/videocall or in person. For requests under FOISA this must include both a record of the requester’s name and an address for correspondence. Whilst these are not statutory requirements in the case of requests for environmental information, plainly some means of re-contacting the requester will be essential in order to respond to their request.

4.5.4 When making a written note of a request communicated verbally, the member of authority staff should be understood as acting on behalf of the requester, by putting their request in written form to allow it to be taken forward. This should only be done with the explicit agreement of the requester. If adopting such an approach, the authority must immediately share the terms of the request as recorded with the requester, and obtain confirmation from them that they do indeed wish to proceed with a request in the terms recorded. Where consistent with the communication needs of the requester such confirmation should be sought and received in writing, and in all cases a written record of the confirmation should be retained by the authority. This will help to ensure the validity of the request and mitigate any risk of future dispute between the requester and the authority regarding its terms. As with all requests, it is good practice also to issue the requester with a written acknowledgement of their request (see para 4.10.1).

4.5.5 Where an authority receives a request for information which has been recorded as an audio file (e.g. in a voicemail message) the authority should make every effort to respond to the request and to ensure the terms of the request remain reliably recorded on its systems for future reference.

4.5.6 Whether a voice-mail request should be considered as valid under FOISA may depend on the capabilities of the voice-mail system used by the authority receiving the request. If the system allows for voice-mail records to be permanently stored and subsequently referred to and the requester includes a name and address (which may be an electronic or postal address) for correspondence, then the request should be considered as valid. However, if the system does not have this functionality (e.g. the system automatically deletes records after a period of time and there is no facility for the authority to transfer them onto other systems for storage), then the request should not generally be considered to be valid. Whilst under FOISA such requests will only be valid where they state the name and contact address of the requester, authorities should note their duty to provide requesters with advice and assistance and in cases where such details are not included should try to contact the requester to advise them on how to re-submit their request in writing, or in another recordable format.

4.5.7 If, on the other hand, a request has been made by voicemail for environmental information, the request is valid regardless of whether the voicemail can be permanently stored or not. This is because the EIRs allow for requests to be made verbally in an unrecorded state.

4.6 Requests included in other communications

4.6.1 Staff should be aware that valid requests for information under FOI may be contained within other correspondence e.g. where a request for information is made within a complaint letter or correspondence on a range of matters. Staff should therefore be alert to the identification of requests in written correspondence (or EIR requests in relation to verbal communications), and take appropriate action to ensure requests are processed promptly under the correct regime.

4.7 Provision of a requester’s full name and pseudonyms

4.7.1 Under FOISA, an information request must include the requester’s full name or an initial/title and surname. Using first or given names alone will not be sufficient, even if the requester is known to the member of staff dealing with the request. The use of a surname plus a title (e.g. Mrs Jamieson) will generally be sufficient. There should be a presumption that any full name provided is genuine, unless there is a clear and demonstrable reason to believe otherwise.

4.7.2 Where a requester has not given a sufficient name, or where an authority is satisfied that a requester has used a pseudonym, the request will not be valid. In such cases, the authority should advise the requester that if they give their full name or made a request in their own name the authority would be able to respond to the request in accordance with FOISA. The authority should explain that the Commissioner would not be able to accept any appeal arising from a request if a pseudonym or insufficient name had been used by the requester. Where appropriate, the authority may wish to refer the requester to the Commissioner for further information and advice.

4.8 Identification of the requester

4.8.1 Authorities should generally take a ‘requester-blind’ approach to the handling of requests, meaning that the identity of the requester should generally have no bearing in an authority’s consideration, unless it is materially relevant to the handling of the request. A requester’s identity may be materially relevant, for example, in circumstances where:

  • The request may be seeking access to the requester’s own personal information (which is exempt under section 38(1)(a) of FOISA and regulation 11(1) of the EIRs)).
  • The authority is considering whether the information requested is ‘otherwise accessible’ to the requester in terms of section 25(1) of FOISA.
  • The authority is considering whether the past actions of a requester are relevant to whether a current request is vexatious or repeated (section 14 of FOISA) or manifestly unreasonable (regulation 10(4)(b) of the EIRs).

4.8.2 Authorities may wish to consider putting in place procedures which minimize any unnecessary internal dissemination of requesters’ identities e.g. when commissioning colleagues within their organisation to undertake search activity. This may help reduce any risk of bias in request handling as well as any unnecessary processing of requesters’ personal data (see also section 7.6 – Protecting the personal data of the requester).

4.9 Requests on behalf of other people

4.9.1 Information requests can be made by a third party on behalf of a requester. The request must contain the name of the person on whose behalf the request is being made, often referred to as the “true requester”. If a request appears to have been made on behalf of an unnamed person, the authority should contact the requester to provide helpful advice and assistance on what needs to be done in order for a valid request to be made.

4.10 Authorities should communicate with the requester about the progress of a request

4.10.1 It is good practice to acknowledge receipt of the request, explaining who will be handling it and when a response will be provided.

4.10.2 FOI law requires that all requests are responded to promptly, and within the statutory response timescales. Delays, should, therefore be avoided in all circumstances. Where, however, a delay does occur, an apology should be provided. If there is likely to be any delay to responding to the request an apology should be provided to the requester together with an estimated response date. Authorities should note that, even if they apologise, the deadlines under both regimes are absolute and failure to comply is a breach of the legislation and the statutory requirement to provide a substantive response will remain until such time as a response is given. The requester will still have the right to seek a review of the failure to give a substantive response within 20 working days.

4.11 Extending the period of compliance under the EIRs

4.11.1 Where an authority seeks to extend the time it takes to respond to a request for environmental information under the EIRs due to the volume and complexity of the requested information,[19] it must inform the requester as soon as possible but in any event within the original 20 working day deadline, explaining its reasons for extending the deadline. Such extension to the statutory deadline can only be made where the information requested is both voluminous and complex in nature, making it impractical to respond within the original 20 working day deadline.

4.11.2 The requester should also be informed of their statutory rights (including the right to appeal to the Commissioner) as they may wish to request a review of the authority’s decision to seek an extension before the extended period expires.

5. Providing advice and assistance to requesters, seeking clarification of requests, charging a fee

5.1 Authorities should offer advice and assistance at all stages of a request

5.1.1 Authorities have a duty to provide advice and assistance at all stages of a request. It can be given either before a request is made, or to clarify what information a requester wants after a request has been made, whilst the authority is handling the request, or after it has responded. It will be good practice for authorities to provide clear and helpful advice and guidance on making a request on their website, to support potential requesters to understand and use their FOI rights effectively. Providing clear and helpful guidance to requesters up-front may also reduce the need for direct advice to be provided at a later point in the process.

5.2 Requests for documents or copies of documents

5.2.1 FOISA provides a right of access to information and not a right of access to copies of specific documents. However, authorities should not refuse requests for copies of documents (e.g. a report, a minute or a contract) as long as it is reasonably clear from the request that it is the information recorded in the document that the requester wants.

5.3 Authorities must provide appropriate advice and assistance to enable requesters to describe clearly the information they require

5.3.1 This will be particularly important where a requester has made a request which is invalid, for example by failing to clearly describe the information sought, or where they have requested documents but it is still not reasonably clear what information they require. The authority must provide appropriate advice and assistance to enable a requester to make their request in a way which will describe the information they want reasonably clearly. The authority should remember that requesters cannot reasonably be expected to always possess identifiers such as file reference numbers or the description of a particular record. Requesters should not be expected to always have the technical knowledge or terminology to identify the information they seek.

