Appendix 4 Formal requests for information 2021/22
1.0 Internal reviews of formal information requests
1.1 Complaints regarding the final responses to Freedom of Information (FOI) and Environmental Information Regulations (EIR) Requests have their own procedure as an internal review carried out by Legal Services. For Data Protection subject access requests (SARs), the Customer Services Team (CST) reviews and responds if the customer remains dissatisfied and asks for legal support if it is particularly complex. For Data Protection related matters, customers can complain to the Council’s Data Protection Officer if they remain unhappy. For all types of information requests, there is the option to complain to the Information Commissioner’s Office if the customer remains dissatisfied.
1.2 In 2021/22, we received six requests for internal reviews, which is the same trend as previous years, with seven received in both 2020/21 and 2019/20. Out of the six internal reviews, Legal Services found fault with four requests, no fault with one, and one internal review is still being completed. For the four where fault was found, customers were provided further information held by the Council for all four requests. CST and Legal Services continue to work closely to identify where improvements can be made irrespective of complaints. With support provided by Legal Services we continue to aim to improve the robustness, but also the helpfulness, of our responses to requesters.
2.0 Complaints to the Information Commissioner’s Office (ICO)
2.1 In 2021/22, the ICO changed its approach to complaints made from the public and handles them more informally. The ICO first serves an Information Notice to the Council requesting it review the complaint and try to resolve. The Council received five information notices regarding formal information requests in 2021/22. This is compared to one formal complaint from the ICO in 2020/21 and four formal complaints in 2019/20.
2.2 All five information notices received by the Council all were resolved and no further action by the ICO was needed. The resolutions entailed:
· Advising a customer of a privacy notice and explaining why their information had been shared with colleagues in an ESCC contractor.
· Three FOI requests had exceeded the statutory deadline of 20 working days. ICO mandated that we reply within 10 working days. All responses were issued within the time limit.
· A customer complained that they had not been given access to their information. A subject access request was logged.
2.2 There are various reasons why the ICO may contact the Council. These are no longer solely about the information requests we receive. ICO also contacts the Council regarding complaints it receives in relation to any data protection concern including potential data security incidents. The ICO initially takes an informal approach and raises any concerns on behalf of a customer about their personal data. ICO will ask us to investigate and take ownership in the first instance and to report back to the ICO how we remedied the situation directly with the customer. Sometimes communication takes place directly with a service or mostly in contact with our Data Protection Officer. Some of the reasons the ICO contact us do not fall under this annual report. However, where contact from the ICO is relevant to this report, it has been included.