Unhappy about the response you got?

If you didn’t get a reply within 20 working days you can:

If you did not get all of the information that you requested, or your request was refused without a reason valid under the law you can:

If you’re not sure how to respond, use our refusal advice wizard below. Answer the questions and we’ll try to provide helpful advice for your specific request.

1. Asking for an internal review #

At the bottom of the relevant request page on WhatDoTheyKnow choose "request an internal review". Then write a message asking for an internal review of your request. You may want to include a link to the request page, to make it clear which request you are talking about.

You don't need to ask for an internal review if the authority haven't responded to your request at all by the deadline. You can go straight to the Information Commissioner.

There's a good chance an internal review will prompt a change in the public body's stance. For requests made to central government, 22% of internal reviews resulted in some change to the original decision and 9% were completely overturned, and for local government this figure is between 36-49%.

Internal reviews should be quick. If one takes longer than 20 working days then the authority should write and let you know, and it should never take longer than 40 working days (see this good practice guide). You will then either get the information that you originally requested, or you will be told that the review upholds the original decision.

2. Referring a request to the Information Commissioner #

If you are still unhappy after the public authority has done their internal review, then you can refer your request to the Information Commissioner, who is empowered to uphold access to information laws.

To make a referral, start by reading the Information Commissioner's advice for those with concerns about accessing information which links to their form. If you requested information from a Scottish authority, then it is the Scottish Information Commissioner who you will need to contact.

While the Information Commissioner asks for their form to be completed and evidence supporting a referral to be attached in practice we are aware they routinely consider referrals made via a simple email setting out the issues, containing a link to the request on WhatDoTheyKnow.com to provide evidence of the full history of the correspondence related to the request. If you do wish to download copies of correspondence, and attachments, to send to the Information Commissioner the .zip download feature, accessed via "Actions" may assist.

WhatDoTheyKnow does not currently have any special facilities for handling a referral to the Information Commissioner. We encourage users to leave annotations on requests keeping people informed of progress. Decisions by the Information Commissioner are published online and you can link to a decision via an annotation on the request.

A warning. Although the Information Commissioner has worked hard to reduce their backlog of casework, it can still take several months to get resolution from them in many cases. One area where they have sped up things considerably is that they are able to prompt non-responsive authorities to reply within a few weeks of receiving a complaint.

If you are unhappy with the response from the Information Commissioner's office you can ask them to reconsider it under their complaints process.

If you reach the point of referring a case to the Information Commissioner, you should accept that you won't get the information quickly by this means. Maybe you want to help the fight to improve our Freedom of Information regime, or maybe getting the information slowly is still worthwhile. You can also try and get the information by other means…

3. Using other means to answer your question #

You can try pursuing your problem or your research in other ways.
  • Make a new FOI request for summary information, or for documentation relating indirectly to matters in your refused request. Ask us for ideas if you're stuck.
  • If any other public authorities or publicly owned companies are involved, then make FOI requests to them.
  • Write to your MP or other politician using WriteToThem and ask for their help finding the answer. MPs can write directly to ministers or departments, and can ask written questions in the House of Commons. Councillors in local authorities can talk directly to council officers.
  • Try asking for the information from the European Union. AskTheEU.org is a version of this website for the European Union.
  • Ask other researchers who are interested in a similar issue to yours for ideas. You can sometimes find them by browsing this site; contact any registered user from their page. There may be an Internet forum or group that they hang out in.
  • You could form a small local campaign group and arrange a meeting with staff from the authority.

