1 / 34

Introducing Freedom of Information, Data Protection and Records Management

Introducing Freedom of Information, Data Protection and Records Management. Course Programme. Freedom of Information General introduction to the Act Your responsibilities College obligations Data Protection General introduction to the Act The eight principles Your responsibilities.

ian-hayden
Télécharger la présentation

Introducing Freedom of Information, Data Protection and Records Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introducing Freedom of Information, Data Protection and Records Management

  2. Course Programme • Freedom of Information • General introduction to the Act • Your responsibilities • College obligations • Data Protection • General introduction to the Act • The eight principles • Your responsibilities

  3. Course Programme • Records Management • What is records management? • Why is it important? • Paper records • Electronic records • Storing records • Retrieving records

  4. Freedom of Information Act (FOIA) • The Act gives the public a general right of access to information held by public authorities. • Came into force on 1 January 2005 • The Information Commissioners Office (ICO) • The ICO is the UK's independent public body set up to promote access to official information and protect personal information. The Ministry of Justice is the sponsoring department within the Government.

  5. Responsibility for Freedom of Information at Imperial College • We are all responsible for ensuring we comply with the Freedom of Information Act • Central Secretariat - overall responsibility for FOI at Imperial • foi@imperial.ac.uk • Freedom of Information OfficerLevel 4, Faculty BuildingImperial College LondonSouth KensingtonLondonSW7 2AZ • Archives and Corporate Records Unit provides assistance and training

  6. Responsibility for Freedom of Information at Imperial College • Freedom of Information requests relating to Imperial College Healthcare NHS Trust should be forwarded to: • Director of communications • 11th floor • Laboratory block • Charing Cross Hospital • Imperial College Healthcare NHS Trust • Fulham Palace Road • London W6 8RF • foi@imperial.nhs.uk

  7. What is a Freedom of Information request? • has to be in writing (includes email) • does not have to state that it is a FOI request • the applicant does not need to say why they require the information • the applicant needs to provide an address for correspondence

  8. Obligations in replying to a FOI request • the college must respond within 20 working days of receiving the request in the format requested • the applicant must be told whether the College holds the requested information and have the information communicated to them subject to exemptions

  9. Exemptions • there are a number of exemptions that exist in the Act which permit the College to neither confirm or deny that information requested is held • the college can also be exempt if the cost of gathering the information will exceed the ‘appropriate limit’ • vexatious or repeated requests. • BUT • In general the College should aim to release requested information

  10. What to do if you receive a FOI request • if you receive any kind of request that specifically mentions FOI immediately forward it to Central Secretariat • if you are unsure whether a request is an FOI request you should also contact the Central Secretariat • answer all routine requests for information in the normal way • treat any requests for assistance with answering an FOI enquiry from Central Secretariat with high priority • e-mail: foi@imperial.ac.uk

  11. Does the request mention the Freedom of Information Act? Yes No Do you or your team have the information requested? No Yes No Do you wish to answer the request? Yes Are you certain there are no problems with releasing the information? E.g. personal data, confidential information commercially sensitive No Yes Forward the request immediately to the Central Secretariat Email address: foi@imperial.ac.uk Answer the request as part of normal College business Is it a Freedom of Information request?

  12. Publication Scheme • A further requirement of the FOIA is that Imperial College maintains an updated Publication Scheme. A publication scheme is a commitment by a public authority to make certain information available, and a guide to how that information can be obtained. • http://www3.imperial.ac.uk/legalservicesoffice/foi/publicationscheme

  13. Environmental information guide • The Environmental Information Regulations give the public the right to obtain information about the environment held by public authorities, unless there are good reasons to keep it confidential. • The request can be made by letter, email, telephone or in person. It needs to be answered within 20 working days. • Environmental information includes: • the state of the elements of the environment, such as air, water, soil, land, fauna (including human beings) • emissions and discharges, noise, energy, radiation, waste and other such substances • measures and activities such as policies, plans, and agreements affecting or likely to affect the state of the elements of the environment

  14. Data Protection Act • The Data Protection Act requires all organisations which handle personal information to comply with a number of important principles regarding privacy and disclosure. • The Act states that anyone who processes personal information must comply with eight principles. • The Act also allows people to find out what personal information is held about them by making a subject access request. This covers information held electronically and in paper records.

  15. What data is covered by the DPA? • The Act defines personal data as any data that can be attributable to a living individual, and does not have to include name, address, date of birth or sex.  • E.g.: • completed application forms • staff bank account details held on Imperial’s computer system or paper filing system • The Data Protection Act also specifically mentions ‘sensitive’ information: • racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health information, sexuality, criminal convictions

  16. The Eight Principles • Anyone who processes personal information must comply with eight principles which make sure that personal information is: • 1. fairly and lawfully processed • 2. processed for limited purposes • 3. adequate, relevant and not excessive • 4. accurate and up to date

  17. The Eight Principles • 5. not kept for longer than is necessary • 6. processed in line with your rights • 7. secure • 8. not transferred to other countries without adequate protection

  18. Subject access requests • Should you receive a subject access request immediately forward it to Central Secretariat as the College must respond within 40 calendar days. • You may have to assist in locating records involved in a data subject access request. • You must not destroy any records that relate to the data subject after a subject access request has been received.