5.3.2 Authorities should seek to ensure that any advice provided is presented in a clear and helpful way, to assist requesters to exercise their rights. This may involve adjusting the language used to meet the needs and expectations of the requester. It will, for example, generally be appropriate for authorities to avoid technical terms or overly legalistic language to ensure the requester can clearly understand the response provided.

5.3.3 The extent to which an authority is required to provide such advice and assistance will depend on the particular circumstances of the requester.[20] For example, although both FOISA and the EIRs are generally “requester blind”, there will be cases where it will be evident that the request is made by people who might be expected to describe precisely what it is that they wish to receive (for example a solicitor making a request on behalf of a client). There will also be cases where requests are made by individuals who cannot be expected to express themselves with such precision and who need more support. Authorities should also have regard to their duties under the Equality Act 2010 in ensuring accessibility for all (see also guidance in section 4.4 on validity of telephone, videocall, in person and audio recorded requests).

5.3.4 The aim of providing advice and assistance is to give the requester an opportunity to discuss their request with the authority, with the aim of helping the requester describe the information being sought reasonably clearly, so that the authority is able to identify and locate it. Requesters should not be given the impression that they are obliged to disclose the intent behind their request or that they will be treated differently if they do so. The provision of focused advice and assistance can be particularly important when refusing a request on cost grounds – see section 9.5 below.

5.4 Seeking reasonable clarification from requesters

5.4.1 An authority should only formally seek clarification from a requester where this is required to enable the authority to identify and locate the information being requested. This is an exercise of the provisions of section 1(3) of FOISA or regulation 9 of the EIRs. The process of seeking such clarification from a requester can affect the statutory timescale within which the requester is entitled to receive a response from the authority, so should only be undertaken where necessary to permit the progression of the request.

5.4.2 This does not negate the possibility that other less formal engagement with the requester may be helpful in ensuring the effective handling of a request. For example, it may be helpful to discuss with a requester whether they would be willing to narrow the scope of a request, where the authority considers that the requester may have asked for a wider set of information than they had intended. However, whilst this type of engagement with the requester does represent good practice it has no bearing on the statutory timescale within which the authority is required to respond.

5.4.3 Before deciding to seek clarification from a requester, authorities would be well advised to consult internally to review their own understanding of a request, in order avoid any unnecessary request for clarification being made. If an authority is unclear about what information the requester wants, it should obtain clarification, being mindful of its duty to provide reasonable advice and assistance to the requester as it does so. Where a request is not reasonably clear, advice and assistance could include:

  • providing an outline of the different kinds of information which might meet the terms of the request;
  • providing access to detailed catalogues and indexes, where available, to help the requester ascertain the nature and extent of the information held by the authority;
  • providing general information or comment in response to the request, setting out options for further information which could be provided on request;
  • contacting the requester to discuss what information the requester wants.

5.5 Authorities should not delay in seeking clarification

5.5.1 Where a public authority has received a valid request, but needs more information from the requester to identify and locate the information, the authority should promptly ask the requester to clarify what information is sought. This should be done as soon as the requirement is identified (indeed, the Commissioner may consider intervention action in circumstances where a repeated pattern of late-clarification is identified). The statutory 20 working-day deadline for responding to a request will not start until clarification has then been received from the requester.[21]

5.5.2 Advice and assistance should be provided as soon as reasonably possible. The Commissioner is likely to be critical of any authority which takes an unreasonable length of time to provide advice and assistance in order to delay the requester submitting a valid request.

5.6 When sufficient clarification is not provided

5.6.1 If, after seeking clarification and all reasonable assistance has been given, the requester still cannot describe the information requested in a way which enables the authority to identify and locate it, then the authority is not required to proceed with the request.[22]

5.6.2 In these circumstances, the authority should explain why it cannot take the request any further and provide details of its own review procedure and the requester's rights to apply to the Commissioner for a decision.

5.6.3 Where clarification is sought from the requester but no response is received, the authority should remind the requester after around 20 working days that it cannot proceed until the requester responds. If no clarification is received after 40 working days the authority should write to the requester explaining that the case is now considered to be closed but providing details of its own review procedure and the requester’s rights to apply to the Commissioner for a decision.

5.6.4 Authorities should not, however, resort to these provisions lightly. They should remember that any request which describes the information sought with sufficient clarity (and, of course, meets the other basic requirements discussed in section 4 above) requires a response that complies with the requirements of FOISA/the EIRs – an obligation that will remain in place until the response is given. Depending on the nature and circumstances of the request, such a compliant response may provide the information requested (subject to the application of any relevant exemptions/exceptions), or may consist of a refusal of the request.

5.7 Where a fee is payable and content of fees notices

5.7.1 Under FOISA, authorities are entitled to charge for the direct and indirect costs incurred in locating, retrieving and providing information. Full details of what can and cannot be charged for are contained in the Fees Regulations.[23] These place strict limits on the fees authorities may charge.

5.7.2 In most cases the most significant cost for an authority in locating, retrieving and providing information will be the staff time required. The Fees Regulations permit a maximum of £15 per hour to be charged for staff time irrespective of the seniority or actual remuneration costs of the individual/s carrying out the work. The first £100 (approximately equivalent to 6.5 hours of staff time) must be provided free of charge, with a maximum fee of 10% of any remaining costs up to the £600 upper cost limit (equivalent to 40 working hours). This means that the maximum fee for responding to any request under FOISA is £50.

5.7.3 For requests for environmental information, the EIRs permit authorities to charge a fee which does not exceed a “reasonable amount”. When determining whether a charge is reasonable, the EIRs set out that charges must not exceed the actual cost to authority of producing the information.

5.7.4 When considering charges under the EIRs, it will be good practice for authorities to take account of relevant factors when considering any charge. This may include, for example, consideration of the circumstances of the requester, the value of the information in terms of informing public debate and supporting public participation in environmental matters, and the potential deterrent impact of any charge made.

5.7.5 A general approach to EIR charging where charges are made in order to discourage or deter requesters from exercising their right to environmental information would be inconsistent with the principles of the regulations and the Aarhus Convention.[24]

5.7.6 Whether handling under FOISA or the EIRs, authorities should not charge for:

  • any costs incurred in determining whether it actually holds the information;
  • any costs incurred in determining whether information should or should not be disclosed; or
  • the time spent deciding what parts of a document/report should be redacted (although the actual process of redacting can be charged).

5.7.7 Where a fee is payable the authority should notify the requester as soon as possible and within the 20 working day time limit. The fees notice must set out the projected costs of handling the request. Authorities must ensure that the projected costs should be a reasonable estimate of the costs likely to be incurred and based only on the estimated actual costs to the authority. The statutory 20 working-day deadline for responding to a request pauses when the fees notice is issued and will resume once the requester has paid the fee. Fees notices must also contain details of the right to request a review and to appeal to the Commissioner. Requesters may choose to seek a review in relation to the basis of any charge made. Authorities should record and store a record of how any fee has been calculated. Such a record will provide helpful evidence of the basis for any charge for reviewers and, in the event of an appeal, to the Commissioner.