4. Get help on refusals #

Did the authority mention any of these exemptions when refusing your request?
Was your preference for the format you would like the information provided in, or the means by which it should be conveyed, included in your initial request?
Did you request that the information be translated into a different language? The FOI Act does not oblige authorities to provide translations of information that they hold, so the authority has acted within its rights under the FOI Act.
Would the information that you requested meet the definition of 'a dataset'? There is ICO guidance specifically about datasets. This defines a dataset as "a collection of factual information in electronic form to do with the services and functions of the authority that is neither the product of analysis or interpretation, nor an official statistic and has not been materially altered."
Has the authority provided the data in a reusable format? The Explanatory Notes to the Protection of Freedoms Act 2012 say that “a re-usable format is one where the information is available in machine-readable form using open standards which enables its re-use and manipulation” (note 389). A common example of this is CSV (comma separated values) data, which can be processed by all spreadsheet programs. ICO guidance states that where the requester has asked for a dataset and stated a preference for the data to be provided in an electronic format (and elsewhere in the same guidance suggests that if no preference is stated, it can be assumed that a request made electronically can be seen as a preference for the response to be made in the same way), "the public authority must, so far as reasonably practicable, provide the information to the applicant in an electronic form which is capable of re-use [...]. The requester does not have to specify when submitting their request that they want a re-usable dataset. [...] If the requester has asked to receive the information in hard copy, then there is no duty to provide it in an electronic form capable of re-use".
Is the data you requested already held in a digital format by the authority?
Has the authority stated that it would not be reasonably practicable to convert it into a reusable data format? ICO guidance says that time, cost, scope and technical issues can all be considerations. However "What is reasonably practicable is a decision for the public authority to make, taking account of all the circumstances of the case, including the purpose of the legislation, which is to promote open data. If the public authority decides that it is not reasonably practicable to provide the information in a re-usable form, the requester can ask the authority to review its decision and then, if they are not satisfied with the authority’s review, complain to the Information Commissioner."
Has the authority acknowledged your request for information to be provided in a specific format or via a specific means, but said that it is not reasonably practicable for them to do so?
Have they provided a reason for this judgement? ICO guidance says "the relevant circumstances could include, but are not limited to "the cost of supplying the information in the format requested; how the information is held; the available resources of the authority, and "issues such as security restrictions or difficulties of physical access to records stores".
Does the reason given by the authority apply to all of the information requested? The authority can only apply this exemption to the relevant part of the information — for example, if you have asked for information in an Excel spreadsheet, and it would not be reasonably practicable to convert a portion of it that only exists on paper, the authority can only apply the exemption to the paper documents.
Has the authority provided the rest of the information in your requested format?
Has the authority provided, or offered to provide, the information in another format?
Is this format acceptable to you?
Has the authority cited copyright or confidentiality as the reason that it is not reasonably practicable for them to provide the requested information in your preferred format? ICO guidance states: "Arguments that providing information in the preferred form would allow unauthorised copying,and hence infringement of copyright, are not relevant to whether it is reasonably practicable to comply with the requester’s preference."
Did you request to inspect the information in person? ICO guidance states that some instances where it is not 'reasonably practicable' for an authority to provide information for inspection include where the original documents are fragile; where redaction is needed.
Does the authority provide reasons for not allowing inspection of this information?
Does the authority provide the information electronically, or make a suggestion for an alternative means of accessing it?
Is this method reasonable in the circumstances? ICO guidance says that the authority may communicate the information "by any means which are reasonable in the circumstances".
Did you ask for a digest or summary of information?
Did you request that the authority produce a new summary of existing information? There is a distinction between requesting a summary that already exists, and requesting a new summary to be created.
Does the authority say that all the information in such a summary is exempt? ICO guidance states that an authority is not obliged to create a new summary of information, but may do so at their discretion. The summary may sometimes be created by extracting parts of existing information. If it is not 'reasonably practicable' to extract the required parts, the authority may decide to provide all the information instead.
Has the authority requested a fee for providing this information?
Does this fee cover only the cost of providing the information in your preferred format, for example the cost of a memory stick, CD, DVD or postage?
Does the fee also cover staff time spent in photocopying, printing or saving the information to your preferred media? ICO guidance states that the authority must not include costs relating to staff time spent in providing the information in your preferred format. Costs other than this are covered by exemption 13 (see our advice on that exemption here).
Did the authority state that they have applied exemption 11 because the information is available via their publication scheme or another publicly-accessible part of their website?
Did you request the same information that has been published, but in a different format?
Does the information they have pointed to differ from the information you have requested?
Has the authority provided you with a link to where the information can be found?
Has the authority confirmed or denied whether they hold the information you have requested?
Have they stated that the cost of confirming or denying would exceed the appropriate limit? The Section 12 exemption relieves them of the 'confirm or deny' requirement if to do so would exceed the cost limit.
Has the body included a calculation or explanation of the costs involved in providing the information?
Does this calculation include the time taken in considering when exemptions apply, or time taken to redact parts of the information?
Does it seem to be a reasonable estimate ('sensible and realistic') that gathering the information you have requested (or checking whether they hold this information) will take more than 24 hours of staff time (where the request was made to central government, a legislative body, or the armed forces) or 18 hours (all other public authorities), or otherwise cost more than £600/400 to locate, retrieve and extract? Notes: As well as staff time, reasonable costs may include the necessity of buying new equipment or software; travel required to retrieve the information, etc.
Has the body given an indication of what information could be provided within the appropriate limit?
Have you put in more than one request to the same authority within 60 working days, and if so, have they all been included in the calculation of costs?
Are they all FOI requests, or do any of them fall under a different regime, eg Environmental Information Regulations or Subject Access? (Authorities may not aggregate requests unless they are all made within the same regime).
Is each request on a demonstrably different subject? (Even if they are within the same request; note that "multiple requests within a single item of correspondence are separate requests for the purpose of section 12"). If so, has each been considered as a separate request?
Does the calculation of costs include anyone else's request/s on a similar subject?
Are you connected to the other person or people "in concert or in pursuance of a campaign"? If so, the authority is permitted to aggregate your FOI requests and treat them as one for the purposes of this calculation.
Were they made to the same authority within 60 working days of yours?
Has the authority begun the search before realising that it will cost more than the appropriate limit to complete it?
Have they provided the information collected so far? This is considered bad practice by the ICO, who state that the requester should be able to define which part of the information they would like to receive.
Was your request placed with the intention of annoying or disrupting the authority (or could it reasonably be interpreted as such)?
Does your request display one or more of the following qualities?
  • It contains abusive or aggressive language
  • It makes accusations against identifiable people or the authority
  • It makes clear that you have a personal grudge against the authority or the subject of the request
Is there any threatening, racist, insulting or otherwise unacceptable language directed at the authority's staff in your request?
Have you turned down attempts or suggestions by the authority to assist with getting your request processed?
Has the authority stated that providing the information you have asked for would cause them a disproportionate or unjustified level of disruption, irritation or distress, or 'place an unreasonable burden' on them?
Have they provided any arguments or evidence supporting the assessment?
Has this assessment been based solely on cost?
Has the authority suggested ways in which your request might be made less burdensome? This is not mandatory, but is 'best practice', according to the ICO.
Has this assessment been based on the consequences of the release, rather than the act of responding? ICO guidance states that Section 14(1) is concerned with the nature of the request rather than the consequences of releasing the requested information.
Is the information you are requesting 'trivial'? The ICO states that a vexatious request may be one where "the matter being pursued by the requester is relatively trivial and the authority would have to expend a disproportionate amount of resources in order to meet their request". It also may be "frivolous" ("inane or extremely trivial subject matter").
Can you demonstrate the 'serious purpose and value' (ICO) of this information to yourself or to the public, and that this justifies any disruption, irritation or distress on behalf of the authority in providing it?
Does the authority's reason for categorising this request as vexatious focus on your behaviour or personality rather than the substance of the request?
Has the authority alleged that the request is part of a 'scattergun' approach or 'fishing expedition', ie, placed in order to see what comes up, rather than having a clear purpose in mind?
Is this a fair description of your approach?
Has the authority applied this exemption because you have made similar requests to other authorities (also known as 'round robin' requests)?
Does the authority state that the request reopens an issue that has already been comprehensively dealt with, either generally in public, or in prior responses to requests (your own or others')?
Do they provide guidance as to where this information can be found?
Does the information they have pointed at answer your request in full?
This exemption is applied where the user has made identical or substantially similar requests within a short period of time. Is this a reasonable assessment in your case?
A request may also be seen as vexatious when it is one of a 'long and frequent series'. Even though an individual request may not be vexatious in itself, it is part of an 'aggregated burden'. Is this a reasonable assessment in your case?
Having stated that this exemption applies, has the authority pointed you precisely to where the information can be found? ICO guidance states that the authority should either "[know] that the applicant has already found the information; or [be] able to provide the applicant with precise directions to the information so that it can be found without difficulty".
Is it easy to understand the description of where the information can be found?
Is the information somewhere that you can easily access?
Are there specific or personal circumstances which prevent you from accessing this information? This is one of the few exemptions where an authority may consider your personal circumstances, and there are many possible considerations. These may include: that you do not have free or easy access to the internet, when the information is accessible only online; not being able to access an address where the information is held because you live far away from it or have physical difficulty accessing it, or because your job does not allow you to visit during its opening hours. The authority must also take into consideration their obligations under relevant legislation such as the Equalities Act and the Welsh Language Act.
Is the authority aware of any personal circumstances which apply?
Has the authority indicated that the information is available via another access to information regime, e.g. by the Access to Health Records Act 1990?
Has the authority provided details of this regime and how it operates?
Has the authority demonstrated, or is it obvious, that you have the right of access under this regime?
Are there any restrictions to you as regards the use of the information once you have retrieved it from the other regime? ICO guidance states: "In order for section 21 to apply the applicant should be as free to use the information provided under any alternative access regime as they would be had it been disclosed under FOIA. This will include any conditions attached to further use that would apply when information is disclosed under FOIA, such as copyright restrictions".
Has the authority indicated that this information is accessible to you through a law, eg The Companies Act or the Births and Deaths Registration Act? If so, they will be citing Exemption 21(2)(b).
Have they explained which law this is?
Is the information only available 'for inspection'?
Were you requesting access to court records, a court order or judgement?
Has the authority stated that the information is accessible via their own publication scheme? A 'publication scheme' refers to an authority's practice of regularly publishing certain categories of data or information, usually on their website or via downloadable reports. Publication schemes must be ICO approved and adhere to the model publication scheme.
Is it clear how to access the information? ICO guidance says: "As long as an authority draws the attention of the applicant to the scheme such that it is clear how the requested information can be accessed, its obligations in this respect will generally be fulfilled."
Do you suspect that this information may not be routinely published, and is only being published now because you have requested it?
Is access to this information only available in person? ICO guidance says: "One requirement of the model publication scheme is that “only in exceptional circumstances” will information in the scheme be made available only by viewing in person".
Would it cause significant difficulties for you to access the information in person? For example, are you far from the location where the information is held, or would you have physical barriers to access? The authority must consider relevant legislation such as the Equalities Act and the Welsh Language Act. They must also consider whether it would be “reasonable” for you to have to inspect the information in place, based on your personal circumstances.
If you wish to access the information via the route the authority has indicated, is payment required? ICO guidance says: "Section 21(2)(a) states that information may be regarded as reasonably accessible to the applicant “even though it is accessible only on payment”." WhatDoTheyKnow's opinion? We don't approve of this loophole, as in practice it means that if authorities wish to refuse access to information, they can apply a price to it! However, it is part of the Act.
Would the payment have been payable by anyone requesting this information without using FOI? The ICO guidance adds that it is 'reasonable' to charge for information accessed through legislation, or from an authority, that routinely charges for such access. But it adds, "There will be some cases where the fact that there is a charge for information may mean that it is not reasonably accessible to the applicant. For instance, a public authority may be asked for information contained in its annual report. It is unlikely to be reasonable to require the applicant to purchase a copy of the report if the request is only for a small amount of the information contained in it."
Has this exemption been applied to only part of the information you have requested, and has the authority either provided the rest of the information you requested, or applied a different exemption to it?
Has the authority confirmed or denied whether they hold the information you have requested, or does the rest of their response make it clear whether they do or do not hold the information?
Has the authority confirmed or denied that they hold the information? This is normally a requirement, but in the case of Section 22, the authority does not have to confirm or deny if such a disclosure is also part of the planned publication. For example, if you requested an agreement for work to be done on a public building by a specific contractor, to confirm or deny whether this contract was held would also reveal whether or not that contractor was going to be used. If the authority had plans to publish all details of the contracted work at a future date, they would be able to argue that this exemption absolved them of the requirement to confirm or deny.
