As with the rest of the public sector, the Further Education (FE) and Higher Education (HE) sectors have had over four years to prepare for the introduction of the Freedom of Information Act 2000 (FOIA). Much has been achieved during this period in terms of assigning responsibility for overseeing preparations, raising awareness and putting a framework of policies and procedures in place to move towards compliance. However, it is also true to say that for most institutions there is still much to do. Most organisations understandably focused on the 'sharp end' of request management in the last hectic months leading up to 1 January 2005. In most cases there is now a real need to focus attention on the broader, more nebulous topics of information creation and management which, though currently of a lower profile, will actually form the bedrock for ongoing compliance.
It is probably fair to say that the passing of the FOIA in 2000 caused little immediate comment or concern amongst senior management within most institutions. Indeed, one of the unintended by-products of the long introduction before full commencement which was granted by the Act seems to have been a general feeling that it was too far off to worry much about in the first few years of the new millennium. Consequently those members of staff who did realise the breadth and likely impact of the Act, or who suspected that the responsibility for ensuring compliance was likely to come their way, often faced an uphill task to try to persuade senior management that this was an urgent enough issue to take immediate steps. There is nothing like a short deadline to stir action, nor a long one to encourage a more laissez-faire approach.
The requirement within UK legislation for all public authorities to create and maintain a 'publication scheme' - in essence a proactive guide to those classes of information most likely to be of interest to the public - in advance of the full implementation of the Act proved extremely useful for leading the sector down the road to compliance. It put the whole issue of FOI compliance on the agenda for senior management, required institutions to nominate staff to oversee the process and introduced the vital link between access rights under FOI and the management of the information to which they pertain - an association to which we shall return in more depth later. Work by the Joint Information Systems Committee (JISC)  and other agencies in the creation of Model Publication Schemes for both sectors approved by the Office of the Information Commissioner served to ensure that virtually all of the sector met this first requirement of the Act and had its publication scheme in place by the stated deadline.
Following the implementation of their publication scheme, most institutions rightly focused on the twin themes of raising awareness of FOI among all staff and establishing procedures for the processing and handling requests for information to ensure compliance with the stipulations of the Act and the Code of Practice . The FOIA can be accurately described as 'total legislation'. You cannot achieve compliance by focusing on a few small and well-defined areas. It requires all staff to be aware of the Act and their obligations under it - not just those engaged in the formal administrative functions of the institution. All staff must treat the requests they receive in accordance with the Act and manage the information they hold according to agreed 'corporate' policies and standards. For some of the more conservative members of staff within our universities and colleges this may require a substantial change in their working methods. So even where new policies, procedures and systems have been introduced it may be some time before cultural change of the scale required is achieved and new practices embedded into the day-to-day life of the institution.
For example, although many institutions are creating specific FOI request channels such as a generic 'FOI@institution.ac.uk' email address, it is widely recognised that not all requests will come through this route but that all FOI requests must be logged and actioned as soon as possible upon receipt, regardless of where within the institution they are received. What happens if the academic to whom the request is sent is on extended study leave, maternity leave or sabbatical? One apparently simple answer is to sanction the checking of staff mail and email in their absence by a departmental administrator or the like, but this then raises questions of privacy and confidentiality. Many staff will - rightly or wrongly - object to this as an invasion of their privacy. What if a student with personal problems has written specifically to that member of staff with a sensitive issue? What if the member of staff is a trade union representative receiving official union mail? None of these issues are insurmountable, but neither are they necessarily as straightforward as at first they might appear, demonstrating that the achievement of such cultural change in practice is often far harder than the comparatively simple drafting of policy.
Though we are only less than a month into the full implementation of the Act, reports indicate that most institutions have received at least one clear FOI request and already some interesting issues are emerging. The first is the likely use of the Act by commercial companies looking for information on current suppliers and possible commercial opportunities. Many institutions receive regular surveys and questionnaires seeking to garner knowledge about the institution which may be of interest when formulating marketing strategies or responding to tenders. Prior to FOI many of these would have been given scant attention by over-burdened staff, but what about now? Do these count as FOI requests and if so are there any exemptions preventing each and every one having to be answered?
