Access to Information Policy
1 Introduction
1.1 West Northants Council is committed to being open, transparent and accountable. These three principles underpin our core value of trust. We will do this by publishing as much of the information we hold as possible, including information about our statutory and non-statutory functions and responsibilities. Placing information into the public domain also reduces the need for individuals to exercise their right to submit freedom information requests.
1.2 Where information is not published it can be requested under access to information legislation and will be released unless its disclosure is not in the public interest, prevented by law or there is an exemption under the Freedom of Information Action 2000 (FOIA), UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018 (DPA18) or an exception under the Environmental Information Regulations 2004 (EIR).
1.3 This policy details how the council complies with the relevant access to information legislation, publication of transparency data and associated codes of practice and ensures that
- information is routinely published by the council via the council’s Publication Scheme and the Local Government Transparency Code 2015
- information is made available on request and within the statutory time limit unless a valid exemption/exception applies
- exemptions/exceptions under the FOIA, EIR, DPA and GDPR are applied consistently and appropriately, and in accordance with the legislation
- a fair and efficient internal review system is administered
1.4 Access to information held by the council includes information provided to us or maintained on behalf by external organisations such as contractors, tenderers, partners, suppliers, and other public or regulatory bodies. It also includes information held by members where that information relates to the delivery of council services.
1.5 This policy should be read in conjunction with the Data Protection Policy.
2 Responsibilities
2.1 All employees, temporary staff, volunteers, contractors and Councillors are obliged to adhere to this policy. Failure to adhere to this policy and its associated procedures may result in disciplinary action. Managers at all levels are responsible for ensuring that the employees for whom they are responsible, are aware of and adhere to this policy. They are also responsible for ensuring employees are updated regarding any changes to this policy.
2.2 Employees should note that the deliberate concealment, amendment or destruction of requested information, in order to prevent its disclosure, is a criminal offence, for which individual staff as well as the council can be held liable.
2.3 The Senior Information Risk Officer (SIRO) has responsibility for this policy. Its maintenance is the responsibly of the Information Governance Manager in conjunction with the SIRO.
The review process is in section 13.
2.4 The council has a dedicated Information Governance team (IG team) who manage all FOI, EIR and GDPR/DPA requests. The team have the necessary skills to log, validate, collate, prepare, review and respond to those requests.
2.5 Requests should be sent to [email protected]. Further information can be found about requesting personal data.
3 Scope
3.1 This policy sets out how the council will publish information under the:
- Local Transparency Code 2015
- Publication Scheme
- FOIA datasets
and manage and respond to access to information requests made under the:
- Freedom of Information Act 2000
- Environmental Information Regulations 2004
- UK General Data Protection Regulations
- Data Protection Act 2018
- Re-use of Public Sector Information
3.2 This policy also
- defines the duties imposed on the council and how these are discharged; and
- signposts to the relevant policy or procedural document for further information, guidance, help and advice
4 Local Government Transparency Code 2015 (Open Data)
4.1 The statutory Local Transparency Code 2015 (the code) stipulates certain types of information that all levels of government must routinely publish on their websites. The code can be found at GOV.UK.
4.2 The IG team are responsible for co-ordinating the publication of the transparency data in line with the code.
4.3 Data is published quarterly, and annually (please transparency and open data for details of which datasets are published and when). These datasets are to be published at least quarterly under the code:
- expenditure data exceeding £500 with an aim to publish all expenditure over £250
- procurement card transactions
- procurement information
4.4 The council aims to publish quarterly data by end of the month following the quarter end (July, October, January and April).
4.5 Data we will publish at least annually under the code is
- local Authority Land
- social housing assets (also known as beacon values)
- grants to voluntary, community and social enterprise organisations
- organisation [structure] chart
- trade union facility time
- parking account and parking spaces
- senior salaries, pay policy and pay multiples
- constitution
- fraud
- waste contract
4.6 The council aims to publish annual data as soon as possible following the year end closedown.
However, the open data below relate specifically to the annual accounts and require public audit acceptance at full council before the data can be published. The council therefore aims to publish these within 7 days of the meeting to approve the annual accounts.
- land and property assets
- social housing assets
- parking account
- some grants
5 Publication Scheme
5.1 Publication of information via the statutory publication scheme under section 19 of the FOIA provides a number of benefits to the council. These include greater transparency and openness and a reduction in the amount of information that needs to be specifically requested.
5.2 The council has adopted the Information Commissioner’s model publication scheme v1.2. The council does not republish data already published elsewhere on its website. Instead we link the various areas of the council’s website together on the publication scheme making the information easy to find.
