It's been a busy few weeks for the Scottish Information Commissioner (SIC), who has released seven decisions in relation to applications made under the Freedom of Information (Scotland) Act 2002 (FOISA) and the Environmental Information (Scotland) Regulations 2004 (EIR). Whilst the decisions relate to well trodden areas of FOISA they do once again provide some useful guidance for organisations on how to manage requests they receive.

  1. Carry out robust searches and keep a record of your searches!

Mr N and the SPS (Decision Notice 125/2012 issued 30th July 2012) showed how important it is that organisations carry out robust searches for information in preparing their response to an FOISA request. SPS performed searches of their electronic records and resource library, and spoke with employees and other local establishments in their search for information. Organisations facing an FOISA request would be wise to follow a similar procedure, keeping records of all the searches carried out. Such records will prove useful should an appeal be made to the SIC.

  1. Have a procedure in place for dealing with FOI/EIR requests

The embarrassing length of time it is taking Scottish Ministers to respond to Mr Severin Carrell's request (Decision Note 126/2012 issued 31 July 2012) serves as a reminder to organisations that although sending apologies to requestors may be polite and help with short delays, it serves as no defence for a failure to adhere to the time limits set under FOISA and EIR, when investigated by the SIC. Make sure your organisation has a clear policy in place on responding to such requests so that they are dealt with effectively and on time!

  1. Take care in your review of vexatious requests

Whether a request is vexatious must be considered on a case by case basis, as made clear by the SIC. Generally requests are considered vexatious where they impose a significant burden on the authority, have the effect of harassing the authority, have no serious purpose or value, are intended to cause disruption to the authority or are unreasonable/ disproportionate. However, the SIC has acknowledged that this list is not exhaustive.

Large organisations can also take a breath as the SIC has noted that simply because an organisation has sufficient resources does not alone mean that a request is valid. Consideration must be paid as to whether it is a reasonable/ proportionate use of those resources.

Organisations should be clear in their reasons when deciding that a request is vexatious and should be prepared to provide evidence to the SIC.

  1. Considering disclosing personal information? Beware of the balancing act!

The Highland Council and Strathclyde Police both rejected requests on the basis that information requested was personal, and was therefore exempt from disclosure under section 38 FOISA.  The SIC reviewed whether the information was intended for legitimate interests and so could be disclosed under Schedule 2 Condition 6 Data Protection Act 1998. There is no presumption in favour of releasing personal information and so a balancing act is required, weighing up the legitimate interests of the requestor against those of the data subject(s). Organisations should take extra care weighing up these interests and should first consider whether the aim of the requestor can be achieved in a manner less intrusive upon the privacy of the data subject.

View a copy of the Scottish Information Commissioner's latest decisions.