1. Telling stories with FOI data

    In the second seminar of our Using Freedom of Information for Campaigning and Advocacy series, we learned how to use information from FOI requests to create stories and further your cause. 

    First, we heard the experience of two different campaign groups — Privacy International and Climate Emergency UK — in getting their stories into the public eye; this was followed by tips from freelance journalist Rosie Taylor about pitching to newspapers.

    You can watch the whole video over on YouTube, or read the summary below.

    Privacy International

    Ilia Siatitsa

    Privacy international is a UK-based organisation, working with partners around the world to research and advocate against governmental and corporate abuses of data and technology. 

    They’ve used FOI requests as a source of information that feeds into campaigns and advocacy for many years. Sometimes they use a preliminary round of FOI requests to help inform a subsequent, more focused one.

    Their Neighbourhood Watched campaign, which investigated the use of new surveillance technologies by the UK police, is a good example (we’ve written about it before here). Privacy International submitted fact-finding FOI requests to many police forces across the UK, asking which technologies were being used at a local level for law enforcement.

    The responses enabled them to identify several different types of tech, and that there was a massive regulatory gap around this area of law enforcement, with new, invasive technologies having been introduced before any guidance was put in place.

    The information they obtained via FOI has inspired a number of different actions within a wider, multi-year campaign. Privacy International first rallied their supporters to write to their local Police and Crime Commissioner to ask for more information and better regulation. 

    They later launched a similar campaign around police technologies being used at protests, producing a guide to inform people attending marches, so they knew what tech was being deployed by police, and how to mitigate some of the exposure.

    They also made follow-up FOI requests around the specific technologies that their first round had identified. In this second round of FOI requests, Privacy International found that the responses were all coming back as refusals, using very similar or identical language and stating that the authorities could not confirm or deny that the information was held. 

    Privacy International attempted to challenge these refusals via the ICO, but they were upheld; a subsequent appeal at the Information Rights Tribunal also upheld the decision and denied a request to appeal. Undaunted by this setback, Privacy International have moved back to advocacy, sending letters to police oversight bodies to point out that every other country that has introduced these technologies to their police forces has been more transparent about them. In 2020 they published a report criticising the way the police were using mobile phone extraction (where the contents of your phone are copied, no password required), calling for reform and safeguards.

    So, while Privacy International haven’t yet won the battle, they continue to fight — and this is a good example of how FOI can form the basis of a multi-year campaign with many outputs, audiences and facets.

    Here are Ilia’s top tips for submitting requests — also make sure you see our previous seminar, Getting the most from FOI, for lots more advice.

    Top tips for FOI requests from Privacy International

    Questions from the audience:

    Q: Can you make a rejection into the story?
    A: You can, but it depends how you want to play it: you might decide that you don’t want the refusal decision to be out in public, setting a precedent for how authorities reply to responses. Privacy International are also trying a new approach, sending a different set of questions to see if that gets them better results. 

    Q: One of your tips is “format matters”: any further advice here?
    A: Authorities might try to give the least information possible, using the way you’ve formatted your question to minimise what they share, so look carefully at how you’ve worded your request before sending it, and consider how it might be responded to with this mindset. 

    It can be very useful to use a yes/no question: this only takes the authority moments to answer. 

    Or, rather than asking for stats, try asking for the documents that those stats can be found within. Responding to this type of request takes less time for the authority, but their response will contain more information. 

    Authorities often come back and say that your request needs to be narrowed down, so that can be a strategy too: start with a broad request which you’ll be happy to whittle down, knowing that you actually want the narrower information.

    Climate Emergency UK

    Isaac Beevor 

    Climate Emergency UK (CE UK) was founded around five years ago, with the aim of collating data and information on UK councils’ climate emergency declarations. Since then they’ve worked with mySociety to create CAPE, which collates all UK councils’ Climate Action Plans, and the Council Climate Action Scorecards, which first assessed all the plans, and subsequently councils’ actual climate action.

    Isaac explained that in order to gather data for the latest iteration of the Scorecards, they’d sent around 4,000 FOI requests to UK local authorities: these were all asking for data which couldn’t be obtained by other means.

    These requests, which were worded very specifically, allowed CE UK to compile data on: 

    • Councils’ staffing levels for climate and implementing Biodiversity Net Gain (BNG);
    • The average energy efficiency (EPC) ratings of council homes and the enforcement of the Minimum Energy Efficiency Standard (MEES);
    • Whether councillors and management were receiving carbon literacy training;
    • Whether the councils were lobbying their devolved national government, or the UK government, for further powers or funding.

    As well as giving vital information that fed into the Scorecards project, the request about EPC ratings resulted in an exclusive [paywalled] on page two of the Financial Times.

    Isaac shared how CE UK went about achieving this coverage, noting that any organisation could do the same: they are a small and relatively new charity, but followed some logical steps to pitch their story, and it paid off. 

    First of all, they identified three potential stories, analysing the data they’d received and looked for trends within it to see what stood out the most. They wrote the headline for each, to make it easy for a journalist to imagine the piece and the way the data could be framed. 

    CE UK also considered the stories’ relevance to what was in the news at the time. The cost of living crisis was very much in the zeitgeist, and that tied in well with their data around low energy efficiency standards in council housing.

    They identified which newspaper they wanted to target, and found a suitable journalist to approach, and then simply emailed them with both the headlines and the detail to back them up. Isaac advises that it is reasonable to pitch a few potential stories at one time, especially if you have such rich data that you can pull several angles out of it. 

    Finally, Isaac advises that having given your framing to the journalist, you must allow them the freedom to emphasise whichever parts of the story they want to, based on your clear explanation of the data and what it is saying.

    Questions from the audience:

    Q: Did CE UK use EIR (Environmental Information Regulations) requests? 

    A: The requests were sent with a note that the authorities should feel free to treat them as either EIR or FOI requests. In these cases, the responses would be much the same so the distinction wasn’t a great concern for CE UK.

    Q: How can one identify the right journalist to approach? 

    A: CE UK were guided by where they wanted the story to go, based on the reputation of the paper. Ideally you can then identify a journalist who has an interest in your subject matter. Clearly they won’t know your data as well as you do, so make sure they understand the context — be really clear in explaining what your data is about. And it’s fine to pitch to more than one journalist: give them a deadline to respond by and if they don’t, move on to another.

