Voting in the general election

If you can't make polling day, you still have until 5pm on 26 June to apply for a proxy vote. If you will be voting in person, remember to bring your ID. No ID? Apply for a Voter Authority Certificate by 5pm on 26 June.

Access to information policy




Publishing information

Information requests

Information disclosure

Policy review


Harlow District Council is committed to being open, transparent and accountable. These three principles underpin our core value of trust. We will do this by publishing as much of the information we hold as possible, including information about our statutory and non-statutory functions and responsibilities. Placing information into the public domain also reduces the need for individuals to exercise their right to submit freedom of information requests.

Where information is not published it can be requested under access to information legislation and will be released unless its disclosure is not in the public interest, prevented by law or there is an exemption under the Freedom of Information Act 2000 (FOIA), UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018 (DPA18) or an exception under the Environmental Information Regulations 2004 (EIR).

This policy details how the council complies with the relevant access to information legislation, publication of transparency data and associated codes of practice and ensures that:

  • information is routinely published by the council via the council's publication scheme and the Local Government Transparency Code 2015
  • information is made available on request and within the statutory time limit unless a valid exemption or exception applies
  • exemptions and exceptions under the FOIA, EIR, DPA and GDPR are applied consistently and appropriately, and in accordance with the legislation
  • a fair and efficient internal review system is administered

Access to information held by the council includes information provided to us or maintained on behalf by external organisations such as contractors, tenderers, partners, suppliers, and other public or regulatory bodies. It also includes information held by members where that information relates to the delivery of council services.


All employees, temporary staff, volunteers, contractors and councillors are obliged to adhere to this policy. Failure to adhere to this policy and its associated procedures may result in disciplinary action. Managers at all levels are responsible for ensuring that the employees for whom they are responsible, are aware of and adhere to this policy. They are also responsible for ensuring employees are updated regarding any changes to this policy.

Employees should note that the deliberate concealment, amendment or destruction of requested information, in order to prevent its disclosure, is a criminal offence, for which individual staff as well as the council can be held liable.

The Senior Information Risk Officer (SIRO) has responsibility for this policy. Its maintenance is the responsibly of the Data Protection Officer in conjunction with the SIRO.


This policy sets out how the council will publish information under the:

  • Local Transparency Code 2015
  • publication scheme
  • FOIA datasets

It sets out how the council will manage and respond to access to information requests made under the:

  • Freedom of Information Act 2000
  • Environmental Information Regulations 2004
  • UK General Data Protection Regulations
  • Data Protection Act 2018
  • Re-use of Public Sector Information Regulations 2015

This policy also:

  • defines the duties imposed on the council and how these are discharged
  • signposts to the relevant policy or procedural document for further information, guidance, help and advice

Publishing information

Local Government Transparency Code 2015 (open data)

The statutory Local Transparency Code 2015 (the code) stipulates certain types of information that all levels of government must routinely publish on their websites.

The councils Wider Leadership Team are responsible for coordinating the publication of the transparency data in line with the code.

Data is published quarterly, and annually. These datasets are to be published at least quarterly under the code:

  • expenditure data exceeding £500
  • procurement card transactions
  • procurement information

The council aims to publish quarterly data by end of the month following the quarter end (July, October, January and April).

Data we will publish at least annually under the code is:

  • local authority land
  • social housing assets (also known as beacon values)
  • grants to voluntary, community and social enterprise organisations
  • organisation (structure) chart
  • trade union facility time
  • parking account and parking spaces
  • senior salaries, pay policy and pay multiples
  • the council's Constitution
  • fraud details
  • the current waste contract (redacted as appropriate)

The council aims to publish annual data as soon as possible following the year end closedown.

However, the open data below relates specifically to the annual accounts and require public audit acceptance at full council before the data can be published. The council therefore aims to publish these within 7 days of the meeting to approve the annual accounts.

  • land and property assets
  • social housing assets
  • parking account
  • some grants

Publication scheme

Publication of information via the statutory publication scheme under section 19 of the FOIA provides a number of benefits to the council. These include greater transparency and openness and a reduction in the amount of information that needs to be specifically requested.

