< Governance Toolkit

  1. Freedom of Information Act Guidance for Parish Councils
  2. Guidance on Data Protection
  3. Guidance on Health and Safety
  4. Guidance on Defamation (Frequently Asked Questions)

1    Freedom of Information Act

The Freedom of Information Act 2000 (FOI Act) received Royal Assent on 30 September 2000 but its implementation was phased in, with the duty on public authorities to adopt publication schemes being introduced first, followed by the individual right to access provisions which came into force on 1 January 2005. This note is intended to summarise the main provisions of the Act and to indicate where further guidance may be found.

The Basics of the Freedom of Information Act:
  • Section 1 of the Act gives a general right of access to information held by public authorities. Public authorities include all local authorities, including Parish Councils. The right applies to all information, obtained from any source. The right of access includes both the right to be told whether the information exists, as well as the right to receive it.
  • Since the right of access applies to all information which is “held” by the authority, the Act is effectively retrospective. There is no exemption for old records. However, the Act does not require authorities to hold onto information for longer than is necessary, or is otherwise required by law, simply because it might be the subject of a request sometime in the future.
  • A request for information (unless for environmental information – see below) needs to be in writing, although an e-mail request is sufficient. The request must give enough details about the information to enable the authority to identify it and basic contact details must be provided so that a reply can be sent. The Information Commissioner takes the view that this need not be a postal address and that an e-mail address is sufficient. There is a duty on authorities to advise and assist applicants, which would normally require the authority to give some help to an applicant to better identify the information they request.
  • The right of access to information is subject to a range of exemptions and these are listed in Appendix 1 (page 80). Some of the exemptions are “absolute”. Once an authority decides that an absolute exemption applies to information requested it does not have to release it under the FOI Act, although discretionary release is still possible. In the case of all other exemptions, once it is decided that one or more of them applies, the authority must still release the information unless it judges that the public interest in withholding the information is greater than the interest in disclosure (the “public interest test”).
  • Two statutory Codes of Practice, one covering aspects of compliance, and the other covering the management of records, have been produced and authorities have to comply with these Codes. Both of these documents can be downloaded from the Information Commissioner’s web site.
  • The Act includes provisions for enforcement and appeal. The Information Commissioner has a substantial role to promote the Act to the public, to set standards of good practice which authorities must follow, and the power to over-rule an authority’s judgment that the balance of the public interest lies in favour of refusing to disclose information, and to impose his own view. There is also an appeal process for a dissatisfied applicant to the Information Commissioner, and from the Commissioner to a new Information Tribunal.
  • Generally requests must be dealt with within 20 working days from the receipt of the request, but if it is necessary to apply a public interest test, this time limit does not apply and the authority should respond within a reasonable period. If a request is refused, the refusal notice should give the reasons for refusing the request and advise the applicant as to their rights of appeal – both internally by way of a complaint and, following that, by way of an appeal to the Information Commissioner.
Publication Schemes

Every public authority must prepare and publish a “publication scheme” which sets out the classes of information which the authority publishes or intends to publish, how that information may be obtained, and any charge that is made for it. An authority’s Publication Scheme must be approved by the Information Commissioner. Individual schemes that were originally approved by the Commissioner were replaced, from 1 January 2009, by a new model publication scheme which the Commissioner has produced for all public authorities.

The new scheme simply needs to be adopted by councils without the requirement for approval by the Commissioner. The scheme must be supported by a guide to the specific information that the authority holds and which is contained within any of the models scheme’s seven classes. However, the Commissioner has also produced a model template guide to information specifically for parish councils to use when they adopt the new model scheme.

Both the model scheme and the parish council model guide to information can be downloaded from the Information Commissioner’s website, along with associated guidance on completing these documents.

Councils should commit to reviewing and updating their information guide and its contents on a regular basis

Relationship with Other Legislation
Public Bodies (Admission to Meetings) Act 1960

The FOI Act does not amend the provision in the 1960 Act which allows local councils to exclude the press and public by resolution if publicity would prejudice the public interest by reason of the confidential nature of the business or for some other reason stated in the resolution.

However, the effect of the FOI Act is that any information held by the council which relates to matters discussed, either in open or private session (e.g. in a report or minutes), may have to be disclosed unless one of the exemptions under the Act applies.