5.3 The publication scheme is divided into the following classes of information
- who we are and what we do
- what we spend and how we spend it
- what are our priorities and how are we doing
- how we make decisions
- our policies and procedure
- lists and Registers
- the services we offer
- datasets
6 Datasets
6.1 Datasets were added to FOIA by the Protection of Freedoms Act 2012. This addition created a duty in relation to making datasets more widely available under a publication scheme.
6.2 Once a new dataset has been identified by the IG team through the FOI request process, corporate consideration is given to publishing the new data under the council’s publication scheme.
7 Freedom of Information Act 2000 (FOIA)
7.1.1 The FOIA legislation has been in force since January 2005. It sets out the framework under which anyone, regardless of age, location or reason, has a general right of ac-cess to information held by a public body, including this council. This right exists where the information is not already published or in the public domain.
It also sets out the obligations to release the information, subject to it not being exempt, within 20 working days.
7.1.2 Any person requesting information must be
- advised whether the information is held
- provided with the information (subject to exemptions)
- advised of the council’s internal review procedure
7.1.3 For information requests to be valid they must
- be made in writing (typically letter, email or webform)
- include contact details (full name and contact address or email)
- describe the information being requested in enough detail to allow it to be located
- be specific enough to allow the response to be made within the Appropriate Limit and Fees Regulations (18 hours of officer time to collate, prepare and respond)
However, you do not have to mention the Act or direct the request to a designated member of staff.
7.1.4 The Act is fully retrospective and applies to all recorded information held by the council (and its predecessor councils) not just information created since the Act came into force or this council began.
The Act also includes access to information held by contractors and suppliers on its behalf where those contractors and suppliers provide statutory services on behalf of the council.
7.1.5 The council does not have to treat every enquiry formally as an FOI request. Where it is more appropriate, we will deal with a request as a customer enquiry, request for service or business as usual.
7.1.6 A request is purpose blind. This means a requester does not need to give a reason for requesting information or state what they intend to do with the information.
7.2 FOI exemptions
7.2.1 There are also valid reasons for withholding information known as exemptions. Under section 2 of the Act the council is not obliged to comply with the request (or part of the request) if the information is exempt under the provisions of Part II of the Act - sections 21 to 44. See the full list of FOI exemptions.
7.3 Fees and Charges
7.3.1 The council will not usually make a charge for providing the information, unless the IG team assess the request as excessive, or the information is usually available by other means whereby a charge is applicable.
7.3.2 Charges will only be applied where those charges have been published as part of the council’s budget process.
8 Environmental Information Regulations 2004 (EIR)
8.1 The EIR’s govern access to information relating to the environment (natural and built) and provide a means of access for the public to environmental information held by the council. The Regulations apply only to the environmental information held by the council. The FOIA gives the public access to most other types of information held by the council, unless this is personal data.
The regulations impose a duty on the council to make environmental information available proactively and provide the public with environmental information when requested.
Environmental information is published as part of the councils publication scheme.
8.2 Unlike the FOIA, the regulations do not explicitly exclude information that is held solely on behalf of another person or body. The EIR’s say that any information in the council’s possession that has been produced or received is considered to be ‘held’.
8.3 The EIR’s cover any recorded information held on any medium that falls within the definition of ‘environmental information’. It is not limited to official documents or information created by the council; if it’s held it is covered by the regulation. For example, this can include but not limited to emails, notes, documents, evidence, advice, recordings of telephone conversations, CCTV recordings external reports, pollution monitoring, traffic movements, footfall data or surveys.
Documents still in draft format and still being worked on are however usually exempt unless they form the basis for a decision made because of the data they contain.
8.4 EIR requests fall under six main areas:
- The state of the elements of the environment, such as air, water, soil, land and fauna (including people)
- Emissions and discharges (gases and fluids), noise, energy, radiation, waste and other such substances
- Measures and activities such as policies, plans, and agreements affecting or likely to affect the state of the elements of the environment
- Reports, cost-benefit and economic analyses
- The state of human health and safety and contamination of the food chain
- Cultural sites and built structures (as they may be affected by environmental factors)
8.5 The EIR request timeline
8.5.1 The council’s EIR request process follows the same 20 working day response process as for FOI requests, except that EIR requests can be made verbally or in person as well as in writing.
8.6 Exceptions to disclosure
8.6.1 Sometimes the information requested cannot be released due to the need to protect the environment, for example the locations of rare birds. If this is the case the council will inform you of the reasons why.
8.6.2 See the full list of the EIR exceptions.
8.7 Fees and charges
8.7.1 The Councils guiding principle is to endeavour to release information under EIR free of charge. Wherever possible this will be by publication on our website or public disclosure response.