The publication scheme is divided into the following classes of information:

  • who we are and what we do
  • what we spend and how we spend it
  • what are our priorities and how are we doing
  • how we make decisions
  • our policies and procedure
  • lists and registers
  • the services we offer
  • datasets


Datasets were added to FOIA by the Protection of Freedoms Act 2012. This addition created a duty in relation to making datasets more widely available under a publication scheme.

Once a new dataset has been identified by the Information Governance team through the FOI request process, corporate consideration is given to publishing the new data under the council's publication scheme.

Information requests

Freedom of Information Act 2000 (FOIA)

The FOIA legislation has been in force since January 2005. It sets out the framework under which anyone, regardless of age, location or reason, has a general right of access to information held by a public body, including this council. This right exists where the information is not already published or in the public domain.

It also sets out the obligations to release the information, subject to it not being exempt, within 20 working days.

Any person requesting information must be:

  • advised whether the information is held
  • provided with the information (subject to exemptions)
  • advised of the council's internal review procedure

For information requests to be valid they must:

  • be made in writing (typically letter, email or via an online form)
  • include contact details (full name and contact address or email)
  • describe the information being requested in enough detail to allow it to be located
  • be specific enough to allow the response to be made within the Appropriate Limit and Fees Regulations (18 hours of officer time to collate, prepare and respond)

However, you do not have to mention the Act or direct the request to a designated member of staff.

The Act is fully retrospective and applies to all recorded information held by the council (and its predecessor councils) not just information created since the Act came into force or this council began.

The Act also includes access to information held by contractors and suppliers on its behalf where those contractors and suppliers provide statutory services on behalf of the council.

The council does not have to treat every enquiry formally as an FOI request. Where it is more appropriate, we will deal with a request as a customer enquiry, request for service or business as usual. 

A request is purpose blind. This means a requester does not need to give a reason for requesting information or state what they intend to do with the information.

FOI exemptions

There are also valid reasons for withholding information known as exemptions. Under section 2 of the Act the council is not obliged to comply with the request (or part of the request) if the information is exempt under the provisions of Part II of the Act - sections 21 to 44.

Fees and charges

The council will not usually make a charge for providing the information, unless the data protection team assess the request as excessive, or the information is usually available by other means whereby a charge is applicable.

Charges will only be applied where those charges have been published as part of the council's budget process.

Environmental Information Regulations 2004 (EIR)

The EIR's govern access to information relating to the environment (natural and built) and provide a means of access for the public to environmental information held by the council. The regulations apply only to the environmental information held by the council. The FOIA gives the public access to most other types of information held by the council, unless this is personal data.

The regulations impose a duty on the council to make environmental information available proactively and provide the public with environmental information when requested.

Unlike the FOIA, the regulations do not explicitly exclude information that is held solely on behalf of another person or body. The EIR's say that any information in the council's possession that has been produced or received is considered to be 'held'.

The EIR's cover any recorded information held on any medium that falls within the definition of 'environmental information'. It is not limited to official documents or information created by the council - if it's held it is covered by the regulation. For example, this can include but not limited to emails, notes, documents, evidence, advice, recordings of telephone conversations, CCTV recordings external reports, pollution monitoring, traffic movements, footfall data or surveys.

Documents still in draft format and still being worked on are however usually exempt unless they form the basis for a decision made because of the data they contain.

EIR requests fall under six main areas:

  1. The state of the elements of the environment, such as air, water, soil, land and fauna (including people).
  2. Emissions and discharges (gases and fluids), noise, energy, radiation, waste  and other such substances.
  3. Measures and activities such as policies, plans, and agreements affecting or likely to affect the state of the elements of the environment.
  4. Reports, cost-benefit and economic analyses.
  5. The state of human health and safety and contamination of the food chain.
  6. Cultural sites and built structures (as they may be affected by environmental factors).

The EIR request timeline

The council's EIR request process follows the same 20 working day response process as for FOI requests, except that EIR requests can be made verbally or in person as well as in writing.

Exceptions to disclosure

Sometimes the information requested cannot be released due to the need to protect the environment, for example the locations of rare birds. If this is the case the council will inform you of the reasons why.

