The meeting started at 9.30am with a welcome address by the Chairperson of the Event, Elizabeth Barber, with a word of appreciation to the host Westminster Archives and the sponsors for the day, Iron Mountain. This was followed by presentations from the various speakers who discussed a broad range of issues relating to using codes of practice to shape records management policies. Emily Overton gave an overview of the work of the Exec since the last meeting.
10am - Keynote Speaker: Paul Gibbons – Lord Chancellor’s Code of Practice on records management: Keeping records to meet corporate requirements
Paul started off the presentation with a quick quiz to ask those in attendance when/where the first Freedom of Information (FOI) Act was inaugurated. It turned out that the correct answer was Sweden, 250 years ago!
Paul went on to discuss comments made by Elizabeth Denham, the new Information Commissioner at an event in December 2016. Elizabeth noted: “If public authorities are placed under an effective duty to document regime, then we are telling them to write down their decisions, to note their reasons and most importantly to write things down well”.
Paul then went on to note various instances where the failure to document decisions hindered investigations. It was noted that the Public Records Act 1958 required organisations to select documents, not necessarily instigate a “duty to document”.
The Section 46 Code within the FOI does make it clear that records management is core to the FOI Act working properly. Paul quoted from the Section 46 Code, noting “FOI legislation is only as good as the quality of the records and other information to which it provides access. Access rights are of limited value if information cannot be found when requested or, when found, cannot be relied on as authoritative”.
Paul then asked the group – who is the minister in charge of the Section 46 Code? It turned out that it was not the Lord Chancellor who was in charge of the Code, but the Secretary of State for Culture, Media and Sport – they must consult the Chancellor of the Duchy though.
Paul noted that organisations should take the following into account:
• Laws, regulations and standards
• Protecting your rights, property, etc
• Justifying your actions
Organisations should also be clear on the four factors that are crucial in ensuring a record is fit for purpose:
Paul went on to discuss the requirements of GDPR – keeping records is a central requirement of GDPR – failure to do so can result in a very big fine.
Paul noted that the Information Commissioner has records management in her sights and we already have a duty to document in many cases…the FOI Act Section 46 Code Section 8 spells things out for us… and keeping records is central to GDPR compliance!
10.45am – Jenny Obee, Head of IT and Information Management at the London Borough of Barnet – Lord Chancellor’s Code of Practice on Records Management
The presentation discussed choosing and implementing an EDMS system – the end to end process of a successful implementation and the steps taken to get there.
11.45am – Jenny Obee, Head of IT and Information Management at the London Borough of Barnet Lord Chancellor’s Code of Practice on records management storage and maintenance of records
This presentation discussed retention and disposal, including big bucket theory.
12.30pm – Sponsor Presentation: Tim Callister, Iron Mountain – Whose record is it anyway?
Tim described the services that Iron Mountain can provide to organisations – this includes logistics services, legal advice and labour to help deliver records management programmes.
Tim then ran through some statistics of issues with records – for example, the average cost of a breach per record in 2015 was £112 and the average breach size of records was 21,695, which is a significant number of records!
Some interesting facts and figures were discussed, including some survey results which indicated that 89% of Business Leaders don’t understand what their information managers do! This is interesting food for thought for Records Managers.
Tim noted that Iron Mountain focused on the ‘what’, ‘where’, ‘when’ and ‘how’ elements of records management programmes.
Some discussion then took place around the different concepts of the Information Management profession. Some 50% of businesses say risk management, security and data privacy will be the most valued skills for information professionals over the next 3.5 years… but only 5% of information professionals saw risk, security and privacy as their principal role.
In fact… 53% of information professionals see information accessibility and delivery as the most important future capability. Clearly, an interesting difference of opinion and this generated much discussion in the room!
2pm – Sarah Graham, Corporate Records Manager, NHS England – Records Management Code of Practice for Health and Social Care 2016
The Information Governance Alliance published a new set of guidance for Records Management within the NHS in July 2016. Sarah took us through the key points within this document and discussed its importance within NHS England.
Sarah, first of all, discussed the key elements of the Code of Practice, before moving on to the role that the code played in developing the NHS England Document and Records Management Policy and the NHS England Records Retention and Disposal Guidance and Schedule.
Sarah described the background to the Code. The Code of Practice replaces the Records Management: NHS Code of Practice parts 1 and 2 (2006) that had previously been produced by the Department of Health. Whilst this Department of Health guidance was very good and detailed, it was due a refresh.
The new guidance has more focus on electronic records and has a reduced retention schedule. It is user-friendly and has practical case studies. There is a main section, three appendices – the final appendix concentrates on retention scheduling on pages 53 to 80. Sarah went on to discuss the sections in detail.
Finally, Sarah discussed NHS England’s approach to the code of practice. NHS England’s key move was to align its Records Retention and Disposal Schedule to reflect the guidance – Version 2.0 was published in January 2017. Some key areas had changed in terms of retention periods (eg, complaints had moved from 8 year retention to 10 years).
In cases like these, the Corporate Records Manager visited the teams to ensure that paper/ electronic systems were adjusted accordingly to reflect the July 2016 change in guidance. NHS England also reflected the guidance within the Records Management Policy – Version 4.0 of the Policy is being ratified at the moment.
2.45pm – Elizabeth Barber, Records Manager, Kent County Council – The importance of using the Section 46 Code as a core to your policy when it comes to an ICO audit
Elizabeth shared a few thoughts about how central the Section 46 Code was to any records management policy and how the use of the self-assessment tool available via The National Archives website provided a great focus for the visit from the ICO auditors.
Review written by Sarah Graham and originally published in the IRMS Bulletin, September 2017