8.7.2 There are however a few exceptions to the free disclosure principle. These are:
- where a statutory charge for information exists
- where the Council has a published charging policy
- CCTV footage (including the cost of redaction software)
- where the request is manifestly unreasonable
- a commercial report is required; and
- an approved charging regime is published
9 UK General Data Protection Regulation
9.1 The way the council manages personal data under the GDPR and the Data Protection Act 2018 (DPA2018) is detailed in the council’s Data Protection Policy. This policy statement focuses on the GDPR Article 15 right to access their personal data. This type of request is known as a Subject Access Request (SAR). For information on further details of data subjects rights please see the our data protection pages.
9.1.1 A SAR can be made verbally as well as in writing. A requester does not need to give a reason for wanting the information.
9.1.2 The council may require proof of identity to ensure personal data is not provided to an impersonator.
9.2 SAR request process
9.2.1 An individual, their authorised representative or with power of attorney can request any or all of the following as part of their SAR
- whether any personal data is being processed by the council
- be given a description of the personal data, the reasons it is being processed, and whether the data is shared with any other organisations or people
- be given a copy of the personal data, unless an exemption applies; and
- be given details of the source of the data (where this is available)
9.2.2 Where possible the council will provide the information digitally, unless requested in another format.
9.2.3 The council must respond to a SAR without undue delay or within one month of receiving the request.
9.2.4 The council may extend the time to respond by a further two months if the request is complex or we have received several requests from the individual such as other types of requests relating to individuals’ rights.
9.2.5 Subject Access Requests can be made in one of the following ways:
- by email to the Data Protection Officer at: [email protected]
- submitting the request in writing to: Data Protection Officer, West Northamptonshire Council, One Angel Square, Northampton, NN1 1ED
- by using the council’s standard SAR form in paper form from the Data Protection Officer or via the personal data request form. Please note; completing a form is not a requirement however it may speed up the initial request process by ensuring all information required is provided at the point of submission
Please mark correspondence 'Private and Confidential' and include all the information requested, Countersigned copies of identification provided must be signed and self-certified as true and accurate copies. In some circumstances pictures of documents may also be accepted.
9.2.6 It is useful to include as much information as possible when making a request to help locate the information in a timely manner.
9.2.7 Try to
- be specific; is it information about a single service such as complaints, benefit claims, council tax, housing application or other specific service? Asking for all information may complicate the request and not provide the clarity of response you expect
- provide a time frame, fir example, is the information you want recent or historic, (going back a year or two) or between specific points in time?); and
- include any relevant previous names/addresses
If the request relates to a call and is one which may have been recorded to a central service rather than a specific officer, we will need the number the call was made from.
If your request relates to CCTV footage we will need a full description of you or your vehicle. Please note it is rare number plates are readable particularly on wide view footage.
9.2.8 It is not standard procedure to search information held outside of core customer systems such as recorded calls or CCTV records as part of a SAR unless specifically re-quested.
We would therefore ask when requesting information held on CCTV or other recording equipment that requesters provide a timescale and/or dates and specify the council building attended in order to be able to identify the recording/footage.
9.3 Exemptions to disclosure
9.3.1 Some personal data may be subject to exemption or restriction from disclosure if it’s release could harm or prejudice. For further information see relevant Schedules of the DPA here:
9.4 Third Party Data
9.4.1 SAR’s will only allow the council to provide information held about the applicant and not about any third person/party unless the requester is acting on their behalf and has their express permission to receive this information (proof of this will need to have been provided when the request is submitted).
9.5 Fees and Charges
9.5.1 The council will not usually charge for a subject access request. However, we may charge a ’reasonable fee’ for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if an individual requests further copies of their data other than in electronic format.
9.6 Individual Rights Requests
9.6.1 The full list of GDPR rights for individuals are
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to data portability
- the right to object; and
- rights in relation to automated decision making and profiling
Further information on your rights and how to exercise these is detailed in s7 in the council’s Data Protection Policy and on our requesting personal data webpage.
10 External requests for exempt personal data under the Data Protection Act 2018 (DPA2018)
10.1 Organisations that have a crime prevention, tax collection, law enforcement or litigation function may require personal information held by the council to prevent or detect a crime, or apprehend or prosecute an offender, or for taxation/ benefit purposes.
Individuals or organisations not registered with the Information Commissioner cannot use this process to request information.
10.2 The DPA 2018 permits the council in very specific circumstances to release this information by applying an exemption under one of the schedules in the Act. There is no obligation on the council to do so and even if the exemptions apply the council may decide that it should not release any information.
10.3 Please note that if the council has genuine concerns about releasing any personal information (for example, because it thinks it has other legal obligations such as the information being confidential) then we may ask for a court order requiring release of the information.
