Freedom of Information Staff Guide: Records Management and FoI
- The need for records management
- Things to consider when creating records
- Things to consider when holding/keeping records
- Maintain a clear distinction between your personal files and departmental files
- Organise your records according to a filing scheme which reflects your business functions and activities
- Don't keep records for longer than necessary - but destroy them in an orderly way
- Keep records secure
- Contact the Information Compliance Manager if you need assistance
In order for SOAS to meet its obligations under the Freedom of Information Act and the Environmental Information Regulations, it is essential that we manage our records effectively. The reasons for this are not difficult to understand:
- We have to be able to find information when it's requested. If it subsequently emerges that we held the information but failed to release it because we were unable to locate the relevant records, that will be both embarassing and, strictly speaking, a breach of the legislation.
- Information should not be kept for longer than necessary. The Freedom of Information Act and the Environmental Information Regulations apply to old and defunct records as well as current information. Keeping records for longer than necessary increases the School's liability under FoI and EIR.
Good records management is also essential for business efficiency, and to meet the requirements of other legislation. For example, the Data Protection Act lays down strict rules on how information about living individuals should be managed: personal data must be kept secure and up-to-date, and must not be retained for longer than is required by the purpose for which the data were gathered (for further information on the Data Protection Act, see the School's Data Protection Policy). The School's effectiveness will be impeded and operating costs increased if we are unable to find vital information, if information is duplicated unnecessarily, or if records are retained in filing cabinets and storage areas beyond their useful life span.
The link between information rights and information management is recognised by the legislation. The government has issued a Records Management Code under the Freedom of Information Act stipulating the policies, procedures and systems which public authorities are expected to have in place to manage their records in accordance with FoI. Although it is not legally binding, we are expected to abide by the Code. If a public authority conspicuously fails to do so, the Information Commissioner can investigate its practices and can issue a Practice Recommendation specifying what it should do to come up to the standard.
SOAS's Freedom of Information Policy commits the School to developing a records management programme with the goal of meeting the requirements of the Records Management Code. This commitment is reinforced in the School's Records Management Policy. The records management programme will include an information audit of the School to locate important series of records, gather information about them and use that information to develop records management standards and tools (see About the SOAS Information Audit). As training and detailed guidance on records management is developed, it will be placed on the School's Records Management web pages. In the interim, this page is designed to supplement these resources by flagging up issues particular to Freedom of Information, Environmental Information and Data Protection which need to be considered when creating and keeping records. For the purpose of this guidance, a "record" is any form of recorded information, in whatever format - that is, the type of information which can potentially be the subject of an information request.
Remember, above all, that:
- The information could be requested under the Freedom of Information Act or the Environmental Information Regulations. If no valid limit or exemption applies, it will have to be released.
- If the information relates to an individual, that person may gain access to it under the Data Protection Act.
- Details could be released many years later, at a time when you won't be available to explain why things were done the way they were.
- Release of information which shows the School's employees making inappropriate comments will be embarassing, and could result in legal action.
Record creation needs to be carried out responsibly, and with a view to the possibility that the information may eventually pass into the public domain. This section gives guidance on some questions relating to the creation of records that raise particular concerns.
Records need to present a complete picture of the events, decisions or actions which they document. If the information is incomplete, it may be difficult to understand when or why something happened, how a decision was made, or the chain of events leading up to an action. This not only reduces the effectiveness of the record - it could also lead to confusion, suspicion or unjustified allegations if the information has to be released. It's therefore important that files and other records should contain all of the information which is relevant for the purpose for which the record was created.
Emails can be a particular problem, as it can tempting to treat them as ephemeral and to fail to save them or print them out. Emails are as much a form of correspondence as letters or memoranda; some are ephemeral, but others may be used to make vitally important decisions. Relevant emails either need to be preserved alongside the other electronic documents relating to a particular subject, or printed out and added to the file if you keep records primarily in paper form.
Completeness and relevance are opposite sides of the same coin. Records should contain no more than the information which is necessary for the purpose for which the record was created. Extraneous information should not be added. Files tend to stray from their subject matter over time; to avoid this, create a new file rather than adding papers to a file to which they are not directly related. Files should be created for a clear, specific topic, and information only added which relates to that topic.
As a general rule, only the final form of a document should be retained on file - draft documents should be destroyed once the final document has been approved. Keeping drafts can cause confusion, particularly if it is not clear what is the draft and what is the final form. The only exception to this is drafts relating to major policy decisions or major projects, where there may subsequently be a need to trace significant changes in approach.
Care should always be taken when expressing personal opinions in documents, particularly opinions about other individuals. Expressions of opinion about an individual and of intentions towards them are personal data, and may have to be disclosed to that person under the Data Protection Act. The following are some points that you should consider before including your personal views in a letter, email or other communication:
- Make sure that your comments are relevant. For example, if a request for a reference asks you to answer certain questions, do not volunteer opinions or views that go beyond those questions. Do not express opinions just for their own sake.
- Keep a clear distinction between matters of fact and opinions - do not express opinions as if they were facts. "I believe that he is a good employee" is clearly an opinion, but "he is a good employee" is a statement of fact.
- Do not express opinions which you cannot defend on the basis of evidence or facts. If challenged, you should be prepared to produce something to demonstrate the validity of your opinion.
- Do not express opinions about areas which you are not qualified to speak about, or about which you do not have all the facts.