Has the authority conducted a public interest test on the decision whether to confirm or deny, and included details of this test?
Has the authority indicated that they have considered "whether it is reasonable, in all the circumstances, to withhold the information until the date of the publication"? The ICO states that the authority should consider whether withholding the information prior to publication is "sensible; in line with accepted practices; and fair to all concerned". Factors which they may consider include whether receiving the information ahead of publication would give you, the requester, an advantage; and whether time is needed for internal release before any external disclosure.
Has the authority indicated that they have performed a public interest test on whether or not to release the information? Some exemptions, including this one, require the authority to conduct a public interest test. Note that 'interest' here does not refer to whether the information would be interesting to the public. This requirement says that the authority must weigh up whether there is more 'public good' in withholding the information or in releasing it.
Does the public interest test relate only to the exemption/s being applied? When a public interest test is conducted, it must relate specifically to the exemption in use. In this case, the public interest test must relate only to the public good of withholding or releasing information because of, or despite the fact that it is planned for publication.
If there is any potential harm indicated by the public interest test, would this harm be caused only by release of the information prior to publication? The ICO says, "Any harm that could be said to arise from the disclosure of the requested information is only relevant if it results from the Information intended for future publication [...] ahead of its scheduled release date. Therefore arguments in favour of maintaining the exemption must relate to that".
Does the authority use the argument that the information is too technical, complex, or open to misunderstanding by the public? The ICO says that this is only a valid argument if the authority is not able to explain or set the information in context, or if it is likely that such an explanation would not "limit the damage caused".
Did you request information about or deriving from a research programme?
Does it seem that the plan for publication was made after, or in response to, your request? ICO guidance says that the intention to publish must predate the request.
Is it clear that the information that is planned for publication is exactly the same as the information that you have requested?
Did you request information from a research programme (ie, has exemption 22A been applied)?
Is there any indication of a plan, date or trigger for the publication? ICO guidance states that Section 22 may be applied if:
  • there is a publication deadline: publication could be at any date before then; or
  • publication will take place once other actions have been completed; or
  • publication will take place by reference to other related events; or
  • there is a draft publication schedule that hasn’t been finalised.
The ICO also says "it is good practice to provide the requester with an anticipated date of publication. If the authority subsequently decides not to publish the information, it should inform the requester and ask if they wish to submit the request again."
Has this date already passed?
Has the information been published?
Does the information published include all the information that you requested?
Does your request apply to information derived from, or about, a research programme?
Is this date far into the future? The ICO says: "the public interest in releasing the information will often be stronger if the publication date is far in the future".
When the information has been published, will it be available for everyone? ICO guidance says that "it is not sufficient" if the information will only be available to "a particular, restricted audience".
Will the information be available only for inspection in person?
Is there 'appropriate and reasonable access' to it? ICO guidance says that information provided in this way should be "clearly advertised, readily available, accessible and easy for the public to use". It adds that a plan for transfer of the information to the National Archives (TNA) qualifies for this description.
Are there personal circumstances which, although access might be practical for most people, would make it difficult or impossible for you?
Did you request information relating to or derived from a research programme? The ICO says, "FOIA does not define ‘research’. The Commissioner will use the ordinary definition of the term research: a systematic investigation intended to establish facts, acquire new knowledge and reach new conclusions".
Is this research still ongoing?
Have all planned reports been published? ICO guidance states that Section 22A can only be applied where the research is still ongoing and before all planned reports have been published.
Has the authority demonstrated that release of the requested information would prejudice the research or related interests? ICO guidance states that "the public authority must demonstrate that there is a risk that disclosure of the requested information before the envisaged date of publication would or would be likely to prejudice: the research programme [or] the interests of an individual participating in the programme [or] the interests of the authority holding the information or the interests of a different authority that is going to publish a research report."
Has the authority identified the nature of the prejudice, showing that it is “real, actual or of substance”, and that there is a causal link between the disclosure and the prejudice claimed?
Has the authority also decided on the likelihood of this prejudice arising?
Is the likelihood indicated at 50% or more? The ICO suggests that a 50% or above chance of a prejudice arising would constitute a 'likelihood'. Information about the prejudice test can be found here.
Has the authority indicated that it is not them, but a different body, organisation or person, who will be publishing the information?
Has the third party been consulted in this decision? ICO guidance says that such consultation is good practice, since "the third party will be in a better position to determine whether or not it would be reasonable in all the circumstances to withhold the information prior to its publication, and will also be able to advise on public interest considerations.
Is the authority itself responsible for the investigation or criminal proceedings that they claim would be prejudiced by the release of this information? Section 30 is applied where the authority is responsible for the investigation or criminal proceedings — if another body is responsible, the applicable exemption is Section 31.
Has the authority carried out a public interest test? Some exemptions, including this one, require the authority to conduct a public interest test. Note that 'interest' here does not refer to whether the information would be interesting to the public. This requirement says that the authority must weigh up whether there is more 'public good' in disclosing the information than the harm that disclosure would cause (in this case, by prejudicing the prosecution or investigation, or compromising a confidential source). The ICO says, "Where there would be no harm in releasing the information, or the public interest arguments in favour of disclosure outweigh those in favour of maintaining the exemption, it will need to be disclosed."
Does the public interest test relate only to the exemption/s being applied? When a public interest test is conducted, it must relate specifically to the exemption in use. In this case, the public interest test must relate only to the public good of withholding or releasing information in the light of criminal proceedings or investigations conducted by the authority.
Has the authority stated that it has a 'duty' or 'statute' to investigate offences? (If so, they are likely to mention section 30(1)(a).) A Section 30 exemption can only be applied by authorities that "have a duty to investigate whether someone should be charged with an offence, or the power to conduct such investigations and/or institute criminal proceedings".
Has the authority explained the details mentioned above ("how the duty to investigate arises", and which offence applies) ?
Has the authority stated that the information requested was provided to them by a 'confidential source' (if so they will probably mention section 30(2))?
Is the information you have requested a 'historical record'? The ICO says: "Under section 63 of FOIA information contained in a historical record cannot be exempt under section 30(1)" It defines historical records: "Originally, a historical record was one over 30 years old, or if forming part of a file, the last entry on that file must be over 30 years old. However, this has now been amended to 20 years by the Constitutional Reform and Governance Act 2010. This reduction is being phased in gradually over 10 years. In effect, from the end of 2013, the time limit is 29 years. It will reduce by another year, every year, until it reaches 20 years at the end of 2022".
Has the authority has applied Section 30(1)?
Has the authority confirmed or denied whether it holds the information you requested?
Has the authority stated that the act of confirming or denying would, in itself, mean disclosure of information which relate to an investigation or criminal proceedings, or compromise a confidential source?
Has the authority applied the public interest test to the question of whether to confirm or deny? If the authority does not confirm or deny whether they hold the information, it is obliged to apply the public interest test on this decision. This means that they must weigh up the public good to be gained from confirming or denying, against the harm that would be done to the investigation, criminal proceedings, or confidential source.
Has the authority conducted a prejudice test? A prejudice test requires the authority to demonstrate that there would be a "causal link" between the release of the requested information, and prejudice (ie harm) to one of the interests (such as law enforcement or justice) listed in this exemption. See Sections 1 and 2 of exemption 31 for a full list of these interests. The authority must then go on to determine the likelihood of this prejudice arising were the information released. You can find more information about prejudice tests in this ICO guidance.
Has the authority stated which interest from the list in Sections 1 and 2 of exemption 31 it believes would be prejudiced by the release of the information you have requested?
Has the authority demonstrated that the prejudice is "real, actual or of substance", and that there would be a causal link between this prejudice and the release of the requested information?
Has the authority determined the likelihood of this harm/prejudice arising?
Has the authority conducted a public interest test? The authority is obliged to consider whether the 'public good' that would arise from the release of the information would outweigh the identified prejudice (or harm) to the identified law enforcement interest.
Do you agree with the assessment?
Has the authority cited exemption 31(1)(g), "the exercise by any public authority of its functions for any of the purposes specified in subsection (2)"?
Does the response identify which public authority's activities would be subject to prejudice through the release of this information, and give supporting evidence for this conclusion? According to ICO guidance, the authority must "identify the public authority that has been entrusted with a function to fulfil one of the purposes listed in subsection (2); confirm that the function has been specifically designed to fulfil that purpose, and explain how the disclosure would prejudice that function."
Is the identified authority a different one from that responding to your request?
Has the responding authority consulted the other authority before coming to its conclusion? ICO guidance states that "Where one public authority claims that a disclosure would prejudice the functions of another the Information Commissioner would expect that public authority to have obtained evidence from the public authority affected by the disclosure."
Has the authority confirmed or denied whether it holds this information?
Does the authority state that to confirm or deny whether they hold the information would, in itself, prejudice one of the interests laid out in Sections 1 and 2 of exemption 31?
Is the information that you requested more than 100 years old?
Did you request information from a department of the UK, Wales or Northern Ireland central Governments? ICO guidance states that this exemption may only be applied to "information held by central government departments or the Welsh Assembly Government [...which includes any] Northern Ireland department, the Northern Ireland Court Service, and any other body or authority exercising statutory functions on behalf of the Crown (not including Scottish bodies or the security services)."
Is the authority a 'non departmental public body' (NDPB)? Examples of NDPBs are the Independent Police Complaints Commission, the Law Commission and the ICO. Although they carry out governmental functions, they are independent of government.
Has the authority conducted a public interest test? The authority must show that it has considered whether the public interest in maintaining the exemption outweighs the public interest in disclosure.
Has the authority provided details of the test and explained the decision arrived at?
Has the authority 'neither confirmed nor denied' (NCND) whether it holds the information you have requested?
Has the authority conducted a public interest test on the matter of whether to confirm or deny? ICO guidance says "Departments can only NCND if the public interest in concealing whether information is held outweighs the public interest in knowing whether information is held", and "a department must be able to explain in the public interest test exactly what a hypothetical confirmation or a hypothetical denial would reveal in the context of the particular request, and why at least one of these responses would be harmful to good government."
Is the information a historical record? This exemption cannot be applied to any information that is more than a certain number of years old: a new time limit is being phased in. The ICO says "From the end of 2013 the time limit is 29 years. It will reduce by another year every year until it reaches 20 years at the end of 2022."
Has the authority also applied Section 36? ICO guidance says "if any part of section 35 is engaged, section 36 cannot apply".
Has the authority applied Section 35(1)(a) (information relating to 'the formulation or development of government policy')?
Did you request statistical information? There is more information about what counts as statistical information in sections 162-168 of this ICO guidance.
Does this information relate to a policy decision that has now been made?
Does it relate to policy-making at all?
Did you request information relating to the internal management of the department? ICO guidance says, "Departmental policies relating to the internal management and administration of individual departments (eg HR, information security, management structure, or administrative processes) are not government policy. All public and indeed private sector organisations need these sorts of policies in place. They are about managing the organisation, rather than governing the wider world.".
Does the information you requested apply to the formulation of policy? ICO guidance states: "To be exempt, the information must relate to the formulation or development of government policy. The Commissioner understands these terms to broadly refer to the design of new policy, and the process of reviewing or improving existing policy. [...] However, the exemption will not cover information relating purely to the application or implementation of established policy." [italics ours]. It continues, "The Commissioner considers that the following factors will be key indicators of the formulation or development of government policy: the final decision will be made either by the Cabinetor the relevant minister; the government intends to achieve a particular outcome or change in the real world; and the consequences of the decision will be wide-ranging".
Has the policy now been implemented?
Did you request information relating to a decision made by a Minister? ICO guidance suggests that only Ministers have the final say on government policy, and "any decisions or adjustments made by someone else must therefore be implementation or management decisions, rather than policy development".
If a public interest test has been conducted, does it 'focus on protecting the policymaking process'?
Has the authority applied Section 35(1)(b) (information relating to 'ministerial communications')? ICO guidance says, "The purpose of section 35(1)(b) is to protect the operation of government at ministerial level. It prevents disclosures which would significantly undermine ministerial unity and effectiveness or result in less robust, well-considered or effective ministerial debates and decisions. However, it should not be used simply to protect ministers from embarrassment,or from being held accountable for their decisions".
Did you request statistical information? There is more information about what counts as statistical information in sections 162-168 of this ICO guidance.
Does this information relate to a policy decision that has now been made?
Has a public interest test has been conducted?
Does it 'focus on protecting ministerial unity and effectiveness, and protecting ministerial discussions and collective decision making processes'?
Has the authority applied Section 35(1)(c) (information relating to 'the provision of advice by any of the Law Officers or any request for the provision of such advice')? ICO guidance says, "Section 35(1)(c) reflects the longstanding constitutional convention that government does not reveal whether Law Officers have or have not advised on a particular issue, or the content of any such advice. The underlying purpose of this confidentiality is to protect fully informed decision making by allowing government to seek legal advice in private, without fear of any adverse inferences being drawn from either the content of the advice or the fact that it was sought.It ensures that government is neither discouraged from seeking advice in appropriate cases, nor pressured to seek advice in inappropriate cases.".
