Governance Committee

26 September 2024

Appendix 4            Formal requests for information 2023/24

 

1.0     Complaint process: internal reviews of formal information requests

 

1.1     Complaints regarding the final responses to Freedom of Information (FOI) and Environmental Information Regulations (EIR) Requests have their own procedure as an internal review carried out by Legal Services.

 

1.2     For Data Protection subject access requests (SARs), the Customer Services Team (CST) reviews and responds if the requester remains dissatisfied and asks for legal support if it is particularly complex. Customers can complain to the Council’s Data Protection Officer if they remain unhappy. For all the types of information requests, there is the option to complain to the Information Commissioner’s Office (ICO) if the customer remains dissatisfied.

 

1.3     In 2023/24, we received six requests for internal reviews, compared to four in 2022/23. Out of the six internal reviews, Legal Services found fault with five requests. For four of the internal reviews further information was provided to the requesters. For the fifth internal review fault was found in using the over 18 hour exemption; however, no information was held and so the Council was unable to disclose any information. The sixth internal review found no fault and the over 18 hour exemption was used correctly. Internal reviews are used to identify where improvements can be made and they are reviewed thoroughly irrespective of the outcomes.

 

2.0     Complaints to the Information Commissioner’s Office (ICO)

 

2.1     If a requester makes a complaint to the ICO, the ICO first serves an Information Notice to the Council requesting it reviews the complaint and tries to resolve it. The CST received three information notices regarding information requests in 2023/24, compared to two in 2022/23. All three notices in 2023/24 requested that the Council respond to the requesters as the three responses were overdue. Two of these have been resolved and completed and one response is currently underway.

 

2.2     There are various reasons why the ICO may contact the Council. These reasons are no longer solely about information requests the Council receive. ICO also contacts the Council regarding complaints it receives in relation to any data protection concern including potential data security incidents. The ICO initially takes an informal approach and raises any concerns on behalf of a customer about their personal data. ICO will ask us to investigate and take ownership in the first instance and to report back to the ICO how we remedied the situation directly with the customer. Sometimes communication takes place directly with a service or mostly in contact with our Data Protection Officer. Some of the reasons the ICO contact us do not fall under this annual report; however, where contact from the ICO is relevant to this report, it has been included.