5.7.8 The public authority should tell the requester that they must pay the fee within three months of the date of the fees notice (60 working days under the EIRs) or the public authority is no longer under any obligation to give the requester the information. If the requester is unwilling to pay the fee, the authority should consider what information could be provided free of charge that may be of relevance to the requester's request and suggest how the requester may wish to narrow the scope of their request accordingly.

5.7.9 Where no response is received after the issuing of the fees notice, the authority should remind the requester after around 20 working days that it cannot proceed until the requester responds. After 40 working days the requester’s right to review the issuing of the fees notice expires, at which point the authority should write to the requester explaining that the case is now considered to be closed. However, if the fee is paid after 40 working days but before three months have passed, the case must be reopened and the right to review reinstated.

5.7.10 Upon payment of a fees notice, the timescale for responding resumes from the point when the fees notice was issued. If 10 working days had passed between receipt of the request and the issuing of the fees notice, this means that only 10 working days remain to respond once the fee has been paid. It is therefore both good practice and common sense to issue a fees notice as soon as possible after receiving the request.

6. Locating and retrieving information and record keeping

6.1 Record Keeping

6.1.1 Guidance on effective records management is set out under the Code of Practice on Records Management[25], issued by the Scottish Ministers under section 61 of FOISA. The Public Records (Scotland) Act 2011[26], places obligations on many public authorities to adopt and maintain a records management plan.

6.2 Locating and retrieving information

6.2.1 Authorities must make arrangements to allow staff to locate and retrieve information easily. This will allow authorities to respond to requests, and requests for review, quickly and provide reassurance that all relevant sources where the information might be held within the organisation have been checked.

6.2.2 Searches should be proportionate and focus on systems (whether paper-based or electronic) where staff with a working knowledge of the records relating to the information request consider that information might be held. Reference to “systems” do not relate only to IT systems, corporate platforms and all relevant corporate storage repositories but may include any other system or platform on which information relating to the authority’s business may be held.

6.2.3 Any information created or exchanged by a Scottish public authority, and which relates to that authority’s business, is held by that authority for the purposes of FOISA and the EIRs. This can include paper records, informal systems such as officers’ notes, and temporary records, business-related information held on portable devices e.g. mobile phones (irrespective of whether these have been issued by the authority or are the personal property of its staff members) and non-corporate platforms, including private email accounts, text messages, mobile messaging apps (e.g. WhatsApp, Messenger, Signal etc) or any other form of personal communication. Such information is required to be located and retrieved where a request for that information has been received by the authority.

6.2.4 Authorities therefore should not be restricted to considering only the official corporate record, and should think beyond conventional places where information might be held to satisfy themselves that full and robust searches have been undertaken. Staff should be aware of the full range of systems on which information may be held, or at least where to find internal guidance or advice about this. They should make appropriate arrangements for all relevant systems to be searched in response to requests. Training should also ensure that staff are aware of FOI obligations in relation to all systems used, and the procedures which must be followed when creating, storing or searching for information within those systems.

6.2.5 The need to consider all relevant places and systems does not negate the need to ensure that searches should be proportionate. Staff members carrying out search activity will need to rely on their knowledge of their organisation’s systems and working practices and of the subject matter of the request in order to make an informed assessment of the action required to locate and retrieve the relevant information. It is important for staff members to understand the functionality of the search tools available to them and to be fully supported by senior leaders in conducting all relevant searches.

6.2.6 Authorities should, wherever possible, maintain a record of searches conducted, including details of who carried out the searches and the systems that were checked. Records of searches provide helpful evidence to reviewers and, in the event of an appeal, to the Commissioner. It is also best practice for authorities to keep on record the rationale for key decisions made in relation to the handling of the request, along with any discussions they have with requesters and where relevant, third parties.

6.3 Confidentiality Markings

Authorities should note that marking information as “confidential” (or another similar internally generated security classification) is not necessarily a material consideration in decisions about disclosing or withholding information under the regimes. Although there are circumstances where information might correctly be considered as confidential, authorities must consider each request on its own merits within the terms of the regimes and be able to clearly show to the requester and the Commissioner why the information should not be disclosed.

7. Consulting third parties

7.1 Making third parties aware of authorities’ duties

7.1.1 Authorities should ensure that third parties which supply them with information are aware of the authority’s duty to comply with the regimes and that information will have to be disclosed upon request unless an exemption under FOISA or an exception under the EIRs applies. For example, tenderers must be aware of authorities’ duties under the regimes and the process of answering requests in advance of any requests being received. The relevant third party must be made aware that, while they may have their views on information they have supplied taken into account when it is requested, any decision on disclosure of that information has to rest with the authority alone. The third party cannot veto or direct the outcome in any particular case.

7.1.2 Authorities should exercise caution about making any confidentiality agreements with third parties in relation to information they are to supply. For example, when inviting consultation responses, authorities should resist providing any undertaking that all responses will be treated as confidential. Third parties should also be made aware that existing confidentiality markings must be considered in context, at the time a request is made.

7.2 Where consultation with third parties is likely to be appropriate

7.2.1 There is no definitive list of circumstances in which consultation would be appropriate, and much depends on the facts and circumstances of the particular case. Consultation is likely to be appropriate where a third party’s interest in the handling of a request will be significant, for example because they are the primary focus of the information (e.g. as a business or an individual) or because disclosure would significantly affect them.

7.2.2 Consultation is recommended in all cases where:

  • the views of the third party may help the authority to determine whether an exemption or exception applies to the information requested. For example, if disclosure would cause substantial prejudice to that third party’s interests, or constitute a breach of confidentiality, the authority would need evidence to support that view; or
  • the views of the third party may help the authority determine where the public interest lies.

7.3 Where consultation is less likely to be necessary or appropriate

7.3.1 Consultation is less likely to be necessary where:

  • the authority already has evidence from the third party that disclosure would, or would not, prejudice their interests; or
  • the views of the third party can bear no influence on the authority’s decision (for example where there is other legislation either preventing or requiring disclosure).

7.3.2 Consultation may not be appropriate where:

  • in the authority’s view there is no basis for withholding the information;
  • the cost of consulting third parties would be disproportionate (for example, because many third parties are involved); or
  • where the authority holds evidence of earlier consultation on the status and sensitivity of the information and nothing (including the views of the third party) has changed.

7.3.3 In such cases, the authority should consider what is the most reasonable course of action for it to take in light of the requirements of the regimes, the potential effects of disclosure and the public interest. It will usually be appropriate to notify the third party about the disclosure of information.

7.4 Meeting statutory deadlines

7.4.1 Meeting the statutory deadline for responding to a request must always take priority over consulting third parties. This will often mean that an authority can only allow third parties a short time to respond; this time should not be extended if that will prevent authorities responding on time. If the authority does not identify the need to consult third parties until near the deadline, instead of consulting, they should just notify third parties at the same time as they respond to the requester.

7.4.2 Authorities should identify interested third parties as soon as possible to give them the sufficient time in which to respond to consultation.

7.5 Inviting views from third parties

7.5.1 When inviting third parties for their views, an authority should focus the invitation on the information that has been requested. It should always be made clear to the third party that their consent is not being sought and they do not have a veto on release. It is for the Scottish public authority that received the request, not the third party (or representative of the third party), to determine whether or not information should be disclosed. A refusal by a third party to consent to disclosure does not, in itself, mean that information should be withheld.

