The interactive hub of the information world


Chinese Delegation Seminar 23 September 2013

Friday, 29 November 2013

Chinese Delegation Seminar 23 September 2013

In September, a delegation of 25 archivists from The State Archives Administration of China (SAAC) visited the UK to conduct their research programme of ‘File Collections and Evaluations’. On their previous visit two years ago, they really enjoyed a seminar on retention and disposal. The IRMS was delighted to participate in a re-run of this successful seminar. This was held as a joint ARMA /IRMS event assisted by Natasha Rawley of the Archive Document Data Storage company.

This year it was my pleasure to represent the IRMS as Special Projects Officer of the Society. Alison North represented ARMA as their International Director.

The seminar was held this year on the 23rd September at Paragon House in the University of West London's Brentford site, to whom thanks are given.

The programme was opened by Alison North who gave a highly interesting and insightful talk on managing retention and disposal from the aspects of strategy, policy, risk and legislation.

This was followed by Natasha giving a very useful case study on implementing archive storage and disposal, based upon a project her company undertook for a University.

After lunch I presented a session on the practical implications of implementing retention and disposal, both for paper and digital records, whilst maintaining access and security.

The session was closed by Alison, who gave a brief overview and poignant summary of the San Bruno Pipeline Explosion case she has been working on as a reminder of the fundamental importance of good record-keeping.

We believe that the seminar was well received and from a personal point of view this is the first time I have presented when it has been translated “live” into Chinese!

Reynold Leming

6th Conference of Scientific Archivists in Rio de Janeiro

Wednesday, 23 October 2013

At the beginning of September I attended the 6th Conference of Scientific Archivists in Rio de Janeiro. Hosted at the beautiful Casa de Rui Barbosa, the conference was on the theme of transparency laws and the specific problems faced by scientific archivists (Brazil’s equivalent of the FOI Act is just over a year old now and suffers similar teething problems that the UK experienced).

The biggest difference between the UK and Brazil, from the archivists’ and records managers’ points of view was that there is no equivalent of the Code of Practice on RM as issued under s46 of the FOIA. Whereas we had 5 years to try to undo the chronic under-funding of RM and the relatively lowly status of the records managers in the public sectors, ostensibly to get ready for the FOIA (this is a reductio, hopefully not ad absurdum), Brazil’s government has rushed in the law (although it was on the books for decades, long before UK laws, the enacting legislation was recent and relatively sudden).

Delegates at the conference mentioned that perhaps this rush has something to do with the fact that the President of Brazil, Dilma Rousseff, was brutally tortured by the military dictatorships in the 1970s and that she wanted Brazilian institutions to be accountable, to prevent dictatorships.

Although the conference was about transparency laws, the starting point for releasing information is always the ability to be able to find it. Although I sensed that speakers and delegates wanted to have the sorts of technical conversations that we often have in the UK about the application of this exemption or that Tribunal decision, I saw what we often see when records managers get together. The same horror stories of information not being able to be found – speakers exhibited photographs of documents in boxes piled in leaky basements, of piles of paper indistinguishable from a paper recycling facility.

I take it for granted, as a FOI and DP practitioner, that not being able to find something will be the exception to the rule (it only happened once to me, when we had a request for a document that we could not admit to not being able to find – the final reply went out months late, after I had spent two days in an archive with a really helpful librarian, going through box, after box). But that is because of records managers, not because of archivists.

And so, the stories being shared at the conference were mostly of incredible records managers and archivists, working on tiny budgets, with almost no electronic archiving, with ridiculously slow internet speeds, with no money for electronic document management solutions, all trying to change the culture of universities and government departments (as still happens here – I know that we are not perfect), reorganising records and helping, in a real way, to ensure that Brazil’s experience of dictatorship is not forgotten, but remains firmly in the past.  

Bilal Ghafoor
Twitter: @foikid

First IRMS Podcast

Saturday, 19 October 2013

The IRMS are starting a series of Podcasts, and I would like to thank James Lappin and Heather Jack for all their hard work.

The initial interview is with Chris Walker on auto-classification and allied issues.