Local Government Act 1972

The provisions of the FOI Act effectively supersede the old exemptions in the Local Government Act 1972 in respect of the access to information rights and for this reason the categories of “exempt information” (Schedule 12A of the 1972 Act) were amended in 2006 to mirror relevant FOI exemptions.

Data Protection Act 1998

The Date Protection Act 1998 (DPA) gives an individual the right to obtain a copy of any personal information held about him/her (subject to access), and imposes responsibilities upon those who collect and process personal information. If someone requests information about himself, this should be handled as a subject access request under the DPA. The exemption in the FOI Act, which relates to information requested by the subject, simply means that the decision whether or not to release the information must be decided in accordance with the provisions of the DPA, and not the FOI Act.

If a person requests personal information about a third party, then the matter should be decided under the FOI Act, but in accordance with the data protection principles set out in the DPA. For example, the authority must consider whether the third party has given consent to release, and if not, whether it would be fair and lawful to release the information.

Environmental Information Regulations 2004

The rules concerning the disclosure of environmental information are now set out in the Environmental Information Regulations 2004 (EIR), which replace Regulations made in 1992. “Environmental Information” is very widely defined in the Regulations which give effect to European Directives. A copy of the full definition is set out below.

The exemptions from disclosure under the EIR are more limited than for other information requests under the FOI Act and all are subject to a public interest test. The Local Government Association has produced an excellent guide to the Environmental Information Regulations and further information may also be obtained from DEFRA’s website.

Definition of Environmental Information (Regulation 2):
“Environmental Information” has the same meaning as in Article 2(1) of Directive 2003/4/EC namely any information in written, visual, aural, electronic or any other material form on:

  1. the state of the elements of the environment, such as air and atmosphere, water, soil, land, landscape and natural sites including wetlands, coastal and marine areas, biological diversity and its components, including genetically modified organisms, and the interaction among these elements;
  2. factors, such as substances, energy, noise, radiation or waste, including radioactive waste, emissions, discharges and other releases into the environment, affecting or likely to affect the elements of the environment referred to in (a);
  3. measures (including administrative measures) such as policies, legislation, plans, programmes, environmental agreements, and activities affecting or likely to affect the elements and factors referred to in (a) and (b) as well as measures or activities designed to protect those elements;
  4. reports on the implementation of environmental legislation;
  5. cost-benefit and other economic analyses and assumptions used within the framework of the measures and activities referred to in (c); and
  6. the state of human health and safety, including the contamination of the food chain, where relevant, conditions of human life, cultural sites and built structures inasmuch as they are or may be affected by the state of the elements of the environment referred to in (a) or, through those elements, by any of the matters referred to in (b) and (c).
Freedom of Information Fees Regulations

In respect of requests made under the FOI Act, the only charges which can generally be made are to cover the cost of photocopying, printing, postage, etc., i.e. disbursements rather than the labour costs associated with collating the information.

If the request is for environmental information, a “reasonable amount” may be charged for its provision under the EIR.

More detailed information regarding fees for requests under the Freedom of Information Act follows:


The Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations 2004 came into force with the Freedom of Information Act on 1 January 2005. The purpose of this document is to provide a brief outline as to how a fee is calculated under the Regulations.

Fee Calculation

Under the Fees Regulations costs are split into two categories, prescribed costs and disbursements. Prescribed costs are mainly concerned with the amount of staff time that is devoted to processing a request whilst the disbursements cover the costs incurred through material costs and some out of pocket expenses. All fees will have to be estimated with the estimate forwarded to the applicant for acceptance, the Regulations state that the final fee can be no higher than the estimate so accurate estimates are of vital importance.

Prescribed Costs

Prescribed costs can be viewed as the labour costs that would be incurred by the Authority when processing a request. The Regulations have set a ceiling on these costs of £450 above which the Authority is not obliged to provide the information. For the purposes of estimating the prescribed costs the Regulations provide a figure of £25 per hour, this equates to 18 hours of staff time.

Prescribed costs are those costs which the Authority reasonably expects to incur in:

  • determining if the information is held;
  • locating the information;
  • retrieving the information and;
  • extracting the information from a document containing it.

The Authority cannot charge for time taken by staff to inform the requestor that the information is or is not held or for them to communicate it to them.


