Freedom of information disclosure log policy and procedure
1.0 Introduction
When information is released under the Freedom of Information Act, it is disclosed ‘to the world’. As recommended by the Information Commissioner’s Office, Cheshire East Council operates an online Disclosure Log. This publishes requests and responses made under the Freedom of Information Act (FOIA) 2000 and Environment Information Regulations (EIR) 2004.
As part of our commitment to being an open and transparent council, and in order to provide greater access to our information, we aim to publish all requests and responses. However, on some occasions, they may not be published, for example, if it contains personal data. Disclosure Logs are also recommended as good practice as part of the Publication Scheme, which is a requirement under Section 19 of the Freedom of Information Act 2000.
All responses published on the Disclosure Log will be dealt with in accordance with the GDPR and the Data Protection Act 2018. For example, personal details, such as names and addresses (both postal and email), will be redacted to protect a requester’s' privacy.
2.0 Purpose
Cheshire East Council recognises that there are risks associated with the publication of FOI requests and responses. This policy aims to mitigate these risks by ensuring that the Council has an effective and coordinated approach to publishing requests and responses on the Disclosure Log.
3.0 Timescales
The Council aims to publish requests and responses as soon as practicably possible after the response has been sent to the requester.
4.0 Publication criteria
Although the Council aims to publish all requests and responses, there may be occasions where it is not appropriate to publish particular ones. The Compliance and Customer Relations Team (C and CR) will assess each of these against the following criteria to determine whether or not they should be published in the Disclosure Log:
- Personal Information - Requests which are exempt under Section 40 (personal information) and the request itself relates to the requester, or if the request and/or response may enable identification of the individual, and where extensive redaction of personal data renders the response unintelligible
- Vexatious - Requests which use inappropriate/offensive language
- Substantial Private Interest – where there is a substantial private rather than public interest. If a response is changed as a result of an internal review, the Disclosure Log will be updated accordingly.
5.0 Redaction
Personal details, including the requester's name and address will be removed to protect privacy. The i-Casework system automatically removes these details when the correct templates are used.
If the body of the request or response contains references to named individuals, it must be considered whether these details also need to be redacted before being published on the Disclosure Log. There may be circumstances under which Officer’s information, such as name, job title and contact details, may need to be disclosed when acting in his/her professional capacity. The Compliance and Customer Relations team will discuss each case with relevant managers and assess it following ICO guidance on requests for public authority employee data.
6.0 Retention
Requests and responses published on the Disclosure Log will be retained for three years, in accordance with Cheshire East Council Retention Guidelines set out in the Information Asset Register.
7.0 Roles and responsibilities
- Responding Officers
- To ensure that responses meet the requirements of the GDPR and the Data Protection Act 2018, and are ready to be disclosed to the wider public
- To ensure that the correct approval process has been followed before the response is sent
- Complaints and Customer Relations (C and CR) Team – have the following additional responsibilities:
- To ensure that a Disclosure Log of completed requests and responses is maintained and available for public view on the Cheshire East website
- To publish the request and response to the Disclosure Log as soon as practicable after the response has been sent
- To act as a contact point in relation to the Disclosure Log
- To review requests against the criteria listed in this document before publication
- To ensure automatic redaction of the requester’s details has been completed. To remove requests and responses from the Disclosure Log as required
- To conduct regular checks to ensure that any information available in the Disclosure Log complies with the requirements of the GDPR and Data Protection Act 2018
8.0 References
The following Cheshire East Council policy documents are relevant to this policy:
- Cheshire East Data Protection Policy
- Records Retention Policy
- Records Management Policy
9.0 Review and revision
This policy will be reviewed as it is deemed appropriate, but no less frequently than every 2 years.
Policy review and amendments will be undertaken by the Customer Relations and Compliance Team in consultation with the relevant portfolio holder.
Page last reviewed: 15 December 2022
Thank you for your feedback.