Freedom of Information policyPublished: 11 June 2020
Freedom of information class: How we manage our resources
This policy sets out our commitment to exercise best practice when complying with the Freedom of Information (Scotland) Act 2002 (FOISA).
Purpose and scope
This policy sets out the commitment of the Keeper of the Registers of Scotland (RoS) to exercise best practice when complying with the Freedom of Information (Scotland) Act 2002 (FOISA).
FOISA gives individuals the right to access information from a wide range of public organisations in Scotland, including RoS.
FOISA applies to all recorded information held by RoS. This includes information held in both electronic and hard copy formats, whether on RoS premises or devices, or elsewhere by any third party acting on RoS behalf.
The RoS ICT Code of Conduct prohibits the storage or transfer of RoS information to personal devices.
Publication of information
FOISA also includes an obligation on organisations subject to the legislation to proactively publish information through a Publication Scheme and Guide to Information.
RoS is committed to transparency in public life, has adopted the Scottish Information Commissioner’s Model Publication Scheme and publishes a Guide to Information on the RoS website.
The Guide to Information is reviewed regularly in line with our quarterly reporting schedule.
Handling requests for information
Requests for information under FOISA are handled centrally by the Information Governance team following the FOI requests procedure.
Requests will be answered within the 20 working day statutory timescale unless in exceptional circumstances.
Exemptions will be applied where necessary in line with the legislation and Scottish Information Commissioner’s guidance.
In locating information for requests, searches may be carried out of shared drives, Outlook and other systems likely to hold relevant information, including systems of any third party acting on RoS behalf.
In line with the RoS ICT Code of Conduct, staff are not permitted to hold RoS information on personal devices.
Training and awareness
Guidance and training will be provided to staff and contractors to allow early identification of FOISA requests and to ensure that staff and contractors are aware of RoS obligations under Freedom of Information legislation.
Roles and responsibilities
All RoS employees must complete appropriate training as is required of them, in order to understand that all recorded information is covered by FOISA and that this information will be released upon request unless a valid exemption applies.
Any employee may also be required to assist in locating relevant information in a timely manner to help meet statutory timescales for responding.
Third parties acting on RoS behalf may also be required to assist in locating information in relation to requests.
The Information Governance team are responsible for handling requests for information under FOISA and for ensuring that the Publication Scheme and Guide to Information are kept up to date.
They are responsible for reporting levels of compliance both internally and externally, and for ensuring that any risk associated with compliance is appropriately escalated.
Appropriately trained colleagues who have not been involved with the initial request will act as reviewers in cases where requesters are not content with the response they receive or how their request was handled.
Where appropriate, the Keeper of the Registers of Scotland, RoS Information Asset Owners, and RoS communications colleagues will be made aware of proposed FOISA responses and/or disclosures, prior to their release.
Relationship with data protection legislation
Information requested under FOISA may contain personal data which is exempt from release under Section 38 (personal information) of the Act.
RoS will handle such requests having regard to the published guidance of both the Scottish Information Commissioner (OSIC) and the UK Information Commissioner’s Office (ICO).
In cases where the exempt information is the personal data of the individual making the request, a dual response may be issued, with information being released under both FOISA and data protection legislation.
There will be no requirement for the individual to make an additional request for their own personal data in such cases.
Where personal data pertains to a third party, the Section 38 exemption will be considered and applied as necessary in line with legislation and the published guidance of regulators.
This policy will be reviewed and approved at two year intervals, unless earlier review is appropriate.