lord chancellor’s code of practice on the management of ... · pdf filemanagement of...
TRANSCRIPT
Lord Chancellor’s Code of Practice on the management of records issued under section 46 of the Freedom of Information Act 2000
Lord Chancellor’s Code of Practice on the management of records issued under section 46 of the Freedom of Information Act 2000
Presented to Parliament by the Lord Chancellor pursuant to section 46(6) of the Freedom of Information Act 2000
Contents
Foreword 4
Introduction 4Importanceofrecordsmanagement 4RoleoftheInformationCommissioner 6AuthoritiessubjecttothePublicRecordsActs 6RoleoftheLordChancellor’sAdvisoryCouncilonNationalRecordsandArchives 7andtheSensitivityReviewGroupinNorthernIrelandCode of PracticeIntroduction 8
1 AimsoftheCode 82 ScopeoftheCode 93 Interpretation 94 Supplementaryguidance 9
Part 1 Records management 10
5 Summaryofrecommendedgoodpracticeinrecordsmanagement 106 Organisationalarrangementstosupportrecordsmanagement 107 Recordsmanagementpolicy 118 Keepingrecordstomeetcorporaterequirements 129 Recordssystems 1310 Storageandmaintenanceofrecords 1511 Securityandaccess 1712 Disposalofrecords 1813 Recordscreatedinthecourseofcollaborativeworkingorthroughout-sourcing 2014 Monitoringandreportingonrecordsmanagement 21Part 2 Review and transfer of public records 22
15 PurposeofPart2 2216 Selectionofpublicrecordsforpermanentpreservation 2217 Retentionortransferofpublicrecords 2218 Determiningtheaccessstatusofpublicrecordsbeforetransfer 2319 Transmissionofpublicrecords 2520 Accessaftertransferofpublicrecords 25
Annex A Glossary 26Annex B StandardsandguidancesupportingtheCode 27
LordChancellor’sCodeofPracticeonthemanagementofrecords-3
�-LordChancellor’sCodeofPracticeonthemanagementofrecords
Foreword
Introduction
(i) TheCodeofPractice(“theCode”)whichfollowsfulfilsthedutyoftheLordChancellorsetoutinsection46oftheFreedomofInformationAct20001(theAct).ThisforewordprovidesbackgroundbutdoesnotformpartoftheCodeitself.
(ii) TheCodeisintwoparts.InPart1,theCodeprovidesguidancetoallrelevantauthoritiesastothepracticewhichitwould,intheopinionoftheLordChancellor,bedesirableforthemtofollowinconnectionwiththekeeping,managementanddestructionoftheirrecords.ThisappliesnotonlytopublicauthoritiesbutalsotootherbodiesthataresubjecttothePublicRecordsAct1958orthePublicRecords2Act(NorthernIreland)1923.Collectivelytheyarecalledrelevantauthorities.
(iii) TheCodealsodescribes,inPart2,theproceduretobefollowedfortimelyandeffectivereviewandtransferofpublicrecordstoTheNationalArchives3ortoaplaceofdeposit(asdefinedinsection4ofthePublicRecordsAct1958)ortothePublicRecordOfficeofNorthernIrelandunderthePublicRecordsAct1958orthePublicRecordsAct(NorthernIreland)1923.4
Importance of records management
(iv) Freedomofinformationlegislationisonlyasgoodasthequalityoftherecordsandotherinformationtowhichitprovidesaccess.Accessrightsareoflimitedvalueifinformationcannotbefoundwhenrequestedor,whenfound,cannotberelieduponasauthoritative.Goodrecordsandinformationmanagementbenefitsthoserequestinginformationbecauseitprovidessomeassurancethattheinformationprovidedwillbecompleteandreliable.Itbenefitsthoseholdingtherequestedinformationbecauseitenablesthemtolocateandretrieveiteasilywithinthestatutorytimescalesortoexplainwhyitisnotheld.Italsosupportscontrolanddeliveryofinformationpromisedinanauthority’sPublicationSchemeorrequiredtobepublishedbytheEnvironmentalInformationRegulations2004(theEIR).
(v) Recordsmanagementisimportantformanyotherreasons.Recordsandinformationarethelifebloodofanyorganisation.Theyarethebasisonwhichdecisionsaremade,servicesprovidedandpoliciesdevelopedandcommunicated.Effectivemanagementofrecordsandotherinformationbringsthefollowingadditionalbenefits:
1TheActcanbeseenathttp://www.opsi.gov.uk/acts/acts2000/ukpga_20000036_en_1.2PublicrecordsaretherecordsofbodiesthataresubjecttothePublicRecordsAct1958orthePublicRecordsAct(NorthernIreland)1923.Fortheavoidanceofdoubt,theterm‘publicrecords’includesWelshpublicrecordsasdefinedbysection148oftheGovernmentofWalesAct2006.3ThelegalentitytowhichthisprovisionappliesisthePublicRecordOffice.SinceApril2003thePublicRecordOfficehasfunctionedaspartofTheNationalArchivesandisknownbythatname.Forthatreasonthename‘TheNationalArchives’isusedinthisCode.4ThePublicRecordslegislationcanbeseenathttp://www.nationalarchives.gov.uk/documents/public-records-act1958.rtfandhttp://www.proni.gov.uk/public_records_act_1923.pdfrespectively.
LordChancellor’sCodeofPracticeonthemanagementofrecords-5
Itsupportsanauthority’sbusinessanddischargeofitsfunctions,promotesbusinessefficiencyandunderpinsservicedeliverybyensuringthatauthoritativeinformationaboutpastactivitiescanberetrieved,usedandrelieduponincurrentbusiness;
Itsupportscompliancewithotherlegislationwhichrequiresrecordsandinformationtobekept,controlledandaccessible,suchastheDataProtectionAct1998,employmentlegislationandhealthandsafetylegislation;
Itimprovesaccountability,enablingcompliancewithlegislationandotherrulesandrequirementstobedemonstratedtothosewitharighttoauditorotherwiseinvestigatetheorganisationanditsactions;
Itenablesprotectionoftherightsandinterestsofanauthority,itsstaffanditsstakeholders;Itincreasesefficiencyandcost-effectivenessbyensuringthatrecordsaredisposedofwhen
nolongerneeded.Thisenablesmoreeffectiveuseofresources,forexamplespacewithinbuildingsandinformationsystems,andsavesstafftimesearchingforinformationthatmaynotbethere;
Itprovidesinstitutionalmemory.
(vi) Poorrecordsandinformationmanagementcreaterisksfortheauthority,suchas:
Poordecisionsbasedoninaccurateorincompleteinformation;Inconsistentorpoorlevelsofservice;Financialorlegallossifinformationrequiredasevidenceisnotavailableorcannotberelied
upon;Non-compliancewithstatutoryorotherregulatoryrequirements,orwithstandardsthat
applytothesectortowhichitbelongs;Failuretohandleconfidentialinformationwithanappropriatelevelofsecurityandthe
possibilityofunauthorisedaccessordisposaltakingplace;Failuretoprotectinformationthatisvitaltothecontinuedfunctioningoftheorganisation,
leadingtoinadequatebusinesscontinuityplanning;Unnecessarycostscausedbystoringrecordsandotherinformationforlongerthanthey
areneeded;Stafftimewastedsearchingforrecords;Stafftimewastedconsideringissuesthathavepreviouslybeenaddressedandresolved;Lossofreputationasaresultofalloftheabove,withdamagingeffectsonpublictrust.
(vii) TheCodeisasupplementtotheprovisionsintheActanditsadoptionwillhelpauthoritiescomplywiththeirdutiesundertheAct.Consequently,allrelevantauthoritiesarestronglyencouragedtopayheedtotheguidanceintheCode.TheCodeiscomplementedbytheCodeofPracticeundersection45oftheActandtheCodeofPracticeunderRegulation16oftheEIR.
(viii) AuthoritiesshouldnotethatiftheyfailtocomplywiththeCode,theymayalsofailtocomplywithlegislationrelatingtothecreation,management,disposal,useandre-useofrecordsandinformation,forexamplethePublicRecordsAct1958,theDataProtectionAct1998,andtheRe-useofPublicSectorInformationRegulations2005,andtheymayconsequentlybeinbreachoftheirstatutoryobligations.
6-LordChancellor’sCodeofPracticeonthemanagementofrecords
Role of the Information Commissioner
(ix) TheInformationCommissionerhasadutyundersection47oftheActtopromotethefollowingofgoodpracticebypublicauthoritiesandinparticulartopromoteobservanceoftherequirementsoftheActandtheprovisionsofthisCodeofPractice.InordertocarryoutthatdutyspecificallyinrelationtotheCode,theActconfersanumberofpowersontheCommissioner.
Practice recommendations(x) IfitappearstotheInformationCommissionerthatthepracticeofanauthorityinrelationto
theexerciseofitsfunctionsundertheActdoesnotconformtothatsetoutintheCode,theCommissionermayissueapracticerecommendationundersection48oftheAct.ApracticerecommendationwillbeinwritingandwillspecifytheprovisionsoftheCodethathavenotbeenmetandthestepsthatshould,intheCommissioner’sopinion,betakentopromoteconformitywiththeCode.ApracticerecommendationcannotbedirectlyenforcedbytheInformationCommissioner.However,afailuretocomplywithapracticerecommendationmayleadtoafailuretocomplywiththeActorcouldleadtoanadversecommentinareporttoParliamentbytheInformationCommissioner.
