Press "Enter" to skip to content

When Ignorance Isn’t Innocent: A Public Body Misunderstands FOI vs SAR

By Kieron JH on August 5, 2025 6:37 pm

Published on: August 5, 2025 | By: Kieron JH

There’s something grimly poetic about a complaints department defending its own conduct while ignoring the very laws it’s supposed to uphold.

Last month, I submitted a Freedom of Information (FOI) request to a UK government body operating within the criminal justice sector. The request was clear, lawful, and made under the Freedom of Information Act 2000. I asked for specific details regarding oversight and referral arrangements with a third-party organisation.

The response I received? A polite but misguided redirection — to the Subject Access Request (SAR) portal.

FOI vs SAR: Not the Same Thing

For clarity: an FOI request is used to access non-personal information held by public bodies. A SAR, under Article 15 of the UK GDPR, is used to request personal data about oneself.

They are not interchangeable. One is about institutional transparency; the other is about individual access rights. Mistaking the two – especially in a safeguarding or justice context – is not just sloppy, it’s dangerous.

According to Them, This Is Fine

In a letter I received today, a representative from the Head of Complaints assured me that their team’s conduct was appropriate, and that my concerns were being taken seriously. Apparently, failing to process an FOI request correctly now counts as a job well done.

This isn’t a harmless clerical error. It’s a failure to comply with both the UK General Data Protection Regulation (UK GDPR) and the Freedom of Information Act – and it places the rights of disabled and marginalised people at even greater risk.

This Isn’t Just About Me

What does it say when a public body tasked with managing risk can’t even manage basic legal obligations? It tells us that institutional defensiveness is being prioritised over lawful transparency. And if they’re getting this wrong, what else are they getting wrong behind the scenes?

As always, I’ve raised this through the proper channels. But I’m sharing it here too, because silence protects no one – transparency does.

Next Steps

I’ll continue documenting every interaction. If they correct the error, I’ll publish that too. But until then, consider this post a public timestamp – one they can’t quietly file away.

If you’re concerned about how your data is being handled by public bodies, you can learn more about your rights under the UK GDPR and FOIA here.

Published in Accountability, Articles, Autism and Public Sector

More from AccountabilityMore posts in Accountability »
More from ArticlesMore posts in Articles »
More from AutismMore posts in Autism »
More from Public SectorMore posts in Public Sector »

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *