Charities and the Freedom of Information Act: an overview

• Mandatory disclosure: FOIA mandates public authorities to proactively publish key information about their operations, ensuring that the public has regular access to important data without the need for specific requests
• Right to request information: it introduces a formal mechanism through which individuals and organisations can submit requests for information (FOI requests) to public authorities

The act broadly defines 'public authorities' to include a wide range of entities such as:

• government departments
• local councils
• health services (NHS)
• law enforcement agencies
• armed forces
• The Big Lottery Fund

Notably, the vast majority of charities do not fall directly under the umbrella of FOIA (although there are some limited exceptions, including charities entirely owned by one or more public authorities). However, charities can still be indirectly impacted by FOIA in several ways:

• requests for information: individuals may approach charities seeking information under FOIA
• disclosure through public authorities: information provided by charities to public authorities may become subject to disclosure under FOIA
• compliance in certain situations: charities might need to release information in response to FOI requests directed at their public authority partners

There has been some public conversation around extending the FOIA to include private organisations and charities that deliver public services.

A report by the Information Commissioner's Office (ICO) lent support to this discussion, highlighting the evolving nature of public service delivery and the need for transparency across all sectors involved.

Accordingly, it is possible the FOIA position for charities may change in the future.

Charities, while generally not subject to the Freedom of Information Act (FOIA), may occasionally receive requests for information that resemble official FOI requests. These enquiries can sometimes lead to confusion among staff, potentially causing unintended disclosure of sensitive or personal data. Understanding how to manage these requests effectively is crucial for maintaining confidentiality and compliance with data protection laws.

Recognising different types of information requests

• Freedom of information (FOI) requests: these requests can appear formal and may mistakenly be treated as obligatory, risking unauthorised data sharing
• Subject access requests (SAR): individuals may seek access to personal data held about them, which charities must handle in accordance with data protection regulations
• General enquiries: these can include requests for information that the charity routinely provides to beneficiaries or publishes on its website

It is essential for charities to correctly identify the nature of each request in order to respond appropriately.

Implementing effective policies and training

To safeguard against the mishandling of information requests, charities should:

• develop clear policies: establish guidelines for processing different types of information requests, ensuring staff understand the legal context and the charity's obligations
• train staff: provide training to help staff recognise the various requests and understand the charity's procedures for responding. This includes knowing when and how to escalate requests to the appropriate internal authority
• referral procedures: ensure all team members know where to direct requests they are not equipped to handle, enhancing the efficiency and accuracy of responses

Responding to requests

• FOI requests: in general, if a genuine FOI request is received from a member of the public, most charities can inform the requester that the charity is not obligated to respond under FOIA. You may wish to consider directing them to publicly available information or relevant public authorities
• SAR and GDPR compliance: charities must have processes in place to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 when responding to SARs. This includes timely and secure handling of personal data requests

Charitable organisations may find themselves in situations where their information becomes subject to disclosure under the Freedom of Information Act (FOIA). This typically happens in scenarios where charities engage with public authorities, either by applying for contracts, entering into agreements, or sharing information as part of these processes.

• Engagement with public authorities: when a charity seeks to provide public services through contracts with public authorities, the information submitted during the tender process may become accessible under FOIA
• Grant agreements: charities entering into grant agreements with public authorities are usually required to submit performance reports. Such documents could also fall under the purview of FOIA
• Contract performance: in cases where a charity is involved in executing a public services contract, the internal documentation generated about the contract's performance might be subject to disclosure

Additionally, the Charity Commission, which oversees charities, maintains records that include submissions from these organisations. These records can be requested under FOIA.

While FOIA promotes transparency, it also recognises the need to protect sensitive information. There are exemptions within FOIA, including relating to information that could harm commercial interests, breach confidentiality, or involve personal data.

• Actionable breach of confidence: information that, if disclosed, would lead to a legal breach of confidentiality
• Commercial interests: disclosures that could prejudice the commercial interests of any party
• Personal data: information that constitutes personal data and whose disclosure could violate privacy rights

It is important for charities to understand that labelling information as 'confidential' or 'personal data' does not automatically exempt it from disclosure under FOIA. Whether or not an exemption applies depends on the specific nature of the information.

Engaging with public authorities necessitates an understanding of the Freedom of Information Act (FOIA) and its implications on your interactions.

To ensure a smooth partnership, it is helpful to grasp the impact of FOIA from the beginning, thereby preventing any complications that might arise from a FOI request. Issues to consider include:

Understanding FOIA in agreements

Contracts with public authorities often include clauses related to FOIA, requiring the disclosure of information upon request.

It is important to examine these provisions closely to reduce the risk of the authority accessing information beyond their rights under the FOIA.

 Contracts should ideally explain what information is disclosable, non-disclosable and exempt.

Implementing robust information management

Establish comprehensive systems and policies for managing information related to agreements with public authorities.

This includes recording, classifying (especially regarding disclosure to the authority) and storing information properly.

Ensure that information is shared with the authority only when necessary, and maintain detailed records of the information provided, including the reasons for its disclosure, to guarantee compliance.

Protecting confidential information

Clearly label information that is genuinely confidential, commercially sensitive or contains personal data. This signals that such information may qualify for a FOIA exemption, highlighting the need for careful consideration before disclosure.

Communicating with the charity commission

When reporting serious incidents to the Charity Commission, provide only the essential information, excluding personal data whenever possible.

Explicitly indicate if you believe the information to be confidential or if it qualifies for any FOIA exemptions. 

By adhering to these guidelines, organisations can navigate their relationships with public authorities more effectively, ensuring compliance with FOIA while protecting sensitive information.

This approach not only fosters transparency and accountability but also safeguards the interests of all parties involved.