    Q: If the paper has a paywall how do you ensure as many people as possible see the story? 

    A: As well as the FT exclusive, which gave that paper the ability to print first, CE UK later sent a press release round to more general and sector press. This was also picked up by many.

    Rosie Taylor, freelance journalist

    Rosie specialises in health and consumer affairs, writing news and features across all national press, and she often uses FOI in work. She also works with organisations to improve their media coverage. 

    Rosie began by listing five key things to consider when pitching a story to the newspapers:

    1. Relevance Your story needs to be relevant to that publication’s readers. All publications have slightly different audiences with unique interests and concerns.
    2. Timeliness Can you hook into topics that are being talked a lot at the moment in the news? Make sure the journalist knows ‘why now?’.
    3. Ease How easy are you making it for the editor to say yes? Overworked journalists don’t have time to build up a story, so ideally you should provide a complete package. If you’re giving them data, it’s all the better if you can give them the top line but also attach the datasets. Line up experts, provide case studies and pictures — it all really helps. Look at what a finished article looks like on the page: that is everything you’re going to need.
    4. Targeting Make sure you’re sending your pitch to the right journalist in the right section of the right publication. Read the publication yourself and look at the stories; become familiar with which journalists are covering certain topics.
    5. Timing Pitch plenty of time ahead of when you want the story to be published, to allow time for the journalist to write it.

    When considering which news outlet you are targeting, you need to look at your ultimate aim: for example, the Financial Times is read by changemakers, so it fits the needs of many campaign or advocacy groups well. Perhaps you just want more people to know about your organisation, in which case a mass readership publication would suit you better.

    We tend to think of each newspaper as a single entity but in fact they can contain different sections, each with their own editor and journalists, and slightly different  interests, audiences and timescales.

    It pays to know which section you are targeting, and what you want it to look like on the page. Will the story be a few paragraphs or are you hoping for a double page spread?

    You might pitch your story to local papers rather than a national. In fact, many of these are syndicated across the whole country, so you can still effectively attain national coverage that way.

    If you are pitching to a daily newspaper with a Sunday edition: is it a seven-day operation, or are they two separate papers? For example, you shouldn’t pitch the Times and the Sunday Times simultaneously, as they run autonomously, while the Telegraph just runs seven days a week.

    Similarly, some papers have a different team producing online content, like the Daily Mail newspaper and Mail Online.

    Don’t feel that you have to write off a whole publication just because you’ve had a ‘no’ from one section – if the Sunday paper says no, you can still pitch the dailies; if the Health section says ‘no’, you can try another section.

    There are two ways of pitching: ‘all round’, which goes to several papers at once, or as an exclusive.

    All-rounds

    If you are sending your story to multiple outlets at the same time, always put an embargo on the press release (a date and time after which it can be published). This ensures that you have control over the moment of release, and journalists welcome it as it gives them the time to write the story up.

    Make your embargo clear: you can put it in big red capital letters, add it to the email title, et cetera. The general convention for print is an embargo of 00:01 (one minute past midnight) for the story to appear in the following day’s papers.

    Online outlets really like embargos in the middle of the day (but that timing is a nightmare for print, so pick one). For broadcast, you can time the embargo to their news bulletins.

    Make sure you’re available in the run-up to the embargo, including having your experts or case studies at hand, in case there are any extra questions. If you have embargoed the story for a Monday release, that means being available on the Sunday.

    An all-round is always a gamble, because it can be scuppered by a bigger news story arising; with an exclusive you can discuss timing with your journalist and they might have the flexibility to put it out at a later date if that is still appropriate. 

    Exclusives

    With an exclusive, you can work with one publication and focus on getting quality coverage. You can still set an embargo if the timing is important to you; you can also do a joint exclusive for print and broadcast, so long as you are transparent with all parties.

    As Isaac mentioned, if one paper declines your story, take it to another — you can pretend you’re still offering it to them first!

    Be very clear that you’re offering your story as an exclusive. Explain why it is relevant to them, their readers, and is timely. You should do this further ahead of time than with an all-round, especially bearing in mind that you may have to pitch to more than one outlet; also, they might want to examine your data and go into the story more deeply.

    As soon as your exclusive story has been published, you can send to all the other press and see if any of them pick it up — so an exclusive doesn’t tie your story to a single paper for good.

    Timing

    While Rosie says one shouldn’t be too hung up on timing — it is much more important to have a strong story — it does help to know the cycles to which newspapers work. 

    Sunday papers have a day off on a Monday; pool ideas on Tuesdays and most of the content has been written by the Thursday. Pitch a few weeks ahead.

    Daily papers work to rough weekly cycles. They have more space on Saturdays, when they like lighter stories with good human interest; while the Monday edition is smaller but also the most serious – a good time for dryer, data-driven stories.

    On Sundays, daily papers tend to have a skeleton staff, so they might be grateful of a fully-worked story. Pitch on the Wednesday of the previous week, with an embargo for Monday morning, and your story will be worked on by the Sunday staff who will be glad to have something easy to include.

    Supplements and weekly sections within daily papers all have their own cycles, so just pitch a couple of weeks ahead of when you need to run.

    Questions from the audience

    Q: Is it better to pitch to a freelancer like Rosie, or directly to a paper?

    A: There are plusses to both, but Rosie says there are several benefits to pitching to a freelancer: they can pitch to multiple publications, know all the editors and know instinctively which would be the best fit. Plus they have an incentive to get your story published, because they are paid on publication.

    On the other hand, staff journalists have more weight with the papers, so it’s easier for them to get stories in.

    Q: Is it best to phone or email?

    A: Don’t ever phone. The journalist will see your email – but they do get a lot, so you need to make sure it is eye-catching. If you are offering an exclusive, make it very clear that this is a personal email intended for its recipient, not a generic one.

    Q: What sort of case studies could we be providing?

    A: Even if your story is just based on data, there will still be a human impact in the story. For example, looking at the energy standards story, you could find someone who lives in an energy inefficient home or who hasn’t got money for their bills.

    Q: How do big investigations get funded? 

    A: Most are funded in-house, and developed internally. You might find yourself working with the newspaper’s own team. Complex stories take time, so you need a newspaper on board to pay for your time and any equipment you need. Sometimes, organisations like the Bureau of Investigative Journalism apply for grants to help them with in-depth stories.