7.5.2 It should be made clear to third parties that they should provide a current, specific and realistic assessment of the nature and risk of any harm arising from disclosure of the information in question: where submissions refer to a general, broad and non-specific a possibility of harm, it will be less likely that an exemption can be applied. Third parties should therefore be encouraged to ensure their submissions directly address the harm arising from disclosure of the specific information requested. It is good practice to advise third parties who also operate under UK Information legislation that FOI law in Scotland has distinct provisions e.g. a higher harm test for a number of exemptions under FOISA.

7.6 Protecting the personal data of the requester

7.6.1 If the requester is an individual their identity should almost always remain withheld from third parties as this is personal data and its disclosure is likely to be in breach of the Data Protection Principles. There may be occasions when the identity of the requester is relevant to the request but it should not be shared with third parties unless permission is sought and granted, or the request was made in the public domain (e.g. via whatdotheyknow.com).

7.7 Consulting representative bodies

7.7.1 Where a large number of third parties are involved the authority may consider that it would be sufficient to consult a representative sample of them. If those parties have a representative organisation that can express views on their behalf, the authority may consider that it would be sufficient to consult that representative organisation. As with other third parties, however, the role of any representative body will be simply advisory – they cannot direct how the request should be handled.

7.8 When a response is not received

7.8.1 The fact that the third party has not responded to consultation does not relieve the public authority of its duty to make information available, or its duty to reply within the statutory timescales. Responses should not, therefore be delayed because a response to a consultation request has not been received.

7.9 Notifying third parties about the release of information

7.9.1 When an authority has made a decision to release information it may, as a courtesy, notify any third parties who have a material interest that information relevant to them has been released in response to a request, regardless of whether they have been consulted. This ensures that the release does not come as a surprise. Notification is at the discretion of the authority and would depend on the individual circumstances of the information and what is judged to be a material interest. Any notification to a third party should generally take place within the general handling of a request to minimise any delay to the response. Responses should not be delayed beyond the statutory deadline for the purposes of notifying a third party.

8. The disclosure of information relating to contracts or procurement processes

8.1 Introduction

8.1.1 This part of the Code provides guidance in dealing with and making available contractual and procurement-related information, whether proactively or in response to an information request. In particular, this section sets out:

  • ‘guiding principles’ which authorities should consider in balancing the public’s right to know with the need to protect legitimate commercial concerns; and
  • best practice in dealing with contractual and procurement-related information.

8.1.2 It is not possible in this Code to provide definitive statements about whether specified types of contractual and procurement-related information should be made available. Each authority must make its own decision in light of the facts and circumstances of the particular case. However, in outlining the guiding principles and best practice, the Code seeks to promote a more consistent approach to the disclosure of procurement-related information by authorities.

8.2 Guiding Principles

8.2.1 In making available contractual and procurement-related information, whether proactively or in response to an information request, the following guiding principles should be considered.

8.3 Principle 1: Transparency in the use of public funds

8.3.1 The public must be reassured that public bodies are spending taxpayers’ money wisely. The type of contractual and/or procurement information produced may vary depending on the situation, but where held the public should be able to access:

  • how much money is being spent;
  • with whom that money is being spent;
  • the nature of the services, goods or works that money is buying;
  • what redress is available if those services, goods, or works are below an agreed standard;
  • any cost benefit analysis that has been undertaken;
  • any carbon footprint analysis that may have been undertaken;
  • any equality assessment that may have been undertaken;
  • any sustainability assessment that may have been undertaken; and
  • any privacy impact assessment that may have been undertaken or justification as to why one has not been carried out.

8.3.2 In particular, the public has the right to know the full financial implications of long term and high value contracts, such as historic, current or planned public-private partnership (PPP) contracts (subject to the exemptions/exceptions of the regimes).

8.4 Principle 2: Demonstrable diligence in managing contractors to ensure best value for money

8.4.1 Information should also be made available which makes clear the extent to which the authority is actively managing its contractor.

8.4.2 For example, where it is appropriate to the individual contract, the public should be able to see whether:

  • project management and procurement best practice principles are being applied;
  • suitable checks and balances are in place to ensure proper monitoring of project performance;
  • those checks and balances are being actioned effectively; and
  • intervention on the part of the public authority is happening where necessary.

8.5 Principle 3: Respecting commercial interests

8.5.1 The regimes and this Code are not intended to undermine a public authority’s commercial relationships with the private sector. To protect the legitimate concerns of the private sector, authorities should consider appropriate use of the section 33(1)(b) exemption in FOISA (commercial interests) or the exceptions under regulations 10(5)(e) and 10(5)(f) (commercial interests and breach of confidentiality) of the EIRs when considering disclosure of contractual and procurement-related information. Otherwise, there could be a risk that:

  • companies would be discouraged from dealing with the public sector, fearing disclosure of information that may damage them commercially, or
  • companies would withhold information where possible, making the choice of the best contractor more uncertain as it would be based on limited and censored data.

8.6 Good practice

8.6.1 When beginning any new procurement exercise, public authorities should ensure that bidders/suppliers understand the extent to which their information may be disclosed by the authority (either proactively or in response to an information request).

8.6.2 Including disclosure provisions in the procurement documentation:

8.6.3 Bidders should be made aware during the procurement process that an authority is not able to hold information in confidence unless it is genuinely sensitive in nature and therefore is exempt from release (for example because commercial interests may be harmed[27], or its disclosure would constitute an actionable breach of confidence[28]).

8.6.4 Withholding information under certain exemptions (e.g. commercial interests) requires that substantial prejudice is demonstrated – the authority must be able to show that real, actual, significant harm would be caused by disclosure.

8.6.5 They should also be aware that the authority will not implicitly accept confidentiality terms, and that any confidentiality markings, whilst being noted, may have little weight if the information is requested (for example if it is apparent that the information is not sensitive).

8.6.6 However, an authority should recognise a bidder’s legitimate commercial concerns. As such, best practice dictates that a bidder should be asked to identify information it provides to the authority that it believes to be truly sensitive, and to explain why and how long it is likely to remain so. The authority should make clear to the bidder that it cannot be bound by their views, but that they will help inform the authority in determining what information it can and cannot make available on request.

8.6.7 The authority should undertake to consult with the bidder if it receives a request for any information previously highlighted as being sensitive, within the identified sensitivity period. The sensitivity of information will vary depending on the timing of the request. For example, information may be sensitive during the tender exercise, but may cease to be sensitive once the contract has been awarded.

8.6.8 The bidder should also be consulted if there is any doubt about the information’s sensitivity, regardless of the specified period. If the authority considers that information is exempt from release because its release may prejudice the bidder’s commercial interests, it must obtain evidence from the bidder to support this view (refer to details in section 7 on consultation with third parties). Of course, the final decision on the release or withholding of information rests with the authority.

8.6.9 This approach may not be appropriate for all tenders and contracts (for example it may be disproportionate or the volume of tenders/contracts may make it impractical).

8.6.10 Inclusion of disclosure provisions in contracts:

8.6.11 The terms and conditions of a contract should contain disclosure provisions regarding information provided during the competition phase, but may also be expanded to include the disclosing of information by the contractor. Although not strictly a consideration under this Code (as it only applies to public authorities), it is sensible to tackle all these issues under a single ‘disclosure of information’ (or similar) provision. Such provisions will be particularly relevant where the contractor is designated a ‘public authority’ for the purposes of the particular contract by an order made under FOISA. Authorities should also notify contractors whose contracts involve environmental functions, responsibilities or services that they may themselves be directly subject to EIRs in relation to those contracts.

