Frequently asked questions for staff Frequently asked questions for staff

Q. What is the Freedom of Information Act (FOIA) and why is it important?

Q. What's the difference between FOIA and the Data Protection Act (DPA)?

Q. I've heard of the EIR. How does that differ from the FOIA?

Q. What information is subject to FOIA?

Q. Do I need to create information to answer a request?

Q. How do I know if a request is valid?

Q. Can anyone receive a request for information?

Q. Do we need to handle all queries as requests for information under the FOIA?

Q. I've received a request for information. What should I do now?

Q. What should I NOT do when I receive a request?

Q. Will Is there any reason why we should not or may not release requested information?

Q. Can personal information be requested by FOIA?

Q. I am not available in my office to handle the request at the moment. Can we postpone its handling?

Q. I'm concerned about the accuracy or completeness of the information I hold which is subject to a request. Can I rework it to make it better quality?

Q. What can people do with the information we release under FOI?

Q. I am dealing with an external business on behalf of the University. What should I say about the University's responsibilities under FOIA?

Q. Is any further information about FOIA available?


Q. What is the Freedom of Information Act (FOIA) and why is it important?
A. The FOIA gives anyone in the world the right to request recorded information from publically funded authorities, and to receive a written response within a set period of time. The requested information may be withheld if any valid exemptions defined by the Act apply to that information. Public authorities are defined in the legislation and include central and local government, health services, police and fire services, and educational institutions including Universities.

The FOIA is the law and mandatory. Many countries have freedom of information laws. It is seen to increase transparency and accountability.

Q. What's the difference between FOIA and the Data Protection Act (DPA)?
A. These are two different pieces of legislation with many differences, but both concerned with access to information. FOIA allows anyone to request any recorded information held by the University. Responses are put in the public domain via our disclosure log. A provision under the DPA allows an individual to request information held about them by any organisation (not just public authorities). Such requests are known as Subject Access Requests. This information is provided direct to the individual making the request, and is not put in the public domain.

Q. I've heard of the EIR. How does that differ from the FOIA?
A. EIR is short for the Environmental Information Regulations. EIR provides access rights to information which are similar to FOIA, but only apply to environmental information. Indeed, requests for environmental information must be handled under EIR, and not FOIA.

Q. What information is subject to FOIA?
A. Any recorded information in any format that is held by the University, or on behalf of the University, is subject to the Act regardless of the age of the information. Only work of relevance to the University is covered.

This would include:

  • Staff emails
  • Research data and outcomes
  • Contracts and contract information

Ownership of information or copyright and location of the information is irrelevant to the application of the Act. If the information is of use or interest to the University, and the University has control over the information (i.e. managed by any UEA member of staff), then it is considered to be held by the University and is covered by the Act.

The Act does not apply to personal information (e.g. shopping lists, personal hobbies, and so on) and work undertaken outside your contract of employment with the University, even if this personal information is held in/on University property.

Q. Do I need to create information to answer a request?
A. No. The FOIA is concerned with the release of held information. It does not provide a question and answer service. If we do not hold information which addresses the request, then we are not expected to go about creating and then releasing it.

Q. How do I know if a request is valid?
A. For a request to be valid for the purposes of the FOI Act, it must be in writing, be legible, include a contact address and name for the requester, and describe the information requested.

The request does not need to mention the Freedom of Information Act to be valid, and a request can be received from anyone anywhere in the world. 

Q. Can anyone receive a request for information?

A. Yes, any member of staff (as being part of the University body) can receive a request. 

Q. Do we need to handle all queries as requests for information under the FOIA?
A. If it is a request we would normally handle as business as usual or which refers to information freely available on our website, there isn't any need to process it as a formal FOIA request. We would just provide the requester with the information. Provided this response is provided within 20 working days, there is no need to invoke their rights of access provided under the FOIA.

Q. I've received a request for information. What should I do now?
A. Pass it on to your FOI Contact or the information compliance team at foi@uea.ac.uk.

Q. What should I NOT do if I receive a request? 
A. There are some things that you cannot or should not do if you receive a request.

Do not: 

  • Ask for the reason for the request or the identity of the requester. FOIA is motive and requester blind. Anyone can make a request for information, and they do not need to provide any explanation as to why they want the information or what they intend to do with it.
  • Ignore the request. here is a legal requirement to provide a response to a request for information within 20 working days. Failure to do this can lead to public criticism of the organisation and a requirement to improve practices.

  • Delete any requested information. Intentional deletion of information subject to a request is a criminal offence under the Act and can lead to a fine and a criminal record

  • Refuse the request immediately. You cannot simply refuse to provide the information if it is a valid request. A response letter should be written which describes why we are not providing the information and citing the specific exemptions which we think applies to the information.

Q. Is there any reason why we should not or might not release requested information? 
A. Yes.  There are twenty-three exemptions in the Act. They provide allowable reasons why the requested information might not be released. Information which may be exempted includes:

  • Personal information of any living individual
  • Information provided to us in confidence
  • Commercially-sensitive information
  • Information whose release may prejudice the prevention or detection of crime
  • Information which will take too long to recover

The information compliance team can advise on which exemptions might apply.

Please remember that unless there is an applicable exemption from release we are legally obligated to release requested information.

Q. Can personal information be requested by FOIA?
A. Any recorded information can be requested under FOIA, but there are specific exemptions in FOIA which can be applied to prohibit the release of personal information (that of the requester and of other third parties). Requests for one's own personal information are handled under the Data Protection Act.

Q. I am available in my office to handle the request at the moment. Can we postpone its handling?
A. No, there is a legal requirement to provide a response within 20 working days. Please ensure that there is a colleague available to handle the request. There is a deadline for a response and we do not want to be overtime before we have even started looking at it.

Q. I'm concerned about the accuracy or completeness of the information I hold which is subject to a request. Can I rework it to make it better quality?
A. You should release the information which you hold. FOIA is concerned with the release of held information, even if that information is not accurate. However, you are welcome to add caveats to the response letter to help the requester understand the information they have received.

Q. What can people do with the information we release under FOI?
A. When we provide information under FOI we remind requesters that any material released over which UEA has copyright is released subject to the understanding that they will comply with all relevant copyright rules regarding reproduction and/or transmission of the information released. However, any information released under FOIA is legally in the public domain and this needs to be considered in the potential application of any exemptions.

Q. I am dealing with an external business on behalf of the University. What should I say about the University's responsibilities under FOIA?
A. You should always make external organisations aware that all information the University holds is subject to the Act, including any information given to us by the external organisation. If some information that has been provided to us is confidential or commercially sensitive, this should be identified clearly. If we receive any requests for information which might affect the interests of third parties, we will always contact the third party seeking their comments to help us with the consideration of any application of exemptions.

Q. Is any further information about FOIA available?
A. Please refer to the University FOIA information for staff. There is also guidance available from the ICO website at www.ico.org.uk.