In an important development for freedom of information practitioners, the Scottish Ministers recently issued an updated version of the Section 60 code of practice (the "Code"), available here. The Code provides practical best practice guidance to help Scottish public authorities understand and meet their obligations under the Freedom of Information (Scotland) Act 2002 ("FOISA") and the Environmental Information (Scotland) Regulations 2004 ("EIRs").
The updated Code is notable because it is the first time that it has been updated since 2016. The Code offers good practice guidance rather than a comprehensive set of rules and is intended to be read alongside the statutory provisions. The Code is, however, an important tool as it is used by the Commissioner when assessing compliance by authorities with the freedom of information laws.
The key changes introduced by the updated Code are:
1. A stronger focus on the obligations to publish information and to provide advice and assistance to requesters, in addition to the duty to respond to requests.
By enhancing a culture of openness, the volume of individual requests for information ought to fall if more information is proactively made available. This will, however, require additional effort by authorities in publishing information, but could result in a lower volume of requests in the long-term, thereby reducing costs and processing time involved with such requests.
Authorities are also expected to interact more with individual requesters by providing advice and assistance rather than just responding to requests.
2. Guidance on the use of non-corporate platforms and wider developments in information technology (e.g. personal email use).
The updated Code addresses recent changes to working environments and how information is created and where it is held. Any information exchanged or created by authorities relating to their business is subject to FOISA and the EIRs. This can include non-corporate platforms such as private email accounts and even WhatsApp messages. The use of such platforms places a burden on authorities to ensure they search for information such as paper records, business-related information on mobile phones and private emails when responding to requests and they must be able to locate the information in a timely manner. Robust records management here is essential.
Searching through non-corporate platforms can also impact staff and their personal lives, as they may be asked to search their devices and accounts and provide business-related communications to the authority. Staff should be trained and policies adopted covering where it is and is not appropriate to discuss business (for example, it is fine to discuss business issues using a work email address, but not a personal email address).
There is the potential for these types of searches to slow the time it takes to respond to requests which may result in missed deadlines or incomplete searches.
3. Expanded guidance on handling requests relating to services delivered by outsourcing partners.
Authorities cannot contract out services and disregard their FOI obligations. The updated Code confirms that "information held on behalf of a public authority is also considered to be ‘held’ by that authority for the purposes of FOI law." This adds pressure for information to be promptly located despite the authority not holding the information directly.
Information will need to be obtained from relevant contractors which means that contracts should provide for the need for access, retention and disclosure of information. This may avoid potential disputes with contractors refusing to share information.
4. Revised guidance on requesting clarification from applicants.
Authorities are expected to understand the request internally before attempting to seek clarification from a requester and should only seek clarification if this will help the authority identify and locate the information. This should prevent the misuse of formal clarification to delay responses. Informal manners of clarification can be used, such as asking a requester if they want to narrow the scope of their request, but do not impact the timescale.
5. Guidance on organisational roles and responsibilities for FOI matters.
In a nod to enhanced governance and accountability, the Code recommends authorities adopt an overarching policy statement to "clearly define roles and responsibilities and provide a framework to ensure that the most effective procedures and practices are established to handle requests for information. The policy should identify a person at senior level who has overall strategic responsibility for FOI and should be subject to periodic review." Encouragement is given to publishing such policy statements online.
6. Further information on the role of interventions by the Commissioner to improve FOI practice.
The Commissioner may investigate authorities' FOI practices and issue practice recommendations where standards fall below the Code. However, "Interventions will generally be undertaken in circumstances where there is evidence that a public authority is failing to meet the standards set out in FOI law and this code of practice."
Public authorities and their freedom of information staff should familiarise themselves with the updated Code, especially as the Commissioner may serve enforcement notices or issue practice recommendations if they have not taken the right action.