I hope you enjoy this and would be interested in your comments and suggestions.

Nicholas Cooper, Chair.

IRMS attends the IQPC Conference on e-Discovery & Information Governance

Tuesday, 08 October 2013

On the 17th to 18th September I attended the ‘e-discovery and Information Governance in the Financial Services’ conference in London put on by IQPC (a knowledge sharing organisation) sponsored & chaired by Ernst & Young.  I was there with 2 hats on, one as a European Data Protection Officer for a 'captive finance' Bank and the other as a representative of the IRMS.

Over the 2 days the subjects ranged from building an effective information governance regime to the complexities and drawbacks of data protection compliance with e-discovery requests. We also were given a couple of presentations on some new technologies including one piece of software aimed at detecting and “locking down” images on your network of a ‘sensitive’ or ‘illegal’ nature.  Given that the room was full of primarily legal officers I’m not quite sure the presentation got many sales leads but none the less, it did raise some interesting questions around ‘held data’ and that technically anything, including such images, are held data.

Speaking of attendees the even was well attended by Banks and financial institutions. The importance of records management and effective data management came up again and again and it was interesting to see the diverse discussion and awareness of what Records Management actually is and what ‘records’ are. (Especially coming from legal officers).

Speakers ranged from Ernst & Young through to the Financial Conduct Authority and a high court judge from the US. The FCA’s presentation was the most interesting as they discussed the complexities of data capture for investigations and their recently announced 'Data Strategy'.  If anyone hasn’t seen this announcement, check out for more details.

Overall the conference was very informative for a ‘younger’ professional such as myself. For the IRMS, this was good exposure and an opportunity to network with some key players in the data management field within financial services. I was able to plug our Financial Services group and hopefully get some good contacts for speakers at a future IRMS conference.  More information on IQPC led events can be found at

Scott Sammons
Groups & e-Officer
Information & Records Management Society

IRMS attends the ICO's 2012-13 Annual Report event

Wednesday, 17 July 2013


On Thursday 20th June on behalf of the Society I attended the launch of the ICO's 2012/2013 Annual Report at Westminster Hall.

The Report was delivered by the Information Commissioner, Christopher Graham, supported in part by Simon Entwisle (Director of Operations), who covered a review of the year’s case load. The delivery of the report was then followed by questions to the panel made up of the senior officers of the ICO, with Christopher and Simon being joined by Daniel Benjamin, David smith and Graham Smith.

The overall theme was that the ICO was: “Holding our course, while handling more business, responding to new challenges and coping with fewer resources”, with the Office remaining independent, authoritative and forward-looking.

The Report was delivered around the structure of seven “E’s”, namely:

  • Enforcement
  • Education
  • Empowerment
  • Enabling
  • Engagement
  • Effective
  • Efficient

There was also comment on requirements and challenges for the Future.


The Civil Enforcement Team looked at more than 1,300 cases (45% up on last year) and imposed 23 civil monetary penalties for serious mistakes, totalling £2.6m.

Additionally about 155,000 concerns about spam text and nuisance calls were registered on the web site; this year the ICO imposed the first civil monetary penalty under the Privacy in Electronic Communications Regulations (PECR) directive of £440,000 and the first civil monetary penalty for cold calling of £90,000.


The focus during the year was on four main areas:

  • Cookie compliance on web sites
  • The publication or update of 51 pieces of FOI advice
  • Publication of the 'Anonymisation code of Practice'
  • The Data Protection conference in Manchester in March 2013


Awareness-raising seems to be working! According to research, 86% of individuals are aware of their rights under the Freedom of Information Act, whilst 87% know of their Data Protection act rights to access personal information.

The ICO has been working to embed information rights into the national curriculum, with pilots running in a number of schools.

On another big topic, they assisted 372 individuals to challenge their inclusion within the construction industry blacklist.


The message was that data protection is not just about saying “No” – you can ay “Yes” if you do it properly and safely. This was illustrated by the publication of the ‘Data Sharing Code of Practice’.

