Sunderland City Council
- Date 30 September 2025
- Sector Local government
- Decision(s) FOI 31(3): Upheld
The complainant requested information about specified software systems. Sunderland City Council (the ‘Council’) initially cited section 31(1)(a) of FOIA – the exemption for the prevention or detection of crime to refuse the request in its entirety. During the course of the Commissioner’s investigation, the Council clarified that it had intended to rely on the ‘neither confirm nor deny’ provision in section 31(3) – law enforcement, by virtue of section 31(1)(a) of FOIA. The Commissioner’s decision is that the Council was not entitled to rely on section 31(3) of FOIA for the reasons set out in this notice. The Commissioner requires the Council to issue a fresh response, confirming or denying whether it holds information falling within scope of the request. If it does hold information, that information must either be disclosed or a refusal notice must be issued which is compliant with section 17 of FOIA. The Council must take these steps within 30 calendar days of this notice.
Keywords: Cyber-attacks