Skip to content
Contents

Freedom of information and environmental information regulations policy

Date: November 2025

Review date: August 2027

Version 2

Introduction

The Tavistock and Portman NHS Foundation Trust, (the Trust), will use appropriate and necessary means to ensure that it complies with the Freedom of Information Act 2000, Environmental Information Regulations (2004) and associated Codes of Practice.

The Freedom of Information Act 2000 and the Environmental Information Regulations 2004 are part of the Government’s commitment to greater openness in the public sector, a commitment supported by this Trust.

The main features of FOIA and the EIR are: General right of access to information held by public authorities, subject to certain conditions and exemptions;

FOIA gives the public a general right of access to almost all types of recorded information held by public authorities, upon written request or by reference to published information on the Trust’s website.

The Act came into full effect on 01 January 2005 and places a statutory obligation on all public bodies to publish details of all recorded information that they hold and to allow the general public to have access to this either via proactive publication on its website or to receive information upon request, except where a valid exemption applies e.g. personal or other confidential data, or the locating and extracting of data is estimated to exceed 18 hours.

Some FOIA exemptions require a Public Interest Test (PIT) or a Prejudice Test (PT) to weigh up whether the public interest/harm in maintaining the exemption outweigh the public interest in their disclosure.

The Trust recognises the importance of the Act and it will ensure that appropriate systems are put in place and maintained to publicise what recorded information is held by the Trust and how this information can be accessed on request by the general public.

EIR gives the public a general right of access to almost all types of environmental information held by public authorities, upon written or oral request, or by reference to published information on the Trust’s website.

Unlike FOIA however, the presumption is that EIR data will, mostly, be disclosed.

There are no set limits on time estimated/required to locate and extract data, and information would only be withheld under compelling and substantive reasons, which are called ‘Exceptions”.

Unlike FOIA the engagement of every EIR exception requires a Public Interest Test (PIT) to weigh up whether the public interest in maintaining the exception outweighs the public interest in its disclosure.

The Trust has a duty, when responding to EIR requests, to:

  • Confirm or deny whether the requested data is held
  • Communicate the information, or its publicly available location in a timely manner
  • Or state and explain how an exemption (FOI) or exception (EIR) applies

FOIA Code of Practice (section 8) confers a duty on the Trust to adopt and maintain a Publication Scheme which conforms to the health sector’s model publication scheme.

Purpose

This Policy will provide a framework within which the Trust will ensure compliance with the requirements of the Freedom of Information Act (2000) and the Environmental Information Regulations (2004). This policy is intended to cover all recorded information held by the Trust.

This Policy will apply to all Trust employees. It may also apply to staff employed by the Trust on a contractual basis where the requirement will be detailed in the contract/agreement.

This Policy will underpin any operational procedures and activities connected with the implementation of the Freedom of Information Act and Environmental Information Regulations.

The Policy supports the principle that the Trust wants to create a climate of openness and dialogue with all stakeholders and intends that improved access to information about the Trust will facilitate this.

The Trust believes that individuals also have a right to privacy and confidentiality. This Policy does not overturn the common law duties of confidence or statutory provisions that prevent disclosure of personal identifiable information. The release of such information is specifically excluded from FOIA (section 40) and is covered by the Subject Access Request (SAR) provisions of the Data Protection Act 2018 and the Access to Health Records Act 1990 and is dealt with in other Trust policies.

The Trust believes that public authorities should be allowed to discharge their functions and will use the exemptions and exceptions contained in the regulations where an absolute exemption applies or where a qualified exemption can reasonably be applied in terms of the public interest.

The Trust believes that staff should have access to expert knowledge to assist and support them in understanding the implications of both FOI and EIR. This Policy sets out a framework to provide this.

Scope

FOIA and the EIR apply to all information held by the Trust regardless of its date. It does not oblige the Trust to retain information which is no longer useful to it or which may be destroyed in accordance with the Trust’s retention policy.

FOIA is overseen by the Information Commissioner’s Office (our regulator) who has the ability to monitor organisational compliance, issue undertakings, serve information and enforcement notices and, if deemed necessary, to initiate court proceedings to force compliance

This policy applies to all staff working in, or on behalf of the Trust and includes contractors, temporary and agency staff, secondees and all permanent employees.

Definitions

FOIA Freedom of Information Act 2000

EIR Environmental Information Regulations 2004

GDPR 2018  General Data Protection Regulations

DPA 2018 Data Protection Act

Applicant The individual/s, group, organisation requesting access to information under the legislation.

Recorded Information All information held by the Trust, not just limited to official documents, it covers, drafts, emails, and notes (both electronic and handwritten), recordings of telephone conversations and CCTV recordings. Nor is this limited to information created within the Trust, as it also relates, for example, to documents received from external sources, such as other organisations or members of the public, though there may be a valid exemption for not releasing them.

Data Sets For these purposes, a data set is a collection of factual, raw and/or processed data, held in electronic form and gathered as part of providing services and delivering the Trust’s functions.

Information Commissioner The Information Commissioner’s Office (ICO), a UK independent authority which oversees compliance with GDPR, DPA, FOIA and EIR.

