The Information Commissioner has clarified the Freedom of Information Act’s regulations affecting the storing of personal email address.


  • FOIA applies to official information held in private email accounts (and other media formats) when held on behalf of the public authority. Such information may be exempt and will not necessarily have to be disclosed
  • It may be necessary to request relevant individuals to search private email accounts in particular cases. The occasions when this will be necessary are expected to be rare
  • Adherence to good records management practice should assist in managing risks associated with the use of private email accounts for public authority business purposes

The ICO recommends that, as a matter of good practice, public authorities establish procedures for dealing with such situations. These should outline the relevant factors to be taken into account in deciding whether it is necessary to ask someone to search their private email account for information which might fall within the scope of an FOI request the public authority has received. Relevant factors are likely to include:

  • The focus of the request, indicated by the words used by the requester
  • The subject matter of the information which falls within the scope of the request
  • How the issues to which the request relates have been handled within the public authority
  • By whom and to whom was the information sent and in what capacity (e.g. public servant or political party member)
  • Whether a private communication channel was used because no official channel was available at the time

Key points set out in Information Commissioners the guidance include:-

  • Where a public authority has decided that a relevant individual’s email account may include official information which falls within the scope of the request and is not held elsewhere, it will need to ask that individual to search their account
  • Where people are asked to check private email accounts, there should be a record of the action taken. The public authority needs to be able to demonstrate, if required, that appropriate searches have taken place
  • Although the main emphasis of the guidance is on official information held in private email accounts, public authorities should be aware that the law covers information recorded in any form
  • Public authorities should remind staff that deleting or concealing information with the intention of preventing its disclosure following receipt of a request is a criminal offence under section 77 of the Act
  • It is accepted that, in certain circumstances, it may be necessary to use private email for public authority business. There should be a policy which clearly states that in these cases an authority email address should be copied in to ensure the completeness of the authority’s records

Christopher Graham the Information Commissioner said:-

“It should not come as a surprise to public authorities to have the clarification that information held in private email accounts can be subject to Freedom of Information law if it relates to official business. This has always been the case, the Act covers all recorded information in any form.

“It came to light in September that this is a somewhat misunderstood aspect of the law and that further clarification was needed. That’s why we’ve issued new guidance today with two key aims first, to give public authorities an authoritative steer on the factors that should be considered before deciding whether a search of private email accounts is necessary when responding to a request under the Act. Second, to set out the procedures that should generally be in place to respond to requests. Clearly, the need to search private email accounts should be a rare occurrence; therefore, we do not expect this advice to increase the burden on public authorities.”

Related posts:

Information Commissioner gets tough with the largest fine for the breach of the Data Protection Act

The Freedom of Information Act. Power to the people or a tool for busy bodies?