- If you find yourself writing something in anger - stop and reflect. Hasty responses sent in anger can be a particular problem with emails. Remember that defamatory comments made in an email are just as embarassing and actionable as comments made in a letter.
- Insulting and derogatory comments, and personal attacks on individuals or groups are unacceptable in any context - and may lead to disciplinary action. Such comments are likely to contravene the School's Harassment Policy, and other policies and codes of conduct, and will not be tolerated.
References will typically contain opinions about the individual who is the subject of the reference. While this is usually a necessary part of the process of writing a reference, the above points should be borne in mind. Staff who are asked to write references should ensure that they conform to the School's Staff References Policy. References can, in certain circumstances, be disclosed to the person who is the subject of the reference: see the SOAS's Data Protection Policy for further information.
Agendas and minutes can potentially be the subject of requests under the Freedom of Information Act, the Environmental Information Regulations or the Data Protection Act. Since much committee business is routine and non-contentious, it is in the School's interests to publish agendas and minutes as far as possible, to reduce the likelihood of information being requested.
Agendas and minutes are often divided into "open" and "reserved" items, based on sensitivity. This can be a very useful way of helping the School to meet its obligations under information rights legislation, if it is done with Freedom of Information and Environmental Information in mind. In particular:
- "Open" items should cover non-sensitive information which would be released if it was the subject of a Freedom of Information or Environmental Information request. This will make it easier to publish open agendas and minutes, e.g. on the website.
- "Reserved" items should cover information which would usually be exempt under the Freedom of Information Act or Environmental Information Regulations. This information will not be published. Reserved agendas and minutes can still be requested under FoI and EIR, but are less likely to be released (and requests will be dealt with on a case by case basis).
Guidance has been developed to help committee secretaries divide agendas and minutes into open and reserved business, taking into account Freedom of Information and Data Protection considerations: see Freedom of Information and Data Protection: Guidance for Committee Servicing. Further guidance is available in Role of a committee secretary.
Open minutes and agendas of Governing Body and other School committees are published on the Committees pages of the SOAS website (initially restricted to staff only for one year), and are included in the School's Freedom of Information Publication Scheme.
Detailed guidance and procedures on record keeping will be developed by the School and disseminated to staff on the Records Management web pages (see The need for records management). This section provides some common sense advice on record keeping issues that, if followed, will help the School to meet its obligations under information legislation.
Everyone keeps their own personal files, and there’s nothing wrong with that provided you aren't filing away information which your colleagues may also need to access. Keeping 'group' information in personal files presents a number of problems:
- Your colleagues are less likely to be aware of the existence of the information or to benefit from it.
- It will be harder for others to carry on your work or answer information requests when you are away.
- Personal filing systems encourage duplication (everyone keeps copies of the same thing), and hence inefficiency.
Personal files should be primarily reference material and 'works in progress' (e.g. drafts). As a general rule of thumb, if the file relates to something which other people may need to know about, keep it in a common filing system which you share with other people in your department rather than with your own papers.
3.2 Organise your records according to a filing scheme which reflects your business functions and activities
A subject classification scheme based on the business functions which your department carries out, and the activities relating to those functions, is the recommended way of organising paper files - and can also be applied to electronic folders. The JISC has developed a Business Classification Scheme which identifies the functions and activities which typically characterise HE institutions. The Classification Scheme can be used as the basis for filing schemes. Institutions are meant to adapt it to their own needs, e.g. by adding lower level categories and using it to produce schemes for specific departments. Until this is implemented at SOAS as part of the records management programme, departments who wish to review their filing schemes are recommended to use the JISC model, and to contact the Information Compliance Manager for assistance (see 3.5).
Keeping information for longer than it's required increases the School's liability to Freedom of Information requests, and will be contrary to the Data Protection Act if the information is personal data (see The need for records management). At the same time, in order to avoid allegations of improper destruction or "covering up", it is important that records are destroyed according to established procedures rather than on an ad hoc basis. This will also ensure that records which do have long-term or even historical value are preserved and not destroyed by mistake.
A top-level records retention schedule has been developed for SOAS covering the School's major series of records, i.e. focusing on those which the School generates in large quantities. The schedule specifies how long classes of records should be kept, and what happens at the end of the record's retention period. The retention schedule will be developed and extended as SOAS's records management programme progresses. It is based in part on the model Records Retention Schedule which has been developed by the JISC as a benchmark for the HE sector (the Schedule is organised according to the JISC's model Business Classification Scheme - see 3.2). Advice on records retention is available from the Information Compliance Manager (see 3.5).
Records which may contain sensitive or confidential information need to be protected from unauthorised access. This is particularly important where the information consists of personal data about individuals, as the Data Protection Act requires us to protect personal data against unauthorised access or accidental loss or destruction.
Staff are advised to consult the section in SOAS's Data Protection Policy which provides guidance on how to how to keep paper and electronic information secure to meet the requirements of Data Protection. The same general principles can be applied to other types of sensitive records. Detailed guidance about the security of electronic information is also provided in the School's IT Policies and Procedures (see the Data Protection Policy for relevant sections).
The Information Compliance Manager can provide advice and assistance on records management issues, and on the School's obligations under Freedom of Information, Environmental Information and Data Protection. The Information Compliance Manager can be contacted at:
Information Compliance Manager
C4, SOAS Library
London WC1H 0XG
Telephone: +44 (0)20 7898 4150
Fax: +44 (0)20 7898 4159
Last updated May 2008