If a public interest test has been conducted, does it 'focus on protecting ministerial unity and effectiveness, and protecting ministerial discussions and collective decision making processes'?
Has the authority applied Section 35(1)(d) (information relating to 'the operation of any Ministerial private offices'?). ICO guidance says that this exemption is rarely applied: "it is limited to information about routine administrative and management processes [and is] likely to cover information such as routine emails, circulation lists, procedures for handling ministerial papers or prioritising issues, travel expenses, information about staffing, the minister’s diary, and any purely internal documents or discussions which have not been circulated outside the private office [...] However, the exemption will not automatically cover the content of a document just because it originated in or passed through the ministerial private office. In particular, it will not automatically cover the content of all ministerial papers, or details of ministerial meetings with third parties".
Has a public interest test been conducted? You can find more information about this exemption and the public interest test in sections 152-160 of the ICO guidance, which says "The key public interest argument for this exemption is likely to relate to preserving a ‘safe space’ for the private office to focus on managing the minister’s work efficiently without external interference and distraction".
Has the authority performed a prejudice test? A prejudice test is required for this exemption. The authority must assess whether a causal link exists between disclosure of the information you have requested, and (in the case of Section 38) the likelihood of harm befalling an individual.
Has the authority provided details of this test and the conclusion reached?
Has the authority demonstrated a causal link between the release of the requested information, and endangerment of an individual? ICO guidance says that the authority must "show that disclosure would or would be likely to have a detrimental effect on the physical or mental health of any individual, or the safety of any individual. The effect must be more than trivial or insignificant." It goes on to explain that 'would' indicates a 50% chance or higher, while 'would be likely to' requires a 'real and significant likelihood' of endangerment occurring.
Has the authority conducted a public interest test? The authority must show that it has considered the balance between the potential harm that could be caused by disclosure, against the public good. ICO guidance lists some of the factors that might be considered to favour disclosure:
  • "Furthering the understanding and participation in the public debate of issues of the day;
  • promoting accountability and transparency by public authorities for decisions taken by them;
  • promoting accountability and transparency in the spending of public money;
  • allowing individuals, companies and other bodies to understand decisions made by public authorities which affect their lives;
  • bringing to light information affecting public health and safety;
  • circumstances where disclosing information would reduce potential danger to people by making them aware of various risks and enabling them to take appropriate action."
Has the authority provided details of the test and explained the decision arrived at?
Has the authority indicated that the disclosure of the information might endanger an individual's mental health?
Would disclosure bring new information into the public domain? The authority should consider whether the information you have requested would bring new harm to the individual/s in question, or whether the same or similar information is already in the public domain. ICO guidance gives the example of scientists performing tests on animals: a request asking for the names of scientists involved in a recent round of tests would not cause additional harm if there is already a public record of their previous work performing tests on animals.
Has the exemption been applied to all of the information you requested?
Has the authority released the rest of the information?
Has the authority applied another exemption to the rest of the information?
Is there a part of the information you have requested that could be released without causing harm to an individual?
Has the authority confirmed or denied whether they hold the information you have requested?
Has the authority cited Section 38 as the reason for not confirming or denying? Under Section 38 of the FOI Act authorities are permitted not to confirm or deny whether they hold information, IF doing so would disclose information that is likely to bring harm to an individual.
Have they performed a prejudice test on the issue of whether to confirm or deny? Where an authority uses Section 38 as a reason not to confirm or deny whether they hold information, they must also perform a prejudice test, demonstrating the causal link between confirming or denying, and the likelihood of harm to an individual. The ICO provides guidance to authorities about this here.
Have they performed a public interest test on the matter of whether to confirm or deny? Where an authority uses Section 38 as a reason not to confirm or deny whether they hold information, they must also perform a public interest test on this matter. The ICO provides guidance to authorities about confirming or denying here.
Are there any steps which the authority could easily take that would mitigate the potential harm they have identified? ICO guidance says, "Public authorities can of course always consider whether there are any steps they can take to mitigate or manage the risk that disclosure would cause". Although this is clearly not a requirement, it may be worth citing. For example, if by redacting names from the requested documents, the authority could provide anonymised information that would not implicate the individuals in question but would still be useful to you, you could suggest this.
Did you request personal information about yourself? This might include a request for the information the authority holds about you, such as correspondence, data records or documentation.
Has the authority stated that it will handle your request as a SAR?
Did you request personal information about someone else?
Is that person alive?
Can this person be identified? The ICO defines an 'identifiable individual' as someone who can be recognised by: "(a) an identifier such as a name, an identification number, location data or an online identifier, or (b) one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the individual."
Nonetheless, is it still possible to identify the person from the data requested?
Have you requested 'special category' or 'criminal offence' data? 'Special category' means personal data about an individual’s race, ethnic origin, politics, religion, trade union membership, genetics, biometrics, health, sex life or sexual orientation. 'Criminal offence' data means "personal data relating to criminal convictions and offences or related security measures; the alleged commission of offences by the data subject; and proceedings for an offence committed or alleged to have been committed by the data subject or the disposal of such proceedings, including sentencing".
Has the individual whose data it is given 'explicit consent' for its release, or already clearly made the data public? ICO guidance states that for explicit consent, the authority "must have a record that shows that each of the individuals concerned has explicitly and specifically consented to their data being disclosed to the world in response to an FOI or EIR request"; and "there may be situations in which the individual has deliberately done something which has put their special category personal data into the public domain. An obvious example of this would be the political affiliations of a Member of Parliament."
Was this data disclosed by a defendant in court?
Has the authority performed a 'legitimate interests' test? ICO guidance says that an authority may consider the wider public good (or "pressing social need") to be gained from the release of information, against the rights and freedoms of the person whose information is being requested, "particularly their right to privacy and family life under the Human Rights Act 1998".
Did the authority find that there was a 'pressing social need' for the information to be released?
Has the authority confirmed or denied whether they hold the information? There is more about confirming or denying in relation to personal data in this ICO guidance.
Have they explained that the act of confirming or denying whether they hold the information would, in itself, release personal data?
Has the authority stated which section of the GDPR they have applied in this decision?
Has the authority conducted a public interest test on the matter of whether to confirm or deny?
Have you requested more information, besides the information identified as personal data?
Has the authority addressed the remainder of your request, either by providing the information or by citing another exemption that covers it?
Did the authority receive the information which you requested from another source (which could be a person, a company or a different authority)? This exemption does not apply unless the information comes from a source external to the authority itself. However, it can apply to information generated by the authority through processes such as transcripts of testimonies, information written up from interviews with a patient, or minutes taken during private meetings that express the views of external contractors.
Is this true of all the information you have requested?
Has the authority provided the parts of the information which were not provided in confidence?
Has the authority explained that disclosure of this remaining material would reveal the content of the exempted material? The exemption can only be applied to the parts of the information that were provided in confidence, unless disclosing the remaining information would also breach the confidence of the source.
Did you request information from a government department?
Is the source of the information also a government department?
Has the authority confirmed or denied whether they hold the information you have requested?
Has the authority cited Section 41 as the reason for not confirming or denying? Under Section 41 of the FOI Act authorities are permitted not to confirm or deny whether they hold information, IF doing so would result in an 'actionable brief of confidence' (ie a breach that would stand up in court).
Have they performed a public interest test on the matter of whether to confirm or deny? Where an authority uses Section 41 as a reason not to confirm or deny whether they hold information, they must also perform a public interest test on this matter. The ICO provides guidance to authorities about confirming or denying here.
Has the authority demonstrated that this information has "the necessary quality of confidence"? ICO guidance says that the authority should be able to demonstrate that the "someone has a genuine interest in the contents remaining confidential". This may take into account the right to privacy as enshrined in the Human Rights Act (if disclosure of the information would impinge on this in the case of the identified person).
Would disclosure bring new information into the public domain? The authority should consider whether the same or similar information is already in the public domain. The ICO gives guidance about this point here. An example would be where the request is for a testimony which contains facts that have already been published elsewhere. While the testimony may not have previously been disclosed, the information within it is already accessible.
Could the authority release some of the information without breaching confidence? The authority should only apply this exemption to information which breaches confidence. Read the ICO guidance to understand this point in more detail.
Has the authority demonstrated that the breach in confidence would be actionable, and likely to succeed, in a court of law? ICO guidance explains that one of the ways to ascertain whether release of information would constitute a breach of confidence is to consider whether it would be actionable, and then, whether such an action would be likely to succeed. The authority needs to demonstrate its thinking on this point, which will also involve a version of the public interest test in which they will balance the public good of any disclosure against the breach of confidence: "This is because case law on the common law of confidence suggests that a breach of confidence won’t succeed, and therefore won’t be actionable, in circumstances where a public authority can rely on a public interest defence".
Is the information that you requested commercial in nature?
Is the information you requested a contract? ICO guidance says that this exemption does not generally apply to contracts, although if 'technical information' or the contractor's 'pre-contractual negotiating position' has been included in a contract, there may be a case for redacting these parts.
Has the authority demonstrated that a breach of confidence would be detrimental towards the person, company or authority that provided the information? ICO guidance states, "If the requested information is commercial in nature then the disclosure will only constitute a breach of confidence if it would have a detrimental impact on the confider."
Is the person whose confidence would be broken still alive?
Has the authority demonstrated that the disclosure of the information you have requested would prejudice commercial interests? ICO guidance states that an authority "must show that because [the information] is commercially sensitive, disclosure would be, or would be likely to be, prejudicial to the commercial activities of a person (an individual, a company, the public authority itself or any other legal entity)".
Are the commercial interests those of the authority itself?
Has the authority conducted a prejudice test? ICO guidance says: "In order to apply section 43(2), the public authority must satisfy itself that disclosure of the information would, or would be likely to, prejudice or harm the commercial interests of any person (this can include the public authority holding it)."
Has the authority decided the likelihood of prejudice occurring? The ICO also states that 'would' means that there is a more than 50% chance of harm occurring, while 'would be likely to' indicates a lower, but 'real and significant' risk. There is more guidance on the prejudice test here.
Has the authority sought the views of the third party whose commercial interests they are citing? ICO guidance says: "if you propose to withhold information because the disclosure would, or would be likely to, prejudice a third party’s commercial interests, you must have evidence that this accurately reflects the third party’s concerns. It is not sufficient for you to simply speculate about the prejudice which might be caused to the third party’s commercial interests. You need to consult them for their exact views in all but the most exceptional circumstances."
Has the authority provided these arguments? The ICO also says: "There will be situations where a public authority cannot seek the views of a third party, for example due to time constraints for responding to requests. In such circumstances, the public authority may present arguments regarding the likelihood of prejudice based on its prior knowledge of the third party’s concerns. In doing so, a public authority will need to provide evidence that its arguments genuinely reflect the concerns of the third party involved [...]. The public authority should not present speculative arguments on behalf of that third party."
Did you request information about a procurement process? The ICO says: "Information about the procurement of goods and services by a public authority is usually considered to be commercially sensitive. This can include information provided during a tendering process and also details of a contract or transaction with a third party".
Has the authority argued that disclosing information about a financial transaction with one party would affect subsequent negotiations with another party?
Has the authority considered each clause within the contract and released anything which it has not judged to be prejudicial to commercial interests?
Has the authority carried out a public interest test? Some exemptions, including this one, require the authority to conduct a public interest test. Note that 'interest' here does not refer to whether the information would be interesting to the public. This requirement says that the authority must weigh up whether there is more 'public good' in disclosing the information than there is a benefit to commercial interests in withholding it.
Does the public interest test relate only to the exemption/s being applied? When a public interest test is conducted, it must relate specifically to the exemption in use. In this case, the public interest test must relate only to the public good of withholding or releasing information because of commercial interests.
Has the authority confirmed or denied whether they hold the requested information?
Has the authority stated that the act of confirming or denying would prejudice commercial interests (Section 43(3))?
Has the authority applied the public interest test to the question of whether to confirm or deny? If the authority does not confirm or deny whether they hold the information, it is obliged to apply the public interest test on this decision. This means that they must weigh up the public good to be gained from confirming or denying, against the harm that would be done to the commercial interests.
Has the authority mentioned a 'confidentiality clause' as the reason for non-disclosure?
Has any information been released? ICO guidance states that while confidentiality clauses can be useful in identifying commercially sensitive information, they should not be applied to an entire contract: "Public authorities must realise they cannot contract out of their FOIA statutory obligations".
Is it likely that the information will be less commercially sensitive after some time has passed?