  2. Getting the most from FOI

    We are currently running a series of free, online seminars on Using Freedom of Information for Campaigning and Advocacy

    The aim is to upskill social change organisations, particularly those working with marginalised communities and with limited capacity. Attendees will come away from these sessions with the skills and understanding they need to support their campaign or advocacy work through FOI — and, by sharing the videos, we hope that the benefits will spread further, too.

    The first seminar in the series was on Getting the Most From FOI

    Jen, mySociety’s Projects and Partnerships Manager, gave practical advice on how to shape FOI requests to maximise the chances of a full response; what the outcomes of a request might be; and how to deal with each of those outcomes.

    You can watch the video here. We’ll also summarise the advice below. 

     

    Framing and wording FOI requests

    The more thought you put into your request before submitting it, the better the outcomes are likely to be.

    Plan for your desired results

    Start by thinking about what you’re going to be using the information for. 

    • What are you trying to do with it? 
    • So what information do you need?
    • How are you going to use it? 

    For example, you might need the information to feed into some research, in which case you could request base level statistics. Or you might be looking for a big headline number to shape your request around, in which case you can make a single, very tightly defined request.

    Asking the right place for the right information

    Consider what information is actually recorded. You can only ask an authority for information they already hold — but that doesn’t necessarily just mean documents. Videos, photos, recordings, WhatsApp messages, etc all count as information, and can all be requested.

    Once you’ve narrowed down what you need, identify which authority holds the information. It’s worth doing some research here, as it might not always be the one you first think of.

    Keep your request well-defined 

    Consider how you word your request. If an authority has to come back and ask for further clarification, this resets the clock on the 20 working days within which they have to respond  — and it won’t begin until they’ve received your clarification. So it’s good to try and pre-empt the problems that might cause delay or rejections of your FOI request.

    Don’t be afraid to be very detailed: it’s better than missing something out. You can even include what you’re not interested in, to help narrow the request down.

    What time period do you want information from? State this, because otherwise the authority might assume you mean for all time, in which case it could be rejected as being too big a task and therefore taking too much staff time to compile. 

    Make sure you are extremely precise. For example, when you refer to “a year”, that might be interpreted as a calendar year, financial year, or school year, so specify which you mean.

    If there’s anything you already know about the information — like how the types of record you want are generally named, or where they might be found — add those details to your request. You can even send an initial FOI request to ask how the information is held at that authority, which can inform your main request.

    Make sure you’re asking for something the FOI officer can easily search for. As an example, asking for data about the ‘local area’ is too vague a term. So if you want information for a particular place, specify what you mean by providing the postcode, road names or the distance from a specific point.

    Doing this sort of preparation work is definitely worthwhile, especially in fast moving campaigns, as a clarification will cost you another 20 working days — ie four whole weeks.

    How to make a request on WhatDoTheyKnow

    Jen made a request during the seminar which you can watch step by step from the timestamp 25:52 to 37:39.

    Possible outcomes to FOI requests

    Once you’ve made your request, as noted, the authority has 20 working days within which they must respond. 

    If there is no response:

    • Nudge the authority to remind them about your FOI request – you can do this through WhatDoTheyKnow just by adding to the thread on your request page.
    • If after a few days there is still no reply, you can report the matter to the Information Commissioner’s Office (the ICO) – more on this shortly.
    • If you decide you no longer need the information, and there’s no benefit to it being made public, you can (and should) withdraw your request.

    If you get a response:

    • Legally the authority must confirm or deny whether they hold the information (or tell you that they “neither confirm nor deny”).
    • In the best case scenario, the information you’ve asked for is released with no other issues.
    • As mentioned above, the authority might ask you for a clarification, because they need to understand your request better.
    • They might say they’re performing a Public Interest test (more on this below). There’s no legal time limit within which this must happen, though guidance from the ICO suggests it should be completed within 20 days.
    • Your request might be rejected. Again, more on this below.

    The Public Interest test

    The Public Interest test weighs the benefits to society of releasing the information against the arguments against releasing the information.

    When an authority rejects a request, it has to be because of one of several set reasons (called ‘exemptions’). Some of these exemptions require them to hold the public interest test before they can be applied.

    Other exemptions are absolute, that is they can be applied with no Public Interest test. The most common of these are:

    • Section 21 — the information is already in the public domain
    • Section 12 — the cost limit has been exceeded, ie it will take too much time or be too costly to fulfil your request.

    Some authorities include details of how they’ve applied the Public Interest test, and how they reached their conclusion, as part of a reply.

    Possible rejection responses

    A rejection to an FOI request may take one of several forms.

    • Information not held: the authority is saying that they don’t have the information you’re asking for. 
      • If you think that’s not right, resubmit your request after doing a bit more research. Include any evidence that supports your belief that they do have the information. It might simply be a matter of wording your request less ambiguously so that they know what you’re talking about.
      • You might ask for an internal review: this means requesting that the authority’s FOI team look at the decision making process applied to your request, and reconsider whether it was valid. This can be easily done via WhatDoTheyKnow: it guides you through the steps. And it’s worth doing: our research shows that, for example, 50% of refusals from local councils get overturned at the review stage. We recommend saying why you think an internal review should be performed (and in Scotland you must). 

    • You can ask the FOI team to pass your request along to the right place, or tell you who might hold the information so you can send it there.
    • The information is held, but your request has been rejected: If they are declining to provide the information you’ve asked for, the authority must explain which exemption — ie, authorised reason for rejection — it is applying (see below).
      • As above, if you don’t agree with their decision, you can ask for internal review, including your reasoning.

    Possible outcomes of an internal review

    After the internal review, there will be one of the following outcomes:

    • The exemption is overturned, and the information you asked for is released
    • The exemption is partially overturned, and some of the information is released
    • The exemption is upheld, and no information is released

    Possible reasons for rejection (exemptions)

    Understanding all the various exemptions that can be applied to an FOI request requires time and effort — but if you receive a refusal and you’re not sure what the exemption means, you can always ask the WhatDoTheyKnow team for help.

