Understanding The Freedom Of Information Act: What Australian Businesses Need To Know

In Australia’s connected economy, information moves quickly - especially when you work with government. If an agency receives a Freedom of Information (FOI) request that touches your contracts, emails or reports, your business can be drawn into the process even if you’re not the one receiving the request.

That can feel daunting, but with the right awareness and preparation, FOI doesn’t need to be disruptive. In this guide, we’ll explain how the FOI system works, when it could affect your business, the key exemptions that protect confidential information, and the practical steps you can take now to reduce risk and protect your reputation.

Our goal is to help you feel confident about your rights and responsibilities so you can respond quickly and keep focusing on running your business.

What Is The Freedom Of Information Act (And Which Laws Apply)?

FOI laws give people the right to access documents held by government bodies. In Australia, there isn’t just one FOI regime - there are several.

• The Freedom of Information Act 1982 (Cth) applies to Australian Government (Commonwealth) departments, agencies and ministers.
• Each state and territory has its own FOI-style law for state and local government (for example, GIPA in NSW, RTI in Queensland and similar regimes elsewhere).

This article focuses on the Commonwealth FOI Act. Even so, the way requests are handled - and the protections for business information - are conceptually similar across jurisdictions. If you deal primarily with state or local government, expect a separate but comparable process under that state’s legislation.

Most private businesses aren’t directly subject to FOI. Instead, FOI applies to the government agency that holds the document. Your business becomes involved when your information is within those government-held documents - for example, in tenders, contracts, invoices, emails or reports you’ve provided to an agency.

When Can FOI Affect Your Business?

Private sector organisations most commonly encounter FOI in the following scenarios.

• Government procurement and contracts. Documents about your tenders, pricing, milestone reports and performance evaluations often sit on an agency’s file and can be requested. Strong contract management and contract review practices help you understand how your information may be handled.
• Third party business information. If an agency holds your commercially sensitive information, it may consult you before deciding whether to release any part of it. You’ll usually have the opportunity to explain why particular content should be withheld under an exemption.
• Personal information. If you’ve provided personal information about clients or employees to a government body, those details could also be captured by an FOI request. Privacy exemptions and redactions often apply, but they are assessed case by case. Having a clear Privacy Policy and strong data minimisation practices reduces exposure.
• Subcontractors and partners. Information about subcontractors or consortia members on government projects can appear in agency documents and be caught by requests.

It’s important to note: confidentiality markings, NDAs and contract clauses are helpful context, but they do not automatically prevent release under FOI. Agencies must apply the FOI Act’s tests - including the public interest - and then decide. Your submissions can still carry significant weight if they squarely address the legal criteria.

What Information Can Be Released (And What Is Exempt)?

FOI covers “documents” of any kind held by an agency - paper or digital - including emails, spreadsheets, reports, contracts, invoices, audio or video files and databases. For businesses working with government, that commonly includes:

• tender responses and pricing schedules
• contracts, variations and statements of work
• invoices, purchase orders and delivery records
• status reports, performance reviews and meeting minutes
• email correspondence with government staff and ministers’ offices

Not everything requested will be released. The Commonwealth FOI Act includes exemptions and “conditional exemptions” that protect important interests. For business information, key provisions include:

• Trade secrets (absolute exemption). Documents that would disclose genuine trade secrets are exempt.
• Business affairs (conditional exemption). Information about a person’s or organisation’s business or professional affairs may be conditionally exempt where disclosure would, or could reasonably be expected to, cause an unreasonable adverse effect on those affairs (this often covers commercially sensitive pricing, methodologies or supply chains). Because it’s conditional, a public interest test still applies.
• Confidential communications (conditional exemption). Information given in confidence may be conditionally exempt where disclosure would found an action for breach of confidence.
• Personal privacy (conditional exemption). Personal information about individuals may be conditionally exempt; agencies usually consider redacting names or other identifiers where appropriate.

Other exemptions may also be relevant depending on the document (for example, Cabinet material or legal professional privilege). Where a conditional exemption applies, the agency must weigh competing public interest factors to decide whether release is appropriate.

Be aware that many agencies maintain a public “disclosure log” of documents they release under FOI. If your information is released (even in part), it may later be published online - another reason to carefully frame submissions during consultation.

How FOI Consultations Work: A Step-By-Step Overview

Here’s the typical flow when an FOI request captures your business information held by a Commonwealth agency.

1. Request received and documents identified. The agency locates documents within scope. If it finds content about your business that may engage exemptions (e.g. business affairs), it will usually consult you as a “third party”.
2. Consultation notice sent to you. The agency will ask for your views on release of specific documents or passages. It will set a short, defined response period. These timeframes can be tight, so it’s important to act quickly.
3. Your submissions. You provide clear, targeted reasons why specific material should be withheld, referencing relevant exemptions (for example, business affairs or breach of confidence) and explaining the commercial harm that could reasonably be expected from disclosure. It’s helpful to explain what could be released too, to support partial access where appropriate.
4. Agency decision. The agency assesses your submissions, applies the exemptions and any public interest test, and decides whether to release, redact or withhold documents in full.
5. Review rights. If you disagree with a decision to release information that affects you, you can usually seek internal review by the agency and then an external review by the Office of the Australian Information Commissioner (and, in some cases, further merits review by a tribunal). Acting promptly is critical because review timeframes are strict.

