Katie Walsh looks at the impact of the Freedom of Information Act 2000 on information systems and business.

The Freedom of information Act (FOIA) was passed on 30 November 2000 and fully implemented on 1 January 2005.

The Act regulates information held by public bodies and designated non-government organizations in England, Wales and Northern Ireland. Scotland has a slightly different version of the Act.

FOIA has reversed how public bodies need to manage information. Prior to FOIA public bodies worked on the principle that everything was secret. They now have to work on the principle that all information is public unless otherwise stated.

This presented a major reform within the public sector as all bodies are required by law to comply. Because of FOIA, complying with the Public Records Act 1958 and Data Protection Act 1998 (DPA) have been affected.

Who and how?

FOIA affects three sectors: the private sector, general public and public bodies. Each sector is affected differently.

Private sector

All UK registered organisations have information recorded about them by a variety of public departments.

The FOIA has empowered the public sector to release information concerning contracts with the private sector without notifying those organisations that they will be releasing the information.

FOIA does not authorize the disclosure of the following:

  • information more than 50 years old;
  • commercial secrets;
  • national security information;
  • information that would prejudice commercial and/or public affairs;
  • court records;
  • personal data, as this is regulated by the Data Protection Act 1998.

Organisations considering or engaged in public sector contracts must have a thorough understanding of how they may be affected. As a minimum they should be aware of:

  • the basics of FOIA (FOISA, if working on Scottish contracts);
  • what information qualifies for exemption and how to include this into contract negotiations;
  • what information can be made available by the public body.

FOIA isn't all bad news for the private sector. It can be a powerful business tool and may open doors to information that was previously restricted.

If the Act is used correctly, it can provide the following:

  • competitor intelligence - access to public/private contract tender details, for example procurement decisions, consultancy reports, contractor competency and compliancy, performance data and costs, pricing and evaluation criteria;
  • legal evidence - in certain circumstances information held can be used in legal cases.

The general public

FOIA has given the general public new rights of access to information held by public sector bodies. A request for information can be made by anyone and is not restricted to UK residents or organisations.

The act sets out that public requests must be managed as follows:

  • Requests must be written; no set format or justification is defined.
  • The request must be processed within 20 days of receipt.
  • The body must inform the requester if the information is not available or cannot be supplied with full justification.
  • The body must contact the requester and discuss the requirement, if the request for information is vague or complex, so that the request can be met.
  • The requester can appeal if the information is not made available.

Public bodies

FOIA stipulates that all information held must be easily accessible. All bodies are required to implement, maintain and communicate a publication scheme so that they remain compliant.

A publication scheme is simply a schedule of how information held is classified, published and whether requests are chargeable.

There has been a sharp increase in electronic document and records management (EDRM) systems procurement since the Act came into force.


The biggest challenge is how to access information quickly and accurately and this has been the main driver for EDRM.

IT has seen a rise in EDRM systems being implemented within the public sector, as it is a key solution for achieving successful compliancy of FOIA and DPA.

If implemented correctly it can provide public bodies with the following advantages:

  • appropriate security controls;
  • identification of information held;
  • clearly defined retention and destruction polices;
  • full audit history of the life cycle of the information held and destroyed - which is vital as bodies are subject to full and partial audits to verify compliancy;
  • provide evidence for the appeals process.

EDRM alone cannot satisfy information processing needs and should be implemented with some form of workflow.

Workflow is the automated routing of documents and information captured at scanning, by routing documents to processing rules, individuals or workgroups as part of a business process.

The core elements of EDRM and workflow are:

  • capture of information;
  • retrieval and storage of information by user application;
  • standardized business procedures;
  • management and audit data.

EDRM requires significant investment from the customer. They must take ownership of the solution and understand the complex classification required by FOIA.

In its development an EDRM system needs to balance the needs of the FOIA, DPA and the business itself to ensure compliancy with the Act.

For further information please refer to the National Archives guidelines on records management, visit: www.nationalarchives.gov.uk/electronicrecords/advice/default.htm

For further information on FOIA please refer to the Office of Public Sector Information Freedom of Information Act 2000, visit: www.opsi.gov.uk/acts/acts2000/20000036.htm

Katie Walsh has seven years' IT experience and has been developing expertise in workflow and document management systems for the past five years. Katie works for a blue-chip IT services organisation.