Table of Contents
Comments on this site are now closed and a new draft of the report is being prepared. Thanks very much to all those who have contributed.
Research data can be the subject of Freedom of Information requests, as recent high profile cases have shown. As a researcher, how should you respond if faced with such a request? This document sets out to answer this question and some others you may have. Details of particular circumstances can make a major difference, so conclusions reached in an individual case may well differ from those suggested here. This document does not constitute, and should not be construed as, legal advice.
Freedom of Information (FoI) and Environmental Information (EIR) legislation provides the public a right to access information held by a UK public authority, which includes most universities, colleges, or publicly-funded research institutions. The information requested could include your research data, which must be provided unless an exemption or exception allows your institution not to disclose it. The request could be addressed to anyone in the organisation, and there are only 20 working days [...]
A FoI request simply has to be in writing, give the name of the requester and an address for correspondence, and specify the information requested. However, “writing” is interpreted liberally; email is fine, and even recorded voice-mail messages may count. A FoI request does NOT have to mention Freedom of Information. EIR requests can be made verbally, and also don’t have to mention the regulations.
Most requests for information are part of routine “business as usual”, and need not be treated as FoI or EIR requests. Researchers share or trade data all the time, so if you normally agree to share data, you should continue to do so, paying due care and attention to normal research considerations e.g. ethics, privacy and confidentiality. However, in circumstances where you don’t want to supply the data, or you think there are legal or ethical reasons why you shouldn’t supply it, or the [...]
The Freedom of Information Acts and Environmental Information Regulations (EIRs) are designed to ensure accountability and good governance in public authorities. Much UK research is paid for through public funding, which leads to a presumption in favour of openness. In other words, unless there is an overriding reason for not providing information to the public, you should provide it. The reasons the law will consider as acceptable are contained in the FoI Acts as ‘exemptions’ and the EIRs [...]
It’s good practice to acknowledge a request on receipt. If you are in any doubt about how to respond, pass the request to your FoI Practitioner, and let them take over correspondence. The legislation requires information to be supplied, or a refusal provided, within 20 working days from receipt of the request. Where the request is not clear enough to decide whether the information can be supplied or not, you may have to ask the requester for clarification. The ‘20-day clock’ will then stop [...]
Ideally, you will have considered the FOI/EIR implications for your research data as part of your initial research data management plan, and identified whether you wish to, or are required to, withhold some or all of your research data from public access (see Q21 for more on research data management plans). Where your research data are required to be published in a data repository on completion of the project, e.g. with the Economic and Social Data Service (ESDS) or an institutional data repo [...]
While there are exemptions to the requirement to disclose information, there is a presumption in favour of release. This means that institutions must justify decisions not to disclose. Exemptions to disclosure include information containing personal data (Q8), information subject to a duty of confidentiality (Q9) and information the release of which would prejudice legitimate commercial interests (Q10). In addition, and of interest to research, exemptions can cover information that is to be pu [...]
You should NEVER ignore a FoI or EIR request. Unless you are going to supply the information requested as normal “business as usual”, and within 20 working days, you should always contact your FoI Practitioner. First of all, FoI/EIR requests should always be acknowledged to the requester, so that both parties are clear that it has been received. Secondly, there is likely to be an obligation to confirm or deny whether your institution holds the data (although in some circumstances there [...]
The general rule is that the Data Protection Act trumps FoI/EIR. Both FoI Acts make personal data, of which the requester is the subject, exempt information (there is a similar exception under EIR). The requester should apply under the UK-wide Data Protection Act (for which different rules, timescales and fees apply). If the requester is not the subject of the personal data, the exemptions become more complicated, although our “general rule” above is likely to apply. Always discuss such c [...]
This term refers to the practice of removing some information from a document while leaving other information intact. It is typically used to remove exempt information such as personal information. Sometimes this data can be incidental to the request, and such redactions are unlikely to be controversial. However, sometimes information is redacted that does form part of the information requested, because an exemption/exception is believed to apply to it. Because redactions must be done careful [...]
There are Health and Safety exemptions/exceptions that can apply under these circumstances. It is essential to consult your FoI Practitioner if you suspect that anyone could be put at risk of harm if information is disclosed.
If the information is covered by a confidentiality agreement, an exemption may apply. However, simply stating that information is confidential is not enough – there must be a real likelihood that disclosure would open the public authority to legal action for breach of confidence. Equally, marking documents “Confidential” or “Commercial in Confidence” is not sufficient evidence that their contents are in fact confidential. Consult your FoI Practitioner. You may also have to consult [...]
If the information came from elsewhere and was provided without conditions of confidentiality, but is not otherwise available, then you may have to provide it. Consult your FoI Practitioner. Several exemptions may come into play here. There is an exemption relating to information that is reasonably available to the requester, so if the supplier of your information makes it available, it is exempt as far as you are concerned. It may be worth noting that many research collaborations involvin [...]
Universities have made use of the “commercial” exemption, but we don’t know of anyone who has successfully used it as an exemption for research data. The guidance available is inconclusive. However, if disclosure would seriously harm your research and follow-on research projects, or the possibility of commercial exploitation by the university or spin-out companies, then this exemption could be proposed. It is likely however, that a successful use of the exemption would need to be care [...]
In principle, the FoI Acts and EIR are “applicant blind and motive blind”. The location, nature and/or motives of the requester are irrelevant. The requester could be anyone: a competitor, a member of the public, someone hostile to your research, a research funder, a member of your Ethics Committee, or anyone else anywhere in the world.
