Destroy at your peril – first conviction under the Freedom of Information Act 2000
FOIA breaches that amount to a criminal offence
To underscore the importance of transparency of public bodies, the FOIA made it a criminal offence to avoid discharging the obligation to provide access to information. Specifically, under FOIA s77, where a request has been made for information to which the applicant would have been entitled (i.e. it was a valid request and the information was not exempt from disclosure), it is an offence for a person to alter, deface, block, destroy or conceal that information. Like most criminal offences, in order to be found guilty the person must have possessed the requisite state of mind when the conduct took place. For a conviction in relation to this offence, the alteration etc. must have been carried out with the intention of preventing disclosure of the information under the FOIA.
The first conviction under the Freedom of Information Act
On 11 March 2020, for the first time, a person was found guilty of an offence under FOIA s77. The case concerned a request to a Town Council for a copy of an audio recording of one of its meetings. The requester believed that some of the written minutes of the meeting had been fabricated and sought the recording to check them. The requester was informed by the Town Council’s employee responsible for dealing with FOIA requests, however, that the recording had already been deleted in accordance with the Town Council’s policy. The requester then made a complaint to the ICO.
Following an investigation, the ICO discovered that, having initially denied it, the employee had been aware of the request and had deleted the audio file a few days later. She pleaded guilty in the Magistrates Court and was fined £400, ordered to pay costs of £1,493 and a victim surcharge of £40.
Criminal offences in other related information law
A comparable offence exists under Environmental Information Regulations 2004 (EIRs) and the Data Protection Act 2018 (DPA), though the latter contains a defence not replicated in the EIRs/FOIA. The DPA defence operates where the alteration etc. would have occurred even if the request for access had not been submitted (e.g. because it was required under a data retention policy), or the person who made the alteration etc. acted in the reasonable belief that the data subject was not entitled to the information.
Who incurs the criminal liability?
Under all three regimes, criminal liability can be incurred by a public authority (i.e. the institution) as well as by employees or officers of the public authority and any person acting under the public authority’s direction.
The Town-Council case reveals the ICO’s willingness to prosecute where there is evidence that an offence has been committed. Any temptation, therefore, to reach for the shredder, real or virtual, once a request is received, to avoid any embarrassment or opprobrium that may result from disclosure, should be resisted. It also emphasises the need to ensure that all staff are aware of the potential for criminal liability in yielding to the temptation.
Shakespeare Martineau has launched a free legal helpline, with a team of experts on hand for any queries on family and private matters. We are also offering bespoke guidance on a range of other subjects, from employment and general business matters, through to director’s responsibilities, insolvency, restructuring, funding and disputes. Available from 10am-12pm Monday to Friday, call 0800 689 4064.
General advice in relation to COVID-19 can be found on our dedicated coronavirus resource hub.