    All the FOI exemptions

    Jen mentioned a couple of the most common exemptions we see being applied:

    • Section 14: Vexatious or repeated requests. If you submit a lot of requests to the same authority within a short time frame, they might be seen as unreasonable (vexatious) — or they can be considered together by the authority, and then might hit the cost limit.
    • Section 8: Asking you to provide more information about yourself: for example, if you’ve made a request under the name of your organisation, the authority might ask you to provide a person’s name instead. Bear in mind that you don’t have to use your full name: you can use an initial and last name, or just your title and surname, etc.

    Prejudice test

    Exemptions can be ‘absolute’ or ‘qualified’ exemptions. If they are absolute, then there’s no further action necessary from the authority. For some qualified exemptions, however, they must carry out a prejudice test.

    This tests whether it can be demonstrated that there is a causal link between releasing the information you’re asking for, and harm arising.

    Scotland

    In Scotland, they have their own points of law around FOI, and they have their own Information Commissioner.

    Scottish law around FOI is covered by WhatDoTheyKnow’s Help page here

    If the authority still rejects your request after an internal review

    If you have been through the process of having your request refused, requesting an internal review and still receiving a refusal, you may wish to continue to pursue the information — especially if it’s valuable to your work and you disagree with the grounds on which the rejection has been made; or you feel there’s a strong case for the information to be in public.

    At this point you can take the matter to the ICO: fill in a form on their site or send an email to their review address (ICOCasework@ico.org.uk). Include your arguments as to why the information should be released.

    Before you do so, it’s a good idea to read and follow the ICO guidance. There’s a help page on WhatDoTheyKnow as well.

    The possible outcomes here are:

    • The ICO rules in your favour and will tell the authority to release the information. If they don’t comply they may be in contempt of court.
    • The ICO rules in favour of the authority’s non-release. This does not have to be the end of the matter; if really determined, you can go to tribunal and set out why you disagree with ICO’s decision. If you get to this stage, please do get in touch with the WhatDoTheyKnow team who can give help and advice.

    Image: Desola Lanre-Ologun

  3. When the response doesn’t come: dealing with FOI requests that haven’t received an answer

    We’ve previously written about how best to proceed when an FOI request has been refused, but when there isn’t a response at all   that’s a slightly different problem. However, up until now, we’ve treated both in the same way. We’ve now made some changes to reflect the difference.

    If you do receive a response, but feel it’s inadequate or that your request has been wrongly refused, there are two ways of contesting the outcome. The first is to ask for an internal review, where the request is reassessed inside the same authority (by a different team or person). The second is to appeal to the Information Commissioner’s Office (ICO).

    To reflect this, our approach when providing prompts to WhatDoTheyKnow users has been an escalation ladder — suggesting people request an internal review, and then appeal to the ICO if still dissatisfied. However,  as we learned when talking to the ICO earlier in the year, that this isn’t always the fastest route to getting a response.

    An internal review is useful when disagreeing with a decision, but when the issue is that the statutory deadline for a response has passed, and follow-up messages haven’t been answered — a situation our colleagues at Access Info aptly refer to as ‘administrative silence’ — it can be better to complain directly to the ICO.

    According to the statutory code of practice, a public body may take up to 20 working days to undertake a review, and so this route is likely to result in further delay, whereas an intervention by the ICO may have a faster result.

    So when a request is overdue, our email prompt will no longer suggest that users might want to seek an internal review, but instead we suggest sending a follow-up message to the authority and note that they can appeal directly to the ICO.

    However, if you have an issue with the actual decision of a request (for instance, disputing an exemption applied), internal review is the correct first port of call — and in a surprising amount of cases can be very successful. While we don’t have figures covering all kinds of authorities, for requests made to central government, 22% of internal reviews resulted in some change to the original decision (and 9% were completely overturned) and for local government this figure is between 36-49%.

    Both internal reviews and appeals to the ICO can be effective methods at redressing disputes around Freedom of Information requests, but it is important to consider which is the right tool for the situation.

    Image: Ümit Bulut

  4. My FOI request’s been refused — so, what now?

    Our WhatDoTheyKnow.com service makes it really easy to request information from public bodies: all you need to do is describe the information you are seeking, send your request, and the authority provides it to you.

    At least, that’s what happens when everything goes smoothly.

    The default case

    When you request information, the authority generally has two duties under the FOI Act:

    • They must confirm or deny whether the information is held
    • If they do hold it, they must disclose it.

    But, there are circumstances – called exemptions – where the authority can withhold the information, or where they might not even state whether or not they have it at all.

    Understanding which exemptions have been applied will also help you to understand what to do next.

    The authority have confirmed they hold the information, but refused to release it

    Why have they refused?

    If your request is refused, the authority must say which exemption/s allow them to do so — have a good read of their response, and find out which one/s have been applied.

    You’re looking for a section number that refers to the part of the Act that explains why they can refuse. You can check on FOIwiki’s handy table for the full list of exemptions.

    Generally, when citing an exemption, the authority will also include the relevant text from the FOI Act, but if not, you can check it for yourself in the actual wording of the Act.

    Example of an authority explaining which exemption they have used

    They did not cite an exemption

    Authorities must say which exemption applies to your request — so, double-check that they haven’t done so (look in any attachments as well as in their main email), and once you are certain that they haven’t, write back and ask them to confirm which exemption they are using. Here’s an example of that in action.

    If you want to, you can quote the part of the FOI Act which says that they must do this: Section 17 (1)b:

    A public authority which, in relation to any request for information, is to any extent relying on […] a claim that information is exempt information must […] give the applicant a notice which—

    • states that fact,
    • specifies the exemption in question, and
    • states (if that would not otherwise be apparent) why the exemption applies.

    They did cite an exemption

    Once you know which exemption has been used, you are in a good position to examine whether it has been correctly applied .

    FOIwiki’s table lists all the exemptions that an authority can use, and includes some technical details about how they can be applied.

    Some exemptions have very little room for appeal and the decision to apply them is obvious: for example, the Ministry of Defence won’t release plans for an upcoming battle in a time of war, making a request for this type of information pretty futile.

    Others rely much more on the judgement of the authority who’s dealing with your request. Under Section 38, for example, a request can be turned down because it might ‘endanger the physical or mental health of any individual’– but in many cases, assessing how someone’s mental health might be affected by the release of information must require a certain amount of prediction.