Fees and charges

The council's guiding principle is to endeavour to release information under EIR free of charge. Wherever possible this will be by publication on our website or public disclosure response.

There are however a few exceptions to the free disclosure principle. These are:

  • where a statutory charge for information exists
  • where the council has a published charging policy
  • CCTV footage (including the cost of redaction software)
  • where the request is manifestly unreasonable
  • a commercial report is required
  • an approved charging regime is published

UK General Data Protection Regulation (UK GDPR)

The way the council manages personal data under the UK GDPR and the Data Protection Act 2018 (DPA 2018) is detailed in the council's privacy notices and policies.

A subject access request (SAR) scan be made verbally as well as in writing. A requester does not need to give a reason for wanting the information.

The council may require proof of identity to ensure personal data is not provided to an impersonator.

SAR request process

An individual, their authorised representative or with power of attorney can request any or all of the following as part of their SAR:

  • whether any personal data is being processed by the council
  • be given a description of the personal data, the reasons it is being processed, and whether the data is shared with any other organisations or people
  • be given a copy of the personal data, unless an exemption applies
  • be given details of the source of the data (where this is available)

Where possible the council will provide the information digitally, unless requested in another format.

The council must respond to a SAR without undue delay or within one month of receiving the request.

The council may extend the time to respond by a further two months if the request is complex or we have received several requests from the individual such as other types of requests relating to individuals' rights. 

SARs can be made in one of the following ways:

  • by email to the Data Protection Officer at
  • submitting the request in writing to the Harlow Council, Civic Centre, The Water Gardens, Harlow, CM20 1WG
  • by using the council's standard SAR form

Completing a form is not a requirement, however it may speed up the initial request process by ensuring all information required is provided at the point of submission

Copies of identification provided must be signed and self-certified as true and accurate copies. In some circumstances pictures of documents may also be accepted.

It is useful to include as much information as possible when making a request to help locate the information in a timely manner.

Try to:

  • Be specific - is it information about a single service such as complaints, benefit claims, council tax, housing application or other specific service? Asking for all information may complicate the request and not provide the clarity of response you expect.
  • Provide a time frame, for example, is the information you want recent or historic, (going back a year or two) or between specific points in time?
  • Include any relevant previous names and addresses.

If your request relates to a telephone conversation, we need the dates and times.

If your request relates to CCTV footage we will need a full description of you or your vehicle, and dates and times and the areas involved. Please note it is rare number plates are readable particularly on wide view footage.

Fees and charges

The council will not usually charge for a SAR. However, we may charge a 'reasonable fee' for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if an individual requests further copies of their data other than in electronic format.

Individual rights requests

The full list of GDPR rights for individuals are

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • rights in relation to automated decision making and profiling

External requests for exempt personal data under the DPA2018

Organisations that have a crime prevention, tax collection, law enforcement or litigation function may require personal information held by the council to prevent or detect a crime, or apprehend or prosecute an offender, or for taxation or benefit purposes.

Individuals or organisations not registered with the Information Commissioner cannot use this process to request information.

The DPA 2018 permits the council in very specific circumstances to release this information by applying an exemption under one of the schedules in the Act. There is no obligation on the council to do so and even if the exemptions apply the council may decide that it should not release any information.

If the council has genuine concerns about releasing any personal information (for example, because it thinks it has other legal obligations such as the information being confidential) then we may ask for a court order requiring release of the information.

In all cases the council follows the best practice for all exemption requests.

To assist organisations in submitting a request, please provide full details of the request, and the reasons for the request.  Failure to provide a full written and supported request is likely to delay the process of obtaining the information or refusal.

We recommend that a secure email solution is used for sending personal or confidential information to us.

Examples of organisations that can submit requests under Schedule 2 Part 1 (2) are:

  • police (including transport police and other sovereign law enforcement agencies)
  • HM Revenue and Customs
  • other local authorities or public bodies acting under authorised powers
  • insolvency, bankruptcy or liquidation practitioners (but not bailiffs)
  • border control and immigration
  • law firms with a senior partner
  • audit and fraud agencies

We would therefore ask when requesting information held on CCTV or other recording equipment that requesters provide a timescale and dates and specify the council building attended in order to be able to identify the recording.