Information Notices(xi) IftheInformationCommissionerreasonablyrequiresanyinformationinordertodetermine
whetherthepracticeofanauthorityconformswiththatrecommendedintheCode,hemayserveontheauthorityanotice(knownasan‘informationnotice’)undersection51oftheAct.AninformationnoticewillbeinwritingandwillrequiretheauthoritytoprovidetheInformationCommissionerwithspecifiedinformationrelatingtoconformitywiththeCode.Itwillalsocontainparticularsoftherightsofappealconferredbysection57oftheAct.
Enforcement of information notices(xii) Undersection54oftheAct,ifanauthorityfailstocomplywithaninformationnotice,the
InformationCommissionermaycertifyinwritingtothecourtthattheauthorityhasfailedtocomply.Thecourtmaytheninquireintothematterand,afterhearinganywitnesseswhomaybeproducedagainstoronbehalfoftheauthority,andafterhearinganystatementthatmaybeofferedindefence,dealwiththeauthorityasifithadcommittedacontemptofcourt.
Authorities subject to the Public Records Acts
(xiii) TheCodeshouldbereadinthecontextofexistinglegislationaffectingthemanagementofrecords.Inparticular,thePublicRecordsAct1958(asamended)givesdutiestobodiessubjecttothatActinrespectoftherecordstheycreateorhold.ItalsorequirestheChiefExecutiveofTheNationalArchives5tosupervisethedischargeofthoseduties.
(xiv) ThePublicRecordsAct(NorthernIreland)1923setsoutthedutiesofpublicrecordbodiesinNorthernIrelandinrespectoftherecordstheycreateandrequiresthatrecordsshouldbetransferredto,andpreservedby,thePublicRecordOfficeofNorthernIreland.
5Thetitle‘KeeperofPublicRecords’isusedinthePublicRecordsAct1958andtheFreedomofInformationAct2000.ThisisoneofthetitlesoftheChiefExecutiveofTheNationalArchives.Thetitle‘ChiefExecutiveofTheNationalArchives’isusedinthisCodeinrecognitionofthefactthatitisthetitleusedforoperationalpurposes.
LordChancellor’sCodeofPracticeonthemanagementofrecords-7
(xv) TheInformationCommissionerwillpromotetheobservanceoftheCodeinconsultationwiththeChiefExecutiveofTheNationalArchiveswhendealingwithbodieswhicharesubjecttothePublicRecordsAct1958andwiththeDeputyKeeperoftheRecordsofNorthernIrelandforbodiessubjecttothePublicRecordsAct(NorthernIreland)1923.Beforeissuingapracticerecommendationundersection48oftheActtoabodysubjecttoeitherofthePublicRecordsActs,theInformationCommissionerwillconsulttheChiefExecutiveofTheNationalArchivesortheDeputyKeeperoftheRecordsofNorthernIrelandasappropriate.
Role of the Lord Chancellor’s Advisory Council on National Records and Archives and the Sensitivity Review Group in Northern Ireland
(xvi) TheAdvisoryCouncilonNationalRecordsandArchives6(hereafter‘theAdvisoryCouncil’)hasastatutoryroletoadvisetheLordChancelloronmattersconcerningpublicrecordsingeneralandontheapplicationoftheActtoinformationinpublicrecordsthatarehistoricalrecords.7TheLordChancellor,havingreceivedtheadviceofhisAdvisoryCouncil,mayprepareandissueguidance.TheguidancemayincludeadviceonthereviewofpublicrecordsandontheperiodsoftimeforwhichtheAdvisoryCouncilconsidersitappropriatetowithholdcategoriesofsensitiverecordsaftertheyhavebecomehistoricalrecords.8
(xvii) TheNationalArchivesprovidessupportasappropriatetotheAdvisoryCouncilinitsconsiderationofapplicationsfromauthoritiesrelatingtoretentionoraccesstopublicrecordsandinitspreparationofguidancefortheLordChancellortoissuetoauthorities.
(xviii) InNorthernIrelandtheSensitivityReviewGroup,consistingofrepresentativesofNorthernIrelanddepartments,providesadviceonthereleaseofpublicrecords.ThePublicRecordOfficeofNorthernIrelandprovidessupporttotheGroup.GuidancemaybeissuedbytheDeputyKeeperoftheRecordsofNorthernIrelandfollowingconsultationwiththeDepartmentsresponsiblefortherecordsaffectedbytheguidance.
6ThelegalentitytowhichthisprovisionappliesistheAdvisoryCouncilonPublicRecords.SinceApril2003theCouncilhasfunctionedasTheAdvisoryCouncilonNationalRecordsandArchivesandsothatnameisusedinthisCode.7Inthiscontext,theterm‘publicrecords’appliesonlytotherecordsofbodiesthataresubjecttothePublicRecordsAct1958.8Theterm‘historicalrecord’isdefinedatsection62oftheAct.
8-LordChancellor’sCodeofPracticeonthemanagementofrecords
CODE OF PRACTICE (FreedomofInformationAct2000,section46)
Guidancetorelevantauthoritieson(1)Themanagementoftheirrecordsand
(2)Thereviewandtransferofpublicrecords
TheLordChancellor,havingconsultedtheInformationCommissionerandtheappropriateNorthernIrelandMinister,issuesthefollowingCodeofPracticepursuanttosection46oftheFreedomofInformationAct2000.
LaidbeforeParliamenton16July2009pursuanttosection46(6)oftheFreedomofInformationAct2000.
Introduction
1 Aims of the Code
1.1 TheaimsoftheCodeare:
Tosetoutthepracticeswhichrelevantauthorities9shouldfollowinrelationtothecreation,keeping,managementanddestructionoftheirrecords(Part1oftheCode);and
Todescribethearrangementswhichbodiesresponsibleforpublicrecords10shouldfollowinreviewingpublicrecordsandtransferringthemtoTheNationalArchivesortoaplaceofdepositforpublicrecords,ortothePublicRecordOfficeofNorthernIreland(Part2oftheCode).
1.2. Part1oftheCodeprovidesaframeworkforrelevantauthoritiestomanagetheirrecords.Itsetsoutrecommendedgoodpracticefortheorganisationalarrangements,decisionsandprocessesrequiredforeffectiverecordsandinformationmanagement.
1.3 Part2providesaframeworkforthereviewandtransferofpublicrecordsthathavebeenselectedforpermanentpreservationatTheNationalArchives11,aplaceofdepositforpublicrecordsorthePublicRecordOfficeofNorthernIreland.Itsetsouttheprocessbywhichrecordsduefortransferareassessedtodeterminewhethertheinformationtheycontaincanbedesignatedasopeninformationor,ifthisisnotpossible,toidentifytheexemptions12thatapplyandindicateforhowlongtheyshouldapply.
9RelevantauthoritiesisthecollectivetermusedintheActforbodiesthatarepublicauthoritiesundertheFreedomofInformationActandbodiesthatarenotsubjecttothatActbutaresubjecttothePublicRecordsAct1958orthePublicRecordsAct(NorthernIreland)1923.10PublicrecordsaretherecordsofbodiesthataresubjecttothePublicRecords1958orthePublicRecordsAct(NorthernIreland)1923.Fortheavoidanceofdoubt,theterm‘publicrecords’includesWelshpublicrecordsasdefinedbysection148oftheGovernmentofWalesAct2006.11ThelegalentitytowhichthisprovisionappliesisthePublicRecordOffice.SinceApril2003thePublicRecordOfficehasfunctionedaspartofTheNationalArchivesandisknownbythatname.Forthatreasonthename‘TheNationalArchives’isusedinthisCode.12IntheEnvironmentalInformationRegulations2004(theEIR),exemptionsarecalledexceptions.ForsimplicitythetermexemptionisusedthroughouttheCodeandshouldbetakentoapplyalsotoexceptionsintheEIR.
LordChancellor’sCodeofPracticeonthemanagementofrecords-9
2 Scope of the Code
TheCodeappliestoallrecordsirrespectiveofthetechnologyusedtocreateandstorethemorthetypeofinformationtheycontain.Itincludes,therefore,notonlypaperfilesseriesanddigitalrecordsmanagementsystemsbutalsobusinessandinformationsystems(forexamplecasemanagement,financeandgeographicalinformationsystems)andthecontentsofwebsites.TheCode’sfocusisonrecordsandthesystemsthatcontainthembuttheprinciplesandrecommendedpracticecanbeappliedalsotootherinformationheldbyanauthority.
3 Interpretation
ForthepurposesofthisCode,‘records’aredefinedasintherelevantBritishStandard13,namely‘informationcreated,received,andmaintainedasevidenceandinformationbyanorganizationorperson,inpursuanceoflegalobligationsorinthetransactionofbusiness’.SomespecifictermswhicharenotdefinedintheActhavebeenincludedintheGlossaryatAnnexA.OtherwordsandexpressionsusedinthisCodehavethesamemeaningasthesamewordsandexpressionsusedintheAct.
