Guidance: Freedom of Information Act and Environmental Information Regulations Requests Privacy Notice

The UK’s Freedom of Information Act (FOIA) and Environmental Information Regulations (EIR) require public bodies to disclose information while safeguarding personal data. HM Treasury’s newly released privacy notice clarifies how it will handle personal details collected during FOI and EIR requests. By referencing the Treasury’s Personal Information Charter, the notice embeds the same high‑level data‑protection standards that apply to all Treasury operations. This alignment not only fulfills the Information Commissioner’s expectations but also signals a broader governmental push toward consistent privacy practices across departments.

The Personal Information Charter outlines the standards Treasury adheres to when processing personal data, including clear contact details for the Data Protection Officer (DPO) and step‑by‑step guidance on exercising data‑subject rights. Embedding these elements in the FOI privacy notice ensures requesters know how to access, correct, or challenge their data, and where to lodge complaints with the ICO. The notice’s explicit reference to the charter reduces ambiguity, streamlines compliance audits, and provides a single point of reference for both internal staff and external stakeholders.

For businesses and NGOs that routinely file FOI or EIR requests, the updated notice offers greater transparency about data handling, potentially lowering the risk of inadvertent data breaches. The minor wording tweaks made on 25 March 2026 demonstrate Treasury’s commitment to keeping guidance current without overhauling the framework. As data‑privacy regulations tighten globally, other UK ministries are likely to adopt similar notice structures, creating a more uniform landscape for information disclosure. Monitoring these developments helps organizations anticipate compliance costs and adapt their request strategies accordingly.