Policy on Access to Information

Contents:
Chapter index for Policy on Access to Information
Updated:
Policy on Access to Information search

Part 4

4 Staff responsibilities

4.1 All staff

We should seek to be helpful. Routine requests for information that we would comply with, for example a complainant asking for the BinJ’s comments on their complaint or someone asking for a leaflet, need not be treated as formal requests for access to information. All other written requests, including where an exemption may apply or which refer to access to information legislation, must be responded to formally by the Information and Records Officer (“IRO”). If in doubt, seek advice from your manager or the IRO.

Where it is a casework request, an ECHO task, clearly identifying it as an access to information request with the date it was received, should then be set for the IRO.

If the request is not about casework, (corporate information), the request should be emailed to the IRO, clearly identifying it as an access to information request, with the date it was received.

4.2 The Information and Records Officer (“IRO”)

The IRO has day-to-day responsibility for access to information, including guidance, providing advice and responding to access to information requests, and is the first point of contact for liaison with the ICO about FOIA and EIR requests.

The Data Protection Officer is the first point of contact for data protection issues.

The IRO should log the request and give it a number (quoted in correspondence). The IRO is not responsible in the first instance for identifying information which might not be disclosable.

For casework information, the IRO should:

  • note the request in the “Other contact” screen on ECHO (this will suspend any imminent file destruction).
  • set a task for the Investigator/case owner asking them to confirm various things including that any necessary information is stored in the DO NOT DISCLOSE virtual folder and why, and identify third-party information that may need redacting or withholding
  • assess whether any of this information is disclosable, consulting the BinJ if necessary
  • identify any reasonable adjustments in place that need to be considered for responding to the request
  • check if any call recordings exist and should be disclosed.

For corporate information, the IRO will liaise with the relevant manager to identify the information requested.

The IRO will respond to the request, and log the outcome (see Recording material sent). They will update the target date for the “other contact” screen for four months from the response date to ensure it isn’t file managed until after a possible appeal and escalation to the ICO. They may use the relevant Investigation or corporate Team Co-ordinator to assist them with administration.

The IRO may raise any concerns about the process with the relevant Assistant Ombudsman, Director of Intake and Assessment or the Director of Investigation.

4.3 The Data Protection Officer (“DPO”)

Data subjects are entitled to contact the DPO about any data protection concerns, and to exercise any of their rights under the UK GDPR.

4.4 The Team Co-ordinator

In the medium-term absence (i.e., over one week) of Investigators/the IRO, the relevant Team Co-ordinator (including Policy and Communications for the IRO) should regularly check ECHO tasks set/emails and report any access requests to their manager.

They should check the “Other contact” screen for access to information requests before any deletion of any material held on the K: drive takes place.

For requests for corporate information, letters should be scanned and emailed to the IRO by the Team Co-ordinator in Policy and Communications, not sent between offices by post.

4.5 Investigators and case owners

Our default position is to meet all reasonable requests for information. So that casework information is not inappropriately disclosed, it is the Investigator’s/case owner’s responsibility during and after an investigation to identify information which may not be disclosable and save it at the earliest opportunity to the DO NOT DISCLOSE virtual folder in ECHO. A note of the reason for saving in the virtual folder should be recorded in Notes and Analysis. (See the relevant guidance in the Investigation Manual.) Therefore, any such material should already be in the DO NOT DISCLOSE virtual folder when a request is received. Investigators should ask a Team Coordinator if they need help with sorting and redacting large volumes of unsorted material sent in by BinJs. But the Investigator must make the final check that all material that should not be disclosed has been secured. If the entire document should not be disclosed it can be saved in the DO NOT DISCLOSE virtual folder. Where parts of the document can be disclosed, this will mean identifying content that cannot (including names and contact details), and producing a separate, redacted version clearly labelled and saved. The original unredacted version should be in the DO NOT DISCLOSE virtual folder. Particular care should be paid to Notes & Analysis documents.

Care needs to be taken that email strings do not disclose private details.

Contact details (e.g. for colleagues, council/provider employees and others involved in a case) should not be provided. Redacted versions of emails, etc, should be kept in the ECHO record, with originals in the DO NOT DISCLOSE virtual folder.

DO NOT DISCLOSE material will only be withheld as part of a Subject Access Request if a valid exemption applies, so not all material marked as this may be withheld.

Investigators and case owners are not expected, retrospectively, to check all such information is stored appropriately in ECHO. However, they should to do so promptly when an access to information request is received. They must confirm to the IRO that they have done so.

4.6 The Assistant Ombudsman (“AO”)/Director of Intake and Assessment

The relevant manager should ensure staff are routinely complying with their obligations and, in particular, the requirement to use the DO NOT DISCLOSE virtual folder appropriately. If notified of an access request when the Investigator or other relevant staff member is on medium term absence, they must ensure the request is addressed within statutory timescales.

4.7 Corporate managers

Corporate managers are responsible for identifying and recording any corporate information which should not be disclosed, and liaising with the IRO who will respond to requests. If notified of an access request when the IRO or other relevant staff member is on medium term absence, they must ensure the request is addressed within statutory timescales.

LGO logogram

Review your privacy settings

Required cookies

These cookies enable the website to function properly. You can only disable these by changing your browser preferences, but this will affect how the website performs.

View required cookies

Analytical cookies

Google Analytics cookies help us improve the performance of the website by understanding how visitors use the site.
We recommend you set these 'ON'.

View analytical cookies

In using Google Analytics, we do not collect or store personal information that could identify you (for example your name or address). We do not allow Google to use or share our analytics data. Google has developed a tool to help you opt out of Google Analytics cookies.

Privacy settings