10.4 In all cases the council follows the best practice maintained by the National Police Chiefs’ Council (NPCC) for all exemption requests.
10.5 To assist organisations in submitting a request please complete our form and return to [email protected]. Failure to complete the form fully is likely to delay the process of obtaining the information or refusal.
10.6 Disclosure will only be made via secure platform such as TLS1.2 email encryption or secure file transfer protocol.
We recommend that a secure e-mail solution is used for sending personal or confidential information to us.
10.7 Examples of organisations that can submit requests under Schedule 2 Part 1(2) are:
- police (including transport police and other sovereign law enforcement agencies)
- HM Revenue and Customs
- other Local Authorities or Public Bodies acting under authorised Powers
- insolvency, bankruptcy or liquidation practitioners (but not bailiffs)
- border control and immigration
- law firms with a senior partner
- audit and fraud agencies
11 Re-Use of Public Sector Information Regulations 2005 (RPSI)
11.1 The Re-Use Regulations encourages re-use of public sector information. It is not about accessing information, which is dealt with under information access legislation. It gives the right for an individual or organisation to request permission to re-use information held by the council for a purpose other than the initial public task it was produced for.
11.2 Typically, this means taking information that the council has produced and republishing it or using it to produce a new product or resource, often by combining it with other information, including for commercial basis.
11.3 The council will permit re-use in response to a request except where information is exempt from disclosure under information access legislation (FOIA, EIR and UK GDPR) or any other relevant legislation.
11.4 The council must make the information available in the format and language in which it is held. If not already held in an open and machine-readable format be converted such as to CSV or PDF.
11.5 Requests for re-use must be made in writing and include:
- the requester’s name
- address for correspondence
- specify the information for re-use
- detail the intended re-use purpose
11.6 By default, where the council grants reuse it will be under the Open Government Licence (OGL). The council can impose conditions on re-use but the conditions must be as open and non-restrictive as possible, normally the only condition will be crediting the source.
In some rare instances there may be other licences more appropriate in particular situations, including where there is a charge for re-use. The UK Government Licensing Framework includes other types of standard licences.
Generally speaking, the council must not enter into exclusive licensing arrangements with a particular person or organisation, but there are some limited exceptions to this.
11.7 The council may only charge for the marginal costs of reproducing, providing and disseminating the information. The regulations provide that where charges are made, the total income should not exceed the cost of collection.
Where the costs are negligible, and the council is publishing the information on our website, the council is unlikely to be able to make a charge.
11.8 Requests to re-use information will be responded in line with other access to information requests, that is within 20 working days. The council will advise you if for any reason the time is to be extended such as extensive or complex.
11.9 A request may can be refused if the
- activity of supplying the document is one which falls outside the council’s public task
- document contains content in which copyrights are owned by a third party
- content of the document is exempt from access by virtue of the FOIA
11.10 In most cases copyright will be owned by the council and we may impose conditions on re-use by way of a licence, although it will not unnecessarily restrict re-use or restrict competition. Where any copyright concerns exist with information, these will be made clear.
11.11 For further information the Regulation 15 of RPSI sets out how the charge should be calculated.
12 Information disclosure (FOI and EIR) reviews
12.1 Where the requester believes that the council has not dealt with their information re-quest properly applicant is entitled to request a formal review of the disclosure response.
12.2 A request for an internal review must be made by the original applicant and within 3 months [90 days] of the information disclosure.
12.3 The applicant must state at least one of the following:
- why they believe the information has been incorrectly refused
- why they believe the exemption or exception has been applied incorrectly
- why they believe information stated as not held is indeed held; and
- what information is missing from the original response
12.4 Review requests purely seeking clarification will not be managed as a formal review. Instead clarification will be provided as a supplementary response to the original request.
If additional information is being sought it will be treated as a new request and logged and responded to accordingly.
12.5 The internal review will be conducted by a more senior member of the Information Governance team who was not involved in the initial response.
12.6 An internal review will follow the same maximum statutory timeline to the original request.
12.7 The review must be signed off as the council’s final disclosure decision by the Information Governance Lead Officer in conjunction with the Monitoring Officer or another member of the Leadership Team.
12.8 If the requester is still dissatisfied once the internal review process has been exhausted, or where the council fails to review the original decision, the requester has a right to complain to the Information Commissioners Office (ICO).
13 Policy review
13.1 The council’s SIRO is responsible for instigating and coordinating an annual review of this policy. Minor amendments and updates under the current main version number can be approved and republished without the need for board approval. Complete revision of the policy will require formal corporate approval to replace the existing policy.
Last updated 08 September 2023