Freedom of information and data protection

Guide to information available through the Commission’s Publication Scheme

The Freedom of Information (Scotland) Act 2002 requires Scottish public authorities to produce and maintain a publication scheme.  Authorities are under a legal obligation to:

  • publish the classes of information that they make routinely available
  • tell the public how to access the information and what it might cost.

The Commission has adopted the Model Publication Scheme produced and approved by the Scottish Information Commissioner on 29 March 2016.  The Model Publication Scheme is available here.

The purpose of this Guide to Information is to:

  • allow the public to see what information is available (and what is not available) in relation to each of the classes of information under the Model Public Scheme
  • state what charges may be applied for providing information
  • explain how to find the information easily
  • provide contact details for enquiries and to get help with accessing the information
  • explain how to request information we hold that has not been published.

This Guide is divided into the following sections:

  • Availability and formats
  • Exempt information
  • Charges for information
  • How to request information which has not been published
  • Contact us
  • Classes of information that we publish

Availability and formats

The information we publish through the Model Publication Scheme is, wherever possible, available on our website.  We offer alternative arrangements for people who do not want to, or cannot, access the information online or by inspection at our premises.  For example, we can usually arrange to send information to you in paper copy (although there may be a charge for this).

Exempt information

We will publish the information we hold that falls within the classes of information below.  If a document contains information that is exempt under Scotland’s freedom of information laws (for example sensitive personal information or a trade secret), we will remove or redact the information before publication and explain why.

Charges for information

Website – there is no charge for the information that is available on our website.

Email – there is no charge for information that is provided electronically.

Post – If you ask for information that is available on our website to be provided in paper format, it may be necessary to make a charge.  Each case is considered separately.  For example, there may be a charge of 10 pence per page if a large amount of photocopying is required, or if the cost of postage is high.  We would tell you how much it would cost to provide paper copies of the information you have requested.

How to request information which has not been published 

If the information you want is not available under the Publication Scheme, you have the right to request it from us.  The Freedom of Information (Scotland) Act 2002 gives you a right of access to the information we hold (whether we publish it or not), subject to certain exemptions.

For details on how to make a request for information, follow this link: Making a request under the Freedom of Information (Scotland) Act 2002.

Contact us

You can contact us for assistance in obtaining information:

Freedom of Information
Scottish Law Commission
140 Causewayside

Tel 0131 668 2131


We will also advise you how to ask for information that we do not publish or how to complain if you are dissatisfied with any aspect of this publication scheme.

Classes of information that we publish

We publish information that we hold within the following classes.  Once information is published under a class, we will continue to make it available for the current and previous two financial years. Where information has been updated or superseded, only the current version will be available.  If you would like to see previous versions, you may make a request to us for that information.

  • about the Commission
  • how we deliver our functions and services
  • how we take decisions and what we have decided
  • what we spend and how we spend it
  • how we manage our human, physical and information resources
  • how we procure goods and services from external providers
  • how we are performing
  • our commercial publications

Re-use of Commission information

The Re-Use of Public Sector Information Regulations 2015 (SI 2015/1415) came into force on 18 July 2015.  The 2015 Regulations implement Directive 2013/37/EU of the European Parliament and of the Council of 26 June 2013 (the 2013 Directive) (O.J. No. L175/1, 27.6.2013), which amends Directive 2003/98/EC on the re-use of public sector information (the 2003 Directive).

The Commission is a public body as defined in the Regulations and so must comply with the requirements of the Regulations.

Copyright and re-use of Commission information

The Commission makes its published information available under the terms of the Open Government Licence produced by the National Archives.  The Licence can be viewed at:

Where the Commission holds the copyright in its published information, the information may be copied or reproduced without formal permission, provided that:

  • it is copied or reproduced accurately
  • it is not used in a misleading context, and
  • the source of the material is identified

The material we publish is usually subject to Crown copyright.  You may re-use this information (excluding logos) free of charge in any format or medium, under the terms of the Open Government Licence.

Where the Commission does not hold the copyright in information we publish, we will make this clear.  Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

Re-use and data protection

Personal data may be accessible but that does not automatically make it re-usable.  It is the responsibility of the person re-using any personal data to comply with the Data Protection Act 1998.

Complaints relating to re-use of information

If you wish to make a complaint relating to re-use of the Commission’s information please write giving full details of your complaint to: The Chief Executive, Scottish Law Commission, 140 Causewayside, Edinburgh EH9 1PR or e-mail

Your complaint will be considered carefully and a response will be sent to you within 20 working days.

Data protection

Data Protection Act 1998

The Data Protection Act 1998 provides for the regulation of the processing of information relating to individuals including the obtaining, holding, use or disclosure of such information.  It concerns the security of personal information and the rights of individuals to access information held about them.

Under the 1998 Act an authority must only collect personal information which is needed to carry out its functions, must keep it secure and ensure that it continues to be relevant and up to date.  An authority must only hold as much personal information as it needs for business purposes and must not retain it any longer than is necessary for those purposes.  A person who is the subject of any information must be given access to it on request.

The Scottish Law Commission needs to collect, process and hold certain personal information in connection with carrying out its functions.  The Commission has a policy on handling personal data in line with the 1998 Act.  See our Data Protection Policy Statement.

Data protection principles

The Data Protection Act 1998 sets out 8 principles relating to personal data.  The principles are that-

(1)        personal data must be processed fairly and must not be processed unless certain conditions are met;
(2)        personal data must be obtained for specified and lawful purposes and must not be further processed in a manner which is incompatible with those purposes;
(3)        personal data must be adequate, relevant and not excessive in relation to the purposes for which they are processed;
(4)        personal data must be accurate and where necessary, kept up to date;
(5)        personal data must not be kept for longer than is necessary;
(6)        personal data must be processed in accordance with the rights of data subjects under the 1998 Act;
(7)        appropriate technical and organisational measures must be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data;
(8)        personal data must not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Meaning of “personal data” and “sensitive data”

Section 1(1) of the 1998 Act defines “personal data” as “data which relate to a living individual who can be identified-

(a)        from those data, or
(b)        from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.”

Certain personal data relating to an individual (“the data subject”) is subject to stricter regulation under the 1998 Act.  Section 2 of the 1998 Act defines the meaning of “sensitive personal data” as personal data consisting of information as to:

(a)        the racial or ethnic origin of the data subject;
(b)        his personal opinions;
(c)        his religious beliefs or other beliefs of a similar nature;
(d)        whether he is a member of a trade union;
(e)        his physical or mental health or condition;
(f)         his sexual life;
(g)        the commission or alleged commission by him of any offence;
(h)        any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.”

Registration with the Information Commissioner

The Commission is registered under the 1998 Act with the Information Commissioner, who is responsible for the protection of personal information across the UK.  The Information Commissioner maintains a Register of Data Controllers (

A copy of the Commission’s registration is available on the Information Commissioner's website at  Please enter the Commission’s name and address in the search box.

Making a subject access request

The Data Protection Act 1998 gives individuals who are the subject of personal data a right of access to personal data about them held by organisations.

You can request information that the Commission holds about you by making a Subject Access Request.  Your request must be in writing and should be sent to us

  • by e-mail to: 

  • or by post to:

Chief Executive
Scottish Law Commission
140 Causewayside
EH9 1PR.

As required by the 1998 Act, we will respond to your request within 40 calendar days of receiving it.