    Some exemptions allow an authority to use additional tools for assessing whether or not to release information:

    • A public interest test
    • A prejudice test

    They said they’d applied a Public Interest Test

    Some exemptions, known as ‘qualified exemptions’, require the authority to apply a Public Interest Test. This may give you more opportunity to ask for a review.

    You can check the details of your exemption, and whether it’s qualified, in FOIwiki’s table.

    In short, a public interest test sees the authority  trying to weigh up the benefit to the general public of the information being released against the safeguards that the exemption is trying to provide, and decide which has more weight. The ICO provide good information about Public Interest Tests, with several examples of how they have been applied in the past.

    If you think you can demonstrate that the Public Interest Test has come down on the wrong side of this weighing up exercise, you may want to ask for an internal review — see the end of this article for next steps.

    They said they’d applied a Prejudice Test

    Some exemptions, called ‘prejudice based’ exemptions, require a prejudice test. Again, this might also give you more opportunity to ask for a review.

    You can check the details of your exemption, and whether it’s prejudice-based, on FOIwiki’s table.

    Generally speaking, it’s applied to exemptions which seek to protect certain interests — for example, Section 29 of the Act allows exemption where release might do harm to the economy.

    The prejudice test is a way for the person dealing with the request to check that the perceived threat is ‘real, actual or of substance’, and that there’s a reasonable risk that the release would cause the harm that the exemption is trying to protect against. There is a good explanation in the ICO guidelines.

    As with Public Interest Tests, if you can demonstrate that the Prejudice Test has come up with a decision that is arguably misapplied, you may want to ask for an internal review — see the foot of this article for next steps.

    They didn’t apply a Public Interest test

    This probably means that the exemption is “absolute”, which makes it hard to challenge.

    First, check on FOIwiki’s table that the Section the authority is using is an absolute exemption.

    If it is:

    • You might like to consider how cut-and-dried it is that the information falls within the class that the exemption protects. If it is clearly covered by the exemption (for example you have asked for information that is self-evidently provided to the authority by Special Forces) then there isn’t much point in going any further. But suppose you have been told that, under Section 21, the information is accessible via other means. Section 21 is an Absolute exemption but may be open to a challenge if, for example, there are circumstances which prevent you from accessing the information.

    If it’s not:

    • Ask the authority what public interest test they applied (or more details of how they applied it).

    The authority won’t confirm or deny whether they hold the information

    Why won’t they confirm or deny?

    If confirming or denying whether the information is held would actually reveal exempted information in itself, then the authority may refuse to do so.

    You can read more about this in the ICO’s guidance.

    Can I do anything if they ‘neither confirm nor deny’?

    Yes — you can challenge this stance if you have reason to believe that confirming or denying that they hold the information would not reveal exempted information in itself. However, it can be a time-consuming and potentially difficult route to take, and even if you are successful in getting the authority to confirm that they have the information, you may then find that an exemption is then applied, taking you practically back to square one.

    Next steps

    If you still want the information you’ve requested, there are some general tactics you can use when faced with an exemption:

    • Reduce the scope of your request: Check the exemption cited and, if possible, modify your request to circumvent it.
    • Ask for an internal review: if you think the exemption, public interest test or prejudice test has been wrongly applied, you can ask for another member of staff to assess your request and whether you should have received a full, or partial, response.
    • Appeal to the ICO: If you’ve had an internal review and still think the decision was wrong, you may make an appeal to the Information Commissioner’s Office.

    Read more about all of these routes on our guidance page.

    And here are some other useful links from the Information Commissioner’s Office:

    Finally, for now

    The ideal is, of course, to submit a request which does not trigger an exemption, as clearly this saves everyone’s time. You can see our advice on writing responsible and effective requests here.

    That said, full or partial refusals are not an uncommon occurrence — it’s totally routine for FOI responses to have some material removed (usually personal information such as names and roles of junior officials, or material identifying members of the public), or to turn the request down completely.

    There are just over 25 exemptions listed in the Act (the exact number depends on how you count subsections and variants), removing the obligation for bodies to provide information in categories as diverse as any and all communications with members of the Royal Family, to commercial interests and trade secrets — and all sorts of things in between.

    We’ll be examining the various exemptions available to authorities and suggesting ways in which you can avoid them.  Keep an eye on our blog — and we’ll also link to posts from this post as we publish them.


    Image: Scott Warman

  5. Lasa’s simplifying Universal Credit, with MapIt

    The Universal Credits system is replacing many other welfare benefits… but slowly. Its roll-out won’t be complete until 2022, meaning that many are, understandably, confused about just what applies within their own local area.

    Now Lasa, in collaboration with the Low Incomes Tax Reform Group (LITRG), have launched a tool to help with that problem. Just input a postcode, and it displays information about which benefits apply — and, crucially, where to go for advice in your area.

    Lasa's Universal Credit tool

    Like Lasa’s previous tools (we wrote about their SocialCareInfo tool previously), UniversalCreditInfo uses MapIt to match postcodes to services.

    It’s part of a suite of offerings, also available as widgets that can be placed onto any website. All fall within Lasa’s remit to support organisations in the delivery of social welfare law advice to the disadvantaged communities they serve.

    Lasa's tools as widgets

    We’re always glad to see MapIt used in other people’s projects, especially those that make a complex system easier to understand.

    Apparently advice workers are already expressing their gratitude for the fact that they can have this information at their fingertips — so hats off to Lasa.


    Image: Russell Davies (CC)

  6. Ten ways to promote Alaveteli sites

    No matter where you are in the world, if you run a Freedom of Information site, you’ll come up against one common issue: how to get people to use it.

    It’s not just the usual hurdle that any new website faces, of getting publicity. There’s often a lack of knowledge among the general population about the whole concept of Freedom of Information, and the rights that come with it. Not only do users have to know about the site, but they have to understand why it might be useful for them.

    The Freedom of Information conference, AlaveteliCon, was a great place to share ideas on how best to counter that. Here are ten strategies you can put into place right now.

    1. Make FOI concrete

    Freedom of Information can be rather an abstract concept to the average person, so your tweets, blog posts and press releases might not be getting through to them.

