Understanding your obligations under the FOISA is essential if you handle public data in any capacity.
With information requests rising and digital processes becoming more complex, compliance is more important than ever.
Whether you’re a contractor working with public bodies or a company expanding into new sectors, knowing how FOISA applies to your operations can help avoid costly mistakes. In this blog post, our experts explore how to stay compliant and confident.
What is FOISA, and Who Needs to Comply?
The Freedom of Information (Scotland) Act 2002 gives people the right to access information held by public authorities. Simple enough on the surface, but the ripple effect is significant for many businesses.
If your company works with public sector organisations, providing services, managing projects or supporting infrastructure, you may be indirectly covered by FOISA too.
The Scottish Government outlines the types of organisations that fall under this umbrella, including IT firms, security contractors and charities.
Myths That Could Land You in Hot Water
FOISA doesn’t just apply to government departments. And it’s not limited to printed documents either.
Emails, spreadsheets, recorded meetings, handwritten notes are all fair game under a valid request. If you’re disorganised or unclear about your data handling, that’s where problems start.
The most damaging myth is thinking it’s someone else’s responsibility.
Simple Habits That Build Solid Foundations
The smartest way to prepare is by embedding FOISA awareness into everyday processes. That starts with knowing what you hold, where it’s stored and who’s responsible.
Build a central register of data categories. Keep access permissions tight. When a request comes in, having this information at your fingertips saves precious time and ensures compliance.
If you need help building that foundation, the ICO’s official advice offers practical steps to begin.
Tips for FOISA Compliance
What Does a Request Actually Look Like?
It might be as straightforward as an email asking for project costs or a client contract. FOISA requests don’t need formal language. They don’t even have to mention the Act by name.
You have 20 working days to respond. You can’t demand a reason for the request, and refusals must be justified properly. Ignoring it isn’t an option.
When Can You Say No?
Not every request must be fulfilled. Some information may fall under exemptions, such as data protected under GDPR or material that could harm public safety.
Still, it’s not a get out of jail free card. Exemptions must be assessed carefully, and vague refusals could backfire. If in doubt, consult a legal professional before turning anyone away.
It’s Not Just About Rules, It’s About People
Compliance works best when your whole team understands the stakes. Train staff to spot FOISA requests and respond appropriately. Equip them with checklists, guides and clear reporting lines.
Most importantly, foster a culture of openness. When staff see transparency as a shared goal, it becomes second nature.
Digital Data: Convenience Meets Complexity
Moving to cloud-based systems can make FOISA compliance easier, but only if managed well. Set up your systems to support secure access, encryption and reliable audit trails.
Cybersecurity and FOISA increasingly go hand in hand. Good data hygiene today can prevent major legal trouble tomorrow.
Monitoring Your Compliance Over Time
FOISA compliance isn’t a one-and-done exercise. As your organisation grows and digital infrastructure evolves, so do your responsibilities. Schedule regular reviews of your data handling procedures and keep your policies updated.
Reviewing request response times, analysing exemption use, and identifying weak spots in your process can help you stay ahead. It’s not just about meeting the standard but raising it.
Managing Reputational Risk
When you fail to meet FOISA obligations, it’s not just the law you risk falling foul of. Public perception matters.
Delays, refusals or poor handling of information requests can damage your organisation’s credibility.
Being known for openness and responsiveness, on the other hand, builds goodwill and positions your business as trustworthy. Compliance should be a point of pride, not just a box to tick.
Why You Might Need Legal Backup?
FOISA isn’t always black and white. Requests can be vague, and exemptions tricky. That is where specialist legal advice earns its keep.
Solicitors experienced in freedom of information law can help you shape your responses, manage refusals and put processes in place to future proof your organisation.
Why Openness Makes Good Business Sense?
Transparency is more than a legal duty. It’s a trust builder. When your business is open about how it handles public data, people notice. Clients, collaborators, even regulators.
Staying FOISA compliant doesn’t need to be daunting. Start small. Get support. And make it part of how you do business.
This article is for general information only and should not be considered legal advice. Freedom of information compliance depends on your organisation’s role and the specific nature of requests received.
Always consult a qualified solicitor to ensure your policies and procedures align with current legislation and best practice.
