“Skills gaps will challenge ability to handle FoI requests in the public sector” suggests Iron Mountain study

According to a study conducted by Iron Mountain, organisations in the public sector are struggling to balance demands for transparency with the need to protect data. While an overwhelming 96% of public sector bodies claim to be prepared for all Freedom of Information (FoI) requests, and 88% state that their responses fully comply with data protection laws, one third (or 35%) of respondents admit that skills gaps are putting this situation at risk.

To conduct its market research, Iron Mountain spoke to senior executives1 responsible for information management and digital transformation in a wide range of public sector bodies. The research uncovered “a landscape of contradiction” as organisations insist they can cope with FoI requests, but are at times compromising sensitive and confidential records as a result.

Examples of such behaviour include a council sending out the names and National Insurance numbers of 1,800 benefit claimants in response to an FoI request about housing and an ambulance service revealing the religious beliefs of its 2,800 staff in response to an unrelated request from a local radio station.

The Information Commissioner’s Office (ICO) has felt compelled to issue advice to organisations on how to reduce the number of FoI-related data leaks2.

The Iron Mountain study also found other areas that could reduce an organisation’s ability to respond effectively and securely to FoI requests. In 61% of those organisations questioned, documents are regularly lost internally or misfiled, while the closure or relocation of public sector offices has compromised the accessibility of important information for half (51%, in fact) of those surveyed.

Phil Greenwood of Iron Mountain

Phil Greenwood of Iron Mountain

“The trials of transparency are proving a real, if somewhat unacknowledged challenge for professionals operating within the public sector,” asserted Phil Greenwood, director at Iron Mountain. “The number and nature of related data breach incidents speak for themselves. Freedom of Information is an important and worthwhile right, and one that open democracies can be justifiably proud of. We just need to make sure that responses are handled with care, accountability and responsibility so that individual data protection rights are not compromised.”

Greenwood added: “Among other things, this requires professional information management and support, skills training and effective policies and guidelines. The ICO issued its advice a year ago, and yet the incidents are still happening. It’s high time we all worked together to render such occurrences a thing of the past.”


1Information Management in the UK Public Sector (Colman Parkes for Iron Mountain). The study questioned 150 senior information management, transformation, IT, procurement and record management executives in central Government departments, executive agencies, non-departmental Government bodies and arms-length bodies


About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts