The Act only applies to recorded information, but you need to conduct thorough searches of the information you do hold to make sure you find everything covered by the request.
Even if the information is inaccurate or incomplete it should be provided, unless an exemption applies.
You should provide the information you hold at the time the request is made. You can only alter it if such amendments would’ve been made regardless of the request. Altering or deleting information to avoid releasing it in response to a request is a criminal offence.
When deciding what information can be disclosed you should double check whether there is any hidden information or meta data within it, particularly personal data.
The Act only covers recorded information you hold. When compiling a response to a request for information, you may have to draw from multiple sources of information you hold, but you don’t have to make up an answer or find out information from elsewhere if you don’t already have the relevant information in recorded form.
Before you decide that you don’t hold any recorded information, you should make sure that you have carried out adequate and properly directed searches, and that you have convincing reasons for concluding that no recorded information is held. If an applicant complains to the ICO that you haven’t identified all the information you hold, we will consider the scope, quality and thoroughness of your searches and test the strength of your reasoning and conclusions.
If you don’t have the information the requester has asked for, you can comply with the request by telling them this, in writing. If you know that the information is held by another public authority, you could transfer the request to them or advise the requester to redirect their request. Part 2 of the section 45 code of practice provides advice on good practice in transferring requests for information.
For further information, read our more detailed guidance:
What if the information we hold is inaccurate?
The Act covers recorded information, whether or not it is accurate. You cannot refuse a request for information simply because you know the information is out of date, incomplete or inaccurate. To avoid misleading the requester, you should normally be able to explain to them the nature of the information, or provide extra information to help put the information into context.
When considering complaints against a public authority, the ICO will normally reject arguments that inaccurate information should not be disclosed. However, in a few cases there may be strong and persuasive arguments for refusing a request on these grounds if these are specifically tied to an exemption in the Act. It will be up to you to identify such arguments.
Can we change or delete information that has been requested?
No. You should normally disclose the information you held at the time of the request. You are allowed to make routine changes to the information while you are dealing with the request as long as these would have been made regardless of the request. However, it would not be good practice to go ahead with a scheduled deletion of information if you know it has been requested.
You must not make any changes or deletions as a result of the request, for example, because you are concerned that some of the information could be embarrassing if it were released. This is a criminal offence (see What happens when someone complains?).
For further information, read our more detailed guidance:
Is there anything else we should consider before sending the information?
You should double check that you have included the correct documents, and that the information you are releasing does not contain unnoticed personal data or other sensitive details which you did not intend to disclose.
This might be a particular issue if you are releasing an electronic document. Electronic documents often contain extra hidden information or ‘metadata’ in addition to the visible text of the document. For example, metadata might include the name of the author, or details of earlier draft versions. In particular, a spreadsheet displaying information as a table will often also contain the original detailed source data, even if this is not immediately visible at first glance.
You should ensure that staff responsible for answering requests understand how to use common software formats, and how to strip out any sensitive metadata or source data (eg data hidden behind pivot tables in spreadsheets).
It is important to locate all the information possible when you respond to a request. You must conduct reasonable searches to ensure you comply with the legislation.
Requested information may be subject to FOI exemptions or EIR exceptions. However, you should still identify and consider disclosing this information.
Being able to conduct searches easily will make your request handling process more efficient and also promote transparency in your organisation.
Before you begin your search, you should check you understand what you are being asked for and fully consider what’s within the scope of the request. This will mean you can conduct searches in a proportionate manner, searching in locations that are appropriate to the requested information. Ask colleagues to conduct searches, where appropriate, and give them a clear timeframe to get back to you.