Next steps

  • Request an internal review

    You may have grounds for an internal review

    Consider asking for an internal review, stating this guidance. Getting the data released in a reusable format means that it will not only be easier for you to work with, but for other WhatDoTheyKnow users, too.

    The authority must provide the reason for not acquiescing with your request for the format or means of access to the information. Ask for an internal review, citing <a href="https://ico.org.uk/media/for-organisations/documents/1163/means-of-communicating-information-foia-guidance.pdf">ICO guidance</a> on Section 11(3), and stating that the authority must provide the reasoning behind this decision.

    Consider asking for an internal review, citing ICO guidance.

    Not being able to provide the information in your preferred format does not exempt the authority from providing it at all. The ICO states that "the authority may provide the information by any other means that are reasonable in the circumstances" and "if [...] unable to provide the information by the preferred means, we consider that it would be good practice for the public authority to discuss with the requester whether they can provide the information in another form that would be acceptable". Check that this is the only reason given for not providing the information,and if so, request an internal review, citing <a href="https://ico.org.uk/media/for-organisations/documents/1163/means-of-communicating-information-foia-guidance.pdf">ICO guidance</a>.

    Consider requesting an internal review, citing this guidance.

    ICO guidance says that the authority must provide the reasons. Ask for an internal review, citing this guidance.

    ICO guidance says, "If it is not reasonably practicable to allow inspection, then the public authority must still communicate the information to the requester by other means." Request an internal review, citing this guidance.

    Request an internal review, citing the ICO guidance.

    Consider requesting an internal review, pointing out the difference/s.

    Ask for an internal review. Inform the authority that this should not be part of the calculation, linking to ICO advice.

    If not, consider asking for an internal review to challenge this calculation.

    Ask for an internal review, stating that they are not all FOI requests.

    Authorities are advised that requests may only be aggregated if they relate “to any extent” to the same or similar information. This is a wide description which you may be able to argue against. Ask for an internal review, linking to ICO advice.

    You may be able to argue against aggregation on the basis that by law, authorities must respond to requests within 20 working days. The ICO allow "the aggregation period to only run up to 20 days ‘forward’ from the date of any single request under consideration" and "up to 60 days ‘backwards’ from the date of any single request under consideration" and "the total aggregation period (running either forwards or backwards or a combination of both) from the date of any single request must not exceed 60 working days". Ask for an internal review, linking to ICO advice.

    Ask for an internal review, stating that you are unrelated to other people who have made a request.

    Ask for an internal review, linking to ICO advice which states that requests may not be aggregated if they were made more than 60 working days apart.

    Request an internal review, citing this guidance.

    Consider objectively whether it is a reasonable assessment that responding to your request would require 'a disproportionate or unjustified level of disruption, irritation or distress, or place an unreasonable burden' on the authority. If you decide that it is not, gather your own arguments or evidence against this assessment, then include them when you ask for an internal review.

    A Court of Appeal case stated that a request may not be vexatious if "the information sought would be of value to the requester or to the public or any section of the public". Consider requesting an internal review, citing the ICO guidance and stating the value this information would have if released.

    Consider requesting an internal review. The ICO guidance states that an FOI service must be 'applicant blind'. Exemption 14(1) can only be applied to the request itself, and not the individual who submits it.

    Request an internal review, citing your reasons for contesting this allegation.

    Request an internal review, citing the ICO guidance. Round robin requests can be a legitimate way to get a wider picture or consistent data from a range of authorities. Also, authorities may only consider the burden on themselves, not that which your other requests may place on other authorities.

    request an internal review, explaining the difference between what you have asked for and what they have provided.

    Request an internal review, giving evidence as to why the assessment is incorrect (for example, explain why your other requests are substantially different, or that the current request is a follow-up because the previous one wasn't entirely responded to).

    Consider requesting an internal review, giving evidence as to why the assessment is incorrect.

    Ask for an internal review, repeating the circumstances that mean the information is not accessible to you, and citing ICO guidance as well as any relevant legislation.

    Consider requesting an internal review, citing this guidance.

    When Exemption 22(2)(b) is applied, ICO guidance states that the information 'cannot automatically' be considered as reasonably accessible. However, it also says that "information that is only available for inspection can still be considered to be reasonably accessible to the applicant under other parts of section 21". It is worth reading this guidance in full to see whether it is relevant to your case. If exemption 21(2)(b) has been applied, read the ICO guidance and consider requesting an internal review if you can make a good case for disclosure.

    Even though it might be convenient for you to inspect the information, it might be worth asking for an internal review, questioning whether the information is in fact “reasonably accessible”, when access is allowed to that information only in one physical location. Given that the request is being made in public on WhatDoTheyKnow, if the review is successful, it allows those members of the public who might not be able to inspect to also access the information.

    There may be a law setting out fees for the information you have requested, so the authority will have good grounds to challenge any request for internal review. But if the authority routinely charges for information held elsewhere, and may not have considered how reasonable it is in the case of this specific information, it might still be worth considering an internal review request to challenge this stance. Request an internal review, citing the reason why the payment may not be reasonable in your case.

    If you think there is a good argument for saying this information is not reasonably accessible to you because of the payment required, consider requesting an internal review. Cite the reason why the payment may not be reasonable in your case.

    Consider asking for an internal review. Section 21 applies only to the part of the request where the information that is held by the authority is provided in full elsewhere (perhaps as a download on their website). If they wish to withhold some of the information due to another exemption, they need to state why that exemption applies and apply their reasoning in full, including a consideration of the public interest where that applies. Section 21 doesn’t apply to that part of the information. ICO guidance states “If only part of the requested information is in the public domain, section 21 can only apply to that part of the request", and “If the information is held but is covered by another exemption [...], section 21 cannot apply because, for that very reason, the information is not, in fact, reasonably accessible to the requester".

