Access to information under FOIA/EIRs and the Data Protection Act
This day long course has two half day parts (which can be delivered as separate half days): Part 1 relates to Subject Access Requests under the Data Protection (DP) Act and Part 2 relates to FOI/EIR requests for information. Combining a session involving all access routes together allows staff of a public authority to appreciate the differences between the various access routes in the DP/FOI/EIR regimes.
However, we can deliver a single day course that covers access and exemptions just under DP (or just under FOI/EIR). Here we combine either Part 1 of this course on DP (or Part 2 for FOI/EIR) with Part 1 of Course 2 (or Part 2) described next (“Refusing requests for information or personal data”). Both these Parts 1 (for DP) or Parts 2 (for FOI/EIR) are delivered on the same day as a course just on DP, or just on FOI.
Part 1 – DP content: All legal and procedural requirements associated with a Subject Access request to personal data (e.g. timescales, fees) and all problem areas (e.g. getting personal data from laptops, emails or archive, personal data that identify another individual).
Part 2 – FOI/EIR content: All procedural requirements associated with a request (e.g. formalities, timescales, duty to advise and assist; requirements of Codes of Practice; how the information is communicated. Comparison with EIRs, Procedural exemptions: the appropriate limit and the Fees Regulations, and repeat or vexatious requests). Guidance of Information Commissioner and Ministry of Justice. Note: in Scotland, we deliver Part 2 of this course in the context of the Freedom of Information (Scotland) Act 2002 and the Environmental Information (Scotland) Regulations 2004.