Jisc case studies wiki Case studies / FOI Dundee full report

log inhelp

  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

FOI Dundee full report

FOI research project

 

University of Dundee

 

Background

 

The University of Dundee participated in the JISC research project ‘Calculating the resources required to respond to FoI requests’ during January and February 2012. Details of the aims and objectives of the project are available at http://www.jiscinfonet.ac.uk/foi-survey/research-eoi.

 

The University’s objectives in participating in the project were to:

 

  1. Assist the Higher Education sector in establishing a more realistic impression of the costs and regulatory burden arising from compliance with information legislation.
  2. Consider those costs within an institutional context by collecting time/cost data in addition to those metrics normally recorded.
  3. Benchmark local processes against those of other participating Higher Education Institutions (HEIs).

 

The University’s Records Manager and Information Compliance Officer is responsible for the management of information compliance within the University and is a central point of contact for all requests for information not normally processed by the University in the course of routine business. Requests are managed via this central point of contact to minimise the pressure of regulatory compliance on the institution and to attempt to ensure consistency in the application of the technical aspects of the legislation. Information is collected from service areas and analysed by Records Management Services, prior to the development of draft response which is circulated to stakeholders and senior management (where appropriate) for approval. The University’s response is then issued from Records Management Services.

 

The management of the University’s participation in this project was delegated to the Records Manager and Information Compliance Officer with the approval of line management and the Secretary of the University.

 

The University was requested to record information on five freedom of information requests received in January 2012; two round-robin requests (agreed with the project’s partners) and three other ‘random’ requests. In the case of the University of Dundee the requests were the first five received in 2012. The University was asked to record:

 

  • the nature of the requests;
  • the responses (in respect of the application of exemptions or cost calculations);
  • any explicit costs associated with the requests; and
  • the time spent by all members of University staff involved in responding to the requests so that the hidden costs of compliance (in respect of staff time) could be established.

 

This information was collected centrally by the Records Manager and Information Compliance Officer and entered into the data collection tool provided by JISC. The Director of Human Resources and the Secretary of the University granted approval to access information on staff grades. A centralised approach was taken as it mirrored normal procedures for responding to requests (ie data collated, analysed and responses drafted by Records Management Services) and required the minimum of additional input from colleagues throughout the institution. Similarly, data collection was based on the reporting of activity to the nearest 10 minute block to minimise the impact of the study on University staff. Centralised reporting also facilitated a consistent approach to the interpretation of the labels provided in the JISC data collection tool.

 

The University was also asked to complete the JISC Records and Information Management Maturity Model http://www.jiscinfonet.ac.uk/records-management/measuring-impact/maturity-model and to provide feedback on its outcomes and applicability.

 

Outcomes

 

In participating in this project the University noted the following in respect of the requests considered:

 

  • That the requests examined in this project were all relatively straightforward once the scope of the request and intended response had been agreed internally.
  • That all applicants received a response within the 20 working day time limit.
  • That no applicant who had information withheld has requested an internal review of that decision (as at February 2012).
  • That there were no explicit costs generated in complying with the five requests selected. All information was held and sent electronically.

 

The management of information compliance requests in the University of Dundee does appear to be broadly successful. The model employed by the University of a central point of contact for the management of requests with knowledge of the legislation and of key stakeholders within the institution achieves compliance within the statutory time limit and in an appropriate manner. It also absorbs the pressure that would fall on other areas of the University if they were required to respond to requests themselves. Having a single locus of knowledge assists in the scoping and processing of requests and in the application of the technical aspects of the legislation in a consistent and defensible way.

 

The requests selected for this project, although random, were all relatively uncomplicated, once an appropriate scope for the University’s response had been determined. Where analysis of the request and the University’s data did indicate that full compliance would breach the fees ceiling associated with the Freedom of Information (Scotland) Act it was  possible to scope the requests in a manner which provided the applicant with meaningful data, but in a manageable way for the institution. To date, the applicants have accepted the way that the University approached their requests.  

 

The straightforward nature of three of the requests and the ability to simplify the scope of the remaining two has skewed the data collected. Although each request required an average of 3.5 hours of staff input, experience suggests that more sophisticated requests would have required a greater amount of time. It would be worthwhile to undertake a repetition of this study, perhaps in six months or a year, or to repeat the exercise with a greater number of requests to attempt to capture a more representative sample and a clearer indication of the work involved in information compliance.

 

Participation in the project has been worthwhile. It has confirmed that the University’s existing data on response rates within the 20 day period is accurate and has provided an agreed sectoral metric by which staff costs can be measured consistently.  That metric is significantly more accurate than the statutory cost calculation used to determine excessive cost of compliance, however the estimated cost to the institution is likely to be significantly higher due to the uncomplicated nature of the requests considered in the project and their lack of explicit costs.

 

As yet the University is unable to benchmark itself against the outputs from the project, but expects that process to be informative. 

 

Key lessons learned

 

The project was conducted at a time of significant change for the University as it coincided with the transition to a new email system. Email is arguably the primary means of communication within the University and is essential for the processes and workflows used to manage information compliance requests. The lack of a wholly stable system during the project highlighted three key points. Firstly, that robust access to shared email resources is essential for FoI compliance. Secondly, that a vast quantity of University information is still stored within email. Finally, that taking part in a collective research project is impossible without multiple mechanisms for communication.

 

The email transition has been completed and systems have normalised since the start of the project. There are also projects underway within the University to reduce the reliance on email as a de facto store for information. However, taking part in a JISC research project whilst at the same time coping with a major platform change, highlighted once again the embedded nature of email culture within the Higher Education sector.

 

A second area of interest arising from the project was the way that JISC and others compartmentalise the process of responding to requests, splitting it into distinct stages. Although the workflow provided in the data collection was not strictly linear (ie ‘a’ must be completed before moving to ‘b’ etc), a degree of linear progression in the management of request was implied. The experience at Dundee is that the process is more fluid that this would indicate with correspondence and telephone conversations between the centre and originating departments taking place on many aspects of a request concurrently. This is particularly apparent following receipt of the request during the scoping/data collection phase and during the review/drafting phases as the response is shaped. This may be due to a small and localised FoI team interacting with the rest of the institution, but an open dialogue on the entirety of the response has proved useful in the past to ensure that all relevant information is considered appropriately and that the final response is an accurate representation of the University’s position. An investigation of the workflows used in HEIs to respond to requests under information legislation could form a useful part of any future development of this research project.

 

Finally, taking part in this research has reinforced the benefit of considering an applicant’s request in a holistic way and trying to manage the institutions relationship with them as clearly as possible. A small number of requests received were so vast in scope that there was no way they could have been answered within the fees limit associated with the Act. As such, the University rejected parts of the requests on costs grounds, but was able to provide analogous information at a higher level. Although not what the applicant had hoped for in terms of detail, this approach minimised the potential for misunderstanding between the applicant and the University and reduced the likelihood of the applicant requesting an internal review following receipt of the University’s response.

 

Summary & reflection

 

This is a worthwhile and important piece of research. There has been no attempt to date to establish meaningful costs of information compliance within the Higher Education Sector and this project goes some of the way to doing so. In respect of lessons for both the project and the sector, the University recommends that this research be extended as follows:

 

  • An increased sample size taken at two points in the year to try and capture a more complete picture of the type and implications of information compliance for the sector.
  • That a partner study be set up to examine the impact of other legislation such as the Data Protection Act. (Subject Access Requests generally involve significant amounts of screening and redaction, and require specialist knowledge of a highly technical piece of legislation).
  • That JISC consider a project to examine FoI-workflows to establish whether there any lessons for the sector to minimise regulatory burden.
Printable version