Our Information Charter
Introduction
This information charter sets out the standards that you can expect from the Food and Environment Research Agency (Fera) when we request or hold information, including but not limited to personal data about you or your enquiries. The charter covers both personal data and other information Fera holds in connection with our statutory duties.
It will tell you how you can get access to information, including your personal data and what you can do if you think standards are not being met. It will also assist any individual or organisation in contact with Fera or subject to its statutory procedures to understand how the information concerning them is treated and when we will consider it for disclosure on request.
This charter will be reviewed annually and updated to take into account any changes in legislation or our policies. This charter is the first to be published, and was written in February 2011.
Responsibilities
The Chief Executive of Fera owns this charter on behalf of the Executive Team and is responsible for its implementation.
Fera's Information Security and Assurance team will ensure that information security policies and procedures are reviewed and implemented across business functions ensuring ongoing continuous improvement. These policies aim to ensure that the requirements of confidentiality, integrity and availability are maintained at each stage in the information lifecycle. The Head of Knowledge Information Management and Systems is responsible for responding to requests for information and for dealing with complaints about how we have handled ICO data.
The Information Asset Owners actively manage and monitor the whole of the information lifecycle from the creation of documents through to deletion.
Heads of Programmes are responsible for ensuring that their staff are compliant with all policies and procedures.
All staff and contractors are trained in and are aware of their responsibilities as set out in these policies.
Types of information
Fera holds both personal and non-personal information in a variety of databases and information stores which are critical to its regulatory and commercial activities, together with systems relating to Fera's support functions such as human resources, facilities and finance.
How our information is managed
At Fera we manage, maintain and protect all information according to legislation, our policies and best practices. We have security measures in place to maintain and safeguard the confidentiality, integrity and availability of our systems and data. All information is stored, processed and communicated in a secure manner making it readily available to authorised users.
Fera is also committed to the proactive dissemination of information, to be open and transparent and will routinely publish information unless restricted by legislation or public policy considerations.
Personal information
We know how important it is to protect customers' privacy and to comply with the Data Protection Act. We will safeguard your information and in most circumstances will not disclose personal data without consent. If we ask customers for personal information we will:
- let them know why we need it, where it is not obvious
- only ask for what we need, and not collect excessive or irrelevant information
- make sure nobody has access to it who should not
- let customers know if we share it with other organisations
- only keep it for as long as we need to in accordance with our retention schedule
In return, to keep information reliable and up to date, we ask customers to:
- give us accurate information
- tell us as soon as possible of any changes, such as a change of address
Access to personal information
You can find out if we hold any personal information about you by making a 'subject access request' under the Data Protection Act. If we do hold information about you we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be disclosed to
- let you have a copy of the information in an intelligible form
We handle all information in a manner that respects the rights of individuals and which complies with the requirements of the Data Protection Act.
To request any of your personal information held by Fera please email our Information Centre or write to us at the address provided below. If we do hold information about you, you can ask us to correct any mistakes by contacting us using the same contact details.
Access to information
The Freedom of Information Act 2000 enables the public to have access to unpublished information from a public body subject to certain conditions. The new Fera Publication Scheme fufils that function.
Fera is committed to the proactive dissemination of information, to be open and transparent and will publish information unless restricted by legislation. Like all other public sector organisations Fera is required to make the information it holds available unless subject to an exemption.
If you wish to request information or have a query about a request please email our Information Centre.
Legislation - disclosure of information
The Freedom of Information Act 2000 and the Data Protection Act 1998 have a number of exemptions which must be considered before publication or disclosure. However, we will not withhold information simply because it falls into a relevant exemption. We will assess the impact of disclosure in relation to the requested information and make a decision on a case-by-case basis (except where we have decided that information of that type should be published proactively).
Section 59 of the Data Protection Act 1998 makes it an offence for the Fera or a member of our staff to knowingly or recklessly disclose information that has been obtained or provided for the purposes of the Act without lawful authority.
Factors we will take into account when considering whether information should be disclosed will include the following:
- the extent to which the information, or some of it, is already in the public domain
- who is asking for the information and why they want it
- the extent to which a requester is prepared to give an assurance of confidentiality and the extent to which this can be relied on
- whether the needs of the requester can be met by supplying part of the information or supplying it in a different form
- whether the information is personal in nature and the extent to which its disclosure would be an intrusion on privacy
- the reasonable expectations of the person or organisation who supplied the information to Fera as to confidentiality, onwards disclosure etc
- whether disclosing the information would be likely to prejudice Fera's functions, for example, by undermining an investigation, development of public policy or a potential prosecution
Internal Review Procedure
Fera internal review procedure for the Freedom of Information Act, the Environmental Information Regulations, the Data Protection Act and the Re-use of Public Sector Information Regulations.
The Food and Environment Research Agency (Fera) has an internal review procedure to deal with issues and complaints relating to the Freedom of Information Act, the Environmental Information Regulations (EIR), the Data Protection Act and the Re-use of Public Sector Information Regulations. All requests for Fera internal reviews must be made in writing to Fera or via email to . Under the Environmental Information Regulations, "any person who considers that their request has not been properly handled or who are otherwise dissatisfied with the outcome of their request" may request an internal review. Under the Environmental Information Regulations, any internal review must be requested within 40 working days of the alleged failure to comply. Fera must then respond under EIR within 40 working days from the date when the internal review was requested. For an internal review requested under Freedom of Information Act, Fera will deal with these requests within two months of the alleged failure to comply with the Act. Fera will respond to these requests within 20 working days of receipt. Fera will deal with internal reviews carried out in connection with the Data Protection Act (Subject Access Request) and the Re-use of Public Sector Information Regulations within 20 working days of receipt of the request. The internal review will be held by two or three senior level Fera staff and will be conducted in a fair and thorough manner. The findings of the internal review will be communicated to the requester within the timescales indicated.
Fera may be contacted in connection with other business related issues or complaints at http://www.fera.defra.gov.uk/aboutUs/customerCharter/complaints.cfm
You can also obtain more information on:
- agreements we have with other organisations for sharing information
- circumstances where we can pass on your personal data without telling you, for example, to prevent and detect crime and to produce anonymised statistics
- our instructions to staff on how to collect, use and delete your personal data
- how we check that the information we hold is accurate and up to date
To request information please email the Information Centre or write to:
Information Centre
The Food and Environment Research Agency
Sand Hutton
York
YO41 1LZ
Acknowledgements
This Charter is based on the Information Commissioner's Information Charter, for which we extend our thanks.