    If the authority has misapplied an exemption, they may have made other errors too. Consider requesting an internal review, which will mean that your request is examined by a different member of staff.

    Ask for an internal review, citing ICO guidance and asking the authority to provide evidence that the public interest test was conducted in this case.

    Consider asking for an internal review, citing ICO guidance.

    Of necessity, the Public Interest test will reflect the thought processes of the member of staff conducting it, and there may well be room for making a good case against them. ICO guidance, says, for example, says, for example, that "in a democratic society it is important that offences can be effectively investigated and prosecuted. However, the public needs to have confidence in the ability of the responsible public authorities to uphold the law and the public interest will be served by disclosures which serve that purpose". These considerations would be set against the effect upon the investigation or criminal proceedings; or against the potential effects on a confidential source, including the possibility that future confidential sources may be deterred from coming forward. If you think you may be able to make a good case for public interest based on one of these premises, read the ICO guidance linked above, and consider requesting an internal review.

    Consider requesting an internal review, citing the ICO guidance and asking for these details.

    ICO guidance says, "For information to be exempt under section 30(2) it must both relate to the public authority’s investigations or proceedings and relate to confidential sources." Confidential sources are very well protected by FOI, in recognition of the danger they may face if their confidentiality is compromised. However, the existence of a confidential source will not necessarily mean that other pieces of information cannot be released, if doing so will have no effect on that source. Consider the authority's response carefully, read the ICO guidance, and if you think you can argue convincingly that the confidential source is not a relevant factor to the matter (for example, if the release of information will not impact the source negatively), there may be grounds for requesting an internal review.

    The age of the requested information is only relevant where the authority has used the Section 30(1) exemption and the information is a historical record, as defined above. Normally, information over a certain age cannot be exempted under Section 30, but note that even historical records are exempt where the authority is withholding information to protect a confidential source (in which case they would use Section 30(2)). If the correct conditions apply, consider requesting an internal review.

    You may wish to ask for an internal review, asking the authority to confirm or deny whether they hold the information.There is more information about confirming or denying in this ICO guidance.

    Consider requesting an internal review, stating that the authority must conduct a Public Interest test on the decision to confirm or deny.

    Of necessity, the Public Interest test will reflect the thought processes of the member of staff conducting it, and there may well be room for making a good case against them. ICO guidance, says, for example, that "in a democratic society it is important that offences can be effectively investigated and prosecuted. However, the public needs to have confidence in the ability of the responsible public authorities to uphold the law and the public interest will be served by disclosures which serve that purpose". These considerations would, however, be set against the effect upon the investigation or criminal proceedings; or against the potential effects on a confidential source, including the possibility that future confidential sources may be deterred from coming forward. If you think you may be able to make a good case for public interest based on one of these premises, read the ICO guidance and consider requesting an internal review.

    Consider requesting an internal review, citing ICO guidance that this exemption requires a prejudice test to be conducted.

    Consider requesting an internal review, citing ICO guidance that the authority must state the interest they believe will be prejudiced.

    The authority is required to demonstrate the harm that would potentially be caused by release of the information, and how the release would cause such harm. ICO guidance says that if 'the harm is only trivial, the exemption would not be engaged'. However, it also refers to the 'mosaic effect', the concept that the information released may be put together with other information already in the public domain, which would then satisfy the conditions of prejudice. Additionally, the authority is allowed to consider the 'precedent effect' where 'complying with one request would make it more difficult to refuse requests for similar information in the future'. Consider requesting an internal review, citing ICO guidance and asking the authority to provide information about the perceived prejudice and the causal link to the release of information.

    ICO guidance states: "Deciding whether the prejudice would occur or is only likely to occur is important. In this context the term “would prejudice” means that it has to be more probable than not that the prejudice would occur." [italics ours] Consider requesting an internal review, citing this guidance.

    Consider requesting an internal review, noting that the authority has not mentioned that a public interest test has been conducted, and asking them to provide this information.

    The ICO says, "Although there is a clear public interest in protecting the ability of public authorities to perform their law enforcement activities,the public interest test [...] requires that all the circumstances of the case are considered. This will include the significance of the information itself and the issues that it addresses." It adds, "Public authorities cannot take account of either crimes or the consequences of those crimes which are too speculative or fanciful", but also that "each case needs to be considered on its own merits taking account of the actual harm that would be caused by disclosure together with all the circumstances of the case." If you can argue plausibly that the public interest test should have come to the opposite conclusion, read the ICO guidance on this section and then consider requesting an internal review, citing your reasons.

    Consider requesting an internal review, citing this guidance.

    Consider requesting an internal review, citing this guidance.

    You may wish to read the section on confirming or denying in the ICO guidance and see whether you agree with this decision.

    If the reason for not confirming or denying is not obvious from the context, consider replying to the authority and asking for clarification.

    This exemption cannot be applied to information that is over 100 years old. Consider requesting an internal review, citing ICO guidance.

    This exemption appears to have been incorrectly applied Consider requesting an internal review.

    This exemption may have been incorrectly applied. Section 35 can only be applied to central government departments. Consider requesting an internal review.

    Request an internal review, citing ICO guidance and pointing out that the authority is obliged to conduct a public interest test when applying this exemption.

    The authority appears to have acted correctly on this point. However, a public interest test is always going to be subject to the thoughts and decisions of the member of staff who conducts it, so if you think you can make a strong argument for the public interest, you might consider requesting an internal review. This will mean that the request and the response you received will be examined by a different member of staff.

    Request an internal review, citing ICO guidance and pointing out that the authority is obliged to provide details of the public interest test and how the final decision was reached.

    You have grounds to request an internal review. Cite the ICO guidance and request that the authority provide the details of the NCND public interest test.

    The authority appears to have acted correctly on this point. However, a public interest test is always going to be subject to the thoughts and decisions of the member of staff who conducts it, so if you think you can make a strong argument for the public interest, you might consider requesting an internal review. This will mean that the request and the response you received will be examined by a different member of staff.

    Request an internal review, citing ICO guidance and explaining that the exemption cannot be applied to historical records.

    You have grounds for requesting an internal review. Quote the ICO guidance and ask which exemption is being applied.

    ICO guidance states: "Once a policy decision has been made, the exemption cannot apply to any background statistical information". Read the guidance in detail and then decide whether to go ahead and request an internal review.

    ICO guidance contains detailed consideration of what constitutes 'policy making'. If you are unsure whether this exemption should have been applied to your request, you may wish to read it in more detail to see whether you can make a valid argument that you are not requesting information relating to the formulation or development of government policy.

    You may have grounds for requesting an internal review.

    You may have grounds for requesting an internal review. We suggest reading the ICO guidance in detail to see whether you can make a strong argument in favour of disclosure on these grounds.

    It is possible that this exemption, which is for the formulation of policy, has been incorrectly applied. Read the ICO guidance and consider requesting an internal review.

    You may have grounds for requesting an internal review. Read the ICO guidance carefully and consider whether you have a strong argument that the information you requested does not relate to the formulation or development of government policy.

    ICO guidance sections 73-92 explain more about the public interest test when Section 35(1)(a) is applied. Among other advice, it notes "Arguments about other issues (eg the personal impact on individuals, or the commercial interests of stakeholders) are not relevant", and "arguments that ‘routine’ disclosure of a particular type of information would not be in the public interest are misconceived". There are also arguments about when the ideas of a 'safe space' or the 'chilling effect' can and cannot reasonably be applied. Read the guidance carefully to see if you might be able to make a strong argument that the public interest test has arrived at the wrong decision, and, if so, consider requesting an internal review, laying out this argument.

    ICO guidance states: "Once a policy decision has been made, the exemption cannot apply to any background statistical information,even if it is contained in a ministerial communication". Read the guidance in detail and then decide whether to go ahead and request an internal review.

    ICO guidance sections 108-117 explain more about the public interest test when Section 35(1)(b) is applied. Among other advice, it notes that "the relevance and weight of the public interest arguments will depend entirely on the content and sensitivity of the particular information in question and the effect its release would have in all the circumstances of the case". Read the guidance carefully to see if you might be able to make a strong argument that the public interest test has arrived at the wrong decision, and, if so, consider requesting an internal review, laying out this argument.

    ICO guidance sections 132-141 explain more about the public interest test when Section 35(1)(c) is applied. Among other advice, it notes that 'Public interest arguments under section 35(1)(c) should focus on harm to government decision making processes. This reflects the underlying purpose of the exemption. Arguments about other issues will not be relevant." Read the guidance carefully to see if you might be able to make a strong argument that the public interest test has arrived at the wrong decision, or that it focuses on issues other than harm to government decision-making processes and, if so, consider requesting an internal review, laying out this argument.

    Read the guidance carefully to see if you might be able to make a strong argument that the public interest test has arrived at the wrong decision, and, if so, consider requesting an internal review, laying out this argument.

    You have grounds for an internal review. This exemption requires the conducting of a public interest test.

    You have grounds for an internal review. Respond to the authority, citing the ICO's guidance and pointing out that they must provide details of a prejudice test and demonstrate the causal link between disclosure of the information and harm to an individual.

    The authority appears to have acted correctly on this point. However, if you think there is a valid argument to be made against the conclusion reached, you may wish to respond, making this argument, and requesting an internal review.

