Manage the risk of disclosure of confidential information
How to protect your business' confidential information if you share it with public bodies subject to an FOI request.
The Freedom of Information (FOI) Act applies to public sector bodies. If your business provides goods or services to them, any shared information could be at risk of disclosure through an FOI request.
Information at risk of FOI disclosure
Types of information at risk of disclosure under the FOI Act include, for example:
- reports, annual returns and investigations you provide to public bodies
- public tenders or contracts details
- public consultations responses
- information relating to planning or development
Public authorities may also hold your financial records or other commercially sensitive data, which could qualify for exemption. See FOI and commercially sensitive information.
How to manage the risk of FOI disclosure
You cannot remove all risks associated with sharing information with public bodies, but you can take the following steps to reduce them.
Label information as 'confidential' or 'restricted'
If the information is confidential or commercially sensitive, think carefully if it is necessary to disclose it. If it is, mark it clearly as 'confidential' or 'restricted'. Submit it separately from other data to avoid accidental disclosure. Keep in mind that simply labelling information 'confidential' does not guarantee exemption.
Include consultation rights in contracts
Agree consultation rights in your contracts with public bodies, ie the right to be informed before any disclosures, so you can object before information goes public. Avoid blanket confidentiality clauses and tailor terms and conditions to FOI risks to minimise any impacts.
Train staff and set procedures
Train staff on FOI requirements, data protection and the potential risk of information disclosure. Create policies and procedures for sharing data with public bodies. Track what you share with them, review it regularly, and assign FOI responsibility to a named person or team within the business.
Understand exemptions
If someone makes an FOI request about your business, a public authority may have to release the information unless an exemption applies. It is worth understanding how exemptions work to know how to object during consultation and argue against the release of sensitive business data.
FOI brings both risks and opportunities for your business. While disclosure of sensitive details could put your business at risk, FOI lets you request useful information from public bodies, such as details of procurement criteria and tender process, decisions, previous contract awards and supplier details, and even competitor bids on business contracts. Find out how to use FOI to your business advantage.