4 Supplementary guidance
MoredetailedguidanceonbothpartsoftheCodehasbeenpublishedseparately.StandardsandguidancewhichsupporttheobjectivesofthisCodemostdirectlyarelistedatAnnexB.
13BSISO15489-1:2001Informationanddocumentation–Recordsmanagement–Part1:General.
10-LordChancellor’sCodeofPracticeonthemanagementofrecords
Part 1: Records Management
5 Summary of recommended good practice in records management
5.1 Goodpracticeinrecordsmanagementismadeupofanumberofkeyelements.ThefollowinglistsummarisesthegoodpracticerecommendedinPart1oftheCode.Guidanceoneachelementisgiveninsections6-14ofthisPart.
a) Authoritiesshouldhaveinplaceorganisationalarrangementsthatsupportrecordsmanagement(seesection6);
b) Authoritiesshouldhaveinplacearecordsmanagementpolicy,eitherasaseparatepolicyoraspartofawiderinformationorknowledgemanagementpolicy(seesection7);
c) Authoritiesshouldensuretheykeeptherecordstheywillneedforbusiness,regulatory,legalandaccountabilitypurposes(seesection8);
d) Authoritiesshouldkeeptheirrecordsinsystemsthatenablerecordstobestoredandretrievedasnecessary(seesection9);
e) Authoritiesshouldknowwhatrecordstheyholdandwheretheyare,andshouldensurethattheyremainusableforaslongastheyarerequired(seesection10);
f) Authoritiesshouldensurethatrecordsarestoredsecurelyandthataccesstothemiscontrolled(seesection11);
g) Authoritiesshoulddefinehowlongtheyneedtokeepparticularrecords,shoulddisposeofthemwhentheyarenolongerneededandshouldbeabletoexplainwhyrecordsarenolongerheld(seesection12);
h) AuthoritiesshouldensurethatrecordssharedwithotherbodiesorheldontheirbehalfbyotherbodiesaremanagedinaccordancewiththeCode(seesection13);
i) AuthoritiesshouldmonitorcompliancewiththeCodeandassesstheoveralleffectivenessoftheprogramme(seesection14).
6 Organisational arrangements to support records management
Authorities should have in place organisational arrangements that support records management.
6.1 Thesearrangementsshouldinclude:
a) Recognitionofrecordsmanagementasacorecorporatefunction,eitherseparatelyoraspartofawiderinformationorknowledgemanagementfunction.Thefunctionshouldcoverrecordsinallformatsthroughouttheirlifecycle,fromplanningandcreationthroughtodisposalandshouldincluderecordsmanagedonbehalfoftheauthoritybyanexternalbodysuchasacontractor;
b) Inclusionofrecordsandinformationmanagementinthecorporateriskmanagementframework.Informationandrecordsareacorporateassetandlossoftheassetcouldcausedisruptiontobusiness.Thelevelofriskwillvaryaccordingtothestrategicandoperationalvalueoftheassettotheauthorityandriskmanagementshouldreflecttheprobableextentofdisruptionandresultingdamage;
LordChancellor’sCodeofPracticeonthemanagementofrecords-11
c) Agovernanceframeworkthatincludesdefinedrolesandlinesofresponsibility.Thisshouldincludeallocationofleadresponsibilityfortherecordsandinformationmanagementfunctiontoadesignatedmemberofstaffatsufficientlyseniorleveltoactasarecordsmanagementchampion,forexampleaboardmember,andallocationofoperationalresponsibilitytoamemberofstaffwiththenecessaryknowledgeandskills.Insmallauthoritiesitmaybemorepracticabletocombinetheseroles.Ideallythesamepeoplewillberesponsiblealsoforcompliancewithotherinformationlegislation,forexampletheDataProtectionAct1998andtheRe-useofPublicSectorInformationRegulations2005,orwillworkcloselywiththosepeople;
d) Clearlydefinedinstructions,applyingtostaffatalllevelsoftheauthority,tocreate,keepandmanagerecords.Inlargerorganisationstheresponsibilitiesofmanagers,andinparticularheadsofbusinessunits,couldbedifferentiatedfromtheresponsibilitiesofotherstaffbymakingitclearthatmanagersareresponsibleforensuringthatadequaterecordsarekeptoftheactivitiesforwhichtheyareaccountable;
e) Identificationofinformationandbusinesssystemsthatholdrecordsandprovisionoftheresourcesneededtomaintainandprotecttheintegrityofthosesystemsandtheinformationtheycontain;
f) ConsiderationofrecordsmanagementissueswhenplanningorimplementingICTsystems,whenextendingstaffaccesstonewtechnologiesandduringre-structuringormajorchangestotheauthority;
g) Inductionandothertrainingtoensurethatallstaffareawareoftheauthority’srecordsmanagementpolicies,standards,proceduresandguidelinesandunderstandtheirpersonalresponsibilities.Thisshouldbeextendedtotemporarystaff,contractorsandconsultantswhoareundertakingworkthatithasbeendecidedshouldbedocumentedintheauthority’srecords.Iftheorganisationislargeenoughtoemploystaffwhoseworkisprimarilyaboutrecordsandinformationmanagement,theyshouldbegivenopportunitiesforprofessionaldevelopment;
h) AnagreedprogrammeformanagingrecordsinaccordancewiththispartoftheCode;i) Provisionofthefinancialandotherresourcesrequiredtoachieveagreedobjectivesinthe
recordsmanagementprogramme.
7 Records management policy
Authorities should have in place a records management policy, either as a separate policy or as part of a wider information or knowledge management policy.
7.1 Thepolicyshouldbeendorsedbyseniormanagement,forexampleatboardlevel,andshouldbereadilyavailabletostaffatalllevels.
7.2 Thepolicyprovidesamandatefortherecordsandinformationmanagementfunctionandaframeworkforsupportingstandards,proceduresandguidelines.Theprecisecontentswilldependontheparticularneedsandcultureoftheauthoritybutitshouldasaminimum:
a) Setouttheauthority’scommitmenttocreate,keepandmanagerecordswhichdocumentitsprincipalactivities;
12-LordChancellor’sCodeofPracticeonthemanagementofrecords
b) Outlinetheroleofrecordsmanagementanditsrelationshiptotheauthority’soverallbusinessstrategy;
c) Identifyandmakeappropriateconnectionstorelatedpolicies,suchasthosedealingwithemail,informationsecurityanddataprotection;
d) Definerolesandresponsibilities,includingtheresponsibilityofindividualstodocumenttheirworkintheauthority’srecordstotheextentthat,andinthewaythat,theauthorityhasdecidedtheirworkshouldbedocumented,andtousethoserecordsappropriately;
e) Indicatehowcompliancewiththepolicyandthesupportingstandards,proceduresandguidelineswillbemonitored.
7.3 Thepolicyshouldbekeptup-to-datesothatitreflectsthecurrentneedsoftheauthority.Onewayofensuringthisistoreviewitatagreedintervals,forexampleeverythreeorfiveyears,andaftermajororganisationalortechnologicalchanges,inordertoassesswhetheritneedsamendment.
7.4 Theauthorityshouldconsiderpublishingthepolicysothatmembersofthepubliccanseethebasisonwhichitmanagesitsrecords.
8 Keeping records to meet corporate requirements
Authorities should ensure they keep the records they will need for business, regulatory, legal and accountability purposes.
Deciding what records should be kept8.1 Authoritiesshouldconsiderwhatrecordstheyarelikelytoneedabouttheiractivities,andthe
risksofnothavingthoserecords,takingintoaccountthefollowingfactors:
a) Thelegislativeandregulatoryenvironmentwithinwhichtheyoperate.Thiswillbeamixtureofgenerallyapplicablelegislation,suchashealthandsafetylegislationandtheDataProtectionAct1998,andspecificlegislationapplyingtothesectororauthority.Forexample,theCharityCommissionisrequiredbyitslegislationtokeepanaccurateandup-to-dateregisterofcharities.Thisfactoralsoincludesstandardsapplyingtothesectororauthorityortoparticularfunctionssuchasfinance;
b) Theneedtorefertoauthoritativeinformationaboutpastactionsanddecisionsforcurrentbusinesspurposes.Forexample,problemssuchasoutbreaksoffootandmouthdiseasemayrecurandinordertodealwitheachnewoutbreakalocalauthorityneedsreliableinformationaboutwhatitdidduringpreviousoutbreaksandwhowasresponsibleforspecificmeasures,suchasclosingpublicfootpaths;
c) Theneedtoprotectlegalandotherrightsoftheauthority,itsstaffanditsstakeholders.Forexample,alocalauthorityneedstoknowwhatlandandbuildingsitownsinordertoensurepropercontrolofitsassetsandtoprotectitselfifchallenged;
d) Theneedtoexplain,andifnecessaryjustify,pastactionsintheeventofanaudit,publicinquiryorotherinvestigation.Forexample,theAuditCommissionwillexpecttofindaccuraterecordsofexpenditureofpublicfunds.Or,ifanapplicantcomplainstotheInformationCommissioner’sOffice(ICO)aboutthehandlingoroutcomeofanFOIrequest,theICOwill
LordChancellor’sCodeofPracticeonthemanagementofrecords-13
expecttheauthoritytoprovidedetailsofhowtherequestwashandledand,ifapplicable,whyitrefusedtoprovidetheinformation.
