Redaction

FOI Redaction for Public Sector Bodies: Automating Freedom of Information Responses

Public sector bodies are the primary recipients of freedom of information requests in Ireland. Government departments, local authorities, and the HSE together process thousands of FOI requests annually — and the redaction stage is where FOI officer time is most heavily consumed.

FOI in the Irish Public Sector

The Freedom of Information Act 2014 grants a legal right of access to records held by public bodies. It applies to a broad swathe of the Irish public sector:

  • Government departments and offices of state — all ministerial departments, the Office of the Taoiseach, and offices of state
  • Local authorities — the 31 local authorities across Ireland
  • The Health Service Executive and hospital groups — among the largest FOI recipients by volume
  • Universities and higher education institutions — brought into scope by the FOI Act 2014
  • Semi-state bodies and state agencies — including commercial and non-commercial semi-states

FOI volumes have grown year on year since the 2014 Act came into force, driven by media awareness, advocacy groups, and individual requesters exercising their right of access. The largest bodies — central government departments, the HSE, and major local authorities — routinely process several thousand requests each year. The resource burden on FOI officers is substantial, and the redaction stage consumes the majority of the available response time.

FOI Exemptions in Practice

The FOI Act 2014 provides a set of exemptions that can be applied to withhold or redact information from a response. Each exemption has distinct criteria, and applying them correctly is central to a defensible FOI response:

Section 28 — Personal Information

The most frequently applied exemption. Records containing personal information about third parties must be redacted. The public interest test may override the exemption in specific circumstances. Particularly significant in HSE and local authority FOI responses.

Section 29 — Commercially Sensitive Information

Information belonging to external parties that would cause financial loss, prejudice competitive position, or prejudice contractual negotiations. Common in procurement records and tender documents.

Section 30 — Functions of Public Bodies

Information that would prejudice the effectiveness of tests, examinations, investigations, or audits, or reveal a confidential source. Used in regulatory and audit contexts.

Section 31 — Legal Professional Privilege

Communications between the public body and its legal advisers made for the purpose of seeking or giving legal advice. Absolute exemption not subject to the public interest test.

Section 32 — Law Enforcement

Information whose release would prejudice the prevention or detection of crime, prosecution of offenders, or the security of legal proceedings.

Section 33 — Security, Defence, International Relations

Information whose release would affect state security, defence, or international relations. Applied less frequently but absolute where it applies.

Section 34 — Government Meetings

Records of cabinet meetings and pre-decisional advice to ministers. Strictly applied; significant in central government FOI contexts.

The FOI Officer's Redaction Challenge

FOI officers in large public sector bodies are typically responsible for end-to-end management of requests: receipt, record-gathering, review, redaction, decision, and response. The redaction stage is consistently identified as the most time-consuming part of the workflow:

  • Large document sets — responsive records frequently run to hundreds of pages across multiple record types
  • Consistent exemption application — similar content should be redacted consistently across the response; manual processes struggle to maintain this
  • Four-week deadline — the statutory deadline is short for the volume of work involved, particularly for larger requests
  • Internal review and appeal risk — requesters can challenge redactions through internal review and ultimately the Information Commissioner; without a defensible audit trail, each challenge becomes a reconstruction exercise
  • Record-keeping burden — exemption decisions should be documented at the time the decision is made, not reconstructed later

FOI in the HSE

The Health Service Executive is one of the highest-volume FOI recipients in Ireland. HSE FOI requests involve a particularly sensitive mix of record types: patient information, staff records, clinical correspondence, incident reports, procurement documents, and policy records.

The redaction workload in the HSE is shaped by several factors specific to healthcare:

  • Section 28 applies extensively — patient personal data appears in almost every record type, triggering the personal information exemption
  • Special category data sensitivity — health information is special category data under GDPR, raising the bar for careful redaction
  • Staff records and opinions — internal notes frequently include staff names and clinical assessments requiring redaction
  • Third-party clinical information — records of one patient may reference other patients (family members, contacts, similar cases) requiring careful separation

For healthcare organisations processing FOI requests at volume, automated redaction reduces the time FOI officers spend on manual document review while maintaining the consistency and audit trail that the Act requires. A dedicated guide to FOI redaction for healthcare is in development.

How ComplyLoft Helps Public Sector FOI Teams

The ComplyLoft Redaction tool automates the redaction stage that consumes most FOI officer time. It identifies personal information, applies exemption-specific redaction rules consistently across document sets, and generates a defensible audit trail for every decision — which is essential for internal reviews and Information Commissioner appeals.

  • Automated identification of Section 28 personal information across large document sets
  • Bulk redaction capability for responses spanning hundreds or thousands of pages
  • Exemption-specific rules configurable to your public body's FOI practice
  • Audit trail documenting each redaction decision and the Section number relied upon
  • Consistency across FOI officers within the same body — same exemption applied the same way

ComplyLoft automates the groundwork of FOI redaction. A qualified FOI officer must review, confirm, and sign off on all redactions before disclosure. ComplyLoft does not guarantee compliance.

Explore the Redaction ToolRequest a Demo

Frequently Asked Questions

Which public sector bodies are subject to FOI in Ireland?
The Freedom of Information Act 2014 applies to a broad range of public sector bodies in Ireland, including: government departments and offices of state; local authorities (city and county councils); the Health Service Executive (HSE) and hospital groups; universities and higher education institutions; semi-state bodies and state agencies; and certain other entities designated as public bodies by the Minister. Private bodies performing public functions may also fall within scope for specific functions.
What are the most common FOI exemptions in the public sector?
The most frequently applied exemptions under the FOI Act 2014 are: Section 28 (personal information about third parties), Section 29 (commercially sensitive information), Section 30 (functions of public bodies — investigations, audits, examinations), Section 31 (legal professional privilege), Section 32 (law enforcement), Section 33 (security, defence, and international relations), and Section 34 (government meetings and cabinet confidentiality). Section 28 is the most common by a wide margin, particularly in HSE and local authority FOI responses.
How long do public sector bodies have to respond to FOI requests?
Public bodies must acknowledge an FOI request within two weeks and issue a decision within four weeks of receipt. The four-week deadline can be extended by a further four weeks where the request involves a large number of records or requires extensive examination. If the body fails to respond within the deadline, the request is deemed refused and the requester can apply for an internal review, and then to the Information Commissioner if the review outcome is unsatisfactory.
What needs to be redacted in a public sector FOI response?
Before releasing records under FOI, public sector bodies must redact: personal information about third parties (Section 28), commercially sensitive information belonging to external parties (Section 29), information that would prejudice public body functions such as investigations or audits (Section 30), legally privileged communications (Section 31), law enforcement information (Section 32), and material covered by any other applicable exemption. Each redaction must be justified by reference to a specific section of the FOI Act.
How can public sector bodies automate FOI redaction?
Automated FOI redaction uses AI to identify exempt material across FOI document sets — personal data, commercially sensitive information, and content matching exemption categories. ComplyLoft applies consistent redaction rules across the full document set, generates an audit trail for each decision, and reduces FOI officer review time substantially. The FOI officer confirms or adjusts flagged redactions before the response is issued. This is particularly valuable for high-volume bodies like the HSE.

Scale Your FOI Response Capacity

Request a demo to see how ComplyLoft helps public sector FOI teams meet the four-week deadline with a defensible audit trail.

Request a Demo