ICO blog: Ever-changing information rights means ever-changing guidance

The world of information rights is ever-changing, with constant developments in case law and technology. Given the size of the ICO’s catalogue of guidance, which continues to grow, making sure everything is up-to-date and relevant is a challenge that sometimes feels like painting the Forth Bridge!

With that in mind, we’ve spent some time developing a clearer strategy for ICO guidance. We’ve completed a full audit of our existing guidance, reviewing what needs removing or updating, and we’ve looked at how we can improve the indexing and navigation.

This blog give you an update on how we’ve improved what we offer, and where we’ll be doing things different in the future, as well as recapping what we’ve published over the last twelve months.

How we’re working

The focus of our external guidance is now a spine for each key area, creating a full ‘guide’ to each of the main pieces legislation the ICO regulates:

These end-to-end guides are the best introduction to the legislation and contain links to our more detailed pieces of guidance. They also sit alongside our codes of practice, the other key building blocks of data protection guidance. Our A-Z guidance index, which helps find specific pages, has also been improved.

New guidance template

We’ve developed a new guidance template, to give greater consistency and to make our documents clearer. All detailed guidance will now have a table of contents to aid navigation and an overview setting out the key points.

And we’re always aiming to produce accessible guidance – plain English is an important consideration in all our products and for certain key guidance we’re applying for accreditation from the Plain Language Commission. We’re pleased the recent guides to FOI and EIR both received their ‘Clear English Standard’ mark.

Keeping trim

The fast-changing nature of the areas the ICO regulates means it would be easy for our website to become bloated with guidance. In an effort to make sure what we offer is as effective and relevant as possible, we have decided to remove several pieces of guidance from the website to avoid duplication.

We’re taking a similar approach to our internal FOI knowledgebase, which we published on our website in 2011, to offer as comprehensive a guide to FOI as possible. As the sections of this document are gradually incorporated into our external guidance we are periodically updating the knowledgebase on the website to include links to the new integrated documents.

Once all of the new guidance has been created we will remove the knowledgebase from the website. The result will be that FOI practitioners will only need to use our updated external guidance and not need to look in two places.


We’re thinking harder before producing specialist topic guidance, for instance looking to sector-based bodies to build on their experience of the challenges they face when complying with information rights legislation, based around the key principles the ICO has already established.

This enables the sector to develop more.  We do accept the need for ICO specialist guidance in some areas, often whilst sectors develop their own products – for example we have recently updated the HE sector guidance on FOI and research information – but we expect specialist guidance to increasingly have a shorter shelf-life and to be reviewed more often.

2012 so far, and looking ahead…

In the last year we’ve created and comprehensively updated 23 pieces of FOI and EIR guidance, including new guidance on section 23, 24 and the public interest and prejudice tests. The guidance draws on case law from seven years of ICO decision notices and decisions of the Information Tribunal and Higher Courts.

Over the next six months practitioners can expect new FOI and EIR guidance on Parliamentary Privilege, investigations and law enforcement, vexatious requests and information relating to emissions.

For data protection we have produced new guidance on areas such as complaints files, IT security for SMEs, cloud computing, deletion and disproportionate effort. We’re also producing new data protection codes of practice on significant areas where comprehensive guidance about good practice is needed. We’ve recently published a code of practice on managing the data protection risks related to anonymisation, and later this month we will consult on a new code of practice on subject access.

Whatever guidance we’re producing, we’ll continue to work to make it clear, accessible and help organisations to apply the law. We’re always happy to receive feedback about our guidance and we are planning to do more in the coming year to assess its effectiveness.

Stay up to date

There are many ways you can keep up to date with new guidance:

NB: We also help other organisations to draft codes of conduct where they overlap into information rights. The Cabinet Office is running an online consultation for a code of practice regarding changes to the Freedom of Information Act. The changes mean that when public authorities release electronic datasets under FOIA, they should be capable of being re-used.

ICO contributed to the draft code, alongside National Archives and Ministry of Justice. You can read the consultation and add your comments.

Steve WoodSteve Wood‘s department develops the outputs that explain the ICO’s policy position on the proper application of information rights law and good practice, through lines to take, guidance, internal training, advice and specific projects.
This entry was posted in Steve Wood and tagged , , , , , . Bookmark the permalink.