Publication Scheme A guide with electronic links to data which is routinely published on the Trust’s website, in line with the ICO guidance for a model publication Scheme

Policy statements

Regular monitoring of the compliance levels and effectiveness of this procedure will be via review at the quarterly Information Governance Group Meeting by:

    • Identifying and assessing any flaws and/or improvements in the ways information is gathered, processed and reported, and reviewing the number of requests and reasons for those which breach statutory deadline for response.
    • Reviewing the general response times to requests
    • Reviewing the number of internal reviews conducted, as an indicator of applicant dissatisfaction levels and how many complaints subsequently submitted to and investigated by the ICO.
    • Analysing requests, to identify any trends or themes, by subject category, with a view to improving the focus of the Trust’s publication scheme content. The Trust regularly reviews its procedures and systems to ensure their compliance under section 46 of the Freedom of Information Act.

Duties and responsibilities

The Trust recognises its responsibilities under FOIA and EIR to provide the general right of access to information held. Overall responsibility for this policy rests with the Director of Corporate Governance (Interim).

The administration of the Trust’s FOIA and EIR policies rests with the IG Officer as the Trust Lead on FOI and EIR requests.

The IG Officer is responsible for ensuring that these policies remain up to date with the requirements of FOIA and EIR through regular attendance at peer group FOI/EIR meetings, membership of professional groups, and regular familiarisation with ICO latest decision notices and news items on FOI/EIR.

The IG Officer is responsible for supplementing the Trust’s cyclic mandatory FOI/EIR training provision with extra training for IG Champions – those staff responsible for handling FOI requests and supplying response data for subsequent drafting and signoff.

The IG Officer is responsible for ensuring that responses to media enquires are passed to the Communications Team for extra oversight and signoff, once the Executive Director has approved the response data.

The IG Officer uses their judgment to keep the Interim Deputy Company Secretary and Director of Corporate Governance (Interim) informed of more complex requests, or requests linked to current issues faced by the Trust.

The Trust undertakes to comply with the requirements of the Freedom of Information Act 2000, (FOAI) and to establish a scheme to assure its fulfilment.

FOIA and EIR give the public at large a general right of access to information held by the Trust, subject to certain conditions and exemptions/exceptions.

Any person submitting to the Trust a request for information is entitled to be informed in writing whether the Trust holds the information specified in the request, and to have that information communicated to them.

In complying with the duty to confirm or deny that requested data is held (Section 1 FOIA only), the Trust may, under certain circumstances, ‘neither confirm nor deny’ when affirmation or denial would prejudice the confidentiality of data being withheld (Section 1 FOIA).

Under FOIA only, any request for information must be received in writing, stating the name of the applicant (first name and surname, first initial and surname, or name of company), an address for correspondence, and a description of the information requested.

Under the EIR, the request may be made verbally, but must still contain the applicant’s name and correspondence address.

The Trust has a duty to ensure that procedures and systems are in place to facilitate public access to Trust data. A flowchart entitled “How to Deal with an FOI Request” is attached as Appendix A

All staff, temporary staff (agency and bank), contractors and Non-Executive Directors are obliged to adhere to this policy. A failure to adhere to it and its associated procedures may result in disciplinary action

Managers at all levels are responsible for ensuring that the staff for whom they are responsible are aware of and adhere to this Policy.

All staff are responsible for ensuring that any stray requests for Trust information from the public are forwarded to the FOI mailbox. This includes verbal EIR requests.

Upon receipt of a new request the IG Officer will log it and forward it to the relevant Executive Director for delegation to one of their team members, who would, wherever possible, delegate it to an FOI/EIR champion, already trained on FOI/EIR procedures. (See point 6.5 above and section 8, Training Requirements).

Suppliers have obligations under both FOIA and EIR, by nature of having a contract with a public authority, to assist the Trust with FOI enquiries concerning their business with the Trust, and must forward any written requests for information, pertinent to the Trust, received by their staff to the Trust’s FOI mailbox.

Those making verbal requests under EIR should be directed to contact the Trust’s FOI office on 0208938 2173 or the switchboard on 0207 435 7111. For regulatory purposes, the time allowed for response will commence on the day the request is received by the Trust, rather than the contractor. Contracts should, therefore, include a clause setting out the Contractor’s obligations in this respect.

When entering into contracts with contractors from the private sector, the Trust may be under pressure to accept confidentiality clauses which exempt from disclosure information relating to the terms of the contract, its value and performance. The Trust will reject such clauses and only where, exceptionally necessary, include non-disclosure provisions in a contract. In any such instances, the Trust will investigate the option of agreeing with the contractor a schedule of the contract that clearly identifies information that should not be disclosed. The Trust will take care when drawing up any such schedule, aware that any contractual restrictions on disclosure could potentially be overridden by obligations under the Act, as described above.

Any acceptance of confidentiality provisions to not disclose information under FOIA or EIA must be for good (valid) reasons and capable of justification to the Information Commissioner. The Trust will not agree to hold information ‘in confidence’ which is not in fact confidential in nature.