Disbursements are the costs incurred for materials used or other expenses reasonably incurred when processing a request. All disbursements can be recovered in full.

These costs can include, but are not limited to:

  • reproduction costs – paper and toner, not the staff time for copying etc;
  • complying with a request for the information to be provided in a specific format and;
  • postage or other delivery costs.
Calculating the Fee

The prescribed costs are estimated to be below the £450 appropriate limit
Where prescribed costs are estimated to be below £450 the fee chargeable to the requestor can consist only of the disbursements. The actual fee charged can be less than the estimate but not greater.

The prescribed costs are estimated to be above the £450 appropriate limit
There is no requirement in the Freedom of Information Act to provide information where the prescribed costs are above the appropriate limit of £450. If the Authority decides to provide the information it can charge for both the disbursements and prescribed costs. The final fee charged to the requestor cannot be higher than the estimate.

Sources of Further Information

This guidance is only intended to provide a relatively succinct overview of the main provisions of the Freedom of Information legislation. If a request is received, it may well be necessary to seek further guidance, the following is a list of possible sources for further information:

List of FOI Act Exemptions

Absolute exemptions:

  • information accessible to applicant by other means (s21);
  • information supplied by, or relating to, bodies dealing with security matters (s23);
  • court records (s32);
  • Parliamentary privilege (s34);
  • information provided in confidence (s41); and
  • prohibitions on disclosure (s44).

Partly absolute:

  • prejudice to effective conduct of public affairs (s36); and
  • personal information (s40).


  • information intended for future publication (s22);
    national security (s24);
  • investigations and proceedings conducted by public authorities (s30);
  • formulation of Government policy etc. (s35);
  • communications with Her Majesty, etc and honours (s37);
  • health and safety (s38);
  • environmental information (s39);
  • legal professional privilege (s42);
  • defence (s26);
  • international relations (s27);
  • relations within the United Kingdom (s28);
  • the economy (s29);
  • law enforcement (s31);
  • audit functions (s33); and
  • commercial interests (s43).


2    Guidance on Data Protection

The rules that govern the storage and use of personal data are set out in the Data Protection Act 1998. These rules are intended to protect individuals. Initially, only the processing of electronic personal data was covered by Data Protection legislation but the 1998 Act extended this to include many types of manual records. Manual data was originally defined by reference to a “relevant filing system” (see Glossary on page 82), but for public authorities, such as councils, the Freedom of Information Act has extended the definition to include most categories of manual records. Consequently, the Data Protection legislation applies to almost all personal information held by councils and it is important therefore to acquire a basic understanding of the rules.


Data controllers must notify the Information Commissioner of their processing of personal data. The system involves provision of basic details about the data controller, the classes of data held, the purposes for which the data is held or processed and classes of persons to whom the data might be disclosed. Once notification has been made to the Commissioner, it must be renewed annually and there is a standard fee (currently £35) for both the initial registration and renewal. Full details of the notification process are given on the Information Commissioner’s website. A number of organisations, including councils, have been troubled by bogus data protection notification agencies and further information about this can also be found on the Information Commissioner’s website.
It is a criminal offence to process personal data without being notified and the fines for such a breach are unlimited.

The Data Protection Principles

The Data Protection Act sets out eight data protection principles which are key to achieving compliance with the legislation. They are:

  • Personal data shall be processed fairly and lawfully. (Often this will require the consent of the data subject, but there are exceptions to this. In the case of “sensitive personal data”, special rules apply and these are set out in Schedule 3 to the Act.);
  • Personal data shall be obtained only for one or more specified and lawful purposes;
  • Personal data processed shall be adequate, relevant and not excessive;
  • Personal data shall be accurate and, where necessary, up to date;
  • Personal data processed shall not be kept for longer than is necessary for the relevant purpose;
  • Personal data shall be processed in accordance with the rights of data subjects under the Act;
  • Appropriate technical and organisation measures shall be taken against unauthorised or unlawful processing and against accidental loss or destruction of, or damage to, personal data;
  • Personal data shall not be transferred to a country outside the European Economic area unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Further information

This note only gives very basic guidance and much more detailed advice, on both the legislation and the notification procedures, can be found on the Information Commissioner’s website.