8.6.12 It is recommended that a provision is included in the contract to the effect that the authority will aim to consult the contractor on any request for information which has been identified as being sensitive. (As described above, where exemptions are being applied on the basis that release would harm a third party, the authority must have evidence from the third party that this is the case.)

8.6.13 As regards information identified by either party as sensitive, authorities may consider including that information in an annex which also sets out the reasons for sensitivity and the period of sensitivity. This will facilitate disclosure of the remainder of the contract should a request for information be received or if it is being published proactively.

8.6.14 As already indicated, there must be transparency in the use of public funds. In particular, contracts must reflect the fact that the public have the right to know the financial implications of historic, current or planned public-private partnership (PPP) contracts (and other contracts entered into by the public sector at public expense), for example how much money is being spent, with whom, for what purpose and over what period.

8.7 Consultation with suppliers on disclosure requests

8.7.1 As already indicated, consideration should be given to making express provision as to when consultation with bidders/suppliers will be appropriate where requests for information involve information provided by them. (Section 7 of this Code on ‘Consulting third parties’ provides general guidance on this issue.)

8.7.2 Where bidders/suppliers have been given the opportunity to identify sensitive material and have done so (and any declared period of sensitivity has not expired), then clearly consultation is needed if the request relates to that information. However, if it does not, then consultation is likely to be unnecessary. If the bidder/supplier has not identified any sensitive information, then consultation should likewise be unnecessary (unless the authority considers that an exemption/exception may apply on the grounds that the information’s release would nevertheless prejudice the bidder/supplier’s interests). The authority will wish to consider whether, as a courtesy in such cases, bidders/suppliers are notified that a request has been made and are given the opportunity to comment as appropriate. The bidder/supplier then has a ‘do nothing’ option if the request is of no concern to them. The authority still has a duty to respond within the relevant timescales.

8.7.3 Information in respect of older contracts will have been provided prior to any understandings on information sensitivity being agreed. Therefore requests for older material that could have some commercial sensitivity should involve consultation with bidders/suppliers.

8.7.4 Even when a supplier or third party has indicated that information should be withheld and the public authority agrees that exemptions or exceptions may apply, that does not mean that the public interest will necessarily weigh in favour of withholding information. Unless an absolute exemption applies, the public interest test will need to be considered in each case, in light of the facts and circumstances prevailing at the time of the request.

8.8 Time limits for withholding information

8.8.1 Most contractual and procurement-related information is only sensitive for a definable period of time. It is not, however, possible to be prescriptive about when the sensitivity will decrease; this time period will vary widely depending on the type of procurement information in question and the stage reached in the tender exercise. The sensitivity of price information may decrease after a relatively short period, whereas ‘trade secret’ information may be sensitive for much longer.

8.9 Proactive publication in contracts and procurement

8.9.1 It is best practice for authorities to consider proactively publishing information relating to the procurement process and contracts, rather than wait until information requests are submitted to them.

8.9.2 In deciding what information to publish, authorities may wish to focus in the first instance on publishing contracts in which there is a particular public interest (for example those which they consider to be of high value or long-term, or otherwise high profile). In particular, authorities should consider publishing information relating to the financial implications of long term and high value contracts, such as historic, current or planned PPP contracts.

8.9.3 If an authority routinely publishes information under its publication scheme which is relevant to its contractual and procurement activities, it is easier for the public to access the information, and authorities can decide what information to publish as part of a systematic management process, instead of responding to individual requests with tight timescales.

8.9.4 Authorities should also note that it is a requirement for compliance with the Commissioner’s Model Publication Scheme for certain information relating to procurement and contracts to be proactively published.

8.10 Relationship between information rights under procurement legislation and FOI

8.10.1 Legislation such as the Public Contracts (Scotland) Regulations 2015 (as amended) and Procurement Reform (Scotland) Act 2014 gives tenderers involved in some tendering exercises the right to ask for information. For example, an unsuccessful tenderer may have the right to ask why their tender was unsuccessful or about the characteristics and relative advantages of the successful tenderer. The authority has the right to withhold information in some cases. The reasons for withholding information are not identical to FOISA exemptions/EIRs exceptions.

8.11 Considering whether a contractor holds information on behalf of the authority

8.11.1 FOI law is intended to provide the public with a right to information about the delivery of public services in Scotland. There are specific provisions in FOISA and the EIRs to ensure that information held on behalf of a public authority is also considered to be ‘held’ by that authority for the purposes of FOI law.[29] When asked for information regarding the delivery of services provided by an external organisation with which the authority has a contractual relationship, the authority should consider carefully whether the contractor is likely to hold relevant information on its behalf.

8.11.2 Where the service delivered under contract by an external organisation represents a public service or function for which the authority is generally considered responsible, information regarding the delivery of the relevant service or function may be considered to be held on behalf of the authority. In such instances, the authority may therefore have a statutory obligation to obtain particular information from its contractor as required in order to respond to the request. It is ultimately the responsibility of the authority to ensure it complies with its statutory obligations under FOISA and the EIRs.

8.11.3 Authorities may wish to note of the terms of Commissioner Decision 094/2013, which directly considered the relationship between a particular authority and a particular contractor. However, any Scottish public authority or its contractor may wish to seek its own independent legal advice if either party is uncertain about whether the contractor should be considered to hold information on the authority’s behalf.

9. Responding to requests

9.1 Duty to respond promptly to a request

9.1.1 Under sections 10(1) and 21(1) of FOISA all public authorities are required to respond ‘promptly’ to a request or review (and, in any case, within a statutory 20 working days). Authorities should, therefore, aim to respond to all requests received as soon as possible.

9.1.2 It will be good practice to review and assess all requests promptly following receipt, in order to enable issues to be identified and sufficient time to be allocated to each request to ensure a prompt and appropriate response.

9.1.3 Authorities should resist the development of an organisational culture which works towards issuing all responses on (or around) the twentieth working day. Organisations which take this approach for all requests will increase the risk of late responses in circumstances where internal deadlines are missed.

9.1.4 Requests and reviews received by grant-aided and independent special schools are also subject to the Freedom of Information (Scotland) Act 2002 (Time for Compliance) Regulations 2016. The Regulations allow any working day which is not also a ‘school day’ to be disregarded for the purposes of the statutory 20 working day deadline for complying with an FOI request or review made to such schools.

9.1.5 The purpose of the Regulations is to allow the grant-aided and independent special schools sufficient time to respond to FOI requests and reviews, taking into account school holiday periods when a school maybe closed and/or staff are not available. However, the Regulations do not relieve those schools of their obligation to reply to a request or review ‘promptly’.

9.1.6 Therefore, even on ‘non-working days’ (for the purposes of FOISA and the Regulations), if staff (with the appropriate skills, knowledge and level of authority) are working in a grant-aided or independent special school, it is good practice to work as normal on any FOI requests or reviews to ensure that responses are issued promptly.

9.2 Duty to advise and assist when responding to a request

9.2.1 The obligation to provide advice and assistance continues at the point of issuing a response. For example, if directing the requester to a website, the authority should take all reasonable steps to direct the requester to the relevant section.

9.2.2 Authorities should also ensure that the responses they issue are clear and understandable to requesters, adjusting the language used, where appropriate, to take account of individual requirements.