8.2 Havingconsideredthesefactors,authoritiesshouldsetbusinessrulesidentifying:
a) Whatrecordsshouldbekept,forexamplewhichdecisionsoractionsshouldberecorded;b) Bywhomthisshouldbedone,forexample,bythesenderorrecipientofanemailor
voicemail;c) Atwhatpointintheprocessortransactionthisshouldbedone,forexamplewhendraftsofa
documentshouldbefrozenandkeptasarecord;d) Whatthoserecordsshouldcontain;e) Whereandhowtheyshouldbestored,forexampleinacasefile.
8.3 Aspartofthisprocessauthoritiesshouldconsiderwhetheranyoftheserecordsshouldbesubjecttoparticularcontrolssoastoensuretheirevidentialvaluecandemonstratedifrequiredbyshowingthemto:
a) Beauthentic,thatis,theyarewhattheysaytheyare;b) Bereliable,thatis,theycanbetrustedasafullandaccuraterecord;c) Haveintegrity,thatis,theyhavenotbeenalteredsincetheywerecreatedorfiled;d) Beusable,thatis,theycanberetrieved,readandused.
Ensuring those records are kept8.4 Allstaffshouldbeawareofwhichrecordstheauthorityhasdecidedtokeepandoftheir
personalresponsibilitytofollowtheauthority’sbusinessrulesandkeepaccurateandcompleterecordsaspartoftheirdailywork.Managersofbusinessunits,programmesandprojectsshouldtakeresponsibilityforensuringthattheagreedrecordsoftheunit,programmeorproject’sworkarekeptandareavailableforcorporateuse.
8.5 Authoritiesshouldensurethatstaffcreatingorfilingrecordsareawareoftheneedtogivethoserecordstitlesthatreflecttheirspecificnatureandcontentssoastofacilitateretrieval.
8.6 Staffshouldalsobeawareoftheneedtodisposeofephemeralmaterialonaroutinebasis.Forexample,print-outsofelectronicdocumentsshouldnotbekeptafterthemeetingforwhichtheywereprinted,trivialemailsshouldbedeletedafterbeingread,andkeepingmultipleorpersonalcopiesofdocumentsshouldbediscouraged.
9 Records systems
Authorities should keep their records in systems that enable records to be stored and retrieved as necessary.
Choosing, implementing and using records systems 9.1 Authoritiesshoulddecidetheformatinwhichtheirrecordsaretobestored.Thereisno
requirementinthisCodeforrecordsandinformationtobecreatedandheldelectronically,but
1�-LordChancellor’sCodeofPracticeonthemanagementofrecords
iftheauthorityisoperatingelectronically,forexampleusingemailforinternalandexternalcommunicationsorcreatingdocumentsthroughwordprocessingsoftware,itisgoodpracticetoholdtheresultingrecordselectronically.Inaddition,authoritiesshouldnotethattheEIRrequirethemprogressivelytomakeenvironmentalinformationavailabletothepublicbyelectronicmeans(Regulation4).
9.2 Authoritiesarelikelytoholdrecordsandotherinformationinanumberofdifferentsystems.Thesesystemscouldincludeadedicatedelectronicdocumentandrecordsmanagementsystem,businesssystemssuchasacasemanagement,financeorgeographicalinformationsystem,awebsite,sharedworkspaces,audio-visualmaterialandsetsofpaperfileswithrelatedregisters.Insomecasesrelatedrecordsofthesamebusinessactivitiesmaybeheldindifferentformats,forexampledigitalfilesandsupportingpapermaterial.
9.3 Recordssystemsshouldbedesignedtomeettheauthority’soperationalneedsandusingthemshouldbeanintegralpartofbusinessoperationsandprocesses.Recordssystemsshouldhavethefollowingcharacteristics:
a) Theyshouldbeeasytounderstandandusesoastoreducetheeffortrequiredofthosewhocreateandusetherecordswithinthem.Easeofuseisanimportantconsiderationwhendevelopingorselectingasystem;
b) Theyshouldenablequickandeasyretrievalofinformation.WithdigitalsystemsthisshouldincludethecapacitytosearchforinformationrequestedundertheAct;
c) Theyshouldbesetupinawaythatenablesroutinerecordsmanagementprocessestotakeplace.Forexample,digitalsystemsshouldbeabletodeletespecifiedinformationinaccordancewithagreeddisposaldatesandleavetherestintact;
d) Theyshouldenablethecontextofeachrecordanditsrelationshiptootherrecordstobeunderstood.Inarecordsmanagementsystemthiscanbeachievedbyclassifyingandindexingrecordswithinafileplanorbusinessclassificationschemetobringtogetherrelatedrecordsandenablethesequenceofactionsandcontextofeachdocumenttobeunderstood.Thisapproachhastheaddedbenefitofenablinghandlingdecisions,forexamplerelatingtoaccessordisposal,tobeappliedtogroupsofrecordsinsteadoftoindividualrecords;
e) Theyshouldcontainbothinformationandmetadata.Metadataenablesthesystemtobeunderstoodandoperatedefficiently,therecordswithinthesystemtobemanagedandtheinformationwithintherecordstobeinterpreted;
f) Theyshouldprotectrecordsindigitalsystemsfromaccidentalorunauthorisedalteration,copying,movementordeletion;
g) Theyshouldprovidesecurestoragetothelevelofprotectionrequiredbythenature,contentsandvalueoftheinformationinthem.Fordigitalsystemsthisincludesacapacitytocontrolaccesstoparticularinformationifnecessary,forexamplebylimitingaccesstonamedindividualsorbyrequiringpasswords.Withpaperfilesthisincludesacapacitytolockstoragecupboardsorareasandtologaccesstothemandanywithdrawalofrecordsfromthem;
h) Theyshouldenableanaudittrailtobeproducedofoccasionsonwhichselectedrecordshavebeenseen,used,amendedanddeleted.
9.4 Recordssystemsshouldbedocumentedtofacilitatestafftraining,maintenanceofthesystemanditsreconstructionintheeventofanemergency.
LordChancellor’sCodeofPracticeonthemanagementofrecords-15
Limiting the active life of records within record systems9.5 Folders,filesandsimilarrecordassembliesshouldnotremainliveindefinitelywithacapacityfor
newrecordstobeaddedtothem.Theyshouldbeclosed,thatis,havetheircontentsfrozen,atanappropriatetime.
9.6 Thetriggerforclosurewillvaryaccordingtothenatureandfunctionoftherecords,theextenttowhichtheyreflectongoingbusinessandthetechnologyusedtostorethem.Forexample,completionoftheannualaccountingprocesscouldbeatriggerforclosingfinancialrecords,completionofaprojectcouldbeatriggerforclosingprojectrecords,andcompletionofformalitiesfollowingthedeathofapatientcouldbeatriggerforclosingthatperson’shealthrecord.Sizeisafactorandafoldershouldnotbetoobigtobehandledorscrutinisedeasily.Fordigitalrecordsatriggercouldbemigrationtoanewsystem.Authoritiesshoulddecidetheappropriatetriggerforeachrecordssystemandputarrangementsinplacetoapplythetrigger.
9.7 Newcontinuationorpartfilesshouldbeopenedifnecessary.Itshouldbecleartoanyonelookingatarecordwherethestorycontinues,ifapplicable.
10 Storage and maintenance of records
Authorities should know what records they hold and where they are, and should ensure that they remain usable for as long as they are required.
Knowing what records are held10.1 Theeffectivenessofrecordssystemsdependsonknowledgeofwhatrecordsareheld,
whatinformationtheycontain,inwhatformtheyaremadeaccessible,whatvaluetheyhavetotheorganisationandhowtheyrelatetoorganisationalfunctions.Withoutthisknowledgeanauthoritywillfinditdifficultto:
a) Locateandretrieveinformationrequiredforbusinesspurposesortorespondtoaninformationrequest;
b) ProduceaPublicationSchemeorareliablelistofinformationassetsavailableforre-use;c) Applythecontrolsrequiredtomanagerisksassociatedwiththerecords;d) Ensurerecordsaredisposedofwhennolongerneeded.
10.2 Authoritiesshouldgatherandmaintaindataonrecordsandinformationassets.Thiscanbedoneinvariousways,forexamplethroughsurveysorauditsoftherecordsandinformationheldbytheauthority.Itshouldbeheldinanaccessibleformatandshouldbekeptuptodate.
10.3 AuthoritiesshouldconsiderpublishingdetailsofthetypesofrecordstheyholdtohelpmembersofthepublicplanningtomakearequestforinformationundertheAct.
16-LordChancellor’sCodeofPracticeonthemanagementofrecords
Storing records10.4 Storageshouldprovideprotectiontothelevelrequiredbythenature,contentsandvalueofthe
informationinthem.Recordsandinformationwillvaryintheirstrategicandoperationalvaluetotheauthority,andintheirresidualvalueforhistoricalresearch,andstorageandpreservationarrangementsreflectingtheirvalueshouldbeputinplace.
10.5 Authoritiesshouldbeawareofanyspecificrequirementsforrecordsstoragethatapplytothem.Forexample,theAdoptionNationalMinimumStandardsissuedbytheDepartmentofHealthandtheWelshAssemblyGovernmentin2003requireindexesandcasefilesforchildrentobesecurelystoredtominimisetheriskofdamagefromfireorwater.
