Introducing Freedom of Information, Data Protection and Records Management

Course Programme

Freedom of Information

• General introduction to the Act

• Your responsibilities

• College obligations

Data Protection

• General introduction to the Act

• The eight principles

• Your responsibilities

Course Programme

Records Management

• What is records management?

• Why is it important?

• Paper records

• Electronic records

• Storing records

• Retrieving records

Freedom of Information Act (FOIA)

The Act gives the public a general right of access to information held by public authorities.

Came into force on 1 January 2005

The Information Commissioners Office (ICO)

The ICO is the UK's independent public body set up to promote access to official information and protect personal information. The Ministry of Justice is the sponsoring department within the Government.

Responsibility for Freedom of Information at Imperial College

We are all responsible for ensuring we comply with the Freedom of Information Act

Central Secretariat - overall responsibility for FOI at Imperial

foi@imperial.ac.ukFreedom of Information OfficerLevel 4, Faculty BuildingImperial College LondonSouth KensingtonLondonSW7 2AZ

Archives and Corporate Records Unit provides assistance and training

Responsibility for Freedom of Information at Imperial College

Freedom of Information requests relating to Imperial College Healthcare NHS Trust should be forwarded to:

Director of communications

11th floor

Laboratory block

Charing Cross Hospital

Imperial College Healthcare NHS Trust

Fulham Palace Road

London W6 8RF

foi@imperial.nhs.uk

What is a Freedom of Information request?

• has to be in writing (includes email)

• does not have to state that it is a FOI request

• the applicant does not need to say why they require the information

• the applicant needs to provide an address for correspondence

Obligations in replying to a FOI request

• the college must respond within 20 working days of receiving the request in the format requested

• the applicant must be told whether the College holds the requested information and have the information communicated to them subject to exemptions

Exemptions

• there are a number of exemptions that exist in the Act which permit the College to neither confirm or deny that information requested is held

• the college can also be exempt if the cost of gathering the information will exceed the ‘appropriate limit’

• vexatious or repeated requests.

BUT

In general the College should aim to release requested information

What to do if you receive a FOI request

• if you receive any kind of request that specifically mentions FOI immediately forward it to Central Secretariat

• if you are unsure whether a request is an FOI request you should also contact the Central Secretariat

• answer all routine requests for information in the normal way

• treat any requests for assistance with answering an FOI enquiry from Central Secretariat with high priority

e-mail: foi@imperial.ac.uk

Is it a Freedom of Information request?

Does the request mention the Freedom of Information Act?

No

Do you or your team have the information requested?

Do you wish to answer the request?

Yes

Yes

Are you certain there are no problems with releasing the information? E.g. personal data, confidential information commercially sensitive

Yes

Answer the request as part of normal College business

Yes

Forward the request immediately to the Central Secretariat

Email address: foi@imperial.ac.uk

No

No

No

Publication Scheme

A further requirement of the FOIA is that Imperial College maintains an updated Publication Scheme. A publication scheme is a commitment by a public authority to make certain information available, and a guide to how that information can be obtained.

http://www3.imperial.ac.uk/legalservicesoffice/foi/publicationscheme

Environmental information guide

The Environmental Information Regulations give the public the right to obtain information about the environment held by public authorities, unless there are good reasons to keep it confidential.

The request can be made by letter, email, telephone or in person. It needs to be answered within 20 working days.

Environmental information includes:

• the state of the elements of the environment, such as air, water, soil, land, fauna (including human beings)

• emissions and discharges, noise, energy, radiation, waste and other such substances

• measures and activities such as policies, plans, and agreements affecting or likely to affect the state of the elements of the environment

Data Protection Act

The Data Protection Act requires all organisations which handle personal information to comply with a number of important principles regarding privacy and disclosure.

The Act states that anyone who processes personal information must comply with eight principles.

The Act also allows people to find out what personal information is held about them by making a subject access request. This covers information held electronically and in paper records.

What data is covered by the DPA?

The Act defines personal data as any data that can be attributable to a living individual, and does not have to include name, address, date of birth or sex. 

E.g.:• completed application forms• staff bank account details held on Imperial’s computer system or paper filing system

The Data Protection Act also specifically mentions ‘sensitive’ information:• racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health information, sexuality, criminal convictions

The Eight Principles

Anyone who processes personal information must comply with eight principles which make sure that personal information is:

1. fairly and lawfully processed

2. processed for limited purposes

3. adequate, relevant and not excessive

4. accurate and up to date

The Eight Principles

5. not kept for longer than is necessary

6. processed in line with your rights

7. secure

8. not transferred to other countries without adequate protection

Subject access requests

Should you receive a subject access request immediately forward it to Central Secretariat as the College must respond within 40 calendar days.

You may have to assist in locating records involved in a data subject access request.

