Freedom of Information Policy

This policy applies to recorded information held across the University, by all staff, and all departments and subsidiaries. It also applies to information held by third parties on the University’s behalf.

The policy is binding on all those who use University information such as staff, students, contractors and consultants of the University whether accessing information from on or off-campus.

Policy

1. Policy

1.1 The University is committed to the principles enshrined in Freedom of Information legislation and will operate an access regime on the presumption that information is open unless there is a valid reason to restrict access.

1.2 The University will make information about its activities publicly available through the University’s Publication Scheme, which will be based on the model publication scheme for the Higher Education sector.

1.3 Information held by the University which is not included in the Publication Scheme will be available on request, subject to the application of any exemption.

1.4 In cases where an exemption may be claimed, due consideration will be given as to whether or not the information is disclosed. This will include consideration of public interest, the rights of data subjects, legal and contractual obligations and issues of information access and security. Information will only be withheld in accordance with the exemptions specified by legislation. The reasons for applying the exemption will be provided to the requester.

1.5 Individual requests will be handled in accordance with applicable legislation and codes of practice. Information about how to make a request will be available on the University website.

1.6 Dissatisfaction with the University’s handling of an information request or maintenance of the Publication Scheme will be treated as a complaint and dealt with in accordance with the University’s Freedom of Information complaints process.

1.7 Information provided to the University from third parties may be the subject of an access request. In considering whether exemptions apply, the University will seek to consult with the third party but the legal responsibility for deciding whether or not the information should be released rests with the University.

1.8 When entering into contractual agreements with third parties the University will take reasonable measures to identify that information which would clearly be exempt from disclosure under the Act and seek to agree a schedule (as part of the contract) that identifies clearly that information which should not be disclosed.

Scope

2. Scope

2.1 This policy applies to recorded information held across the University, by all staff, and all departments and wholly owned or controlled subsidiaries. It also applies to information held by third parties on the University’s behalf. The policy applies irrespective of the information’s format, storage medium or age. Information ‘held’ encompasses any information in the University possession, including information the University has generated, received or purchased.

2.2 This policy is binding on all those who use University information such as staff, students, contractors and consultants of the University whether accessing information from on or off-campus.

Oversight

3. Oversight

3.1 The University’s Council has corporate responsibility for compliance and the Registrar and Secretary has the authority to define and implement University Freedom of Information policies.

3.2 Information Strategy Group is responsible for the approval of Freedom of Information policy and for overseeing policy implementation via the Information Security Board.

3.3 The Information Security Board, chaired by the Deputy Registrar, is responsible for regular policy reviews and monitors the effectiveness of the Freedom of Information policy across the University. It also commissions and responds to independent audits of Freedom of Information arrangements.

Responsibilities

4. Responsibilities

4.1 All staff are responsible for ensuring that requests for information (which any employee may receive) are handled in accordance with the University policy and for providing Legal Services with all necessary advice and assistance when requested to do so for the purposes of responding to requests.

4.2 All staff are responsible for making third parties, who provide information to the University or who generate, hold or process information on the University’s behalf, aware of the Freedom of Information legislation and the University’s responsibilities under such legislation.

4.3 All University staff are responsible for publishing information proactively via the University’s website and the University Publication Scheme wherever possible.

4.4 University Officers, Heads of Departments and Section Heads, as data owners, are responsible for ensuring that all information in their area is managed in conformance with this policy.

4.5 Legal Services is responsible for promoting compliance with this policy, for managing the University’s Publication Scheme, and for drawing up guidance about Freedom of Information good practice. Legal Services will monitor and co-ordinate responses to requests. Where exemptions may be applied the Service must be consulted prior to their application.

4.6 Staff, students, contractors, consultants, visitors and guests who act in breach of this policy, or who do not act to implement it, may be subject to disciplinary procedures or other appropriate sanctions.

Implementation

5. Policy and implementation documents

5.1 This document, together with related guidance is available at: http://www.york.ac.uk/records-management/foi

5.2 University Freedom of Information Publication Scheme

Document history

Document history

05 December 2012 Approved by Information Policy Executive
13 December 2012 Approved by Information Security Board
29 January 2016 Reviewed and approved by Information Security Board
31 July 2019 Reviewed and approved by Information Security Board

Review

Review cycle: Three yearly

Date of next review: July 2022