10.6 Storageshouldfollowacceptedstandardsinrespectofthestorageenvironment,fireprecautions,healthandsafetyand,ifapplicable,physicalorganisation.Itshouldalloweasyandefficientretrievalofinformationbutalsominimisetheriskofdamage,lossorunauthorisedaccess.
10.7 Recordsthatarenolongerrequiredforfrequentreferencecanberemovedfromcurrentsystemstooff-lineornearoff-line(fordigitalmedia)ortooff-site(forpaper)storagewherethisisamoreeconomicalandefficientwaytostorethem.Theyshouldcontinuetobesubjecttonormalrecordsmanagementcontrolsandprocedures.
10.8 Thewhereaboutsofrecordsshouldbeknownatalltimesandmovementoffilesandotherphysicalrecordsbetweenstorageareasandofficeareasshouldbelogged.
Ensuring records remain usable10.9 Recordsshouldremainusableforaslongastheyarerequired.Thismeansthatitshould
continuetobepossibletoretrieve,useandrelyonthem.
10.10 Recordsindigitalsystemswillnotremainusableunlessprecautionsaretaken.Authoritiesshouldputinplaceastrategyfortheircontinuedmaintenancedesignedtoensurethatinformationremainsintact,reliableandusableforaslongasitisrequired.Thestrategyshouldprovideforupdatingofthestoragemediaandmigrationofthesoftwareformatwithinwhichtheinformationandmetadataareheld,andforregularmonitoringofintegrityandusability.
10.11 Recordsindigitalsystemsareparticularlyvulnerabletoaccidentalorunauthorisedalteration,copying,movementordeletionwhichcanhappenwithouttrace.Thisputsatriskthereliabilityoftherecordswhichcoulddamagetheauthority’sinterests.Authoritiesshouldassesstheserisksandputappropriatesafeguardsinplace.
10.12 Back-upcopiesofrecordsindigitalsystemsshouldbekeptandstoredsecurelyinaseparatelocation.Theyshouldbecheckedregularlytoensurethatthestoragemediumhasnotdegradedandtheinformationremainsintactandcapableofbeingrestoredtooperationaluse.Back-upsshouldbemanagedinawaythatenablesdisposaldecisionstobeappliedsecurelywithoutcompromisingtheauthority’scapacitytorecoverfromsystemfailuresandmajordisasters.
LordChancellor’sCodeofPracticeonthemanagementofrecords-17
10.13 Physicalrecordssuchaspaperfilesmayalsorequireregularmonitoring.Forexample,formatssuchasearlyphotocopiesmaybeatriskoffading,andregularchecksshouldbemadeofanyinformationinsuchformatsthatisofcontinuingvaluetotheauthority.
10.14 Metadataforrecordsinanyformatshouldbekeptinsuchawaythatitremainsreliableandaccessibleforaslongasitisrequired,whichwillbeatleastforthelifeoftherecords.
Business continuity plans10.15 Businesscontinuityplansshouldidentifyandsafeguardrecordsconsideredvitaltothe
organisation,thatis:
a) Recordsthatwouldbeessentialtothecontinuedfunctioningorreconstitutionoftheorganisationintheeventofadisaster;
b) Recordsthatareessentialtoongoingprotectionoftheorganisation’slegalandfinancialrights.
Theplansshouldincludeactionstoprotectandrecovertheserecordsinparticular.
11 Security and access
Authorities should ensure that records are stored securely and that access to them is controlled.
11.1 Authoritiesshouldensurethattheirstoragearrangements,handlingproceduresandarrangementsfortransmissionofrecordsreflectacceptedstandardsandgoodpracticeininformationsecurity.Itisgoodpracticetohaveaninformationsecuritypolicyaddressingthesepoints.
11.2 Easeofinternalaccesswilldependonthenatureandsensitivityoftherecords.Accessrestrictionsshouldbeappliedwhennecessarytoprotecttheinformationconcernedandshouldbekeptuptodate.Particularcareshouldbetakenwithpersonalinformationaboutlivingindividualsinordertocomplywiththe7thdataprotectionprinciple,whichrequiresprecautionsagainstunauthorisedorunlawfulprocessing,damage,lossordestruction.WithincentralGovernment,particularcareshouldbetakenwithinformationbearingaprotectivemarking.Otherinformation,suchasinformationobtainedonaconfidentialbasis,mayalsorequireparticularprotection.
11.3 Transmissionofrecords,especiallyoutsidetheauthority’spremises,shouldrequireauthorisation.Themethodoftransmissionshouldbesubjecttoriskassessmentbeforeadecisionismade.
11.4 Externalaccessshouldbeprovidedinaccordancewithrelevantlegislation.
11.5 Anaudittrailshouldbekeptofprovisionofaccess,especiallytopeopleoutsidetheimmediateworkarea.
18-LordChancellor’sCodeofPracticeonthemanagementofrecords
12 Disposal of records
Authorities should define how long they need to keep particular records, should dispose of them when they are no longer needed and should be able to explain why records are no longer held.
12.1 ForthepurposeofthisCode,disposalmeansthedecisionastowhethertherecordshouldbedestroyed,transferredtoanarchivesserviceforpermanentpreservationorpresented,14andtheputtingintoeffectofthatdecision.
General principle 12.2 Asageneralprinciple,recordsshouldbekeptforaslongastheyareneededbytheauthority:for
referenceoraccountabilitypurposes,tocomplywithregulatoryrequirementsortoprotectlegalandotherrightsandinterests.Destructionattheendofthisperiodensuresthatofficeandserverspacearenotusedandcostsarenotincurredinmaintainingrecordsthatarenolongerrequired.Forrecordscontainingpersonalinformationitalsoensurescompliancewiththe5thdataprotectionprinciplewhichrequiresthatpersonaldataiskeptonlyforaslongasitisneeded.
12.3 Recordsshouldnotbekeptaftertheyhaveceasedtobeofusetotheauthorityunless:
a) Theyareknowntobethesubjectoflitigationorarequestforinformation.Ifso,destructionshouldbedelayeduntilthelitigationiscompleteor,inthecaseofarequestforinformation,allrelevantcomplaintandappealprovisionshavebeenexhausted;
b) Theyhavelong-termvalueforhistoricalorotherresearchandhavebeenorshouldbeselectedforpermanentpreservation.(Notethatrecordscontainingpersonalinformationcanbekeptindefinitelyforhistoricalresearchpurposesbecausetheytherebybecomeexemptfromthe5thdataprotectionprinciple.)
c) TheycontainorrelatetoinformationrecentlyreleasedinresponsetoarequestundertheAct.Thismayindicatehistoricalvalueanddestructionshouldbedelayedwhilethisisre-assessed.
Making disposal decisions12.4 Disposalofrecordsshouldbeundertakenonlyinaccordancewithclearlyestablishedpolicies
that:
a) Reflecttheauthority’scontinuingneedforaccesstotheinformationorthepotentialvalueoftherecordsforhistoricalorotherresearch;
b) Arebasedonconsultationbetweenrecordsmanagementstaff,staffoftherelevantbusinessunitand,whereappropriate,otherssuchaslegaladvisers,archivistsorexternalexperts;
c) Havebeenformallyadoptedbytheauthority;d) Areappliedbyproperlyauthorisedstaff;e) Takeaccountofsecurityandconfidentialityneeds.
12.5 Thepoliciesshouldtaketheformof:
14Presentationisallowedbysection3(6)ofthePublicRecordsAct1958.IttransfersownershipoftherecordstothereceivingbodyandisundertakenbyTheNationalArchivesinconsultationwiththeauthority.
LordChancellor’sCodeofPracticeonthemanagementofrecords-19
a) Anoverallpolicy,statinginbroadtermsthetypesofrecordslikelytobeselectedforpermanentpreservation.Thepolicycouldbeaseparatepolicy,partoftherecordsmanagementpolicyorapreambletoadisposalschedule;
b) Disposalschedules15whichidentifyanddescriberecordstowhichapre-defineddisposalactioncanbeapplied,forexampledestroyxyearsafter[triggerevent];reviewafteryyears,transfertoarchivesforpermanentpreservationafterzyears.
12.6 Disposalschedulesshouldcontainsufficientdetailsabouttherecordstoenabletherecordstobeeasilyidentifiedandthedisposalactionappliedtothemonaroutineandtimelybasis.Theamountofdetailindisposalscheduleswilldependontheauthority’sneedsbuttheyshouldatleast:
a) Describetherecords,includinganyrelevantreferencenumbers;b) Identifythefunctiontowhichtherecordsrelateandthebusinessunitforthatfunction
(ifthatisnotclear);c) Specifytheretentionperiod,i.e.howlongtheyaretobekept;d) Specifywhatistohappentothemattheendofthatperiod,i.e.thedisposalaction;e) Notethelegal,regulatoryorotherreasonforthedisposalperiodandaction,forexamplea
statutoryprovision.
Disposalschedulesshouldbearrangedinthewaythatbestmeetstheauthority’sneeds.