You must not destroy any records that relate to the data subject after a subject access request has been received.

What happens if we do not follow Information legislation

A member of the public (e.g. staff or student) can complain to the Information Commissioner’s Office about Imperial College if:

• they do not believe their Freedom of Information request or their Data Protection subject access request was handled / answered appropriately

• they think we have breached the DPA in the way that we hold and handle personal information

www.ico.org.uk

What are Records?

Records are created in the course of work, and are evidence of organisational or individual functions, activities and transactions.

Records do not have to be paper – they can be digital records (such as email), photographs, films, voicemail...

What is Records Management?

Records management is the systematic control of all records (irrespective of the media format) from creation, use, reproduction, to final disposition.

Current records

Records which are being regularly used (referred to or updated) for the conduct of business

Semi-current records

Records whose business value has declined, but which may still be referred to on an irregular basis (typically stored away from the work area)

Non-current records

Records which have little or no business value, though they may be used for other purposes, such as historical research

Benefits of good records management

• helps to comply with Information Legislation

• saves space

• ensures information can be accessed easily and remains readable

• helps to protect Imperial by ensuring records remain authentic and retain their evidential value

• increases efficiency and effectiveness

• provides continuity in the event of a disaster

• saves money

• helps to identify records of historical or cultural importance to the College and/or Society

ReMAS Programme

ReMAS (Records Management and Archive Storage) is the College Records Management programme. As part of the ReMAS programme ACRU:

• provides storage for semi-current and non-current records

• provides guidance and training

• identifies archival material

Managing paper records

It is important to keep your paper records in good order and in ensure they are stored in a secure environment.

• draw up file plans and ensure they are made available to all staff who may require access to the records

• explain the filing system to all new staff or temporary staff as part of their induction programme

• give all file titles a descriptive title and avoid using acronyms

• remember to date and title all documents that are filed

Document removal slips

Always indicate that a file/document has been removed by leaving a completed removal slip in its place. It is useful to complete two slips and keep one copy with the removed file.

Removed by: A. Smith

Department: ACRU

Extension: 12345

File / Box removed title: Joe Bloggs staff file

Storage location: Cabinet 3, drawer 2

Temporary location: Currently with B. Jones

Weeding files

Ideally files (both paper and electronic) should be weeded regularly of unnecessary papers and documents.

Consult the retention schedule or contact ACRU if you are unsure whether something can be disposed of.

Disposal of records

Consult the College Retention Schedule to ascertain how long records should be kept for and dispose of (or delete) records accordingly and in the appropriate manner.

College Retention Schedule:

http://www3.imperial.ac.uk/recordsandarchives/recordsmanagement/retschedule

Dispose of records of a sensitive, personal or confidential manner as confidential waste (contact Estates Facilities for assistance).

Managing electronic records

Security and access

Where it is useful for other members of staff to have access to records it is recommended that shared networks are set up within departments.

Folder structure

Develop a logical and simple folder structure – avoid too many layers. Explain structure to new staff.

Naming documents and folders

Develop departmental naming conventions and terminology and avoid acronyms. Document names should be descriptive.

Managing electronic records

Metadata

Capture details concerning the context of the records when they are created (recorded by using the properties field in MS Office)

Preservation

Think about the preservation of electronic documents – they may need migrating onto new software. Snapshots of databases should be taken periodically. Sometimes it is best to print it onto paper.

Destruction

Regularly review the electronic records under your control – destroy in the appropriate manner.

Encryption

http://www3.imperial.ac.uk/ict/services/security/helpandadvice/sensitivedata/supportedencryption

Storing records

ACRU manages a number of stores for semi-current or non-current records – space is very limited

Main stores

Mainly contain Student, Research, HR and Finance records that need to accessed occasionally

Additional store

Mainly holds clinical trial data and other records with long retentions but that are rarely needed.

Transferring records to central storage

Procedure for transferring records:

1. Contact ACRU: acru@imperial.ac.uk – provide details of what you wish to send, the quantity and how long the files/boxes require storage

2. On approval you will be issued a ‘transfer number’ eg. ABCDE2014/004

3. Pack, list onto a transfer form and label boxes as directed in ACRU’s guidance: http://www3.imperial.ac.uk/recordsandarchives/recordsmanagement/transfers

4. Contact ACRU for collection

Accessing records

You can retrieve records stored in the Main Stores:

Collect key from ACRU – room Level 4 Sherfield Building

ACRU maintains a location guide to the shelf locations of boxes

Mark that you have removed a box or file by completing a document removal slip

When accessing records think about Health and Safety

ACRU Retrieval Service

ACRU provides a retrieval service for staff who are unable to retrieve records themselves (for example they are based at another campus).

Retrieved items will be sent in the internal post or delivered in person.

You will be issued with a loan form.

Any questions?