9.2.3 It will be good practice for authorities to issue responses which help requesters clearly understand the reasons for the response. Where a requester clearly understands the reasons for a response, they will generally be less likely to seek a review or appeal, even if the outcome is not the one they hoped for.

9.3 Explaining the relationship between FOISA and the EIRs to requesters

9.3.1 As set out in the ‘Main terms of the regimes’ in Part 1 of this code, section 39(2) of FOISA provides an exemption for environmental information which authorities are required to consider under the EIRs. The exemption at section 39(2) is subject to the public interest test, so authorities are required to consider whether the public interest weighs in favour of handling the request under the EIRs only or whether it should in fact handle the request under both regimes.

9.3.2 Nevertheless, the interaction between the provisions of section 39(2) of FOISA and the EIRs is an intentional feature of the legislation. In general, there should be a presumption in favour of considering particular information under one regime only. Therefore, whilst response letters should highlight to requesters that section 39(2) has been applied and their right to seek a review of the decision to apply the exemption, it is not generally necessary to provide a detailed explanation of how the public interest test has been considered. It is sufficient merely to explain that:

  • Since the request is for environmental information, the authority is required to consider it under the EIRs.
  • The exemption as section 39(2) of FOISA has been applied to enable the authority to consider the request under the EIRs only
  • That the authority considers it is in the public interest to consider the request under one regime only (detailed justification not required).
  • That the requester has a right to seek a review of the decision to handle the requested information under the EIRs, and not FOISA

9.3.3 This does not negate the possibility that one request could encompass both information which is environmental in nature and information which is not. In such circumstances a composite response may well be appropriate, in which some information is considered under FOISA and other information under the EIRs. Where such an approach is required the authority should set out clearly to the requester which information it has considered under FOISA, and which it has considered under the EIRs.

9.4 When an authority does not hold the information requested

9.4.1 The legislation only applies to recorded information which is held by the authority at the time when the request is received. Authorities cannot therefore apply exemptions/exceptions to information they do not hold. Authorities should, of course, carry out reasonable and proportionate searches for information, but where an authority finds that it does not hold information, it should issue a response informing the requester of this. This should take the form of a formal notice under section 17 of FOISA or application of regulation 10(4)(a) of the EIRs.

9.4.2 Where an authority issues a response informing the requester that it does not hold the requested information, it is good practice for an authority to clearly explain to the requester why it does not hold the information. A request for review is less likely to be made if authorities inform requesters why they do not hold the information they have requested. Where an authority does not hold the information, but holds related information which may be of interest to the requester, it will be good practice to notify the requester of this, providing guidance under the duty to advise and assist on making a new request for that information.

9.4.3 Where an authority does not hold the information, but can identify an authority that may hold it, it is good practice to contact that authority and confirm whether they do indeed hold the information. When consulting a second authority the identity of the person requesting the information should not be disclosed unless that person has agreed to this.

9.4.4 Where an authority does not hold the information but is aware that it is held by another public authority, it should in its refusal notice provide the requester with contact details of the authority holding the information and suggest that the requester makes a new information request to that authority. Where the two authorities are publicly perceived as linked, the differences between them should be explained to the requester.

9.4.5 In addition, if the request is for environmental information which is not held by the receiving authority, but known to be held by another public authority, the receiving authority may instead offer to transfer the request to the other authority. The authority should contact the requester promptly to inform them that it does not hold the information but that it may be held by another public authority and either provide the contact details of that authority or offer to transfer the request. No request should be transferred from one authority to another without the express agreement of the requester and authorities should seek appropriate consent from the requester before proceeding with any transfer.

9.4.6 Where a requester chooses to exercise their right under the EIRs to transfer their request, the receiving authority must arrange for the transfer to take place upon receipt of the requester’s consent. Once the request has been transferred, the authority must notify the requester by issuing a refusal notice under regulation 13 of the EIRs. Upon receipt of the transferred request the authority now with responsibility for responding to the requester must do so in accordance with the requirements of the EIRs, with a new 20 working day time limit beginning from the date of receipt.

9.5 Where excessive costs apply

9.5.1 Where the cost of responding to a request made under FOISA will exceed the upper cost limit (currently £600[30]) or the burden of responding to a request under the EIRs would be manifestly unreasonable[31] the authority is not obliged to comply with the request.

9.5.2 Authorities should create an estimate of how the cost of complying with the request would exceed the cost limit. This estimate will provide important information to which the authority can refer:

  • in considering any subsequent request for review; or
  • in the event that an appeal is made to the Commissioner.

9.5.3 As discussed in section 5.7 above, the Fees Regulations stipulate that a maximum of £15 per hour can be imputed for the cost of staff time required to locate, retrieve and provide information. This means that, despite wage inflation since the regulations were set, the nominal cost limit of £600 set in the regulations has remained functionally equivalent to 40 working hours of staff time for most requests – except in rare cases where there are significant non-staff related costs e.g. postage, printing etc.

9.5.4 As further set out in section 5.7 above, cost estimates can only take account of the costs of locating, retrieving and providing requested information and cannot take account of:

  • any costs incurred by the authority in determining whether it actually holds the information;
  • any costs incurred in determining whether information should or should not be disclosed; or
  • the time spent deciding what parts of a document/report should be redacted (although the actual process of redacting can be included).

9.5.5 When refusing a request on cost grounds, it is good practice for the authority’s response to provide clear advice on how the requester could submit a new, narrower request within the cost limit. Indeed, such advice may be required in line with the duty to provide advice and assistance.

9.5.6 In giving advice you may wish to take account of how much the cost limit has been exceeded. Any narrowed request would be a separate new request and should be responded to accordingly. Advice on narrowing the request should, wherever possible, be specific, and should be focused on the information the requester is seeking, with reference to the information which is held by the authority. If, for example, the authority knows of particular files or business areas likely to hold a reasonable amount of relevant information, advice should guide the requester towards making a specific request for that information.

9.6 When information is otherwise accessible

9.6.1 Where a public authority refuses a request on the grounds that the information is otherwise accessible, it must send the requester a refusal notice which acknowledges that it holds the information and explains why the exemption at section 25(1) of FOISA (or exception at regulation 6(1)(b) of the EIRs) applies.[32]

9.6.2 The authority should not assume that the requester will know where and how the information can otherwise be obtained. If the information is already publicly available (e.g. on the authority’s website) the authority should tell the requester how to access it and provide adequate signposting, for example, providing direct links to online information. The authority should ensure all links provided in its response are functioning at the time the response is issued.

9.6.3 In all cases the authority should bear in mind its general duty to provide advice and assistance to requesters. As with other provisions, it will be good practice for authorities to develop a clear, plain-English explanation for requesters for use in circumstances where this provision is relied upon.

9.7 Information intended for future publication (relevant to FOISA only)

9.7.1 An authority may refuse to disclose information if it can demonstrate it already has plans to publish it within the 12 weeks from the date of the request.[33] When an authority cites this exemption in a refusal notice, it is good practice to provide the intended date of publication.

9.7.2 There may be occasions where, having cited the exemption in section 27(1) in response to a request for information, an authority is then unable to publish the requested information on the planned date of publication. If the authority fails to publish the information within the period, it should, in line with its duty to advise and assist, contact the requester and explain the reason for the delay. It should give the revised date of publication if this is known.

9.7.3 While a requester has no automatic right to receive the information as soon as a delay in publication exceeds the 12 week time limit, any significant delay would make it more difficult for the authority to continue to claim that it is reasonable to withhold the information.

