Jisc case studies wiki Case studies / FOI KCL full report
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

FOI KCL full report

FOI research project

 

King's College London

 

Background

 

King's College London was one of seven universities selected in December 2011 to participate in 'Calculating the resources and required to respond to FOI requests within HEIs', a project funded by JISC infoNet to assess the cost of Freedom of Information Act (FOIA) compliance by tracking five requests received in January 2012 and recording the processing costs in staff time and non-staff costs (e.g. photocopying).  Project participants were also asked to complete the JISC infoNet Records Management Maturity Model to enable assessment of the linkage between FOIA compliance and the state of development of the institution's records management systems.

 

King's receives a high volume of FOIA requests, with the monthly totals in 2010 being consistently above the average for the sector reported in the JISC Information Legislation and Management Survey (see figure 1).

 

Figure 1: average FOIA requests per month in 2010 (King’s and HE sector average).[1]

 

The College has a centralised approach to FOIA compliance, with the responses to all requests being co-ordinated and issued by the Legal Compliance team (2.0 FTE).  The establishment costs of the team (including on costs and senior management time) are approximately £114k. Although the team is also responsible for Data Protection compliance, FOIA compliance accounts for a substantial part of its workload.  The College has long been aware that responding to requests also requires the engagement of staff at all levels throughout the institution. The JISC project was therefore welcome as it provided an opportunity to quantify the inputs of staff inside and outside Legal Compliance and assess the overall cost of FOIA compliance.

 

The methodology for the project was primarily determined by JISC infoNet. Participants were required to complete an on-line data collection tool, which included summary details for each request (e.g. full text of the request, subject area, type of requestor) and an anonymised 'individual log' to record the time spent by individual staff on request processing activities.  Rather than providing staff outside Legal Compliance with a link to this tool (as suggested by JISC infoNet), we decided to gather information on staff inputs by circulating a Word data collection form. This included an explanation of the project, JISC infoNet’s categories for classifying request processing activities and explanations of these categories provided by JISC infoNet. Staff were asked to complete the form and return it to Legal Compliance, which entered the data into the online tool.  We adopted this approach because we were concerned about the potential for confusion over use of the 'individual log ' (in which requests were identified by a number and there were multiple entries relating to individual requests), and because it was possible for anyone with access to overwrite existing entries.

 

Participating universities were required to track two 'round robins' (requests received by all the participants) and three other requests in order of receipt in January (a requirement which was relaxed by JISC infoNet to allow some of the other institutions to track requests which arrived over the Christmas closure).  Identifying requests which had been received by all of the participants proved to be more difficult than anticipated; ultimately, only one request fell into this category.  To allow data to be available for the post-legislative scrutiny of FOIA, a pragmatic decision was made to allow requests which been received by multiple institutions (if not necessarily all of them) to be treated as the second 'round robin'.  A more extended period for data collection (see ‘Key lessons learnt’) might have avoided this problem by allowing other potential 'round robins' to be assessed.

 

As indicated, the Legal Compliance team was responsible for central coordination and entering data into the online tool.  Records management services at King's are provided by the Archives and Information Management team which completed the Records Management Maturity Model, with input from other College departments (notably Information Technology Services, and Audit and Business Assurance which reviewed the form).  Both teams liaise regularly and are based in the Directorate of Students and Education Support.  Overall management of the project rested with the Director of Governance and Legal Affairs Management, to whom Legal Compliance reports.

 


[1] Comparator data taken from JISC infoNet’s Information Legislation and Management Survey 2010 at http://www.jiscinfonet.ac.uk/foi-survey/2010  

 

Outcomes

 

All of the requests tracked by King’s received responses within the 20 working day deadline.  The information requested was released in full in four cases. For the fifth request, some information was released and other information was withheld under s.12 of FOIA (the 'appropriate limit’).  No requests for an internal review were received relating to these responses, so this aspect of compliance could not be measured; allowing a more extended period for data gathering (see ‘Key lessons learnt’) in future sampling exercises would help to address this.  In the opinion of Legal Compliance staff, no particularly unusual issues were presented by these requests.

 

The grades of staff involved in request processing activities ranged from grade 5 to ALC6,. A surprising feature was the extent of input of senior management grades (8 and ALC6), which together accounted for about 25% of the time spent actively working on the requests, or 35%  of staffing costs.  . This would seem to indicate that departments are passing FOIA requests to the higher levels of the management chain.

