Data and securityCyber SecurityCRM can help local authorities avoid costly FOI sanctions

CRM can help local authorities avoid costly FOI sanctions

What are the challenges around maintaining compliance and what existing technology can deliver immediate improvements to FOI systems and processes for local authorities?

Anna Assassa, CEO at technology consultancy Tisski, explores the challenges around maintaining compliance and what existing technology can deliver immediate improvements to FOI systems and processes for local authorities under increasing budgetary pressures

How Freedom of Information (FOI) requests are managed by public bodies has been the subject of a stern rebuke from the Information Commissioner’s Office (ICO), with Elizabeth Denham threatening to come down hard on any delays and poor handling of FOI applications.

Around 50,000 FOI requests are made each year and in 2016 local authorities spent 1.2 million hours and over £30m responding to them.

The ICO’s wrath was not triggered by a lack of transparency. Instead, it was directed at failure to meet standards around response targets and unsatisfactory handling of requests.

Any gaps in governance or inefficient practices could therefore leave local authorities, and government departments, exposed to formal action from the ICO. This can result in reputational damage, a fine and even a criminal conviction for a senior officer.

For cash-strapped and resource-stretched councils, responding adequately to this additional regulatory scrutiny may create an unwelcome technological and administrative burden.

Rather than hiring more people or considering bespoke solutions, our experience tells us there is a quick, effective and cost-efficient way for local authorities to deliver immediate improvements to FOI systems and processes.

CRM systems such as Microsoft Dynamics 365 are widely deployed in local authorities and their power and flexibility could be harnessed to improve response times, enhance service levels and evidence compliance.


Managing inbound

As the number and complexity of inbound FOI requests increases, so does the pressure to deliver a substantive response within 20 working days.

Failure to manage enquiries from receipt to completion in a timely and professional manner is not only a particular focus of the ICO, but also where the biggest gains can be made quickly through CRM.

Configured effectively, CRM systems have the capability to improve the speed and accuracy of how requests are routed and managed.

  • Data can be captured across all potential enquiry channels (e.g. website, email, phone, social) using forms that provide a concise and uniformed summary of information for those responsible.
  • Information will be consolidated and stored in consistent locations, providing a singular transparent point of reference during the process, for internal reviews or if the ICO decide to investigate.
  • Requests can be automatically classified, categorised and cross-checked, helping users quickly identify and prioritise valid requests and immediately assign them to the correct workflow and appropriate individuals (and re-route non-valid requests).
  • Questions can be cross-referenced against previous requests, making the information instantly available or ensuring the best route to resolution is easy to find (this can also encompass ‘round robin’ requests where various departments are asked the same question).

CRM also ensures the enquirer is engaged in a timely manner, with template emails or letters automatically issued which acknowledge receipt of the request and provide appropriate clarification on next steps or timings.

All of this provides a standardised and professionalised approach to handling inbound enquires that can drastically reduce the administrative burden and, crucially, reduce the risk of a request proceeding with inaccurate or missing information.


Water-tight process

After an FOI request has been checked and logged, the functionality of CRM systems is well suited to managing its progress through a local authority in line with the ICO’s expectations.

Workflows and checks can be created that ensure it’s tracked and handled in the right manner and that any potential delays are identified and dealt with so that service levels and deadlines are met.

Often compliance issues can be created by the sheer volume of work teams have to handle. CRM takes away over-reliance on monitoring, judgements and actions from busy humans and can ensure much of the process runs on rails.

Providing a defined process through a single portal ensures activity remains focused and that all the insight and tools required to review a status, make decisions and process the enquiry, are consistent.

  • Requests can be graded and prioritised based on defined factors such as deadlines, complexity, time elapsed and even elements such as team member annual leave, departmental shutdowns etc.
  • Automation can reduce human intervention, minimise time-consuming manual processes and ‘lock in’ compliance with failsafe checks and flags. Relevant staff can be kept informed through systems that auto-assign tasks, provide email confirmation and automatically trigger updates, reminders or alerts at key stage gates.
  • CRM systems like the widely adopted Microsoft Dynamics 365 are cloud-based and integrate with other workflow and management tools used on a day-to-day basis. This means that tasks, calendar reminders, emails and documents can all be viewed, accessed, and collaborated on in a consistent manner, using any registered web-enabled device.

Ultimately meeting ICO-enforced deadlines and service level expectations lies with the team.

However, CRM can shoulder much of the burden of delivering quick turnarounds with minimised risk by ensuring there is a single funnel with all the appropriate checks, balances and escalation procedures standardised and firmly embedded.



The ICO has promised to crack down on those public bodies where there is evidence of missed response targets or unhelpful or unsatisfactory handling of requests.

This places a heavy burden on local authorities to ensure they have the governance and reporting frameworks in place to log, monitor, analyse and audit every step and action taken with an FOI request.

As outlined, the nature of CRM ensures that those charged with compliance can access a significant amount of data with which to generate insights and evidence.

  • A dashboard can provide alive’ view over what has been actioned, what tasks have been assigned to who and what steps remain.
  • As a single, secure repository of data, CRM is capable of generating a detailed audit history, comprising all actions and records around process, timings, information provided and requestor interactions. This ensures compliance around deadlines and quality of response can be evidenced in detail and without significant additional administrative overheads immediately.
  • The amount, quality and consistency of data captured by CRM enables deeper analysis of trends. A range of custom reports can be scheduled and automated to provide detailed insight on request numbers/types, categories, caseloads, response times, outcomes, exemptions and other key performance indicators.

Analysis of FOI data can provide actionable insights in support of ongoing planning and further refinement of the process and system.

In the future, CRM’s machine learning capabilities will help further improve efficiencies and quality of service. For example, Microsoft’s Power BI has the capability to learn which FOI requests take the longest and so they can be automatically prioritised further; reducing the need for human intervention in the process.


Where next?

Large systems integrators are likely to be rolling out fully-integrated FOI software solutions over the coming months and years.

However, given the ICO’s increased focus on compliance, there is a need to act now.

CRM offers local authorities a route to a cost-effective solution that is highly configurable, easy to adopt, easy to use and can be implemented quickly.

Related Articles

Making the cloud a safe space

Cloud Computing Making the cloud a safe space

1w Guest Writer
Leading cyberlaw academic calls for review of CCTV and AFR implementation

Cyber Security Leading cyberlaw academic calls for review of CCTV and AFR implementation

1w Austin Clark
Government security analysts 'at risk of being overwhelmed by attacks'

Cyber Security Government security analysts 'at risk of being overwhelmed by attacks'

2w Austin Clark
DCMS proposes new cyber security council in latest consultation

Cyber Security DCMS proposes new cyber security council in latest consultation

3w Austin Clark
Securing unified communications – securing countries and citizens

Cyber Security Securing unified communications – securing countries and citizens

3w Guest Writer
IoT security: a barrier to deployment?

Cyber Security IoT security: a barrier to deployment?

3w Guest Writer
Cyber matters – now not later

Cyber Security Cyber matters – now not later

4w Guest Writer
Housing associations collaborate around cyber awareness

Cyber Security Housing associations collaborate around cyber awareness

4w Austin Clark