Proposed Extension of Freedom of Information in Scotland: Third Sector and Public Service Providers Beware!

On 30 August 2019, the Scottish Government launched a consultation on the coverage of freedom of information legislation in Scotland. The potential for reform in this area should be cause for concern for businesses and organisations operating in the public sector. Here, we explain the key features of this legislation and the proposed changes, as well as how this could impact your organisation.

What is FOISA?

The Freedom of Information (Scotland) Act 2002 (FOISA) provides a statutory right for organisations and individuals to access information held by Scottish public authorities.

Making a request for information under FOISA is different from making a subject access request (also known as a SAR) under the data protection rules. In particular, the requestor is not limited to requesting his or her own personal data, and the requested information can be much wider in scope and subject matter.

Organisations to which FOISA applies must:

  • proactively publish information
  • respond to requests for information from the public
  • provide advice and assistance to requesters

If a requestor is unhappy with the authority’s response, FOISA gives them the right to appeal and request that the authority review the information provided. FOISA also gives requestors a right to appeal to The Scottish Information Commissioner if they remain dissatisfied.

What is under review?

FOISA applies to organisations who fall within the definition of a “Scottish public authority”.

The types of organisations which meet this definition are expressly set out in FOISA, but many other types of organisation are designated in other legislation made by the Scottish Government under section 5 of FOISA – this is what is called “Section 5 Order”.

A Section 5 Order can designate organisations (i) that are not public, but which exercise functions of a public nature or (ii) provide, under a contract with a Scottish public authority, a service whose provision is a function of that authority.

The consultation seeks to understand whether there is a need to extend FOISA to further types of organisations through a new Section 5 Order. In particular, the consultation focuses on organisations providing services on behalf of the public sector.

Who could come under the extension?

It is yet to be determined which types of organisation will come under the extension as matters are merely at the consultation stage (the consultation closes on Friday 22 November 2019).

However, the consultation paper does appear to have been drafted on a wide basis and it notes that it uses the term “organisations” because it is broader than “companies”. This indicates that the proposals are intended to capture the variety of corporate structures that might be used when providing services on behalf of the public sector.

What does this mean for your organisation?

If you contract with and provide services on behalf of a public authority, you may soon find that you have to comply with FOISA. In particular, businesses delivering health and social care functions and third sector organisations (both of which are given as examples in the Consultation) are at risk of falling under the Freedom of Information regime.

Although FOISA only relates to information about the public functions and services provided, service users or customers would have the right to access a significant amount of your organisation’s data. Dealing with requests and actively publishing information, in compliance with FOISA, could also incur significant costs for your organisation.

Watch this space if your organisation provides services on behalf of public authorities to see if FOISA could apply to your organisation in the future!

The consultation is available here.

MacRoberts’ compliance team are trusted advisors to a range of organisations working in the public sector on all matters related to freedom of information and data protection. We understand the challenges you face, providing clear, cost-efficient and practical advice. Please get in touch if you or your organisation require any assistance.

This article was co-written by Fergus Lawrie.

GDPR & Cyber Security

Cyber security and key changes under the GDPR affect almost all businesses. Visit our hub to gain knowledge, insights and updates as the legislations are updated and take hold.

Latest updates from @MacRoberts