 

There was a divide in the types of activities performed by staff in and outside Legal Compliance.  64.1% of Legal Compliance time was accounted for by 'receipt, logging and initial analysis' and 'redaction of exempt information and preparing the information for release' (activities which were only performed by this team), with 'reviewing the information' accounting for the remainder.  By contrast, staff outside Legal Compliance were overwhelmingly concerned with 'locating and accessing relevant information' (79% of their time), 'reviewing the information' (14.8%) and 'identifying the relevant information' (4.3%). 

 

Completion of the Records Management Maturity Model has identified that while the College’s paper records management (RM) service is well embedded in many areas, there is always room for improvement. The assessment will feed into the JISC Transform project, which is attempting to benchmark the College’s progress from paper RM to digital RM and identify barriers and opportunities.[1] Digital records management is also being worked on as priority within the Optimising Data Management project[2], and future work around electronic student records and research records is planned.


[1] http://www.kcl.ac.uk/library/info-management/projects/index.aspx

[2] A project (2010-12) to address data management issues identified during use of the College's current information technology systems and practices. The project will deliver storage as a service, data storage monitoring, implementation of the PEKin digital repository for archival data, and training and support for all College staff managing data: http://www.kcl.ac.uk/library/info-management/projects/index.aspx 

 

Key lessons learned

 

The five FOIA requests monitored as part of this project equate to 2.9% of the total requests which the College received in calendar year 2011.  Consequently, while it has indicated questions which warrant further investigation (such the degree of involvement of senior staff in request processing activities), we are concerned that the sample may have been too small to convey an accurate picture.  In the view of Legal Compliance staff, some of the requests which were captured during the project's short window were relatively straightforward in FOIA terms; the average time spent actively working on each request was 3.8 hours. The most time consuming request was that where the s.12 exemption was invoked, where 35% of total time expended was spent actively working on those parts of the request which the College believed could be answered within the ‘appropriate limit’ of 18 hours of staff time. The s.12 exemption was invoked in 18% of the College’s responses in 2011 (39% of total exemptions used), indicating that a significant proportion of requesters are submitting requests that go beyond the statutory threshold.

 

The overall cost of responding to these five requests, when scaled up, does not reflect what we know to be the cost of FOIA compliance in terms of the establishment costs of the Legal Compliance team (disregarding the inputs of other staff). Monitoring more requests over a longer period would produce data in which more confidence could be placed (e.g. all requests received over three four-week periods, two in the academic year and one in the summer). This would also increase the likelihood of capturing data on activities associated with internal reviews, and would make it easier to identify and track ‘round robins’ across multiple institutions.

 

Co-operation from staff was generally very good and was a pleasing feature of the project.  Staff appeared to understand the purpose of the project and willingly provided the data requested.  Legal Compliance found the data collection tool to be easy to use and entering the data did not require any significant amount of time. These aspects would seem to bode well for future data collection exercises.

 

Other lessons which we believe emerge from our experience are: 

 

  • the desirability of calculating costs based on exact salaries - this can make a difference and should be preferred where possible;
  • tracking should distinguish between the activities of the central FOIA compliance unit (where one exists) and other staff who are called on to assist, as the two groups may be involved in distinct aspects of request processing; and
  • staff should be presented with categories for classifying activities which are clear, straightforward and accompanied by adequate definitions. In any future project, it may be desirable to simplify the categories used even if that makes it more difficult to compare with the results of the annual Information Legislation and Management Surveys.

 

The Records Management Maturity Model was found to be reasonably easy to use and proved a useful exercise to benchmark where the College is at present. Some of the levels against questions could have been sub-divided further so that they could be scored independently.  In several cases, we could score aspects of several levels against the questions and have noted this in the notes fields. 

 

Summary & reflection

 

We believe that this project has demonstrated the viability of a cross-institutional approach to assessing the resources required to process FOIA requests. However, a larger sample would generate data in which more confidence could be placed and would make institutional comparisons easier. King’s would be willing to participate in any follow-up study undertaken by JISC infoNet, and may consider adapting the project’s methodology to develop its own data collection exercise.