12.7 Disposalschedulesshouldbekeptuptodateandshouldbeamendedifarelevantstatutoryprovisionchanges.However,authoritiesshouldconsiderkeepinginformationaboutpreviousprovisionssothatthebasisonwhichrecordswerepreviouslydestroyedcanbeexplained.
12.8 Ifanyrecordsarenotincludedindisposalschedules,specialarrangementsshouldbemadetoreviewthemanddecidewhethertheycanbedestroyedorshouldbeselectedforpermanentpreservation.Decisionsofthisnatureshouldbedocumentedandkepttoprovideevidenceofwhichrecordshavebeenidentifiedfordestruction,whenthedecisionwasmade,andthereasonsforthedecision,wherethisisnotapparentfromtheoverallpolicy.
Implementing disposal decisions12.9 Disposalschedulesanddisposaldecisionsshouldbeimplementedbyproperlyauthorised
staff.Implementationarrangementsshouldtakeaccountofvariationscausedby,forexample,outstandingrequestsforinformationorlitigation.
12.10 Recordsscheduledfordestructionshouldbedestroyedinassecureamannerasrequiredbythelevelofconfidentialityorsecuritymarkingstheybear.Forexample,recordscontainingpersonalinformationaboutlivingindividualsshouldbedestroyedinawaythatpreventsunauthorisedaccess(thisisrequiredtocomplywiththe7thdataprotectionprinciple).Withdigitalrecordsitmaybenecessarytodomorethanoverwritethedatatoensuretheinformationisdestroyed.
15Someauthoritiesusetheterm‘retentionschedules’.Because‘retention’hasaspecificmeaninginPart2oftheCode,theterm
disposalschedulesisusedthroughouttheCode.
20-LordChancellor’sCodeofPracticeonthemanagementofrecords
12.11 Whendestructioniscarriedoutbyanexternalcontractor,thecontractshouldstipulatethatthesecurityandaccessarrangementsestablishedfortherecordswillcontinuetobeapplieduntildestructionhastakenplace.
12.12 Insomecasestherewillbemorethanonecopyofarecord.Forexample,therearelikelytobeback-upcopiesofdigitalrecords,ortheremaybedigitalcopiesofpaperrecords.Arecordcannotbeconsideredtohavebeencompletelydestroyeduntilallcopies,includingback-upcopies,havebeendestroyed,ifthereisapossibilitythatthedatacouldberecovered.
Documenting the destruction of records12.13 Detailsofdestructionofrecordsshouldbekept,eitheraspartoftheaudittrailmetadata
orseparately.Ideally,someevidenceofdestructionshouldbekeptindefinitelybecausethepreviousexistenceofrecordsmayberelevantinformation.However,thelevelofdetailandforhowlongitshouldbekeptwilldependonanassessmentofthecostsandtheriskstotheauthorityifdetailedinformationcannotbeproducedonrequest.
12.14 Attheveryleastitshouldbepossibletoprovideevidencethataspartofroutinerecordsmanagementprocessesdestructionofaspecifiedtypeofrecordofaspecifiedagerangetookplaceinaccordancewithaspecifiedprovisionofthedisposalschedule.Evidenceofthisnaturewillenableanauthorityanditsstafftoexplainwhyrecordsspecifiedinacourtordercannotbeprovidedortodefendthemselvesagainstachargeundersection77oftheActthatrecordsweredestroyedinordertopreventtheirdisclosureinresponsetoarequestforinformation.
Records for permanent preservation12.15 Recordsselectedforpermanentpreservationandnolongerrequiredbytheauthorityshould
betransferredtoanarchivesservicethathasadequatestorageandpublicaccessfacilities.Transfershouldtakeplaceinanorderlymannerandwithalevelofsecurityappropriatetotheconfidentialityoftherecords.
12.16 Part2oftheCodesetsoutthearrangementsthatapplytothereviewandtransferofpublicrecords.TheapproachsetoutinPart2mayberelevanttothereviewandtransferofothertypesofrecordsalso.
13 Records created in the course of collaborative working or through out-sourcing
Authorities should ensure that records shared with other bodies or held on their behalf by other bodies are managed in accordance with the Code.
13.1 Whenauthoritiesareworkinginpartnershipwithotherorganisations,sharinginformationandcontributingtoajointrecordssystem,theyshouldensurethatallpartiesagreeprotocolsthatspecify:
a) Whatinformationshouldbecontributedandkept,andbywhom;b) Whatlevelofinformationsecurityshouldbeapplied;c) Whoshouldhaveaccesstotherecords;
LordChancellor’sCodeofPracticeonthemanagementofrecords-21
d) Whatdisposalarrangementsshouldbeinplace;e) WhichbodyholdstheinformationforthepurposesoftheAct.
13.2 Instructionsandtrainingshouldbeprovidedtostaffinvolvedinsuchcollaborativeworking.
13.3 Recordsmanagementcontrolsshouldbeappliedtoinformationbeingsharedwithorpassedtootherbodies.Particularprotectionshouldbegiventoconfidentialorpersonalinformation.Protocolsshouldspecifywhen,andunderwhatconditions,informationwillbesharedorpassed,anddetailsshouldbekeptofwhenthisinformationhasbeensharedorpassed.Detailsshouldbekeptalsoofhowundertakingsgiventotheoriginalsourceoftheinformationhavebeenrespected.
13.4 Someofanauthority’srecordsmaybeheldonitsbehalfbyanotherbody,forexampleabodycarryingoutworkfortheauthorityundercontract.TheauthorityonwhosebehalftherecordsareheldisresponsibleforensuringthattheprovisionsoftheCodeareappliedtothoserecords.
14 Monitoring and reporting on records and information management
Authorities should monitor compliance with the Code and assess the overall effectiveness of the programme.
14.1 Authoritiesshouldidentifyperformancemeasuresthatreflecttheirinformationmanagementneedsandarrangementsandtherisksthatnon-compliancewiththeCodewouldpresenttotheauthority,includingtheimpactonrisksidentifiedintheoverallriskmanagementframework.
14.2 Theperformancemeasurescouldbegeneralinnature,forexamplethatapolicyhasbeenissued,orcouldrefertoprocesses,suchastheapplicationofdisposalschedulestorelevantrecordswithdueauthorisationofdestruction,orcouldusemetricssuchasretrievaltimesforpaperrecordsheldoff-sitethathavebeenrequestedundertheAct.
14.3 Authoritiesshouldputinplacethemeansbywhichperformancecanbemeasured.Forexample,ifmetricsaretobeused,thedatafromwhichstatisticswillbegeneratedmustbekept.Qualitativeindicators,forexamplewhetherguidanceisbeingfollowed,canbemeasuredbyspotchecksorbyinterviews.
14.4 Monitoringshouldbeundertakenonaregularbasisandtheresultsreportedtothepersonwithleadresponsibilityforrecordsmanagementsothatriskscanbeassessedandappropriateactiontaken.
14.5 Assessingwhethertherecordsmanagementprogrammemeetstheneedsoftheorganisationisamorecomplextaskandrequiresconsiderationofwhattheprogrammeisintendedtoachieveandhowsuccessfulitisbeing.Thisrequiresconsiderationofbusinessbenefitsinrelationtocorporateobjectivesaswellasrisksandshouldincludeconsultationthroughouttheauthority.
22-LordChancellor’sCodeofPracticeonthemanagementofrecords
Part 2: Review and Transfer of Public Records
15 Purpose of Part 2
15.1 ThispartoftheCodeappliesonlytoauthoritieswhicharesubjecttothePublicRecordsAct1958orthePublicRecordsAct(NorthernIreland)1923.UnderthoseActs,authoritiesarerequiredtoidentifyrecordsworthyofpermanentpreservationandtransferthemtoTheNationalArchives16,aplaceofdepositforpublicrecordsorthePublicRecordOfficeofNorthernIrelandasappropriate.ThispartoftheCodesetsoutthearrangementswhichthoseauthoritiesshouldfollowtoensurethetimelyandeffectivereviewandtransferofpublicrecords.ArrangementsshouldbeestablishedandoperatedunderthesupervisionofTheNationalArchivesor,inNorthernIreland,inconjunctionwiththePublicRecordOfficeofNorthernIreland.
15.2 ThegeneralpurposeofthispartoftheCodeistofacilitatetheperformancebytheauthorities,TheNationalArchives,thePublicRecordOfficeofNorthernIrelandandplacesofdepositoftheirfunctionsundertheAct.Inreviewingrecordsforpublicaccess,authoritiesshouldensurethatpublicrecordsbecomeavailableattheearliestpossibletimeinaccordancewiththeActandtheEIR.
16 Selection of public records for permanent preservation
16.1 Section12oftheCodedescribesthearrangementsthatauthoritiesshouldfollowforthedisposalofrecords.Inthiscontext,disposalmeansthedecisionastowhethertherecordshouldbedestroyed,transferredtoanarchivesserviceforpermanentpreservationorpresented17andtheputtingintoeffectofthatdecision.
16.2 Authoritiesthathavecreatedorareotherwiseresponsibleforpublicrecordsshouldensurethattheyoperateeffectivearrangementstodeterminewhichrecordsshouldbeselectedforpermanentpreservationinaccordancewiththeguidanceinsection12.
