Freedom of Information Essential Principles & General Rules:
Scope
This policy shall be applied to all requests by individuals to have access to or obtain "unprotected and public data" information that is produced by public authorities regardless of its source, form or nature. This includes hard records, e-mail messages, information stored on computer, audio or video tapes, maps, photographs, manuscripts, handwritten documents or any other form of recorded information.
Provisions of this Policy shall not be applied to protected information, namely
Information the disclosure of which harms the State's national security, policy, interests or rights
Military & Security Information
Information and documents obtained by virtue of an agreement with another State and classified as protected.
Inquiries, investigations, seizures, inspections, and surveillances related to crime, violation or threat.
Information containing recommendations, suggestions or consultations for issuing not-yet-released government legislations or decisions.
Information of commercial, industrial, financial or economic nature, the disclosure of which would result in unlawful profit or avoid of loss.
Scientific or technical research, or intellectual property rights, the disclosure of which would infringes a moral right.
Information related to tenders, bids and auctions, the disclosure of which prejudices fairness of tenders.
Information that is confidential or personal under another law, or that requires certain statutory procedures to access/obtain.
Key Principles of Freedom of Access to Information
First Principle: Transparency
Everyone shall have the right to have access to information related to public entities' activities to reinforce integrity, transparency and accountability system.
Second Principle: Necessity & Proportionality
All restrictions on requests to access/obtain protected information received, produced or dealt with by public entities shall be justified in a clear and explicit manner.
Third Principle: The general principle in public information is the disclosure
Everyone shall have the right to have access to “unprotected and public data" information. The applicant shall not be required to have a certain capacity or interest in such information in order to have access thereto. The applicant also shall not be subject to any legal accountability related to such right.
Fourth Principle: Equality
All requests to access/obtain public information shall be processed on an equal and non-discrimination basis.
Individuals' rights to access/obtain public information.
First: Right to access/obtain any unprotected information at any public entity.
Second: Right to know the reason for rejecting access/obtain the requested information.
Third: Right to file a grievance against rejecting access/obtain the requested information.
Public Entities Obligations:
The public Authority shall be responsible for preparing and implementing policies and procedures related to exercise the right to access to or obtain public information. The entity's chief officer shall be responsible for accepting and approving the same.
The public entity shall establish an administrative unit linked to data management offices of the government entities established pursuant to Royal Decree No. 59766, dated: 20/11/1439H (02/08/2018G). Such unit shall be be responsible for developing, documenting and monitoring the implementation of policies and procedures approved by entity’s senior management related to the right to access to information. The unit’s duties and responsibilities shall include setting appropriate standards for determining data classification levels- in the absence of them- in accordance with data classification policy and using them as a main reference when processing requests to access or obtain public information
The public entity shall determine and provide the possible means (public information request forms) - whether it is a paper or electronic forms - through which an individual can request access to or obtain public information
The public entity shall verify individuals identity prior to granting them the right to access or obtain public information in accordance with controls approved by NCA and relevant authorities
The public entity shall set necessary criteria for determining the fees involved in processing requests to access/ obtain public information based on data nature and volume, exerted effort and time spent in accordance with data monetization policy document. The public entity shall document all records of requests to access/ obtain information and decisions taken thereon. So, these records shall be reviewed to address cases of misuse or non-response.
The public entity shall develop and document policies and procedures of for maintaining and disposing of records of requests in accordance with laws and legislation related to entity’s business and activities
The public entity shall develop and document procedures required to manage, process and document extension and rejected requests. Besides, it shall determine duties and responsibilities related to concerned work team as well as the cases in which regulatory authority and office shall be notified according to administrative hierarchy -within the period specified for processing the requests.
If the request is fully or partially rejected, the public entity shall notify the individual- in an appropriate manner- explaining the reasons for rejection, right of grievance and and how to exercise that right within within a period not exceeding (15) days from decision date.
The public entity shall develop awareness programs to promote transparency culture and raise awareness level in accordance with Freedom of Access to Information policies and procedures approved by entity’s senior management.
The public entity shall be held responsible for monitoring compliance with Freedom of Access to Information policies and procedures on a regular basis and submitting them to the chief officer or his authorized person. Further, the public entity shall set and record the corrective actions to be taken in the event of non-compliance and, accordingly, notify the regulatory authority and office according to the administrative hierarchy.