  19. What happens if we do not follow Information legislation • A member of the public (e.g. staff or student) can complain to the Information Commissioner’s Office about Imperial College if: • they do not believe their Freedom of Information request or their Data Protection subject access request was handled / answered appropriately • they think we have breached the DPA in the way that we hold and handle personal information • www.ico.org.uk

  20. What are Records? • Records are created in the course of work, and are evidence of organisational or individual functions, activities and transactions. • Records do not have to be paper – they can be digital records (such as email), photographs, films, voicemail...

  21. What is Records Management? • Records management is the systematic control of all records (irrespective of the media format) from creation, use, reproduction, to final disposition. • Current records • Records which are being regularly used (referred to or updated) for the conduct of business • Semi-current records • Records whose business value has declined, but which may still be referred to on an irregular basis (typically stored away from the work area) • Non-current records • Records which have little or no business value, though they may be used for other purposes, such as historical research

  22. Benefits of good records management • helps to comply with Information Legislation • saves space • ensures information can be accessed easily and remains readable • helps to protect Imperial by ensuring records remain authentic and retain their evidential value • increases efficiency and effectiveness • provides continuity in the event of a disaster • saves money • helps to identify records of historical or cultural importance to the College and/or Society

  23. ReMAS Programme • ReMAS (Records Management and Archive Storage) is the College Records Management programme. As part of the ReMAS programme ACRU: • provides storage for semi-current and non-current records • provides guidance and training • identifies archival material

  24. Managing paper records • It is important to keep your paper records in good order and in ensure they are stored in a secure environment. • draw up file plans and ensure they are made available to all staff who may require access to the records • explain the filing system to all new staff or temporary staff as part of their induction programme • give all file titles a descriptive title and avoid using acronyms • remember to date and title all documents that are filed

  25. Document removal slips • Always indicate that a file/document has been removed by leaving a completed removal slip in its place. It is useful to complete two slips and keep one copy with the removed file. Removed by:A. Smith Department: ACRU Extension:12345 File / Box removed title: Joe Bloggs staff file Storage location: Cabinet 3, drawer 2 Temporary location: Currently with B. Jones

  26. Weeding files • Ideally files (both paper and electronic) should be weeded regularly of unnecessary papers and documents. • Consult the retention schedule or contact ACRU if you are unsure whether something can be disposed of.

  27. Disposal of records • Consult the College Retention Schedule to ascertain how long records should be kept for and dispose of (or delete) records accordingly and in the appropriate manner. • College Retention Schedule: • http://www3.imperial.ac.uk/recordsandarchives/recordsmanagement/retschedule • Dispose of records of a sensitive, personal or confidential manner as confidential waste (contact Estates Facilities for assistance).

  28. Managing electronic records • Security and access • Where it is useful for other members of staff to have access to records it is recommended that shared networks are set up within departments. • Folder structure • Develop a logical and simple folder structure – avoid too many layers. Explain structure to new staff. • Naming documents and folders • Develop departmental naming conventions and terminology and avoid acronyms. Document names should be descriptive.

  29. Managing electronic records • Metadata • Capture details concerning the context of the records when they are created (recorded by using the properties field in MS Office) • Preservation • Think about the preservation of electronic documents – they may need migrating onto new software. Snapshots of databases should be taken periodically. Sometimes it is best to print it onto paper. • Destruction • Regularly review the electronic records under your control – destroy in the appropriate manner. • Encryption • http://www3.imperial.ac.uk/ict/services/security/helpandadvice/sensitivedata/supportedencryption

  30. Storing records • ACRU manages a number of stores for semi-current or non-current records – space is very limited • Main stores • Mainly contain Student, Research, HR and Finance records that need to accessed occasionally • Additional store • Mainly holds clinical trial data and other records with long retentions but that are rarely needed.

  31. Transferring records to central storage • Procedure for transferring records: • 1. Contact ACRU: acru@imperial.ac.uk – provide details of what you wish to send, the quantity and how long the files/boxes require storage • 2. On approval you will be issued a ‘transfer number’ eg. ABCDE2014/004 • 3. Pack, list onto a transfer form and label boxes as directed in ACRU’s guidance: http://www3.imperial.ac.uk/recordsandarchives/recordsmanagement/transfers • 4. Contact ACRU for collection

  32. Accessing records • You can retrieve records stored in the Main Stores: • Collect key from ACRU – room Level 4 Sherfield Building • ACRU maintains a location guide to the shelf locations of boxes • Mark that you have removed a box or file by completing a document removal slip • When accessing records think about Health and Safety

  33. ACRU Retrieval Service • ACRU provides a retrieval service for staff who are unable to retrieve records themselves (for example they are based at another campus). • Retrieved items will be sent in the internal post or delivered in person. • You will be issued with a loan form.

  34. Any questions?

More Related