The Freedom of Information (Scotland) Act 2002 (FoISA) came into full force on 1 January 2005. FoISA aims to increase openness and accountability in government and across the public sector by ensuring that people have the right to access information held by Scottish public authorities. People will be able to see and question how such bodies function and how decisions are made. 

There are three main strands to the Act:

1. Publication Scheme

FoISA requires public authorities, including QMU, to maintain a publication scheme that sets out the types of information we routinely make available. The scheme also provides details of how you can access this information, and whether it is available free or if there is a charge.

2. Individual Requests

FoISA permits the public to request any information held by Scottish public authorities, including QMU. The request does not need to mention FoISA.

3. Records Management

Public authorities are required to implement records management policies to ensure effective management of what information they have, where it is kept and how long they keep it. Effective records management is central to FoISA requests. 

Who does it apply to?

FoISA applies to practically all public bodies in Scotland, including local authorities, the NHS, Colleges and Universities, the police, the Scottish Parliament and the Scottish Government. FoISA also applies to companies wholly owned by a public authority and, if designated, it may even apply to private companies carrying out a function for a public authority, for example under a contract. A full list of the organisations affected is set out in the Act and further bodies can be added by the Scottish Ministers. FoISA applies to Queen Margaret University because it falls within the category of higher education institutions and is therefore a public authority for the purposes of FoISA.

What does Freedom of Information mean for QMU?

The University has been required to develop a publication scheme so that the public can see what sort of information it holds. Where information is not proactively made available through this scheme, QMU will have to respond to specific requests for information. FoISA allows anyone (individual or organisation), anywhere to ask for information from a Scottish public authority. It does not matter how old the information is or why it was created, if the authority holds the information then it will have to give access to it, provided that an exemption does not apply.

How does FoISA fit with other legislation?

The Environmental Information (Scotland) Regulations came into force on 1 January 2005. Every Scottish public authority now has a duty to make available environmental information on request. Although the intention of both pieces of legislation is to allow the public access to information, there are some differences between the two that are highlighted on the Office of the Scottish Information Commissioner's (OSIC) website.

The Data Protection Act 1998 covers personal data held by the University about a living person. It enables the individual to (a) request access to all personal data about themselves that is held by the University, and (b) ensure that the personal data will only be held for specific and valid purposes. Further information on FoISA and the Data Protection Act is available on these webpages.

What happens if QMU does not provide information?

FoISA is enforced by the Scottish Information Commissioner. The Commissioner has a wide variety of powers under FoISA to ensure compliance, and QMU could be found in contempt of court if it fails to comply with a notice issued by the Commissioner.

The Commissioner is a fully independent public official, and has duties and legal powers to ensure that the public get the information from Scottish public authorities to which they are entitled. The Commissioner has a number of responsibilities which include dealing with complaints, promoting good practice to authorities, informing the public about FoISA and enforcing it.

Complaints concerning requests can only be made to the Information Commissioner once an applicant has exhausted the authority’s review procedure. If an applicant is dissatisfied with the response from the authority, they can take their complaint to the Scottish Information Commissioner. If the Commissioner decides to proceed, they will request comments from the authority before deciding if the complaint is valid. The Commissioner will notify both the applicant and the authority of their decision.


The Commissioner has a duty under FoISA to promote good practice amongst public authorities, and her strategic and operational plans for the next 4 years set out how she plans to do this, including undertaking further research in specific sectors, providing briefing and guidance, and encouraging authorities to examine ways of doing things differently.

The Commissioner's Enforcement Strategy, launched in May 2008, sets out how she intends to take this forward. It covers her general functions to promote good practice; details of the evidence gathering methods she will employ to investigate practice issues; and the actions she may take as a result.

As part of her Enforcement Strategy, the Commissioner is undertaking a programme of Practice Assessments in order to ensure that Scottish public authorities are following good practice in terms of FOISA. Queen Margaret University was the second public authority in Scotland to have an assessment visit, the outcome of which is published on the OSIC website.

Freedom of Information and Data Protection

The Data Protection Act 2018 aims to secure individuals' rights to privacy by protecting information that is held about them. Any authority that handles personal data must comply with the data protection principles which control how such data is processed. These principles include, amongst others, that personal data should be fairly and lawfully processed.

Individuals have the right to ask for personal data held about them. This is known as a subject access request. Under Freedom of Information legislation, a request by an individual for information about themselves will be exempt under freedom of information but will continue to be handled under the provisions of the Data Protection Act.

If someone makes a request for information about another living individual, this will be handled under the Freedom of Information (Scotland) Act, but certain data protection considerations will still apply, for example the authority will not have to provide the information if the disclosure would breach the data protection principles. If the authority decides that it may wish to disclose the information, then it should usually notify the individual and take account of their wishes, although, the authority does not have to be bound by the views of the individual.

FOI Requests and Data Protection

Show Contacts

FOI Requests and Data Protection

Irene Hynd University Secretary
0131 474 0000