The key steps for requesting access or obtaining information
The main requirements for requesting access or obtaining public information
Request shall be either written or electronic.
<Public Information Request Form> approved by public authority shall be completed.
The request shall be for the purposes of access or obtaining public information.
The request form shall include details of the way to send the final resolution and notifications to the individual (national address, email, entity website.. etc.)
The request form shall be sent directly to public entity.
The key steps for requesting access or obtaining public information.
1. The requests shall be submitted to public entity by completing <Public Information Request Form> electronically or in writing.
2. Within specified period (30 days) from the request receipt, the public entity shall take any of the following decisions:
Approval: If the public entity approves the request to access or obtain information wholly or in part, the individual shall be notified of applicable fees in writing or electronically. In this case, the public entity shall provide such information to the individual within a period not exceeding ten(10) working days from receiving the fees
Rejection: If the request to access or obtain information is rejected, such rejection shall be submitted in writing or electronically including the following information:
Determining whether the request has been rejected fully or partially.
Reasons for rejection, if possible.
The right of grievance on such rejection and method to exercise such right.
Extension: If the request to access to information cannot be processed on time, the public entity shall extend the response period to a reasonable time depending on requested information volume and nature- e.g., more than (30) days - and provide the individual with following information:
Notice of extension and the expected date of request completion.
Delay Reasons.
Right of grievance and method to exercise such right.
Notice: If the requested information is available on entity’s website, or is not within its competence, the individual shall be notified thereof in writing or electronically. Such notice shall include the following information:
Notice type: E.g., whether the requested data is available on entity's website, or is not within its competence.
The right of grievance on such notice and method to exercise such right.
3. If an individual wishes to file grievance against request rejection by public entity, he shall submit a written or electronic notice of grievance to entity’s office within a period of time not exceeding (10) working days from receipt of public entity’s decision. The grievance committee at entity’s office shall review the request, make an appropriate decision, and notify the individual of review fee that shall be refunded if the committee approves the request and appeal decision.
General Provisions
1. The public entities shall be responsible for aligning this policy to its regulatory documents, policies and procedures and disseminating them to all their affiliates or associated entities to achieve integration and ensure the achievement of the desired objective of preparation hereof.
2. The public entities shall strike a balance between the right to access to and obtain information with other requirements such as achieving national security and maintaining personal data privacy.
3. The public entities shall comply with this policy and regularly record compliance in accordance with mechanisms and procedures they have established after coordination.
4. After coordination with office, the regulatory authorities shall establish mechanisms and procedures and controls related to handling complaints within a specified time frame and organizational hierarchy.
5. The public entities shall notify the office if the request to access or obtain public information or extend the period specified for providing this information is rejected- which is within the scope.
6. the public entity shall, when contracting with other entities such as companies that provide public services, regularly verify such entities compliance with this policy in accordance with mechanisms and procedures established by the public entity. This shall include any subsequent contracts made by other entities.
7. The public entities shall have the right to set additional rules for processing requests related to specific types of public information depending on such information nature and sensitivity after coordination with office.
8. The public entities shall prepare forms for access to or obtaining the public information- whether written or electronic forms- to specify the necessary information and possible means to provide the requested information.
Freedom of Information & Open Data
Open data programs and policies around the world are usually prepared and developed to support the national economy and innovation agenda. There is no doubt that providing and disseminating a specific set of public information to researchers, entrepreneurs, innovators and startup companies helps to create an environment conducive to business growth, and demonstrates an open and transparent government.
Open data programs and policies are also a pre-emptive step by entities to maintain the right of access to public information by providing or disseminating a specific set of information - as open data - prior to requesting access or obtaining thereof. Thus, effective open data programs and policies reduce the volume of requests for access to public information, thereby reducing government expenditures related to processing requests.
Related Legislation & Policies
According to national data governance policies published by SDAIA.
https://sdaia.gov.sa/ndmo/Files/PoliciesAr.pdf
Pursuant to National Data Governance Policies Document issued by SDAIA, the following principles have been covered:
The Key Principles & General Rules of Freedom of Information;
The Key Principles & General Rules of Open Data included in such policies.