The fact that your research is not complete is not enough on its own to prevent disclosure, although under EIR there is an exception for information that is incomplete. There is a FoI exemption from the duty to provide information that is intended for future publication. The intention must have existed before the request was received. However, under Scottish FoI there must be a plan to publish within 12 weeks of the request date; this period is not defined in the rest of the UK. This exemptio [...]
A few exemptions are “absolute”, and so always apply. But many exemptions and all EIR exceptions are subject to a public interest test. In short, this says that the particular exemption or exception cannot apply where the public interest in providing the information is greater than the public interest in withholding. This will be a matter of judgement; in the first instance the judgement of the public authority (ie your institution) will apply, but there may well be a call for review or appe [...]
Pretty much everything relating to the environment counts as environmental information, including information relating to the research as well as the environment directly. Ask your FoI Practitioner if you are in any doubt. Both sets of regulations (UK and Scotland) quote definitions from the relevant European Directive: “(a) the state of the elements of the environment, such as air and atmosphere, water, soil, land, landscape and natural sites including wetlands, coastal and marine areas [...]
The exceptions to EIR are fewer than for FoI, and the public interest test is stronger, as environmental information is seen as extremely important to citizens. Once again there are exceptions for personal data and for confidential information. There are also exceptions for information that is incomplete, and an exception concerning disclosure of internal communications. It is not clear how these might apply, and it is very important to consult your FoI Practitioner, and for them to proceed care [...]
Intellectual property rights (IPRs) cannot prevent the disclosure of information under FoI/EIR, but the rights still apply. So if, for example, you or your university own copyright in the information, the person to whom it is disclosed will require your permission to perform acts controlled by copyright, such as publication. Any restrictions on re-use should be made clear when data are released. However, there can be difficulties in establishing: The extent of copyright if the informatio [...]
To date (2010) FoI or EIR requests for research data have been rare, although the high profile case at Queen’s University, Belfast has received a lot of publicity. So, at present, you are extremely unlikely to receive a request for research data. However, special interest groups and journalists are getting more familiar with using FoI requests, so this likelihood may increase, particularly in controversial areas or research affecting public policy. Since neither special interest groups nor [...]
Both FoI Acts have an exemption where the cost of supplying information is above an “appropriate limit”. There is guidance relating to the calculation of such costs[i]. The threshold may change, but was originally set at £450 for public authorities other than Central Government bodies (£600 in Scotland). However, the cost of compensating for poor records management cannot be included in the cost calculation. So if the fault is yours, you may have to do the work anyway. It would be far b [...]
You can delete your research data unless a request has been made for it under FoI/EIR. Once a request has been made it becomes a criminal offence to delete or destroy the information. Most of the sanctions under this legislation apply to your institution, but any action for deletion or destruction could be taken against the individual who did it or ordered it! Don’t do it, and make sure it is not deleted accidentally after the request. A policy on managing research records can be helpful in [...]
If the requester asks for the information in a particular form, and you can reasonably easily supply it in that form, then your duty to be helpful to the requester suggests you should supply it as requested. You should remember however that some digital data formats can contain information that is not visible but can still be extracted, so you must take care not to supply information inadvertently that you should not provide. For this reason (and others), some FoI officers make a habit of sup [...]
Research funders increasingly require data management plans[i] to be created at the grant application stage. Maintained throughout the research lifecycle, a “living” data management plan should help you think carefully about issues such as ethics, confidentiality, anonymisation, security, openness, data structures and retention periods. The decisions you take in planning your data management may have a significant effect on how easy it would be to answer a FoI request, and could have an impa [...]
Your institution holds the information if that information exists within the institution’s computing or paper filing systems. Theoretically, the information could be in a hand-written note on a memo about something else in that tall pile at the back of your desk! It could also be on the work laptop computer sitting in your “office” at home. Where another party holds information on behalf of your institution, it may still be holding that information. An example of this would be if a sub- [...]
The legislation (both FoI and EIR) applicable differs in Scotland from the rest of the UK (England, Wales and Northern Ireland). The differences could be significant in relation to exemptions or exceptions that might apply to research data. Further, the Scottish Information Commissioner (SIC) may have reached different conclusions from the (UK) Information Commissioner’s Office (ICO).
Consult your FoI Practitioner, and possibly your collaborators’ FoI Practitioners.
This is much too broad to answer in full, but there are several key differences. First, the definition of “public authority” in EIR is slightly broader. . Second, an EIR request does not have to be in writing (although it would seem sensible for the requester to make the request in writing). Third, exceptions (which is the term used in EIR rather than exemptions) are different, and there is a higher expectation that information will be made available.
JISC makes no warranties, representations or undertakings about any of the content of this Q&A document/website (including, without limitation, any as to the quality, accuracy, completeness or fitness for any particular purpose of such content); or any content of any other web site referred to or accessed by hypertext link through the Q&A web site (“3rd party site”).
Your first call should be to local information sources, including your FoI Practitioner. JISC Legal and JISC InfoNET provide information on FoI, so their web pages may prove helpful. JISC Legal provides a section on Freedom of Information, including an “Essentials” document[i], and other publications. JISC InfoNet also provides some information on FoI, mainly from a Records Management perspective. They also have a useful guide to managing research records[ii]. JISC is also running a [...]