Out-Law News 2 min. read

ICO: 'strong case' for suppliers with 'significant' public contracts to be subject to FOI rules


There is a "strong case" for suppliers that perform services outsourced by public sector bodies to be designated as subject to freedom of information (FOI) rules in the UK where they hold "significant" contracts, the Information Commissioner's Office (ICO) has said.

Although commercial contractors can be required to disclose information under the FOI Act where that information is 'held' on behalf of a public body, the watchdog said that contracts between public bodies and their outsourcing partners "do not normally define specifically what information is held on behalf of a public authority".

The ICO said the growth in the outsourcing of public services had led to reduced transparency and said changes to the FOI Act (FOIA) could be made to "give a more specific steer" on what information suppliers should need to disclose.

It said the law should be updated to ensure that "information held by a contractor in connection with their delivery of an outsourced service is always considered to be held on behalf of the public authority".

The ICO said, though, that an alternative change to FOIA could be made to increase transparency. That would see suppliers that perform "significant" public service contracts placed subject to the Act.

"Section 5 of FOIA was intended to be used to designate major public sector contractors as public authorities, in terms of the public functions they deliver on behalf of the public authority," the ICO said in a new report on transparency in outsourcing (29-page / 378KB PDF). "Alternatively, FOIA could be amended so that all information held by a contractor about work under a contract is considered as held on behalf of the public authority."

"Given the range of outsourcing, it is clearly not proportionate for all contractors to be designated as public authorities. But we do feel there is a strong case for designating outsourced services as falling under FOIA when they are of significant monetary value and long duration: for example, those over £5 million in value or continuing over 5 years or where the contractor solely derives its revenue from public sector contracts," it said.

There are existing standard contract clauses that can be used by public bodies when outsourcing public services which refer to the suppliers' need to disclose information held in connection with that service provision.

However, the ICO called for public body-supplier contracts to specify what information suppliers will be said to hold on behalf of the authority and for there to be proactive disclosure of certain details about the way outsourced public services are being delivered.

The ICO said: "When the contract is being drawn up, the public authority and the contractor should agree what types of information are held on behalf of the public authority (and is therefore in scope of FOIA requests). They should also set out the responsibilities of both parties in relation to how requests are handled."

"A default position should be that performance information is routinely published, although there may be exceptions for sensitive information. The default should also be that datasets related to outsourcing e.g. key performance indicators are disclosed in re-usable open formats and under an open licence," it said.

The ICO published its report alongside new guidance for public bodies on outsourcing and the FOI regime (27-page / 565KB PDF).

The guidance, among other things, explains that public bodies need to be aware of rules under FOIA which place restrictions on the disclosure of trade secrets or other commercially sensitive information, personal data and other information provided in confidence.

Public bodies should withhold information provided to them by third parties in confidence where its unauthorised disclosure would amount to "an actionable breach of confidence".

In its guidance, the ICO said that an 'actionable breach' is one where the person providing information in confidence would "more likely than not" be successful in any court action over the unauthorised disclosure of the information. However, it said public bodies need to consider where there is a public interest in the disclosure.

"A public authority would have to consider the public interest arguments for disclosure, in order to assess whether disclosing information would be an actionable breach of a duty of confidence, and thus engage the exemption," the ICO said.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.