Post on 02-Jan-2016
description
Introducing Freedom of Information, Data Protection and Records Management
Course Programme
Freedom of Information
• General introduction to the Act
• Your responsibilities
• College obligations
Data Protection
• General introduction to the Act
• The eight principles
• Your responsibilities
Course Programme
Records Management
• What is records management?
• Why is it important?
• Paper records
• Electronic records
• Storing records
• Retrieving records
Freedom of Information Act (FOIA)
The Act gives the public a general right of access to information held by public authorities.
Came into force on 1 January 2005
The Information Commissioners Office (ICO)
The ICO is the UK's independent public body set up to promote access to official information and protect personal information. The Ministry of Justice is the sponsoring department within the Government.
Responsibility for Freedom of Information at Imperial College
We are all responsible for ensuring we comply with the Freedom of Information Act
Central Secretariat - overall responsibility for FOI at Imperial
foi@imperial.ac.ukFreedom of Information OfficerLevel 4, Faculty BuildingImperial College LondonSouth KensingtonLondonSW7 2AZ
Archives and Corporate Records Unit provides assistance and training
Responsibility for Freedom of Information at Imperial College
Freedom of Information requests relating to Imperial College Healthcare NHS Trust should be forwarded to:
Director of communications
11th floor
Laboratory block
Charing Cross Hospital
Imperial College Healthcare NHS Trust
Fulham Palace Road
London W6 8RF
foi@imperial.nhs.uk
What is a Freedom of Information request?
• has to be in writing (includes email)
• does not have to state that it is a FOI request
• the applicant does not need to say why they require the information
• the applicant needs to provide an address for correspondence
Obligations in replying to a FOI request
• the college must respond within 20 working days of receiving the request in the format requested
• the applicant must be told whether the College holds the requested information and have the information communicated to them subject to exemptions
Exemptions
• there are a number of exemptions that exist in the Act which permit the College to neither confirm or deny that information requested is held
• the college can also be exempt if the cost of gathering the information will exceed the ‘appropriate limit’
• vexatious or repeated requests.
BUT
In general the College should aim to release requested information
What to do if you receive a FOI request
• if you receive any kind of request that specifically mentions FOI immediately forward it to Central Secretariat
• if you are unsure whether a request is an FOI request you should also contact the Central Secretariat
• answer all routine requests for information in the normal way
• treat any requests for assistance with answering an FOI enquiry from Central Secretariat with high priority
e-mail: foi@imperial.ac.uk
Is it a Freedom of Information request?
Does the request mention the Freedom of Information Act?
No
Do you or your team have the information requested?
Do you wish to answer the request?
Yes
Yes
Are you certain there are no problems with releasing the information? E.g. personal data, confidential information commercially sensitive
Yes
Answer the request as part of normal College business
Yes
Forward the request immediately to the Central Secretariat
Email address: foi@imperial.ac.uk
No
No
No
Publication Scheme
A further requirement of the FOIA is that Imperial College maintains an updated Publication Scheme. A publication scheme is a commitment by a public authority to make certain information available, and a guide to how that information can be obtained.
http://www3.imperial.ac.uk/legalservicesoffice/foi/publicationscheme
Environmental information guide
The Environmental Information Regulations give the public the right to obtain information about the environment held by public authorities, unless there are good reasons to keep it confidential.
The request can be made by letter, email, telephone or in person. It needs to be answered within 20 working days.
Environmental information includes:
• the state of the elements of the environment, such as air, water, soil, land, fauna (including human beings)
• emissions and discharges, noise, energy, radiation, waste and other such substances
• measures and activities such as policies, plans, and agreements affecting or likely to affect the state of the elements of the environment
Data Protection Act
The Data Protection Act requires all organisations which handle personal information to comply with a number of important principles regarding privacy and disclosure.
The Act states that anyone who processes personal information must comply with eight principles.
The Act also allows people to find out what personal information is held about them by making a subject access request. This covers information held electronically and in paper records.
What data is covered by the DPA?
The Act defines personal data as any data that can be attributable to a living individual, and does not have to include name, address, date of birth or sex.
E.g.:• completed application forms• staff bank account details held on Imperial’s computer system or paper filing system
The Data Protection Act also specifically mentions ‘sensitive’ information:• racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health information, sexuality, criminal convictions
The Eight Principles
Anyone who processes personal information must comply with eight principles which make sure that personal information is:
1. fairly and lawfully processed
2. processed for limited purposes
3. adequate, relevant and not excessive
4. accurate and up to date
The Eight Principles
5. not kept for longer than is necessary
6. processed in line with your rights
7. secure
8. not transferred to other countries without adequate protection
Subject access requests
Should you receive a subject access request immediately forward it to Central Secretariat as the College must respond within 40 calendar days.
You may have to assist in locating records involved in a data subject access request.