During the year the ICO conducted 58 consensual audits of Data Controllers (up 38% on last year), plus 78 advisory visits (up 30%). They have also introduced audit outcome reports on common themes of good practice.


The ICO is proactively engaging with current developments in the filed of technology, policy, businss etc. To this end it is involved in:

  • Post-legislative scrutiny of the Freedom of Information Act
  • Open Data and transparency agenda
  • The Leveson Inquiry
  • The proposed revision of the EU Data Protection regime


This covered a review of the ICO’s effectiveness in dealing with the ever increasing demand for services.

There was a 3.7% increase in calls, requiring the ICO to increase their output by 3.2% to handle. An independent customer survey showed over 90% satisfaction.

The ICO re-used information to improve the FAQs on their website, which have developed considerably during the year.

Data Protection complaint casework increased by 6.3% during the year, requiring a corresponding increase in output by 10.3% to enable case closure. Most complaints were about the way the biggest data handlers in the country responded to requests for information. About 35% of complaints were upheld.

For FOI and the Environmental Information Regulations there was a 1.7% increase in casework. There was a 1.3% drop in output owing to a reduction in the ICO’s resources; however, the volume of casework remains level and has not fallen behind. The ICO issued 1,100 decision notices in the year. These were mostly related to central government, local government (who saw a slight increase) and the health service (who saw a slight decrease). 44% of cases were upheld on appeal in whole or in part; this was down from 50% last year.

An online reporting mechanism was introduced fro PECR. 50% of complaints related to recorded voice calls, 25% to telesales speaking with a person and 25% related to spam texts. The ICO’s approach is to contact organisations looking for about their compliance with the law and, if there is no improvement, looking at civil monetary fines.

During the year 685 concerns relating to cookies were reported.

With regards their own operations, the ICO received a record number of information requests (Data Protection and FOI), up 5% on last year. They responded to 98% within the statutory timescales.


The income of the ICO consisted of:

Data Protection: £16,055,000 from 372,369 data controller registrations

FOI: £4.25m grant-in-aid FOI income, although this is being cut

To address their reduction in income, the ICO is taking the following actions:

  • IT re-procurement (moving from Capita to Northgate)
  • Agile notification (e.g. taking credit card payments)
  • Home working
  • A greener ICO (e.g. no hard copy annual reports this year!)
  • Improved knowledge management (e.g. more joined up between Data Protection and FOI teams)

Future Initiatives

The ICO has the following matters on its horizon:

  • The new Data Protection regime from 2016
  • New obligations for Data Protection authorities
  • The European Data Protection Board
  • An end to notification obligation
  • A new method of funding the ICO
  • The squeeze on FOI grant-in-aid
  • Technology
  • Open Data and Big Data
  • The challenge of international global enforcement co-ordination

Therefore, the ICO is getting ready for change, understanding that there are new responsibilities, new ways of doing things and achieving better for less. It is consulting with both staff and stakeholders over the next 12 months to feed into the ICO’s 2014-17 Corporate Plan.

Panel Discussion

A number of questions were raised from the floor and addressed by the panel relating to:

  • Current news events relating to the Care Quality Commission
  • Current news events relating to PRISM / NSA (although breaches of RIPA are not under the ICO)
  • The letter to Google sent by the Article 29 working party raising the risks relating to Glass
  • The need for greater European consistency without too much over-engineered process (the ICO wants a focus on risk and proportionality)
  • Balancing Open Data with the need to be careful, particularly with regards health data
  • The need for proper section 55 penalties (with the ICO pressing for this as part of consultation on the Leveson recommendations)
  • The work being undertaken relating to the construction industry blacklist whereby the ICO is working with the DWP, trade unions and Equifax on data matching to contact those on the list where possible
  • The desire to have the power for non-consensual audits of local government and the health service
  • The need to develop clear online privacy policies written for consumers not lawyers


The full report is available at


Reynold Leming

Special Projects Officer

The Information and Records Management Society

Blog Categories

IRMS Blog (29)


If you have any comments about the site, please contact the eOfficer via the contact form or by email; This email address is being protected from spambots. You need JavaScript enabled to view it..