    Request an internal review, citing ICO guidance and pointing out that the authority is obliged to conduct a public interest test when applying this exemption.

    The authority appears to have acted correctly on this point. However, a public interest test is always going to be subject to the thoughts and decisions of the member of staff who conducts it, so if you think you can make a strong argument for the public interest, you might consider requesting an internal review. This will mean that the request and the response you received will be examined by a different member of staff.

    Request an internal review, citing ICO guidance and pointing out that the authority is obliged to provide these details.

    ICO guidance says, "Endangering mental health implies that the disclosure of information might lead to a psychological disorder or make mental illness worse. This means that it has a greater impact than stress or worry." If you can demonstrate that the impact to the individual's mental health is likely to be low, you may wish to consider requesting an internal review.

    If you can make a convincing argument that disclosure would not bring new information into the public domain, you may wish to request an internal review.

    The authority can only withhold the parts of the information to which the exemption applies. If there is additional information which would not cause harm to an individual to disclose, and to which no other exemption applies, they should release it. Consider requesting an internal review, asking for the parts of the information which cannot be demonstrated as likely to cause harm.

    The authority can only withhold the parts of the information to which the exemption applies. If there is additional information which would not cause harm to an individual to disclose, and to which no other exemption applies, they should release it. Consider requesting an internal review, asking for the parts of the information which cannot be demonstrated as likely to cause harm.

    Consider requesting an internal review, asking the authority to confirm or deny whether they hold the information.

    Consider requesting an internal review, citing ICO guidance and asking for details of the prejudice test used to inform the decision not to confirm or deny.

    This exemption only applies to personal data (your own or someone else's). If the information you have requested is not personal data, this exemption has not been applied correctly. Ask for an internal review.

    This exemption only applies where the subject is alive. Ask for an internal review.

    In this case you might be able to make the argument that the data you are requesting is not personal data. Consider asking for an internal review.

    Consider requesting an internal review, citing ICO guidance.

    Deciding upon the 'necessity' of release as part of a legitimate interests test is always going to rely, to some extent, on personal opinion. So you may consider requesting an internal review, if you think that you can argue persuasively that disclosure is necessary due to legitimate interests. Read the portion of this ICO guidance on legitimate interests first.

    Read this ICO guidance, and if you consider that the act of confirming or denying would not release personal data, consider requesting an internal review.

    You may wish to request an internal review, noting that the authority does not appear to have conducted a public interest test.

    The authority should only withhold the information covered by this, or another, exemption. Consider asking for an internal review, stating that the authority is required to provide the remainder of the requested information.

    This exemption appears to have been incorrectly applied. Consider asking for an internal review, citing ICO guidance.

    If you can argue that disclosure of the remaining material may not breach the source's confidence, consider asking for an internal review.

    ICO guidance refers to Section 81(2)(b) of the FOI Act, and states; "In cases where the authority and confider are both government departments (or two Northern Ireland departments), the confider would not be able to rely upon this exemption." Read the guidance and consider requesting an internal review.

    Consider requesting an internal review, asking the authority to confirm or deny whether they hold the information.

    You have grounds for an internal review. Request an internal review, asking the authority to provide this evidence

    If you can argue the case convincingly that the information is already in the public domain, consider requesting an internal review. You may wish to cite Judge Megarry in Coco v A N Clark (Engineers) Limited [1968] FSR 415 (see point 35 of the ICO guidance).

    Consider requesting an internal review, pointing out that the authority should provide the remainder of the information.

    The authority appears to have acted correctly on this point. However, if you think that you can argue convincingly that "there is a public interest in disclosure which overrides the competing public interest in maintaining the duty of confidence", you may like to request an internal review, stating your point. Read the ICO guidance to understand this point in more detail.

    Read the ICO guidance to understand this point in more detail. If you can argue the case that the release of the information would not be actionable, you may consider requesting an internal review, questioning this point.

    Consider requesting an internal review, citing the guidance above and pointing out that some or all of the contract may not be subject to a Section 41 exemption.

    You may have grounds for requesting an internal review.

    You may wish to read the ICO guidance relating to deceased people and Section 41 exemptions. If, after doing so, you consider that the exemption has been incorrectly applied, you could request an internal review and cite this guidance.

    Consider requesting an internal review, citing this guidance and pointing out that it is the authority's duty to demonstrate that disclosure would be prejudicial to business interests.

    Ask for an internal review, citing ICO guidance and asking the authority to provide evidence that the prejudice test was conducted in this case, and details of their findings.

    The authority appears to have acted correctly in this case — but if you think that the decision arrived at after the prejudice test was conducted is the wrong one, and you can make a convincing argument, you may consider requesting an internal review.

    Consider whether you agree that the evidence is reasonable, and, if you can make a good argument that it is not, you may wish to request an internal review.

    If you think you can make a good case that the arguments are not valid or are just speculation, consider requesting an internal review.

    Consider asking for an internal review, requesting that the arguments to be provided.

    ICO guidance says that this argument can only be applied if future transactions are likely to have a 'degree of similarity' with the one you are asking about. Consider whether this is the case - you may have grounds to request an internal review if it is not.

    ICO guidance states that: "It is [...] important for a public authority to consider each clause within a contract, rather than view the contract as a whole. Arguments about the burden this may create are not relevant under section 43". You may have grounds for requesting an internal review. Cite the ICO guidance and ask for the other parts of the contract to be released.

    Ask for an internal review, citing ICO guidance and asking the authority to provide evidence that the public interest test was conducted in this case.

    Consider asking for an internal review, citing ICO guidance.

    Of necessity, the Public Interest test will reflect the thought processes of the member of staff conducting it, and there may well be room for making a good case against them. ICO guidance, says, for example, that authorities should bear in mind that there is a "strong case for openness and transparency"; for "accountability for the spending of public money", for "promoting competition in procurement via transparency" and for "protect[ing] the public from unsafe products or dubious practices". These would, however, be set against the commercial interests of, for example, competition, reputation, ability to generate income and impact on other negotiations. If you think you may be able to make a good case for public interest based on one of these premises, read the ICO guidance and consider requesting an internal review.

    You may wish to ask for an internal review, asking the authority to confirm or deny whether they hold the information.There is more information about confirming or denying in this ICO guidance.

    Consider requesting an internal review, stating that the authority must conduct a Public Interest test on the decision to confirm or deny.

    Of necessity, the Public Interest test will reflect the thought processes of the member of staff conducting it, and there may well be room for making a good case against them. ICO guidance, says, for example, that authorities should bear in mind that there is a "strong case for openness and transparency"; for "accountability for the spending of public money", for "promoting competition in procurement via transparency" and for "protect[ing] the public from unsafe products or dubious practices". These would, however, be set against the commercial interests of, for example, competition, reputation, ability to generate income and impact on other negotiations. If you think you may be able to make a good case for public interest based on one of these premises, read the ICO guidance and consider requesting an internal review.

    Consider requesting an internal review, citing the ICO guidance and asking the authority to provide the parts of the contract which are not commercially sensitive.

  • Reply for more clarification

    You should reply to the authority for clarification

    If the information provided is of no use to you in the format offered, consider replying to the authority to discuss what compromises may be acceptable to both of you. For example, while they may not be able to offer you data in your preferred format, they may be able to provide it in a format that is easier for you to extract it from so that you can format it yourself.

    Consider replying to the authority to explain why their suggested method of access is not reasonable, and seeing if there is a compromise that could be reached.

    Consider responding to the authority to clarify that you are not asking them to produce a new summary.

    Consider replying to ask for clarification.

    Section 1(1) of the FOI Act requires that an authority informs you "whether it holds information of the description specified in the request". If they have not confirmed or denied whether they hold the information, and if they have not cited the cost limit as the reason, reply to the authority, requesting clarification on this point.

    This is not a requirement, but it is considered good practice by the ICO to provide 'arguments or evidence'. Note that the FOI Act states that it is "the duty of a public authority to provide advice and assistance, so far as it would be reasonable to expect the authority to do so". Reply to the authority quoting this guidance and asking for more detail.

    Consider reducing the scope of your request or breaking your request into smaller parts; getting someone else to make the other parts (but do not be seen to be working together as a 'campaign'), or waiting 60 working days between requests.

    If the authority has described how they intend to conduct the search, and you think there is a cheaper way of doing so which they have not considered, you can reply to suggest it (for example, a more refined search term to use across electronic files).

    Section 16 of the FOI Code of Practice advises that bodies should 'provide advice and assistance, so far as it would be reasonable to expect the authority to do so' and the ICO guidance interprets this as providing suggestions of this nature. Respond to authority asking for such advice.

    Ask for the information you prefer, linking to ICO advice.

    The ICO advises that "Public authorities must keep in mind that meeting their underlying commitment to transparency and openness may involve absorbing a certain level of disruption and annoyance" [italics ours].

    Reply and ask the authority to provide the arguments or evidence behind their assessment.

    The authority potentially should have cited Exemption 12, 'Appropriate limit'. Consider responding to clarify, and taking the steps advised for this exemption instead.

    Reply, citing ICO guidance and asking for such suggestions.

    Reply and ask for clarification as to where this information can be found.

    Respond to ask them for further details of where to find the information, citing the ICO guidance.

    Respond to ask the authority for clarification, citing the ICO guidance.

    Respond to the authority to inform them of these circumstances and ask them to reconsider their decision. Cite any relevant legislation such as the Equalities Act.

    Consider responding to the authority to ask for clarification. ICO guidance states: "The authority should ensure that the applicant is familiar with the details of the regime and how it operates".