You must not destroy any records that relate to the data subject after a subject access request has been received.
What happens if we do not follow Information legislation
A member of the public (e.g. staff or student) can complain to the Information Commissioner’s Office about Imperial College if:
• they do not believe their Freedom of Information request or their Data Protection subject access request was handled / answered appropriately
• they think we have breached the DPA in the way that we hold and handle personal information
www.ico.org.uk
What are Records?
Records are created in the course of work, and are evidence of organisational or individual functions, activities and transactions.
Records do not have to be paper – they can be digital records (such as email), photographs, films, voicemail...
What is Records Management?
Records management is the systematic control of all records (irrespective of the media format) from creation, use, reproduction, to final disposition.
Current records
Records which are being regularly used (referred to or updated) for the conduct of business
Semi-current records
Records whose business value has declined, but which may still be referred to on an irregular basis (typically stored away from the work area)
Non-current records
Records which have little or no business value, though they may be used for other purposes, such as historical research
Benefits of good records management
• helps to comply with Information Legislation
• saves space
• ensures information can be accessed easily and remains readable
• helps to protect Imperial by ensuring records remain authentic and retain their evidential value
• increases efficiency and effectiveness
• provides continuity in the event of a disaster
• saves money
• helps to identify records of historical or cultural importance to the College and/or Society
ReMAS Programme
ReMAS (Records Management and Archive Storage) is the College Records Management programme. As part of the ReMAS programme ACRU:
• provides storage for semi-current and non-current records
• provides guidance and training
• identifies archival material
Managing paper records
It is important to keep your paper records in good order and in ensure they are stored in a secure environment.
• draw up file plans and ensure they are made available to all staff who may require access to the records
• explain the filing system to all new staff or temporary staff as part of their induction programme
• give all file titles a descriptive title and avoid using acronyms
• remember to date and title all documents that are filed
Document removal slips
Always indicate that a file/document has been removed by leaving a completed removal slip in its place. It is useful to complete two slips and keep one copy with the removed file.
Removed by: A. Smith
Department: ACRU
Extension: 12345
File / Box removed title: Joe Bloggs staff file
Storage location: Cabinet 3, drawer 2
Temporary location: Currently with B. Jones
Weeding files
Ideally files (both paper and electronic) should be weeded regularly of unnecessary papers and documents.
Consult the retention schedule or contact ACRU if you are unsure whether something can be disposed of.
Disposal of records
Consult the College Retention Schedule to ascertain how long records should be kept for and dispose of (or delete) records accordingly and in the appropriate manner.
College Retention Schedule:
http://www3.imperial.ac.uk/recordsandarchives/recordsmanagement/retschedule
Dispose of records of a sensitive, personal or confidential manner as confidential waste (contact Estates Facilities for assistance).
Managing electronic records
Security and access
Where it is useful for other members of staff to have access to records it is recommended that shared networks are set up within departments.
Folder structure
Develop a logical and simple folder structure – avoid too many layers. Explain structure to new staff.
Naming documents and folders
Develop departmental naming conventions and terminology and avoid acronyms. Document names should be descriptive.
Managing electronic records
Metadata
Capture details concerning the context of the records when they are created (recorded by using the properties field in MS Office)
Preservation
Think about the preservation of electronic documents – they may need migrating onto new software. Snapshots of databases should be taken periodically. Sometimes it is best to print it onto paper.
Destruction
Regularly review the electronic records under your control – destroy in the appropriate manner.
Encryption
http://www3.imperial.ac.uk/ict/services/security/helpandadvice/sensitivedata/supportedencryption
Storing records
ACRU manages a number of stores for semi-current or non-current records – space is very limited
Main stores
Mainly contain Student, Research, HR and Finance records that need to accessed occasionally
Additional store
Mainly holds clinical trial data and other records with long retentions but that are rarely needed.
Transferring records to central storage
Procedure for transferring records:
1. Contact ACRU: acru@imperial.ac.uk – provide details of what you wish to send, the quantity and how long the files/boxes require storage
2. On approval you will be issued a ‘transfer number’ eg. ABCDE2014/004
3. Pack, list onto a transfer form and label boxes as directed in ACRU’s guidance: http://www3.imperial.ac.uk/recordsandarchives/recordsmanagement/transfers
4. Contact ACRU for collection
Accessing records
You can retrieve records stored in the Main Stores:
Collect key from ACRU – room Level 4 Sherfield Building
ACRU maintains a location guide to the shelf locations of boxes
Mark that you have removed a box or file by completing a document removal slip
When accessing records think about Health and Safety
ACRU Retrieval Service
ACRU provides a retrieval service for staff who are unable to retrieve records themselves (for example they are based at another campus).
Retrieved items will be sent in the internal post or delivered in person.
You will be issued with a loan form.
Any questions?