I am formally requesting a (full copy in original format) of the ONR's last independent external Information Rights & GDPR Compliance Audit - Who executed the audit & on what date?
I confirm that under Section 1 of the FOIA, we hold the information in scope of your request. ONR’s GDPR compliance reports are conducted by the Government Internal Audit Agency (GIAA). The most recent of those reports was published on 3 February 2020 and the overall compliance marking is available at page 56 of our Annual Report and Accounts.
However, with regards to your request for the full report, after careful consideration, we have concluded that we are unable to disclose this information. This is because, if released, we believe it is likely to cause prejudice to the effective conduct of public affairs under Section 36 of the FOIA.
We believe that disclosure of the report would inhibit free and frank discussions in the future, and that the loss of frankness and candour would damage the quality of advice and deliberation and lead to poorer decision making.
We have carefully considered the balance of public interest in this case and believe, for the reasons set out in Annex A, that maintaining the exemption outweighs the public interest in disclosing the information. Further details about the exemption applied and Public Interest Test (PIT) are set out in Annex A. We understand that you will find this frustrating but can assure you we have given this request very careful consideration.
Section 36 grants an exemption if, in the reasonable opinion of a “qualified person”, disclosure of the information under the Act would, or would be likely to:
ONR’s “qualified person” for the purposes of the FOIA is Adriènne Kelbie, our Chief Executive. In her opinion, section 36 is engaged here.
She is of the opinion that disclosure of this information would, inhibit the free and frank provision of advice by internal audit, the free and frank exchange of views for the purposes of deliberation during the internal audit cycle, and prejudice the effective conduct of public affairs (including the conduct of internal audits).
This is vital to ensure that findings from all audits and reviews can be used to improve processes and share good practice across the organisation, demonstrating our commitment to drive continuous improvement and raise standards.
As this is a qualified exemption, we are required to consider whether the public interest in maintaining the exemption outweighs the public interest in disclosure. We have therefore applied the Public Interest Test, as set out below.
These factors are given significant weight in the Public Interest Test balancing exercise.
After careful consideration of the factors set out above, ONR considers the public interest in maintaining the exemption outweighs the public interest in disclosure, and therefore the information should be withheld from disclosure under section 36(2)(b)(i), (ii) and (c) of the FOIA. On balance, the interests of the effective conduct of public affairs outweigh the need for openness in terms of the specific information that has been requested.
Yes, detailed above.