    Instead of asking people ‘what would you ask under the FOI act?’ or ‘Isn’t freedom of information a valuable right?’, try asking more concrete questions like ‘what would you like to know about government spending?’ or ‘if you could ask one question about nuclear defence, what would it be?’

    You might make a cheap, fun and informative video by going out onto the street and asking such pre-prepared questions to passers-by.

    2. Use SEO to your advantage

    Alaveteli is built so that it naturally performs well in search engines: the title of any request also becomes the title of the page, one of the main things that Google will consider when deciding how to rank a page for any given search term. And when useful or interesting material is released as a result of a request, that will attract inbound links and again, will be reflected in Google rankings.

    The net result of this is that many users will come to your Alaveteli site because they’re interested in a specific topic, rather than because they want to make an FOI request. They may never even have heard of FOI, but they surely want to know about hospital mortality rates or cycling accidents in their local area.

    A request on WhatDoTheyKnow, about the faulty brakes on a VW Passat, is one of the consistently most visited pages on the site. Even though the request itself remains unanswered, the page has become a place for Passat drivers to exchange knowledge and experiences.

    Pages such as these may even be more frequently visited than your site’s homepage. Look at request pages as a first-time viewer would, and ask yourself if it’s clear exactly what site they have landed on, and what it is for.

    Also: once you have created a community of people with a common interest (like the faults in the VW Passat), what could you do with them? Maybe post on the page yourself, offering to show how they could take a similar request to the next stage?

    3. Make passive users into active users

    The previous point leads to a further question: how can we turn users who land on our sites into active requesters (if indeed that’s a desirable aim)?

    One answer might be to explain the concept of FOI somewhere within the request page template, so it’s seen by every visitor.

    Another would be to build a user path that encourages readers to make their own request or—perhaps more likely to bear fruit, since making an FOI request tends not to be an impulsive action—include a newsletter sign-up button for people who want to know more.

    Alaveteli already includes some actions in the right-hand menu on every request page, but so far they have concentrated on asking the reader to tweet, or to browse similar requests.

    If you have ideas on how to encourage users to make requests, you could discuss them on the Alaveteli mailing list, or, if you’re a coder yourself, you could make the changes on your own branch and then submit it to be merged so that everyone can benefit.

    4. Contextualise FOI

    In the UK we are fortunate that when a news story is based on an FOI request, that’s usually mentioned within the story. It leads to a certain level of understanding of the concept of FOI within the general population.

    Whether or not that’s not the case in your country, you could keep an eye out for stories that were clearly researched via an FOI request. Where FOI is commonly mentioned, setting up a Google alert may help.

    You can then highlight these stories on a regular basis: for example, on a Facebook page, or on your blog. There was also talk of feeding a Facebook stream onto the homepage of one Alaveteli site.

    5. Create a community

    Sharing stories is one thing, but communities are a two-way endeavour. Facebook pages, blogs and Twitter accounts all need regular attention.

    Post often, reply to users’ comments and queries, and soon you may find that you have a responsive community, and can even ask your followers to do a bit of advocacy for you.

    A newsletter is also a useful way of getting your message directly into your supporters’ inboxes.

    6. Write about interesting requests

    Some requests just appeal more to human interest than others do, and they’re obvious candidates to be blogged/tweeted/Facebooked about. You might also consider putting out a press release.

    There was a bit of discussion at the conference about the unfortunate phenomenon of ‘comedy’ requests which are of great interest to the press, but could actually harm the case for FOI. Examples given were:

    In the UK we’ve generally taken the decision not to run these kinds of stories, though the press sometimes pick them up on their own anyway.

    Such publicity can lead to ‘FOI is a waste of public money’ campaigns, and it was suggested that it is useful to have a list of the good things that have come from FOI that you can provide in return: here’s one that @FOIMonkey produced in 2012.

    A middle ground between publicising ‘silly’ requests and trying to promote dry ones is to identify the stories that are in the middle ground: of great human interest, but with a serious point. Make the relevant requests yourself, if necessary.

    As an example, a request such as the menus for food served in prisons can have an underlying political point if framed correctly.

    7. Conduct outreach

    NGOs and campaigning groups can find FOI a useful tool, and the fact that Alaveteli publishes out the responses can also help them with getting their cause known. A mail-out to likely organisations, or even face-to-face visits, may help.

    Muckrock shared that they get users educated early, by conducting ‘FOIA for kids’ outreach (and FOI is also a subject in our own lesson plans).

    Here in the UK, we have visited colleges to talk to trainee journalists. While most are aware of the FOI act, many do not know about WhatDotheyKnow and how it can be used not only to make requests, but to subscribe to keywords or authorities of interest.

    However, such visits are fairly inefficient: they take time and only reach 50 or 60 students at a time. A better way may be to create and promote materials that colleges can use for themselves.

    8. Paid ads

    Although Alaveteli sites perform well in organic search, paid ads can give them an extra swathe of visitors.

    Both Facebook and Google are potential platforms for ads, and you may be eligible to receive a Google Grant if you are a not-for-profit: these give you Google Ads for free.

    mySociety are happy to share our experience in this area, and we will possibly put materials together if there’s enough interest.

    9. Friends in high places

    Some Alaveteli practitioners found it useful to partner up with a newspaper or online news source. The benefit runs two ways, since Alaveteli can be such a useful tool for journalists.

    Dostup Pravda in Ukraine is a part of the country’s most popular news site, and perhaps one of the most expert Alaveteli sites at getting publicity. Pre-launch they ran a sophisticated campaign with celebrities hinting, but not saying explicitly what the forthcoming project would be. Their t-shirt was even worn by an MP on national TV.

    For the solo activist, such promotional activity seems almost impossible, but news outlets have the contacts and resources in place to make it almost a routine task for them.

    10. Create your own buzz

    The press love lists and awards. One FOI site puts out an annual award for the best, the worst, and the most ridiculous  requests made in the previous year.

    This is a great idea for publicity, because as well as bringing the name of the site into the public consciousness, it also encapsulates a little lesson about how to use—and not abuse—FOI.

    Now go and do it

    So there you are: ten ideas to promote your site. Do feel free to add more in the comments below. And good luck!

    Image: Courtesy of the Boston Public Library, Leslie Jones Collection.