The address for the Information Commissioner is: Wycliffe House
Water Lane Wilmslow Cheshire SK9 5AF
Telephone (Helpline): 01625 545 745
Notification Helpline: 01625 545 740


Data Recorded information whether stored electronically on computer, or in paper-based filing systems.
Personal Data Means data that relates to a living individual who can be identified from that data or from that data and other data held by the data controller.
Sensitive Personal Data Includes information about someone’s racial or ethnic origin, political opinions, religious or other beliefs, trade union membership, health, sexuality and criminal proceedings or convictions. Sensitive personal data can only be processed under strict conditions. In most cases, this means getting express permission from the person the information is about.
Processing Is virtually any activity that involves the data. This includes collecting, recording or retrieving the data or doing work on the data such as organising, adapting, changing, erasing or destroying it.
Relevant Filing System The Data Protection Act definition of this is rather complex. However, the key elements are that there must be a set of paper-based information about an individual and there is a structure to this set; and the structure works so that specific information about a particular individual is readily available.
Data Controller Is the person or organisation that holds and uses personal information, e.g. the Council.
Data Processor May be a separate organisation which processes information on behalf of a data controller who must also follow the Act to ensure information is handled properly.
Data Users Includes employees whose work involves processing personal information. Data users have a legal duty to protect the information they handle and should follow their employer’s data protection and security policies.
Data Subjects Are the people the information is about. All data subjects have certain legal rights under the Data Protection Act in relation to their personal information.


3    Guidance on Health and Safety

  1. The Parish Council has a duty to ensure, so far as reasonably practicable, the health, safety and welfare of its employees and visitors to its premises.
  2. This includes maintaining any places of work and the working environment (including equipment) safe and without risks to health.
  3. Employees also have to avoid risks to themselves, colleagues and the public so there can be a shared responsibility. This could be relevant particularly where a Clerk works from home.
  4. A written policy statement is needed if there are more than five employees.
  5. An employer can be liable for stress suffered by employees in certain circumstances, notably if they have failed to respond adequately to known problems.
  6. Risks need to be assessed, e.g. in children’s playgrounds and cemeteries.
  7. The Disability Discrimination Act 1995 imposes obligations on employers of 15 or more people in terms of making adjustments to working conditions.
  8. The Act imposes wider obligations to ensure access to services, including making permanent physical adjustments to premises.
  9. A disabled person is one who has a physical or mental impairment which has substantial and long-term adverse effects on his or her ability to carry out normal day to day activities.
Further information

This guidance gives only basic information. More details guidance and advice is available from the district or unitary authority and from the Health and Safety Executive (HSE). Insurers will also offer advice.

Useful websites are
Health and Safety Executive
Disabled people
Department for Work & Pensions


4    Guidance on Defamation

Statements made in council and committee meetings are subject to the general principles of law concerning defamation. Anyone who makes a defamatory statement therefore commits a tort (i.e. civil wrong).

Some Frequently Asked Questions

What is a defamatory statement?
A defamatory statement is one which exposes a person to hatred, ridicule or contempt, or which causes them to be shunned or avoided, or which has a tendency to lower them in the estimation of right thinking members of society generally or injure them in their office, profession or trade.

Are there any defences?
There is a general defence to an action in defamation to show that the statement was made on a “privileged occasion”.

Absolute privilege – applies in only very limited circumstances, which will not normally be relevant to local councils, e.g. judicial and parliamentary proceedings, between a local authority and the Ombudsman, but not council meetings.

Qualified privilege – attaches on “…any occasion where the person who makes the communication has an interest or duty, legal, social or moral, to make it to the person to whom it is made, and the person to whom it is made has a corresponding duty to receive it”. (House of Lord case decided in 1917). An essential feature of qualified privilege is absence of malice. So long as a person believes in the truth of what they say, malice cannot normally be inferred.
Qualified privilege may well be relevant to statements made in Council or committee.

Other possible defences are justification, i.e. if the words are true. It may also be a good defence to show that it was fair comment on a matter of public interest, honestly believed to be true, relevant and not inspired by malicious motive, and that the statements of fact on which the comment was based were materially true.

Can the Council be defamed?
The House of Lords has held, in a case involving Derbyshire County Council in 1993, that it is not possible for a Council to be defamed, so it cannot sue to protect its reputation. However, if statements are made by the Council, in an official capacity, then the normal rules apply and the Council could be sued, subject to the possible defences.


< Governance Toolkit