Scottish Information Commissioner tackles University’s FOI failings

In February 2012, representatives of the Scottish Information Commissioner conducted an assessment of the University of the Highlands and Islands (UHI) and its compliance with the codes of practice issued under sections 60 and 61 of the Freedom of Information (Scotland) Act 2002 (FOISA).  Almost every month the Commissioner’s assessment team visits a public authority in Scotland to assess its compliance with codes of practice.  Public authorities will be chosen for a variety of reasons.  The Commissioner decided to assess the UHI’s practice for a number of reasons, including that she had received no applications for a decision under s.47(1) of FOISA.

The report into that assessment made for grim reading.  It revealed a poor level of compliance with FOISA including some 54 requests that had never received a response from the UHI and were considerably overdue (see paragraph 13 of the report).  The report identified significant issues around the compliance with Section 1 of FOISA (the general right to receive information requested).  This failure alone should have resulted in a significant number of applications under s.47(1) for a decision on the UHI’s technical compliance and is just one reason why it is surprising that the Commissioner had received no applications regarding the UHI.

Paragraph 39 of the report stated that in an internal audit report, it was noted that the UHI had taken an informal approach to handling requests for information.  The UHI had no policies or procedures in place on FOI.  The UHI had inadequate systems in place for logging, tracking and monitoring requests for information.  Where such records were recorded they were basic and there was concern over how comprehensive the records were.

I won’t go through every single failing identified by the Commissioner’s assessment team.  The above should give some flavour of what is contained within the assessment report and it is publically available for anyone to read.  In essence, the UHI was completely failing to comply with the basic technical requirements of FOISA and the codes of practice.  It is incomprehensible how the Commissioner had never received an application about an organisation with such poor compliance of FOISA.

The Practice Assessment resulted in the Commissioner taking the unusual step of issuing a Practice Recommendation.  Since FOISA came into force on 1 January 2005 only one other Practice recommendation has been issued and that was in July 2010 to the Scottish Borders Council.  Under s.44(1) of FOISA the Commissioner can issue a Practice Recommendation if she considers that a public authority is not complying with the Codes of Practice issued by the Scottish Ministers under ss.60 and 61 of FOISA.  The previous commissioner took the view, and certainly the new Commissioner appears to have adopted the same view, that such a step should only be taken when a serious and systematic failure to comply with the Codes is found.

A Practice Recommendation t is not enforceable through the courts.  However, if a public authority fails to comply with it in a reasonable timescale, the Commissioner can issue an Enforcement Notice under s.51 of FOISA.  Such a step is much more formal and can be enforced by the Commissioner making a written statement to the Court of Session under s.53 of FOISA.  If the Court of Session were to agree that the public authority has failed to comply with an Enforcement Notice, it can deal with the public authority as if it were in contempt of court.  To my knowledge, the Scottish Information Commissioner has never issued an Enforcement Notice.

As an alternative to an Enforcement Notice the Commissioner could produce a report on the public authority’s failures and lay it before the Scottish Parliament under s.46 of FOISA.

Hopefully the UHI will work closely with the Commissioner and her staff to improve their practice around FOI and that no further action will need to be taken.  Such basic and fundamental failures in the compliance with FOI seven and a half years after it came into force are of great concern and it is quite inexplicable how the UHI were able to go for so long with such basic and fundamental errors in its compliance unnoticed.  As a wider issue, I do hope that if any other public authorities are failing in the same ways as UHI are that they will take note of all the publically available material on the Commissioner’s website, including the assessment of and recommendations to the UHI.  There really is no excuse for a public authority in 2012 to be failing in the ways that the UHI were.

There are a number of documents which the Commissioner has produced in relation to the UHI arising out of the assessment in February.  They are all linked to below:

Assessment Report – University of the Highlands and Islands
Action Plan – University of the Highlands and Islands
Practice Recommendation 01/2012 – University of the Highlands and Islands