Exemptions to disclosure

Some personal data may be subject to exemption or restriction from disclosure if its release could harm or prejudice. The council will explain any exemptions to you.

Third party data

SAR's will only allow the council to provide information held about the applicant and not about any third person or party unless the requester is acting on their behalf and has their express permission to receive this information (proof of this will need to have been provided when the request is submitted). This will include any telephone recording data, which may be provided as written transcript.

Re-Use of Public Sector Information Regulations 2005 (RPSI)

The RPSI encourages re-use of public sector information. It is not about accessing information, which is dealt with under information access legislation. It gives the right for an individual or organisation to request permission to re-use information held by the council for a purpose other than the initial public task it was produced for.

Typically, this means taking information that the council has produced and republishing it or using it to produce a new product or resource, often by combining it with other information, including for commercial basis.

The council will permit re-use in response to a request except where information is exempt from disclosure under information access legislation (FOIA, EIR and UK GDPR) or any other relevant legislation.

The council must make the information available in the format and language in which it is held. If not already held in an open and machine-readable format be converted such as to CSV or PDF.

Requests for re-use must be made in writing and include:

  • the requester's name
  • address for correspondence
  • specify the information for re-use
  • detail the intended re-use purpose

By default, where the council grants reuse it will be under the open government licence,  The council can impose conditions on re-use but the conditions must be as open and non­restrictive as possible, normally the only condition will be crediting the source.

In some rare instances there may be other licences more appropriate in particular situations, including where there is a charge for re-use. The UK Government Licensing Framework includes other types of standard licences.

Generally speaking, the council must not enter into exclusive licensing arrangements with a particular person or organisation, but there are some limited exceptions to this.

The council may only charge for the marginal costs of reproducing, providing and disseminating  the information. The regulations provide that where charges are made, the total income should not exceed the cost of collection.

Where the costs are negligible, and the council is publishing the information on our website, the council is unlikely to be able to make a charge.

Requests to re-use information will be responded in line with other access to information requests, that is within 20 working days. The council will advise you if for any reason the time is to be extended such as extensive or complex.

A request may can be refused if the

  • activity of supplying the document is one which falls outside the council's public task
  • document contains content in which copyrights are owned by a third party
  • content of the document is exempt from access by virtue of the FOIA 11.10 (in most cases copyright will be owned by the council and we may impose conditions on re­ use by way of a licence, although it will not unnecessarily restrict re-use or restrict competition - where any copyright concerns exist with information, these will be made clear)

For further information, the Regulation 15 of RPSI sets out how the charge should be calculated.

Information disclosure (SAR, FOI and EIR) reviews

Where the requester believes that the council has not dealt with their information request properly applicant is entitled to request a formal review of the disclosure response.

A request for an internal review must be made by the original applicant and (unless otherwise stated in the response) within 40 days of the information disclosure.

The applicant must state at least one of the following:

  • why they believe the information has been incorrectly refused
  • why they believe the exemption or exception has been applied incorrectly
  • why they believe information stated as not held is indeed held
  • what information is missing from the original response

Review requests purely seeking clarification will not be managed as a formal review. Instead clarification will be provided as a supplementary response to the original request.

If additional information is being sought it will be treated as a new request and logged and responded to accordingly. 

The internal review will be conducted by a more senior member of the Information Governance team who was not involved in the initial response.

An internal review may take up to 30 working days to complete.

The review report will be signed off as the council's final disclosure decision by the Data Protection Officer in conjunction with a member of the Wider Leadership Team or Internal Audit.

lf the requester is still dissatisfied once the internal review process has been exhausted, or where the council fails to review the original decision, the requester has a right to complain to the Information Commissioners Office (ICO).

Policy review

The council's Data Protection Officer is responsible for instigating and coordinating an annual review of this policy.

Minor amendments and updates under the current main version number can be approved and republished without the need for Corporate Governance Group approval. Complete revision of the policy will require formal corporate approval to replace the existing policy.

Document group
Site area
Main site