     

     

  7. WhatDoTheyKnow Team Urge Caution When Using Excel to Depersonalise Data

    WhatDoTheyKnow logomySociety’s Freedom of Information website WhatDoTheyKnow is used to make around 15 to 20% of FOI requests to central government departments and in total over 160,000 FOI requests have been made via the site.

    Occasionally, in a very small fraction of cases, public bodies accidentally release information in response to a FOI request which they intended to withhold. This has been happening for some time and there have been various ways in which public bodies have made errors. We have recently, though, come across a type of mistake public bodies have been making which we find particularly concerning as it has been leading to large accidental releases of personal information.

    What we believe happens is that when officers within public bodies attempt to prepare information for release using Microsoft Excel, they import personally identifiable information and an attempt is made to summarise it in anonymous form, often using pivot tables or charts.

    What those working in public bodies have been failing to appreciate is that while they may have hidden the original source data from their view, once they have produced a summary it is often still present in the Excel workbook and can easily be accessed. When pivot tables are used, a cached copy of the data will remain, even when the source data appears to have been deleted from the workbook.

    When we say the information can easily be accessed, we don’t mean by a computing genius but that it can be accessed by a regular user of Excel.

    We have seen a variety of public bodies, including councils, the police, and parts of the NHS, accidentally release personal information in this way. While the problem is clearly the responsibility of the public bodies, it does concern us because some of the material ends up on our website (it often ends up on public bodies’ own FOI disclosure logs too).

    We strive to run the WhatDoTheyKnow.com website in a responsible manner and promptly take down inappropriately released personal information from our website when our attention is drawn to it. There’s a button on every request thread for reporting it to the site’s administrators.

    As well as publishing this blog post in an effort to alert public bodies to the problem, and encourage them to tighten up their procedures, we’ve previously drawn attention to the issue of data in “hidden” tabs on Excel spreadsheets in our statement following an accidental release by Islington council; one of our volunteers has raised the issue at a training event for police FOI officers, and we’ve also been in direct contact with the Information Commissioner’s office both in relation to specific cases, and trying to help them understand the extent of the problem more generally.

    Advice

    Some of our suggestions:

    • Don’t release Excel pivot tables created from spreadsheets containing personal information, as the source data is likely to be still present in the Excel file.
    • Ensure those within an organisation who are responsible for anonymising data for release have the technical competence to fulfil their roles.
    • Check the file sizes. If a file is a lot bigger than it ought to be, it could be that there are thousands of rows of data still present in it that you don’t want to release.
    • Consider preparing information in a plain text format, eg. CSV, so you can review the contents of the file before release.
  8. Extracting Boundaries from OpenStreetMap – Part 2

     

    Hadrian's Wall by Joe Dunckley

    This is the second part of a two-part blog post about some of our work on making it easier to deploy FixMyStreet and MapIt in new countries. This part describes how to generate KML files for every useful administrative and political boundary in OpenStreetMap.

    The previous post on this subject described how to take the ID for a particular relation or way that represents a boundary in OpenStreetMap, and generate a KML file for it. That’s much of the work that we needed to create MapIt Global, but there are a few more significant steps that were required:

    Efficiently extracting boundaries en masse

    The code I previously described for extracting a boundary from OpenStreetMap used a public Overpass API server.  This is fine for occasional boundaries, but, given that there are hundreds of thousands of boundaries in OSM, ideally we don’t want to be hitting a public server that many times – it puts a large load on that server, and is extremely slow. As an alternative, I tried parsing the OSM planet file with a SAX-based parser, but this also turned out to be very slow – multiple passes of the file were required to pick out the required nodes, ways and elements, and keeping the memory requirements down to something reasonable was tricky. (Using the PBF format would have helped a bit, but presented the same algorithmic problems.) Eventually, I decided that a better approach was simply to set up a local Overpass API server, and to query that.  This is a great improvement – it allows very fast lookups of the data we need, and the query language is flexible enough to be able to retrieve huge sets of relations and ways that match the tags we’re interested in.  It also means we would no longer have problems if connectivity to the remote server went down.

    Another question that arose when scaling up the boundary extraction was, “Which set of tags we should consider as boundaries of interest?” On the first import, we considered any relation or way with the tag boundary=”adminstrative” and where the admin_level tag was one of “2”, “3”, “4”, … “11”.  At the time, there were about 225,000 such elements that represented closed boundaries. Afterwards, it was pointed out to me that we should also include elements with the tag boundary=”political”, which includes parliamentary constituencies in the UK, for example.  For later import purposes, I gave each of these boundary types a 3-letter code in MapIt, which are as follows:

    • O02 (boundary="administrative", admin_level="2")
    • O03 (boundary="administrative", admin_level="3")
    • [...]
    • O11 (boundary="administrative", admin_level="11")
    • OLC (boundary="political", political_division="linguistic_community")
    • OIC (boundary="political", political_division="insular_council")
    • OEC (boundary="political", political_division="euro_const")
    • OCA (boundary="political", political_division="canton")
    • OCL (boundary="political", political_division="circonscription_législative")
    • OPC (boundary="political", political_division="parl_const")
    • OCD (boundary="political", political_division="county_division")
    • OWA (boundary="political", political_division="ward")

     

    Importing Boundaries into MapIt

    The next step in building our service was to take the 236,000 KML files generated by the previous step and import them into MapIt.

    The code that creates the KML file for an element includes all its OpenStreetMap tags in the <ExtendedData/> section.  On importing the KML into MapIt, there are only a few of those tags that we’re interested in – chiefly those that describe the alternative names of the area.  We have to pick a canonical name for the boundary, which is currently done by taking the first of name, name:en and place_name that exists. If none of those exist, the area is given a default name of the form “Unknown name for (way|relation) with ID (element ID)”. There are also tags for the name of a country in different languages, which we also import into the database so that localized versions of the name of the boundaries will be available through MapIt with their ISO 639 language code.

    Another tricky consideration when importing the data is how to deal with boundaries that have changed or disappeared since the previous import. MapIt has a concept of generations, so we could perfectly preserve the boundaries from the previous import as an earlier generation. This would certainly be desirable in one respect, since if someone is depending on the service they should be able to pick a generation that they have tested their application against, and then not have to worry about a boundary disappearing on the next import. However, with quarterly imports the size of our database would grow quite dramatically: I found that approximately 50% of the boundaries in MapIt Global had changed over the 5 months since the initial import. Our proposed compromise solution is that we will only keep the polygons associated with areas in the two most recent generations, and notify any known users of the service when a new generation is available for them to test and subsequently migrate to.

