FOI Man explains why he’s a convert to Disclosure Logs

One of the suggestions in my evidence to the Justice Select Committee is that consideration be given to making disclosure logs mandatory for large public sector bodies. It seems sensible to me that if responding to an FOI request is de facto disclosure to the world at large then why don’t we do just that?

I’m not alone – I know that others suggested it too. But why do I think it is such a good idea?

Towards the end of last year I implemented a disclosure log at my own organisation. Most responses are published there. My experience so far has been very positive. I’ve been able to refer several requesters to the information already published, saving my time and allowing a prompt response. Referral to the answers in the disclosure log is much more common than referral to information published through our publication scheme.

The publication scheme, I think, is just too blunt a tool to answer most requests. Most requesters want to drill down further than the published information, which tends to be at a high level. They want to know things that aren’t routinely published.

But having said that, I’ve noticed that in the case of my current organisation at least, many subjects do come up time and time again in requests. So responses published through the disclosure log are actually useful, both to me and to prospective requesters.

So based on my own experience so far, I’d definitely encourage fellow FOI Officers to consider introducing a disclosure log if they haven’t already. Interestingly, when the Protection of Freedoms Bill becomes law, we’ll all be required in effect to maintain a disclosure log for datasets (section 102(4) amends the FOI Act to the effect that publication schemes must include datasets disclosed under the Act), so maybe that will prompt more public bodies to maintain logs for all disclosures.


  1. I’m unconvinced that disclosure logs are the right way to go, to be honest. I don’t believe that the benefits outweigh the potentially large administrative burden.

    It may be slightly easier to maintain a log in organisations which don’t receive huge numbers of requests, but in others it is a massive undertaking. I used to work for a local authority, who received 10 times as many requests as, say, a university. Just keeping the log up to date would have taken days, particularly when responsibility for responding is devolved across directorates. That was time I did not have to spare.

    It becomes an even bigger task if you want to make the disclosure log searchable or user-friendly – for me it has to be something more than just a chronological list of responses if it’s going to be in any way useful.

    I also question the genuine worth of publishing responses that can quickly become out of date. If someone asks for some information over specific timescales, can you really point them to a response from 5 months ago which answers the same question but for different dates? Or do you have to do the work to bring it up to date anyway? And that’s without thinking of the numerous other variations there can be on requests for the same information.

    Final criticism of them as a concept – do they actually save you any time in responding to requests? Very few, if any, requesters seem to research their requests prior to sending them, so you’ll have to send them an email directing them to the log. However, if you’ve already responded to the same request, then you’ll have the previous response to hand and can just send that to them. So you’re sending an email one way or the other.

    Now to the constructive bit. If you’re going down the publication route, I actually believe that pro-active publication of the information itself is by far the better way to go to achieve the same aims. Authorities should identify the classes of information that account for the majority of requests where they are able to relese the information, and just publish it all pro-actively. If it’s data that is likely to change, then update it regularly (quarterly at the very least). Most, if not all, policies, procedures, financial information and committee minutes should be published as a matter of course anyway. The workload is therefore shared around those people with responsibility for their department’s web content, and I honestly believe it’s a more useful approach to transparency.

  2. Thanks PD. Obviously we all have to consider best use of resources. However, I don’t see why a disclosure log has to be particularly resource intensive, unless the content management system used by the authority is difficult to use (which I acknowledge is feasible!). It’s simply a matter of copying and pasting your responses into a web page, which if done regularly enough, is manageable. And whilst of course the volumes differ in different authorities so publishing everything may be difficult, many authorities opt for a selective disclosure log – so you only publish the responses that you think are of wider interest.

    In terms of searchability, I agree that it’s best to design your log to be as user-friendly as possible. But at its most basic, surely anything you publish will at least be searchable using a search engine? Increasingly my opinion is that we should be trying to get as much out there as possible – even if it’s not perfect. We really can’t predict what people will be interested in, but at the very least I think that past performance is a reasonably good indicator, and until you get round to pro-actively publishing the most popular information, the Disclosure Log is very useful.

    Of course they don’t help in every case – the details differ as you point out – but they’re useful in enough cases to make one worthwhile, I’d suggest. It probably doesn’t save much time as you say if you’re well organised behind the scenes, but I’d argue that Disclosure Logs demonstrate transparency – it’s a good way for us as FOI Officers to set an example to the rest of our organisation.

  3. You make some fair points. I didn’t mean to come across as completely opposed to the principle of them, but mandatory logs feels unnecessary.

    When you receive increasing numbers of FOI requests each month, and also have responsibilities in data protection, records management, information security, intellectual property, PECR and RIPA, adding any unnecessary administrative tasks on the back end of FOI requests just to give an additional appearance of transparency falls fairly low down on your list of priorities!

    Call me cynical, but experience of publication schemes tells us that very few people ever look at them, and I’m not convinced it would be any different for disclosure logs…

    At the end of the day, a good website with plenty of information pro-actively published and sensibly structured should be the real aim. You might be right when you say that something’s better than nothing, but it just won’t, and shouldn’t, be a priority in a lot of organisations right now.

  4. The system we have fairly recently implemented automatically puts every response and supporting documentation onto the disclosure log so apart from the initial set up there is no time or effort cost to it. On that basis it would almost seem churlish not to.

    We can and do refer people to the Log or indeed to WDTK if their answer is on there already but I agree they seem underused. However it is likely extremely difficult to know how many requests you DON’T receive due to the fact that someone has already obtained the answer from your disclosure log. After all, if they’ve already got what they need, they’re not likely to put in a request for it.

    I completely agree though that proactive publication on a well developed website with good search functionality would go a fair way to reducing the ever increasing numbers of FOI’s.

  5. I name and shame those who, between them, easily account for in excess of 20% of requests made to NHS organisations and who do not apparently check annual reports and accounts, ONS population statistics, published policies and procedures which are all already on websites of most NHS organisations. So I doubt whether they would bother with disclosure logs, if published. They’d apparently rather just put in a request to hundreds of organisations on a mailing list than use a search engine – and as they promote themeselves as specialists in the health sector, FOI requests for easily publically available information, or information which they should KNOW is not possible to obtain are bound to cause irritation:

    – Pulse (over 10% of requests annually to our organisation all by themselves – record to date is 6 in one day I think? And train your journalists in how the NHS works, please)
    – Haymarket (GP Newspaper and others)
    – Emap (Health Service Journal and others)
    – Binleys
    – 2020 Health
    – NHS Database

    It’s not just the ‘zombie emergency plan’ requests that are irresponsible. Even a Section 21 exemption takes time to issue, or the response can be more time-consuming to answer if we know that the information is published but have to get internal specialist response on where (externally) it can be found and/or what level of detail is available (I’m thinking particularly of ONS type queries here).

    Disclosure logs: great idea, agree they should be mandatory. But doubt they’d save much in resources.

  6. Secretgeek over simplifies the creation of a disclosure log here. Unless a request has been made in a public forum such as WDTK you cannot simply automatically put the response onto the web as the requester at least is entitled to anonymity, and his identifying info needs to be redacted. And that hides a bigger issue that , certainly for a local authority, many requests are a mix of FOI and DP SAR. Pragmatically the easiest way to deal with these is in one go and not to redact requester PD. However you cannot do that if it is going to be published (by you – requester can if he wishes to waive confidentiality) . You would have to go through a time consuming exercise of separating the 2.

    Phil Bradshaw

Comments are closed.