In many respects the private sector may consider themselves doubly blessed - not subject to the Act themselves, but able to take advantage of it in relation to information held by potential public-sector clients. That said, many private sector suppliers to institutions may not be aware that information provided by them to - or held about them by - a public authority is subject to the Act and potentially disclosable upon request. Companies who try to insist that the any information provided to a public authority be automatically considered 'confidential' are also likely to frustrated. There is clear guidance to public authorities preventing them from entering into contracts which include unnecessary confidentiality restrictions. What is therefore required is a process of dialogue between institutions and their suppliers to ensure that all parties are aware that information may need to be disclosed and that consensus is reached as to which parts could genuinely be considered exempt from disclosure.
What is still unknown in these first few weeks and months is the likely number of requests that institutions will receive and how much resource it will take to answer them. The announcement by Lord Falconer in December 2004  that for requests costing up to £450 to answer no charge may be levied finally put an end to the speculation but did little to reassure the sector. This £450 is taken to equate to approximately 2.5 days to locate, collate and prepare the material requested. On that basis, if an institution receives just two requests a week that require the maximum time allocated for the provision of 'free' information, it could represent the activities of one full-time equivalent member of staff without any financial recompense to the institution. It is true that a charge for 'disbursements' (e.g. printing, photocopying, postage) can always be charged on a cost-recovery basis, no matter how small the request, but then the institution faces the age-old dilemma of the cost of processing the invoice outweighing the amount being recovered.
The importance of records management is often mentioned as a key component of freedom of information legislation. But just why is the effective management of records and information now seen as such a priority? As the legislation itself makes clear, any FOI regime can only ever be as good as the quality of the information to which it relates. Put simply, if there is no record of it, you cannot provide access to it and without such evidence there can be no transparency and no accountability. This then not only puts the emphasis on ensuring that information is retained as long as required and is readily accessible, but also that the right information is being created in the first place in order to document accurately the decisions being made or transactions undertaken.
Given that the FOIA is fully retrospective there are more prosaic reasons for institutions to ensure that their information is managed as effectively as possible. Most colleges and universities are decades, if not centuries old and often hold within them a vast accumulated backlog of unmanaged, duplicate or surplus information. What was once merely a tolerated inconvenience filling up a dusty room or cupboard now has the potential to severely hamper the ability of an institution to comply with the Act and will certainly increase the resources required to respond to requests. Logic dictates that the less information that is held and the better it is described the easier it will be to find when required. Of course it is equally important not to throw the proverbial baby out with the bath water. There are a myriad of drivers of either an operational or legal/regulatory nature which dictate how long information must be kept to provide evidence of what has occurred and these must continue to be observed. It is this process of identifying and separating the information 'wheat' from the 'chaff' which is now key and is where the concepts of appraisal and retention management which lie at the heart of records management theory come into their own.
But the Act also raises its own challenges to which the discipline and profession of records management must respond. There is an inherent contradiction in, on the one hand, discussing a freedom of information act, and on the other, espousing the importance of a records management programme - for while all records are information, not all information is records. Traditional records management theory seeks to identify and deal only with that small subset of information which can be categorised as a business 'record', with such decisions being based on questions of form, content and context. This of course makes the whole business of managing the entire 'lifecycle' of such records far easier as we are dealing with only a relatively small proportion of the information held by an organisation. Now, however, we are faced with the challenge of needing to extend the same level of management and control to the entirety of paper and electronic information created or held by an institution - from student file to Post-it Note.
Many institutions are coming relatively new to the field of institutional records management. That is not to say that any form of management control has not existed in the past - far from it. But what has often been lacking until now is a sense of a consistent, institution-wide approach with good practice not confined to individual departments, but spread equally across all. Once again this leads us back to where we started and the issue of cultural change. It is easy to create a records management policy. It is comparatively easy to agree a corporate file plan and retention schedule. It is far harder to convince staff that they should cease filing their information locally and managing it according to their own ways and should embrace new, shared ways of working.
Now that the last minute preparations for the implementation of the Act are completed it is critical that institutions resist the temptation to take their foot off the pedal. FOI is not like the Y2K issue  with great hype surrounding a specific date, which once come and gone can be safely forgotten. FOI is here to stay, so 1 January 2005 should mark the beginning, not the end of the process of change required and FOI must continue to remain a priority and driving force for change within organisations in the months and even years to come.
- The Register: UK Y2K supremo says plan for Armageddon, December 1998 http://www.theregister.co.uk/1998/12/13/uk_y2k_supremo_says_plan/
- Modernising Government in Action: Realising the Benefits of Y2K, April 2000