9.7.4 If the requester did not challenge the authority’s earlier decision to withhold the information on the basis of the section 27(1) exemption, they may have missed the 40 day deadline for asking for a review of the original decision. If the requester then seeks a review in such circumstances, it is good practice for authorities to carry out a late review.

9.8 Quality assurance measures

9.8.1 It is good practice for authorities to check responses for accuracy and quality before they are issued. The arrangements an authority puts in place should be proportionate to its needs and different arrangements may be introduced depending on the nature, complexity and/or sensitivity of a request. In undertaking quality assurance, authorities must be mindful of the duty to respond promptly to the request, and arrangements made should not delay the response to a request unduly.

9.8.2 Authorities are expected to put in place measures to achieve both consistency and rigour in their responses to requests and requests for review.

9.9 Use of artificial intelligence (AI) in preparing responses

9.9.1 Public authorities should set clear expectations for staff regarding any role that the use of artificial intelligence (AI) tools may play in supporting the preparation responses to requests. This is an area where technology is developing rapidly and authorities should regularly review their processes to ensure they are in line with current best practice and accepted ethical standards in the use of AI by public authorities.

9.9.2 It is clear that AI tools cannot replace the role of human judgement in the handling of FOI requests. Substantive decisions regarding the fulfilment of any authority’s obligations should always be taken by an appropriate individual within the organisation, and individuals should be accountable for their decisions.

9.10 Ensuring compliance with Data Protection requirements

9.10.1 Authorities should take great care when issuing responses to information requests to ensure that they are complying with data protection principles. In particular it is important to ensure that inadvertent data breaches do not occur in the process of issuing responses.

9.10.2 Authorities should take particular care to ensure that necessary redactions within documents are carried out thoroughly in a manner that fully removes the redacted information from the document, rather than merely hiding it from view.

9.10.3 Authorities should also take particular care when issuing information contained in spreadsheets that personal or confidential data is not inadvertently released in hidden sheets, cells or pivot tables not immediately visible.

9.11 Response templates

9.11.1 It is good practice for authorities to establish standard letter/email templates to be used by staff responding to FOI requests and requests for review. Templates should ensure that key rights are always provided to requesters at each stage of the process. They can also be useful for providing guidance where exemptions or exceptions are being used (including where applicable consideration of the public interest test) to ensure that all refusal notices meet with the requirements of the regimes.

9.11.2 It will be good practice to ensure that any templates used clearly explain FOI outcomes to requesters, to help them understand the response and reduce the likelihood of reviews and appeals. Where possible, authorities should seek to use plain-English to explain key outcomes in a clear and understandable way (while also meeting statutory requirements relating to the content of notices).

9.11.3 Where possible, authorities may wish to develop templates which contain a plain-English explanation of the outcome, accompanied by an appendix which fulfils relevant statutory obligations. The clearer an authority’s response to the requester, the less likely it is to be reviewed or appealed (see also: Scottish Information Commissioner - Briefing - Content of Notices).

9.12 Providing additional information

9.12.1 There is no requirement under the legislation for authorities to create new information in response to a request. The compilation of information, e.g. in order to respond to a request for statistics, will not generally be considered as creating new information.

9.12.2 The duty to provide advice and assistance does not extend to providing additional information which falls outside the scope of the information request, or locating information held by other public authorities. However, in some situations it may be helpful to provide additional information and context to a response to avoid the information disclosed being misunderstood or misinterpreted.

9.13 Format information is provided in (equality considerations)

9.13.1 Under FOISA, as far as is reasonably practicable, authorities must provide the information requested in the requester’s preferred format (if the requester has indicated a particular format). If a request is made for information in a particular format, and the information is already held in that format, it should not be converted into another format for release. However, the guidance in section 9.10 regarding the care which must be taken to avoid data breaches should be noted.

9.13.2 If the information is not yet held in the preferred format, the authority must consider whether it would be reasonably practicable to convert the information into that format. In considering what is “reasonably practicable”, the authority should have regard to all the circumstances applicable to the request and particularly to any accessibility considerations.[34] Where an authority considers providing the information in the requested format not to be “reasonably practicable”, it should inform the requester of the reasons for its decision.[35]

9.13.3 In deciding whether a response to a request for information can be provided in a particular format, authorities must take into account the requirements of the Equality Act 2010[36] as there may be a further requirement under the Equality Act to make a reasonable adjustment, for example, by providing a copy of a document in audio format.

9.14 Responding to requests from children

9.14.1 In discharging all of their obligations under FOISA and the EIRs, public authorities should be mindful also of their broad obligations in relation to children’s rights under part 2 the United Nations Convention on the Rights of the Child (Incorporation) Scotland Act 2024.[37] In particular, authorities may wish to note the provisions of Article 13 (freedom of expression) and Article 16 (right to privacy) of the Convention.

9.14.2 The right of children to seek and be provided with information by Scottish public authorities should be accorded equal weight to that of adults. It may well be appropriate, when responding to a request thought to be from a child, to take account of the requester’s age in relation to the style and language adopted in the response letter. However, this should have no bearing on decisions regarding the release of substantive information to the requester. Neither should it detract from the explanation provided to the requester to ensure they are aware of their rights e.g. to seek a review or appeal to the Commissioner.

9.15 Copyright

9.15.1 There is a waiver for the copyright provisions in the Copyright Designs and Patents Act 1988. This permits authorities to disclose information which contains third party copyright in response to a request. However, this waiver does not apply to the person who receives the information. It is therefore good practice to explain where third party copyright may lie within information that is released. Reference to copyright rules should only be included in responses where it is appropriate to do so (i.e. where information which contains third party copyright is disclosed) and should not be included as a standard reference in all responses. Where text relating to copyright is included, it will be good practice to clearly explain why it is being included, using plain English language, to ensure requesters fully understands the relevant context.

9.16 Providing details of review procedures

9.16.1 Authorities should provide details of the rights to request a review and to make an appeal in all response notices. Authorities are not required to do this where all of the information requested is disclosed, but it is still best practice to do so in case the requester is dissatisfied with the response (e.g. they believe there is more information held, or are unhappy with how the request was handled).

9.16.2 The details provided must include:

  • The right to request a review from the authority within 40 working days. The notice should explain how to make the request for review, and should highlight that the requester must state why they are dissatisfied with the response. It should also state that, in the event of an appeal to the Commissioner, the Commissioner will generally only be able to investigate the matters raised in the request for review. The authority must also provide contact details for submitting the request for review.
  • The right, if the requester is still dissatisfied following the outcome of the review, to make an appeal for decision to the Commissioner within six months of the response. It is good practice to include a link to the Commissioner’s website or, where appropriate, contact details for the Commissioner’s office.

9.17 ‘Business as usual’ requests

9.17.1 Under the regimes, any written request for recorded information to a Scottish public authority is technically a request under FOISA or the EIRs. This includes the routine requests authorities often refer to as “business as usual” where:

  • the requests are simple and straightforward
  • the authority releases all the requested information on time, and
  • it is unlikely that the requester will be dissatisfied with the response.

9.17.2 Any response which does not meet all of the above criteria must include full details on review procedures (see 9.16).

