Governance Committee
30 September 2021
Appendix 4 Formal requests for information 2020/21
1.0 Internal reviews of formal information requests
1.1 Complaints regarding the final responses to Freedom of Information (FOI) and Environmental Information Regulations (EIR) Requests have their own procedure as an internal review carried out by Legal Services. For Data Protection subject access requests (SARs), the Customer Services Team (CST) reviews the response if the customer remains dissatisfied and asks for legal support if it is particularly complex. For Data Protection related matters, customers can complain to the Council’s Data Protection Officer if they remain unhappy. For all types of information requests, there is then the option to complain to the Information Commissioner’s Office if the customer remains dissatisfied.
1.2 In 2020/21, we received seven requests for internal reviews, which is the same trend as previous years, with seven in 2019/20 and nine in 2018/19. Out of the seven internal reviews, Legal Services found fault with one request which was partially upheld, and additional unredacted information was provided to resolve this. CST and Legal Services continue to work closely to identify where improvements can be made irrespective of complaints. With support provided by Legal Services we continue to aim to improve the robustness, but also the helpfulness of our responses to requesters.
2.0 Complaints to the Information Commissioner’s Office (ICO)
2.1 In 2020/21 there was one formal complaint from the ICO. In 2019/20, the ICO received four complaints regarding information requests made to the Council, compared to six in 2018/19. The complaint in 2020/21 was regarding the delay in responding to a SAR and we were able to respond within the timeframe asked of us by the ICO.
2.2 The reduction in complaints can be contributed to a change in approach from the ICO where it now spends more time handling complaints informally, and then if not resolved, it will issue a decision notice.
2.3 There are various ways or reasons that the ICO may contact the Council. These are no longer solely about the information requests we receive. ICO also contacts the Council regarding complaints it receives regarding any data protection concern including potential data security incidents. The ICO initially takes an informal approach and raise any concerns on behalf of a customer about their personal data. ICO will ask us to investigate and take ownership in the first instance and to report back to the ICO how we remedied the situation directly with the customer. Sometimes communication takes place directly from a service or mostly in contact with our Data Protection Officer. Some of the reasons the ICO contact us do not fall under this annual report. However, where a formal contact from the ICO is relevant to this report, we report where we have received a decision notice regarding information requests.