    For reference, you can see the script that extracts boundaries and generates the KML files and the Django admin command for importing these files into MapIt.

    The end result: MapIt Global

    The aim of all this work was to create our now-launched web service, MapIt Global. As far as we know, this is the only API that allows you to take the latitude and longitude of any point on the globe, and look up  the administrative and political boundaries in OpenStreetMap that surround that point. We hope it’s of use to anyone trying to build services that need to look up administrative boundaries – please let us know!

    Photo credit: Hadrian’s Wall by Joe Dunckley,

  9. mySociety design tip: search box landing pages

    We use Google analytics to understand how people use, and find, our sites. This blog post is a summary of one deceptively simple way we use this information to get more people to use TheyWorkForYou, our UK parliamentary tracking website.

    Mallard

    "Mallard landing" (at Slimbridge) by LHG Creative Photography (CC BY-NC-ND licensed from Flickr)

    One technical term: landing pages are the pages on a website that a user first arrives on from a particular link or search result. In this case, we created explicit landing pages. That is, we made these pages solely to be the target of search results. They serve no other purpose in the structure of the site; they are like super-focussed homepages. If you’ve read the blog post about minimising clicks on the homepage you’ll see that this is a clear example of that principal in action.

    We added two specific landing pages to TheyWorkForYou — here’s one of them: http://www.theyworkforyou.com/parliament/

    This page exists for a simple reason: we know that someone who uses the word “parliament” when searching on Google is probably looking for something that TheyWorkForYou can help with. By creating the “parliament” landing page, we are able to offer a page that is more likely to serve them. Incidentally, we try to make sure that searches lead to the landing page by using Google Adwords, and encouraging the Google bots to associate the page with the keywords, and other things too — but those are not the details this tip is about. Instead, look what we’ve put on that page. You’ll see it includes a set of useful explanations about parliament (it’s very common for people not to know how their parliament works), as well as a search box.

    That search box is the same one that appears on every other page on the website, in the top right-hand corner.

    But on this landing page, we’ve changed the prominence of the search box by putting it right in front of your eyes. And we added the caption: “Search for any word or phrase – see if it’s been mentioned in Parliament”.

    Yes, there’s no technical magic here. No special code. It’s our regular search box. The difference is that on this page we know the user is thinking about parliament, and that search box does indeed search extensive records of what’s been happening in parliament. If we didn’t do this, we could leave the user to figure it out for themselves. They might of course… or they might give up. As you’ll have noticed if you’ve read the previous design tips, we don’t want users to give up, ever.

    We did it again for “Hansard”. What’s Hansard? It’s the name of the transcript of all UK parliamentary debates, published by Parliament itself. Someone who knows about Hansard might be searching for it (on Google, say) and not realise that TheyWorkForYou has the entire transcript available for search. So we added another landing page. Again, it’s the same search that’s on all the other TheyWorkForYou pages, but now — for a user who’s already identified as someone who knows that Hansard exists — it’s clear that the search will do what they expect.

  10. mySociety design tips: avoiding duplicate messages

    duplication

    One of the common elements you will find across mySociety’s sites is that they have features designed to reduce duplicate messages or reports being sent to politicians, governments or companies. We often do this in quite a subtle way, so it is worth spelling out here how we do this across several sites:

    • If you start to report a broken street light or pothole on FixMyStreet, you’ll see local problems before you start to type in your own details. This means if the problem is already there, you can see before you waste any effort.
    • If you use WhatDoTheyKnow to send a Freedom of Information request to a public body, we provide a facility which encourages users to search through other people’s requests before they type their new request in.
    • If the 08:10 train you take to work is always late, when you go to report it on FixMyTransport, we show you all the other problems already reported on that route. If someone else has already set up a page, you can press the big green ‘join’ button, and show your support.
    • If more than a handful of people try to use WriteToThem to send an exact duplicate of the same message to a politician, it will prevent it. This is because we know that politicians listen much, much more to individual messages from constituents than bulk mails.

    This pattern – trying to intervene before people write identical messages or reports – is a design decision that makes a big difference to the way these sites operate. As usual with mySociety sites, this little feature seems like the sort of thing that would be quite tempting to skip when building a copy. But it really matters to the long term success of the sites. There are three reasons why.

    First, there is a simple public benefit that comes from saving time. There’s no point us wasting your time if a report or request has already been sent, especially around minor issues. Saving your users time makes them happier and more likely to enjoy their experience.

    Second, if you can spot that someone is about to send a duplicate message, we may be able to encourage that user to support the existing report instead of making a new one. For example, on FixMyStreet you can add an update to an existing pothole report (“it’s getting worse!”).

    This feature is most visible, and most mature, on FixMyTransport, where users are clearly encouraged to ‘support’ pre-existing reports, rather than making new copies.  By discouraging duplicate reports, we let people with a shared problem work together, even if this only means adding themselves as a “supporter” and doing nothing else. We know that many people search for, and find, problem reports which have turned into these little campaigns, which they then join and help. So even if they are only reading them (not joining them) that exposure can have some value to the people affected. This would be diluted if we created lots of similar reports about the same problem.

    Third, we discourage duplicates for the benefit of the governments and companies receiving messages. We don’t think FixMyStreet is effective because it lets people moan: we think it’s effective because it helps local government to be effective by giving them good quality reports about local problems, in formats that area easy to handle. This good quality reporting increases the chance that the government will understand the problem and act on it, which leads to our main goal – citizen empowerment. Recipients are unlikely to help users if many of the messages they get are confused, inaccurate or duplicates, so we work on all these fronts.

    So if you haven’t thought about this before, notice how the “work flow” through our sites makes you see similar problems before you’ve finished reporting your own. This is the implicit way to prevent duplication. We don’t have “Stop! Warning! Check this is a new problem!” messages, because we never want to discourage genuine users. But the careful design of the interface gently discourages, successfully, duplicate reports, and encourages supporting of other items.

    It’s never possible to entirely prevent duplication. But we try hard, because it’s always better to join people together around common causes, than it is to let them struggle alone.