17 Retention or transfer of public records
Records subject to the Public Records Act 195817.1 UnderthePublicRecordsAct1958,recordsselectedforpreservationmustbetransferredby
thetimetheyare30yearsold18unlesstheLordChancellorgivesauthorisationforthemtoberetainedinthedepartmentforafurtherperiodundersection3(4)ofthePublicRecordsAct1958.Recordsmaybetransferredearlierbyagreementbetweenthepartiesinvolved.
16SeeFootnote11foranexplanationofwhythisnamehasbeenusedintheCode17Seefootnote14.18Thedatebywhichrecordsmustbetransferrediscalculatedfromtheyearafterthelastdateonthefile.Itwasthesubjectofanindependentreviewin2008andtheCodewillbeamendedtoreflectanychangesintroducedasaconsequence.
LordChancellor’sCodeofPracticeonthemanagementofrecords-23
17.2 PublicrecordsmaybetransferredeithertoTheNationalArchivesortoaplaceofdepositforpublicrecordsappointedbytheLordChancellor19undersection4ofthatAct.Forguidanceonwhichrecordsmaybetransferredtowhicharchivesservice,andonthetransferofUKpublicrecordsrelatingtoNorthernIreland,seeAnnexB.Fortheavoidanceofdoubt,Part2oftheCodeappliestoallsuchtransfers.
17.3 AuthoritiesshouldsubmitapplicationstoretainrecordsforafurtherperiodtoTheNationalArchivesforreviewandadvice.TheLordChancellor’sAdvisoryCouncilwillthenconsiderthecaseinfavourofretentionforafurtherperiod.TheAdvisoryCouncilwillconsiderthecaseforretainingindividualrecords,orcoherentbatchesofrecords,onthebasisoftheguidanceinchapter9oftheWhitePaperOpenGovernment(Cm2290,1993)orsubsequentrevisionsofGovernmentpolicy.SomecategoriesofrecordsarecoveredbyastandardauthorisationbytheLordChancellor(knownas‘blanketretentions’)whicharereviewedevery10years.
Records subject to the Public Records Act (Northern Ireland) 192317.4 InNorthernIreland,transferunderthePublicRecordsAct(NorthernIreland)1923tothePublic
RecordOfficeofNorthernIrelandtakesplacenormallyat20years.Undersection3ofthatAct,recordsmayberetainedforafurtherperiodiftheprincipalofficerofthedepartment,orajudgeifcourtrecordsareinvolved,certifiestotheMinisterresponsibleforNorthernIrelandpublicrecordsthattheyshouldberetained.
18 Determining the access status of public records before transfer
The access review18.1 AuthoritiespreparingpublicrecordsfortransfertoTheNationalArchives,aplaceofdepositfor
publicrecordsorthePublicRecordOfficeofNorthernIrelandshouldreviewtheaccessstatusofthoserecords.Thepurposeofthisreviewisto:
a) ConsiderwhichinformationmustbeavailabletothepublicontransferbecausenoexemptionsundertheActortheEIRapply;
b) Considerwhethertheinformationmustbereleasedinthepublicinterest,notwithstandingtheapplicationofanexemptionundertheActortheEIR;
c) Considerwhichinformationmustbeavailabletothepublicat30yearsbecauserelevantexemptionsintheActhaveceasedtoapply;20
d) ConsiderwhichinformationshouldbewithheldfrompublicaccessthroughtheapplicationofanexemptionundertheActortheEIR.
18.2 Thoseundertakingthereviewshouldensurethatadequateconsultationtakesplace,bothwithintheauthorityandwithotherauthoritiesthatmightbeaffectedbythedecision,forexampleauthoritiesthatoriginallysuppliedtheinformation.Thisisparticularlyadvisableforrecordsbeingtransferredearlierthanrequired.
19TheLordChancellorhasdelegatedthepowertoappointplacesofdeposittotheChiefExecutiveofTheNationalArchivesoranotherofficerofappropriateseniority.20AtpresentsomeexemptionsintheActfallawayafter30years.Theirdurationwasthesubjectofanindependentreviewin2008andtheCodewillbeamendedtoreflectanychangesintroducedasaconsequence.
2�-LordChancellor’sCodeofPracticeonthemanagementofrecords
Public records to be transferred as open18.3 Iftheoutcomeofthereviewisthatrecordsaretobetransferredasopen,thetransferring
departmentshoulddesignatetherecordsasopen.TherewillbenoformalreviewofthisdesignationbyTheNationalArchives,placesofdepositorthePublicRecordOfficeofNorthernIreland.
Public records to be transferred as subject to an exemption - general18.4 Iftheoutcomeofthereviewisidentificationofspecifiedinformationwhichtheauthority
considersoughtnottobereleasedunderthetermsoftheActortheEIR,theauthorityshouldprepareaschedulethat:
a) Identifiestheinformationprecisely;b) Citestherelevantexemption(s);c) Explainswhytheinformationmaynotbereleased;d) Identifiesadateatwhicheitherreleasewouldbeappropriateorthecaseforreleaseshould
bereconsidered.
18.5 Authoritiesshouldconsiderwhetherpartsofrecordsmightbereleasedifthesensitiveinformationwereredacted,i.e.renderedinvisibleorblankedout.Informationthathasbeenredactedshouldbestoredsecurelyandshouldbereturnedtotheparentrecordwhentheexemptionhasceasedtoapply.
Public records to be transferred as subject to an exemption - The National Archives18.6 ThescheduledescribedaboveshouldbesubmittedtoTheNationalArchivesforreviewand
advicepriortotransfer.Iftheoutcomeofthereviewisthatsomeoralloftheinformationintherecordsshouldbeclosedafteritis30yearsold,theschedulewillbeconsideredbytheAdvisoryCouncil.TheAdvisoryCouncilmayrespondasfollows
a) Byacceptingthattheinformationmaybewithheldforlongerthan30yearsandearmarkingtherecordsforreleaseorre-reviewatthedateidentifiedbytheauthority;
b) Byacceptingthattheinformationmaybewithheldforlongerthan30yearsbutaskingtheauthoritytoreconsiderthelaterdatedesignatedforreleaseorre-review;
c) Byquestioningthebasisonwhichitisconsideredthattheinformationmaybewithheldforlongerthan30yearsandaskingtheauthoritytoreconsiderthecase;
18.7 IftheAdvisoryCouncilacceptsthattheinformationshouldbewithheld,therecordswillbetransferredasclosed(inwholeorinpartasappropriate)andtherelevantclosureperiodapplied.
Public records to be transferred as subject to an exemption - the Public Record Office of Northern Ireland 18.8 Thescheduledescribedatparagraph18.4shouldbesubmittedtothePublicRecord
OfficeofNorthernIrelandforreviewandadvice.
18.9 Iftheoutcomeofthereviewisthattherecordsshouldbeclosedaftertransfer,theschedulewillbeconsideredbytheSensitivityReviewGroup.TheSensitivityReviewGroupmayrespondasfollows:
LordChancellor’sCodeofPracticeonthemanagementofrecords-25
a) Byacceptingthattheinformationshouldbewithheldforlongerthan30yearsandearmarkingtherecordsforreleaseorre-reviewatthedateidentifiedontheschedule;
b) Byquestioningthebasisonwhichitisconsideredthattheinformationmaybewithheldforlongerthan30yearsandaskingtheresponsibleauthoritytoreconsiderthecase.
18.10 IftheSensitivityReviewGroupacceptsthattheinformationshouldbewithheld,therecordswillbetransferredasclosed(inwholeorinpartasappropriate)andtherelevantclosureperiodapplied.
Public records to be transferred as subject to an exemption - places of deposit for public records18.11 Placesofdepositshouldbeinformedwhichrecordscannotbemadepubliclyavailableon
transfer,whichexemptionsapplytotheinformationtheycontainandforwhatreason,andforhowlongthoseexemptionsshouldbeapplied.
19 Transmission of public records
19.1 Itistheresponsibilityofauthoritiestransferringrecordstoensurethatthoserecordsareadequatelypreparedandaretransferredwiththelevelofsecurityappropriatetotheconfidentialityoftheinformationtheycontain.
20 Access after transfer of public records
Freedom of Information requests after transfer20.1 Fortheavoidanceofdoubt,noneoftheactionsdescribedinthisCodeaffectsthestatutory
rightsofaccessestablishedundertheActortheEIR.RequestsforexemptinformationinpublicrecordstransferredtoTheNationalArchives,aplaceofdepositforpublicrecordsorthePublicRecordOfficeofNorthernIrelandwillbedealtwithonacasebycasebasisinaccordancewiththeprovisionsoftheActortheEIR.
Expiry of closure periods 20.2 Whenanexemptionhasceasedtoapplyundersection63oftheActtherecordswillbecome
automaticallyavailabletomembersofthepublicatthedatespecifiedinthefinalisedschedule(i.e.thescheduleafterithasbeenreviewedbytheAdvisoryCouncilortheSensitivityReviewGroupasappropriate).
20.3 Inothercases,iftheauthorityconcernedwishestoextendtheperiodduringwhichtheinformationistobewithheld,itshouldsubmitafurtherscheduleexplainingthesensitivityoftheinformation.Thisistobedonebeforetheexpiryoftheperiodstatedintheearlierschedule.Theprocessoutlinedatparagraphs18.6-18.10willthenbeapplied.InNorthernIreland,MinisterialagreementisrequiredforanyfurtherextensionoftheclosureperiodandreferraltotheMinisterwillbeanadditionalstageintheprocess.