Trust management responsible for management of suppliers are required to support the FOIA and EIR processes, and ensure the contractor establishes a robust process for providing information and/or their opinion on disclosure of data upon request, which the Trust would take into consideration when deciding whether to release requested data. Any such response would still be subject to Trust Executive Director sign off prior to dispatch.

Procedures

The Trust will meet all the requirements of a valid FOI/EIR request, as defined in s8 of FOIA, provided that it meets with all mandatory requirements, i.e. that:

  • FOI requests must be received in a written format, email or hard copy, or via the Trust’s website FOI request submission form and contain contact information, and adequately describe the information required.
  • EIR requests can be received both in verbal and in written format, relate specifically to the environment or anything which affects the environment such as emissions and discharges.
  • Both FOI and EIR requests must include the name of applicant, (can be first name and family name, or initial and family name, but not solely initials and/or the name of the business).
  • New requests are logged and then tracked and reported on via the FOI/EIR log throughout their lifetime, i.e. until file closure.
  • Once logged, new FOI requests are sent to the subject matter Executive Director and, if known, copied to the subject matter Manager. The Executive Director will delegate the request for data provision as appropriate and will sign off the resulting data as correct and in order for sending out to the applicant.
  • Requests which are not applicable to the Trust may be answered and signed off by the IG Officer, indicating why the request didn’t apply to the Trust.
  • All Media requests must have secondary sign off from the Communications Manager.
  • FOI and EIR requests must be answered within 20 working days, excepting bank holiday days anywhere in the UK counting the first working day after receipt as Day 1, unless paused whilst clarification is sought from the applicant.
  • All responses must include the duty to confirm/deny or neither confirm nor deny that the requested data is held when doing so would compromise confidentiality of any withheld data.
  • Support on the application of exemptions or exceptions and the public interest test will be provided by the Trust’s FOI Lead (IG Officer), taking into account advice from the person who holds/owns the information.
  • Any exemption must be applied in line with section 17 of the FOI Act and any exception must be applied in line with regulation 14 of the EIR . All EIR exceptions and most FOI exemptions are subject to the public interest test i.e. where the public interest in withholding the information outweighs the public interest in disclosure, and where it does, we can refuse to disclose.
  • Sometimes redaction is required to render exempt information unreadable from documents being prepared for release. Time spend redacting does not count towards the 18 hours/£450 resource limits.
  • If the exemption (FOI) or exception (EIR) requires a public interest test this must be done where possible within the 20-day deadline. In the event that this will take longer than 20 working days the requestor should be notified and given a date by which to expect a decision to have been made (in accordance with s.17 (2) of the FOI Act and Reg. 14 of EIR).
  • If denying a request, the Trust has a duty (FOIA s16, and EIR Reg 9) to provide reasonable advice and assistance to applicants requesting information. This may include assistance in clarifying their request, reducing the cost of the request, redirecting the applicant to a website or another public authority, and providing a link to the publication scheme if the information is held there.
  • All refusals must include appropriate refusal notice which considers the requirements of the exemptions or exceptions being applied and the requirements of s.17 of the FOI Act and regulation 14 of the EIR. The notice should be accompanied by any information which is not exempt.
  • If the requestor has stated a format preference, the Trust is required to comply with this as far as practicably possible. If it is not possible, the information will be supplied in another suitable format and an explanation provided to the requestor as to why it wasn’t possible to comply with their preference.
  • If information requested relates to a third party, then they should be contacted and given an opportunity to comment/advise if, in their view, the information should be released or withheld, and why. Whilst their views would be taken into consideration, the Trust reserves the right to make the final decision about releasing the information.
  • When responding to a request for information, the requester will be notified that if they are dissatisfied with the Trust’s response, that they may request an internal review within 40 working days of the date of the initial response, and of their right to complain to the Information Commissioner if they are still dissatisfied following the outcome of the internal review.
  • Internal Reviews are undertaken by nominated staff not previously involved in the request, who will consider decisions made, rationale, public interest, timeliness and all other relevant aspects of the request and may either uphold the original decision or issue new findings and recommendations.

Once the request has been responded to, the FOI/EIR Log will be updated and the request closed.

Data sets published in response to individual requests or through the Publication Scheme on the Trust’s website, must be made available for re-use at the point of release under the Open Government Licence, and where reasonably practicable, published in a reusable format.

Training requirements

Trust’s IG Lead (IG Officer) to have training and development opportunities to maintain/update their knowledge on the recent applications of the regulations, and attendances at formal training sessions, peer group meetings with counterparts and senior IG staff from other Trusts/public authorities, and membership of FOI/E

The Trust to provide relevant FOI training for all new staff at their induction and every three years to current staff within their INSET training programme.

Provide relevant and appropriate training to nominated FOIA champions throughout the Trust, who are relied upon to provide data to inform FOI responses.

Process for monitoring compliance with this policy

Compliance with this Policy will be monitored quarterly by the Information Governance Group in consultation with the IG Officer, together with any independent reviews by Internal External Audit on a periodic basis.

The IG Officer is responsible for the revision and updating of this document in line with any changes to FOIA regulations and/or any associated legislation, and ICO directives.

References

Associated documents

 

Back to top