Two practical points to keep in mind:

• Precision matters. General statements that information is “confidential” carry less weight than specific, evidence-based explanations of the harm that would likely flow from release (e.g. how a competitor could use a price build-up to undercut future tenders).
• Contracts help frame, not determine, outcomes. Clauses that mark information as “commercial-in-confidence” and procurement guidance within your government contract are relevant context. However, they don’t override the FOI Act, and agencies still make their own legal assessment. It’s wise to keep contract controls tight and revisit options before renewal or expiry - you can consider your contract expiring options well in advance.

Practical Steps To Manage FOI Risk

FOI is manageable when you prepare early. These steps will help you reduce risk and respond with confidence if an agency consults you.

1) Build FOI Awareness Into Your Government Work

• Assume anything you provide to government could later be requested.
• Limit inclusion of sensitive detail to what’s genuinely necessary (especially in emails and status reports).
• Use clear headings and segmentation so sensitive material can be easily isolated and redacted if needed.

2) Strengthen Contracts And Document Controls

• Include well-drafted confidentiality and commercial-in-confidence provisions in your government contracts, and make sure your teams follow them in practice. A periodic contract review helps keep terms up to date with procurement requirements.
• When providing sensitive information, mark it as confidential where appropriate and explain why (for example, “contains non-public pricing methodology and supplier margins”).
• Keep records of when and how confidential information was supplied to the agency - this helps when explaining context during an FOI consultation.

3) Organise Information For Fast Responses

• Maintain a central register of government engagements, including where sensitive information was provided and who signed off.
• Tag documents that contain commercially sensitive material so they’re easy to identify.
• Nominate a contact person (and backup) who can coordinate FOI consultations quickly across legal, commercial and account teams.

4) Lift Your Privacy And Security Baseline

• If you handle personal information, ensure you have a current, tailored Privacy Policy and staff understand data minimisation and redaction basics.
• Adopt an Information Security Policy so sensitive data is stored and shared with government securely and consistently.
• Have a Data Breach Response Plan so you can act quickly if information is compromised (separate to FOI, but part of good information governance).

5) Prepare For Consultations Before They Arrive

• Draft playbooks and template submissions explaining potential harm from disclosure for recurring categories (e.g. pricing build-ups, supplier lists, proprietary methodologies).
• Keep example evidence handy (like proof of non-public status or competitive sensitivity) so you can substantiate claims quickly.
• If you’re ever unsure where “confidentiality” ends and “privacy” begins, a short internal training session using real examples - and a refresher on the difference between privacy and confidentiality - can avoid confusion later.

Key Legal Documents To Support FOI Compliance

FOI is ultimately about documents. Having the right legal instruments in place helps you control how information is shared and handled throughout its lifecycle.

• Non-Disclosure Agreement (NDA). Use an Non-Disclosure Agreement when discussing sensitive proposals with government or its consultants before a formal procurement process kicks off. NDAs won’t override FOI, but they set expectations and can support a claim that information was provided in confidence.
• Privacy Policy. A tailored Privacy Policy explains how you collect, use and share personal information, and guides your team on what to provide to agencies.
• Information Security Policy. An Information Security Policy standardises how sensitive documents are created, stored, labelled and transmitted - making later redaction or consultation far simpler.
• Government contract schedules and confidentiality clauses. Ensure schedules clearly identify confidential material, handling requirements and notice obligations before disclosure. If your arrangements are evolving, consider a proactive contract review before major milestones or renewals.
• Internal guidance notes. Short, plain-English playbooks for bid teams and account managers on what to mark as confidential, how to label documents, and who to notify if an FOI consultation arrives.

Not every business will need all of these from day one, but most organisations working with government will benefit from several of them. Getting these foundations right makes any FOI consultation faster and less stressful.

Key Takeaways

• FOI laws allow access to documents held by government; for Commonwealth matters, the Freedom of Information Act 1982 (Cth) applies, and separate state regimes cover state and local government.
• Your business isn’t directly subject to FOI, but your information in government-held documents can be - especially tenders, contracts, emails and performance material.
• Confidentiality markings and contract clauses help, but they don’t automatically prevent release; agencies must apply the FOI Act’s exemptions and public interest tests.
• Key protections include exemptions for trade secrets, business affairs, confidential information and personal privacy; clear, evidence-based submissions carry the most weight.
• Prepare early: organise sensitive information, strengthen contracts, train staff, and set up privacy and security policies so you can respond quickly to consultations.
• Documents like a Non-Disclosure Agreement, Privacy Policy and Information Security Policy support good information governance and make FOI responses smoother.

If you’d like a consultation on managing FOI risks or need help with contracts, confidentiality or privacy in your business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.