26-LordChancellor’sCodeofPracticeonthemanagementofrecords
Annex A Glossary
Disposal –thedecisionastowhethertherecordshouldbedestroyed,transferredtoanarchivesserviceforpermanentpreservationorpresentedandtheputtingintoeffectofthatdecision.
Disposal schedules –schedulesthatidentifytypesofrecordsandspecifyforhowlongtheywillbekeptbeforetheyaredestroyed,designatedforpermanentpreservationorsubjectedtoafurtherreview.
Keeping records –inthecontextofthisCode,keepingrecordsincludesrecordingtheauthority’sactivitiesbycreatingdocumentsandothertypesofrecordsaswellashandlingmaterialreceived.
Metadata – informationaboutthecontextwithinwhichrecordswerecreated,theirstructureandhowtheyhavebeenmanagedovertime.Metadatacanrefertorecordswithindigitalsystems,forexampleeventlogdata.Itcanalsorefertosystemssuchaspaperfilesthatarecontrolledeitherfromadigitalsystemorbyaregisterorcardindex,forexamplethetitleandlocation.
Place of deposit –anarchivesofficeappointedtoreceive,preserveandprovideaccesstopublicrecordsthathavebeenselectedforpreservationbutarenottobetransferredtoTheNationalArchives.ThepowerofappointmenthasbeendelegatedbytheLordChancellortotheChiefExecutiveofTheNationalArchivesoranofficerofappropriateseniority.
Presentation –anarrangementunderthePublicRecordsAct1958wherebyrecordsthathavenotbeenselectedforpermanentpreservationarepresentedtoanappropriatebodybyTheNationalArchives.
Public records –recordsthataresubjecttothePublicRecordsAct1958orthePublicRecordsAct(NorthernIreland)1923.Therecordsofgovernmentdepartmentsandtheirexecutiveagencies,somenon-departmentalpublicbodies,thecourts,theNHSandthearmedforcesarepublicrecords.LocalgovernmentrecordsarenotpublicrecordsinEnglandandWalesbutthoseinNorthernIrelandare.
Records – informationcreated,received,andmaintainedasevidenceandinformationbyanorganizationorperson,inpursuanceoflegalobligationsorinthetransactionofbusiness.21
Retention –anarrangementunderthePublicRecordsAct1958wherebyauthoritiesarepermittedtodelaythetransferofspecifiedpublicrecordsforanagreedperiodandtoretainthemuntiltheendofthatperiod.
Records system –thetermusedforaninformationorprocesssystemthatcontainsrecordsandotherinformation.Itcanbeeitherapaper-basedsystemoradigitalsystem.Examplesarecorrespondencefileseries,digitalrecordsmanagementsystems,casemanagementsystems,function-specificsystemssuchasfinancesystems,etc.
21ThisdefinitionistakenfromBSISO15489-1:2001Informationanddocumentation–Recordsmanagement–Part1:General.
Lord Chancellor’s Code of Practice on the management of records - 27
Annex B Standards and guidance supporting the Code
Part 1 of the Code
1. British Standards (BSI)
Relevant Standards issued by the British Standards Institution include:
BS ISO 15489-1, Information and documentation – Records management – Part 1: General
BS ISO/IEC 27001: 2005, Information technology. Security techniques. Information security management systems. Requirements
BS ISO/IEC 27002: 2005, Information technology. Security techniques. Information security management systems. Code of Practice
BS 10008 Evidential weight and legal admissibility of electronic information - Specification
BS 8470:2006, Secure destruction of confidential material. Code of practice
BS 4783, Storage, transportation and maintenance of media for use in data processing and information storage
2. Standards and guidance produced by The National Archives for the management of public sector records
The Chief Executive of The National Archives, as head of profession for the knowledge and information function across Government, sets standards for the management of records in all formats, covering their entire life cycle. The standards are supported by guidance and toolkits. Advice for government departments can also be applied by other parts of the public sector. They are available on The National Archives website - see http://www.nationalarchives.gov.uk/services/default.htm?source=services In addition, a standard on metadata for records management is available through Govtalk – see http://www.govtalk.gov.uk/documents/Records_management_metadata_standard_2002.pdf
28-LordChancellor’sCodeofPracticeonthemanagementofrecords
3. Sector-specific guidance
Guidanceisavailableforspecificsectorsasfollows:
Central government InadditiontostandardsandguidanceissuedbyTheNationalArchivesreferredtoabove,protectedrecords22aresubjecttodatahandlingguidanceissuedbytheCabinetOffice-seehttp://www.cabinetoffice.gov.uk/mediacabinetoffice/csia/assets/dhr/cross_gov080625.pdf
Local government TheRecordsManagementSocietyhasissuedguidelinesondisposalandinformationauditsforlocalgovernment–seehttp://www.rms-gb.org.uk/resources.TheLocalGovernmentAssociationandWelshLocalGovernmentAssociationhaveissueddatahandlingguidanceforprotectedrecords–seehttp://www.idea.gov.uk/idk/aio/9048091
Further and higher educationJISC(JointInformationSystemsCommittee)InfonethasproducedaninformationmanagementInfokit–seehttp://www.jiscinfonet.ac.uk/information-management
Schools TheRecordsManagementSocietyhasissuedarecordsmanagementtoolkitforschools–see
http://www.rms-gb.org.uk/resources/848
The policeTheHomeSecretaryhasissuedacodeofpracticeonthemanagementofpoliceinformation–seehttp://police.homeoffice.gov.uk/news-and-publications/publication/operational-policing/CodeofPracticeFinal12073.pdf?view=Standard&pubID=224859
ItissupportedbyguidanceproducedbytheNationalCentreofPolicingExcellenceonbehalfoftheAssociationofChiefPoliceOfficers–seehttp://www.npia.police.uk/en/8492.htmhttp://www.crimereduction.homeoffice.gov.uk/policing21.htm
22Thescopeoftheterm‘protectedrecords’isexplainedwithinthedocument.
LordChancellor’sCodeofPracticeonthemanagementofrecords-29
The National Health ServiceTheDepartmentofHealthhasissuedacodeofpracticefortheNHS-seehttp://www.dh.gov.uk/enPublicationsandstatistics/Publications/PublicationsPolicyAndGuidance/DH_4131747
Part 2 of the Code
4. Transfer of records to the National Archives or a place of deposit
TheNationalArchiveshaspublishedguidanceondeterminingwhetherrecordsshouldbetransferredtoTheNationalArchivesoraplaceofdepositforpublicrecords–seetheAcquisition and Disposition Strategyandsupportingguidanceathttp://www.nationalarchives.gov.uk/documents/acquisition_strategy.pdfandhttp://www.nationalarchives.gov.uk/recordsmanagement/disposition/faq.htm
ForguidanceonthepreparationofrecordsfortransfertotheNationalArchives,includingcataloguing,seehttp://www.nationalarchives.gov.uk/recordsmanagement/advice/standards.htmandhttp://www.nationalarchives.gov.uk/recordsmanagement/advice/cataloguing.htm
Forguidanceonthetransferofrecordstoplacesofdepositsee
http://www.nationalarchives.gov.uk/documents/foi_guide.pdf
5. Transfer of records to the Public Record Office of Northern Ireland
ThePublicRecordOfficeofNorthernIrelandhaspublishedguidanceontransferringrecords–seehttp://www.proni.gov.uk/index/professional_information/records_and_information_management.htm
6. Determining whether exemptions apply
GuidanceonFOIexemptionshasbeenissuedbytheInformationCommissioner’sOffice,theregulatorofboththeActandtheEIR–seehttp://www.ico.gov.uk/tools_and_resources/document_library/freedom_of_information.aspxGuidancehasalsobeenissuedbytheMinistryofJustice–seehttp://www.justice.gov.uk/guidance/foi-exemptions-guidance.htm
30-LordChancellor’sCodeofPracticeonthemanagementofrecords
GuidanceonEIRexceptionshasbeenissuedbytheDepartmentoftheEnvironment,FoodandRuralAffairs–seehttp://www.defra.gov.uk/corporate/opengov/eir/guidance/full-guidance/pdf/guidance-7.pdf
GuidancehasalsobeenissuedbyTheNationalArchives:AccesstoPublicRecords-seehttp://www.nationalarchives.gov.uk/documents/access_manual.pdfand
Redaction:guidelinesfortheeditingofexemptinformationfrompaperandelectronicdocumentspriortorelease-seehttp://www.nationalarchives.gov.uk/documents/redaction_toolkit.pdf
© Crown copyright 2009
The text in this document (excluding the Royal Arms and other departmental or agency logos) may be reproduced
free of charge in any format or medium providing it is reproduced accurately and not used in a misleading context.
The material must be acknowledged as Crown copyright and the title of the document specified.
Where we have identified any third party copyright material you will need to obtain permission from the copyright
holders concerned.
For any other use of this material please write to Office of Public Sector Information , Information Policy Team,
Kew, Richmond, Surrey TW9 4DU or email: [email protected]