9.18 Responding to requests via social media communications

9.18.1 While it is possible for a valid request for information to be made via various social media channels, it may not possible for a full response which complies with Part 1 of FOISA to be provided through some such media (i.e. setting out the requester’s right to review and appeal), for example where the platform imposes a character limit on posts, or cannot support the upload of multiple documents which may form part of the release. Where this is the case, an authority could either:

  • upload a full response letter (and requested information, if appropriate) to the authority’s website, then send the requester a link to the full response; or
  • ask the requester for an email or postal address to which the full response (and information, if appropriate) can be sent.

10. Handling reviews

10.1 Receiving requests for review

10.1.1 A request for review is made to an authority, not an individual officer, and requesters will not generally be restricted to using the route set out in any response letter. It is therefore important that all staff in the authority can recognise a request for review and ensure that it receives an appropriate response.

10.2 Valid and invalid requests for review

10.2.1 A request for review will not be valid where a requester requests a review before the timescale for compliance with the request has expired, and the authority has not yet responded. In such a case, the authority should advise the requester that:

  • the response to the request will be provided within the timescale for compliance (if this is the case); and
  • if, following issue of the response, they are still dissatisfied (or in the event the response is not provided by the deadline) then the requester may make a new request for review

10.3 Requests for review of a response

10.3.1 If a requester writes to the authority expressing dissatisfaction with the way in which the authority has dealt with their request following a response, the authority should treat this as a formal request for review, provided it meets the requirements of section 20(3) of FOISA or regulation 16 of the EIRs. The requester does not need to specifically ask for a review.

10.3.2 Requesters do however need to specify why they are dissatisfied with the original response for the review request to be valid. If this is not clear, or the request fails to comply with the requirements of the regimes, the authority has a duty to advise and assist the requester in making a valid review request. The statutory timescale will not begin until a valid review request is received by the authority.

10.3.3 The aim of a review is to allow the authority to take a fresh look at its response to an information request, to confirm the decision (with or without modifications) or, if appropriate, to substitute a different decision. The review procedure must therefore be fair and impartial and allow decision makers to look at the request afresh. It should also enable different decisions to be taken. Review procedures should be sufficiently flexible to allow for differing circumstances such as the complexity and sensitivity of the information.

10.3.4 It is good practice for the reviewer to be a person who did not respond to or advise on the original request (where possible or practicable).

10.3.5 Authorities must put in place appropriate and accessible procedures for handling reviews. These procedures should:

  • nominate, or assist in nominating, the staff responsible for carrying out reviews and to whom those staff are accountable;
  • set out the process to be followed by the reviewer(s) to ensure that the review is comprehensive and robust; and
  • require the reviewer(s) to record the process undertaken and then produce a review report, including any lessons learned.
  • allow for periodic reporting to senior management on the lessons learned and recommendations arising from reviews.

10.4 Requests for review of a failure to respond to the original request

10.4.1 A requester may complain to an authority if they have not received a response to their request within the statutory timescales. This should be treated as a formal request for review of a failure to respond.

10.4.2 Where the authority accepts that it has failed to respond on time, the reviewer should apologise for the authority’s failure and provide the requester with the decision on the original request. The review response must set out the requester’s right to appeal to the Commissioner. There is no opportunity for the authority to invite a further request for review.

10.4.3 The reviewer should also identify the reasons for the procedural failure and, where appropriate, make recommendations for action to prevent recurrence.

10.5 Providing details of appeal procedures

10.5.1 Every review response must provide details of their right to appeal to the Commissioner within six months of the response.

10.5.2 The details provided must include the postal address of the Commissioner’s office, along with contact telephone number and email address. These can be found on the Contact Us page of the Commissioner’s website.[38] It would also be good practice to provide a link to the appeal pages on the Commissioner’s website.[39]

10.6 Learning lessons from reviews

10.6.1 It is good practice to put in place procedures for learning lessons from reviews and ensuring that any recommendations are taken forward to prevent recurrence of any failures. It will be good practice for lessons and recommendations from reviews to be reported at senior management level.

11. Appeals to the Scottish Information Commissioner

11.1 Responding to the Commissioner

11.1.1 Where an appeal has been made to the Commissioner regarding an authority’s handling of an information request, the Commissioner will provide the authority with an opportunity to comment on the appeal. This opportunity also allows the authority to present submissions on its handling of the request and to include additional reasoning in support, for example, of its position that the information requested is not held by the authority, or the arguments put forward in support of the decision to not disclose information.

11.1.2 The Commissioner will normally only allow authorities one opportunity to make comments in relation to an appeal. Authorities should, therefore, ensure that their submission on the case is as comprehensive and robust as possible.

11.1.3 It is good practice for authorities to take the following steps to help ensure appeals are handled efficiently and cost-effectively:

  • Provide a copy of the withheld information to the Commissioner within the timescales requested;
  • Provide a schedule of documents and number documents individually, and clearly identify which exemptions/exceptions are applied to each piece of withheld information;
  • Provide clear explanations of why exemptions/exceptions apply, including (where applicable) why the balance of the public interest lies in favour of withholding the information. These explanations should be specific to the information being withheld. The burden of proof is always on the authority to demonstrate that the exemptions/exceptions apply, and the Commissioner is unlikely to agree that exemptions/exceptions apply where only generic reasons have been provided;
  • Provide a clear indication of what information has been disclosed already, if applicable;
  • If the request has been refused on the grounds of excessive cost, provide the Commissioner with a cost estimate (see 9.4.2) including, where appropriate, the cost of dealing with a sample of the information;
  • Ensure each submission is directly related to the specific circumstances of the case. Avoid making general arguments and focus on the impact from disclosure of the specific information being withheld.
  • Provide background information and any other relevant information that the authority believes will support its case;
  • Provide a clear robust response to any questions asked by the Commissioner; Ensure that each questions is fully answered, and ensure that each of the specific legal tests associated with the application of an exemption/exception is addressed.
  • Keep a record of searches that have been carried out to identify relevant information. It is good practice to do this throughout the request process.
  • If an authority finds new information during an investigation, disclose it to the requester immediately and inform the Commissioner. Or, inform the Commissioner and the requester if the authority does not plan to release it, giving reasons and citing exemptions/exceptions.
  • If the authority’s review outcome appropriately addresses any of the above issues, it will generally be acceptable simply to refer to this in your submission to the Commissioner.
  • Consider whether it may be possible to resolve the case - e.g. through the disclosure of some or all of the withheld information. Resolution may be appropriate, for example, where circumstances have changed since the initial request was made.

12. Scottish Information Commissioner Interventions

12.1 From time to time the Commissioner may undertake interventions to support improvements in the FOI/EIR practice of particular public authorities. Interventions will generally be undertaken in circumstances where there is evidence that a public authority is failing to meet the standards set out in FOI law and this code of practice.

12.2 The intervention will generally seek to support the authority to improve performance by, e.g. working with the authority to identify and resolve any internal issues that are impacting on performance.

12.3 Where an intervention is launched in relation to a particular public authority, it will be good practice for that authority to comply fully with the Commissioner’s intervention, responding promptly to requests from the Commissioner for information to support the intervention and working proactively to address the issues which gave rise to the intervention action.

12.4 Where an authority fails to take appropriate action, authorities should note that the Commissioner has the power under FOI law to issue formal practice recommendations and/or enforcement notices.

12.5 More information on the Commissioner’s interventions activity is available at Interventions activity | Scottish Information Commissioner.

Contact

Email: foi@gov.scot

Back to top