    Consider responding to the authority to ask for clarification. ICO guidance gives the example of health records which are available only to relatives of a deceased person: the authority can demonstrate that these are available to the requester, if the requester is a relative. We also often see requests for service records — see more information on that here.

    Consider responding to the authority, asking for clarification.

    Consider responding to the authority to ask for clarification.

    Consider responding to the authority, citing your reasons and asking them to take into account your personal circumstances and request that they consider providing the information via digital means.

    Respond to the authority asking them to confirm or deny whether they hold the information.

    Respond to the authority and ask them to provide details of the prejudice test.

    Consider responding to the authority to ask for details of the public interest test performed on the decision of whether to confirm or deny.

    Consider replying to the authority to suggest these measures. As this would be a case of the authority going out of their way to help, rather than a requirement of the FOI Act, this should be framed as a polite request.

    ICO guidance states that the authority should treat the request as a SAR even if it was sent in the form of an FOI request — so long as your identity is clear and they can confirm that you are requesting your own data. Do check that the authority has not used WhatDoTheyKnow to complete processing this request, as, if they do so, your personal information will be published on our website. Reply to the authority and tell them you will email them directly so that the SAR can be processed in private. You can use the 'Actions' button at the foot of the request page and select 'report this request' if a response contains anything personal that should be removed from the site.

    Read this ICO guidance and consider responding to ask for clarification on this point.

    Consider responding to the authority to ask for details of the public interest test performed on the decision of whether to confirm or deny.

    The ICO says: "The public authority must decide the likelihood of prejudice arising on the facts of each case". Consider asking for clarification, citing this guidance and requesting that the authority provide more details about their calculations in applying the prejudice test.

  • Refer your request to the Information Commissioner

    Refer your request to the Information Commissioner

  • Make a new request

    Perhaps you could make a new request

    The authority only has a duty to consider your preferred format or means of provision if it was stated as part of your initial request. If the format is vital to your needs, consider transferring it to your preferred format yourself. If this is not possible, you may wish to make the request again from scratch, making sure you include details of your required format.

    Consider removing any text that has a function other than conveying your request for information, and resubmitting. For example, remove any opinions, extraneous background information or emotional language. It might be worth apologising to the authority for the wording used in a previous request, and making your point in an objective way to highlight that your request does have a serious purpose and is being made in good faith.

    A 'scattergun' approach is not inadmissible in and of itself, but may add an extra degree of irritation to the authority if it also displays other signs of vexatiousness, for example the subject matter is trivial or providing the information would be disruptive. You may have success if you can:

    • make the request as unburdensome as possible
    • demonstrate a valid line of enquiry, or the type of story you might hope to base on any information supplied
    • ask for assistance in narrowing down your request, based on the authority's knowledge of their own information and internal storage systems.
    xx

    Consider:

    • Only submitting those requests where you can demonstrate the value of the information's release
    • Waiting longer between requests
    • Getting someone else to make the other parts (but do not be seen to be working together as a 'campaign').

    ICO guidance says, "The public authority must apply an exemption based on the circumstances that exist at the time the request is made. However information submitted during a tendering process is more likely to be commercially sensitive while the tendering process is ongoing, compared to once the contract has been awarded", although it does also note that some information will remain sensitive, for example if it reveals an approach to business which if known to the public could be commercially damaging. You may wish to consider resubmitting your request once some time has passed.

  • Use other means

    Using other means to answer your question

    You can try pursuing your problem or your research in other ways.
  • Send a followup

    Send a followup

    There's always the option of sending a followup.

    Depending on the circumstances, you may have rights under different legislation, such as the Welsh Language Act 1993.

    The authority do not have an obligation to convert analogue data into a digital format.

    The authority appears to have acted within their rights. There is no obligation to provide a summary of exempt information.

    The authority is within its rights to request this payment.

    According to ICO guidance, the authority is within its rights not to provide the information in your preferred format, and Section 21 may apply.

    It sounds like the exemption has been correctly applied: this is an improper use of FOI (and of WhatDoTheyKnow).

    It sounds like the exemption has been correctly applied: this is an improper use of FOI (and of WhatDoTheyKnow).

    Consider accepting the authority's advice or help.

    It sounds like the exemption has been correctly applied: this is an improper use of FOI (and of WhatDoTheyKnow).

    Check to see whether one of your other requests is progressing. Authorities will often issue a Section 14(2) assessment on all but one request, which they then deal with as normal.

    The authority appears to have acted correctly.

    The authority appears to have acted correctly.

    The disclosure or non-disclosure of the information will be dictated by the Civil Procedure Rules (the CPR). Your rights to access this information do not fall under the scope of WhatDoTheyKnow.

    The authority appears to have acted correctly

    Consider investigating whether the authority's publication scheme adheres to the ICO model publication scheme.

    The authority appears to have acted correctly

    Authorities are encouraged to make information available online, but are required to take into account your personal circumstances for accessing the information.

    The majority of authorities don’t charge for information, so it appears that they are doing the right thing.

    The authority appears to have acted correctly.

    When applying a Section 21 exemption, the authority is required to confirm or deny whether they hold the requested information. The authority appears to have acted correctly, but it’s worth checking the information they say is provided elsewhere matches up with what they say they do or do not hold.

    The authority has acted correctly on this point.

    Ask for an internal review, citing ICO guidance and asking the authority to provide evidence that the public interest test was conducted in this case.

    The authority appears to have acted correctly on this point, though you may wish to examine the details given about the public interest test to see if you think it has been applied fairly.

    Ask for an internal review, pointing out that ICO guidance indicates that the authority should include their reasoning.

    Ask for an internal review, citing ICO guidance and asking the authority to provide evidence that the public interest test was conducted in this case.

    Consider asking for an internal review, citing ICO guidance.

    Ask for an internal review, citing ICO guidance.

    You may have grounds for an internal review. Consider the advice above and then decide.

    The ICO states that in general, "it is in the public interest to allow researchers to complete their programme of research and finalise their findings before the research programme is subjected to external scrutiny". While you may have a case for requesting an internal review, note that this exemption may be applied more broadly to research than to other areas.

    Request an internal review, citing this guidance.

    In the case of research, the ICO states, "The exemption will include a wide range of information relating to the research project, and will cover information that is not necessarily going to be published. In other words there does not need to be any intention to publish the information that has been requested." It appears that the authority has acted within their rights in this case.

    For cases other than research, a general intention to publish information in the same general area will not suffice, and this exemption cannot be applied if there has not been an analysis of the materials to discern which parts will be included in a public release. Equally, it is not enough for the public authority to note that it will include some, but not all, of the information requested for future publication. Request an internal review, citing ICO guidance and asking the authority to provide any information which falls outside that which they plan to publish.

    Request an internal review, citing this guidance and asking the authority to confirm a publication deadline or the conditions under which publication will occur.

    If you are certain that the information has not been published and the date or trigger for its publication has now passed, request an internal review citing this point.

    Request an internal review. ICO guidance says that this exemption cannot be applied to information which may have been intended for publication but which was subsequently discarded.

    The ICO states, "So long as the research programme continues, the exemption may apply to the information if there is an intention for [one or more reports] of the outcome to be published at some point in the future. This is the case even if a report has already been published about a particular aspect of the same research programme." The authority appeared to have applied this exemption correctly.

    You may have grounds to request an internal review. Consider the ICO advice alongside any information the authority has provided about a public interest test, and if you think this factor could sway the decision, include it in your response.

    Request an internal review, citing this guidance.

    Request an internal review, citing this guidance.

    Respond to the authority, including these reasons and asking them if they can provide the information in a different format.

    Request an internal review, citing this guidance.

    The authority can apply this exemption until the last planned report has been published. You may wish to return to your request after this happens, and go through these questions again.

    Request an internal review, citing this guidance and asking the authority to demonstrate their reasoning on this point.

    Request an internal review, citing ICO guidance.

    Request an internal review, citing this guidance.

    Request an internal review, citing this guidance.

    You may wish to argue this point, although note that this is 'best practice' rather than an obligation according to the ICO.

    The authority appears to have acted correctly on this point.

    The authority appears to have acted correctly on this point.

    The authority appear to have acted correctly on this point.

    The authority appears to have acted correctly on this point.

    You may wish to consult our advice on the other exemptions.

    The authority has acted appropriately on this point.

    The authority has acted appropriately on this point.

    Freedom of Information is not the correct channel for this type of request: you should have made a Subject Access Request (SAR) directly to the authority. You can see more information about this here.

    The authority appears to have acted correctly on this point. Special category or criminal offence data cannot be released without the subject's consent.

    Information disclosed in court does not fall under this provision. The authority appears to have acted correctly on this point.

    The authority appears to have acted correctly on this point.

    The authority appears to have acted correctly on this point, although you may wish to consider whether their conclusion is correct.

    The authority appears to have acted correctly on this point.

    The authority appears to have acted appropriately on this point.

    The authority appears to have acted appropriately on this point, but you may wish to consider whether you can make a valid argument in dispute of the conclusion of the public interest test.

    The authority appears to have acted correctly on this point, although there may be room to request a review if you can make a strong argument that they have overestimated the potential detrimental impact.

    The authority appears to have acted correctly on this point.

    The authority appears to have acted correctly in this instance.

Changes #

We keep these pages under review, and may make changes from time to time to ensure that they remain up-to-date and accurate. You can find a synopsis of changes we’ve made at our GitHub repository but if you have any questions, please do contact us.