FOIMan reflects on how his boring records management work has twice found its way into the national press and considers whether there are lessons for others who manage their organisation’s information.
The Telegraph reported earlier this week that MPs’ expenses claims prior to 2010 can no longer be investigated as they have all been destroyed. Defending its actions, the House of Commons authorities explained that they had been disposed of in line with a policy called an Authorised Records Disposal Practice (ARDP), and that to retain them longer would have breached the Data Protection Act (DPA).
The story attracted my attention because…I drafted the ARDP in 2003. I don’t recall why we gave it such a rubbish name, but I do remember why MPs’ expenses claims, receipts and other financial records were to be retained for only 3 years. It was because the House of Commons authorities went out of their way to obtain permission to retain them for this period rather than the usual 6 years. Three years was explicitly chosen because they wanted to limit both the scale of information that might potentially have to be searched, and the risk of “smoking guns”.
As it turned out, three years wasn’t enough to avoid the latter, at least not entirely.
Is the Commons’ spokesperson’s statement that to retain the records longer would have breached the DPA true? The DPA requires organisations using personal data to comply with 8 principles. One of those principles requires personal information not to be kept for any longer than necessary. The Act doesn’t specify how long such records should be kept – in practice it depends on a range of things from other legal requirements to business need. It does require, of course, that organisations develop clear policies on how long personal information will be retained and put in place procedures to implement those policies consistently. To this extent, the House of Commons was following good practice in adopting the ARDP, and indeed in disposing of information in line with it.
This doesn’t entirely justify the Commons statement though. As I stated above, it was their deliberate decision to retain financial information for a shorter period than most organisations, albeit with relevant authority. They could have decided to keep records for 6 years. At any point – especially once the public interest in MPs’ expenses was aroused – they could have amended the policy. Given the historical significance of these records, it is even arguable that they should have been retained permanently. An exemption within the DPA would have provided legitimacy for this action.
So whilst the argument made by the Commons authorities was factually correct at least in part, it was perhaps a little…disingenuous.
This isn’t the first time that my records management work has aroused controversy. In preparation for FOI in late 2004, the Greater London Authority (GLA) held a number of “Records Management Days”. Staff were encouraged to dress down and spend part or all of their working day throwing away files that were no longer required. The aim was to reduce the amount of space taken up by storage for records (City Hall never having been designed with physical records storage in mind), and to reduce the volume of information that would need to be searched through when we started to have to answer FOI requests. (This is arguably of benefit to potential requesters as well. The more information that remains to be searched through, the more likely that a public authority will be able to claim that complying with the request will exceed the “appropriate” or cost limit.)
Records management is seen as an activity that busy people can put off. Put that together with the “just in case” mentality and the challenge for records managers like myself is not generally to persuade colleagues to keep information, but to get them to throw it away. FOI presented a fabulous opportunity to make this happen. If I milked the “smoking gun” message it was a means to an end – though perhaps it suited others for different reasons.
The GLA’s records management project, of which this activity was a part, was approved by both the Mayor and the London Assembly. So it was with some surprise that I learnt that London Assembly Members were asking questions about what were now termed “shredding days” in early 2005. And with even more surprise to find them reported in the Sunday Times in March 2005:
“KEN LIVINGSTONE, the London mayor, has admitted that his office had a “shredding week” to destroy documents ahead of new disclosure rules under the Freedom of Information Act.”
Back in 2005, and again this week when reading about my ARDP’s role in the latest MPs’ expenses story, my initial reaction was defensive. As a records manager I was doing my job. It isn’t possible for organisations to keep everything – just imagine what your own house (or even computer, though that’s perhaps less obvious at first sight) would look like if you never threw anything away. If you must dispose of records, good governance requires that it be done in line with an agreed policy grounded in established best practice. For many years that is the argument that records managers have expounded and stood by. I’m sure that like me, they have seen themselves as slightly removed from the fray, an almost neutral observer. So news articles suggesting that our work is “political” in some sense provoke an indignant response. That’s exactly what our work is there to demonstrate – that the management of information is simply a process. Records are destroyed according to our rules not to the whim of a politician or a nervous official.
But is that true? When I reflect on this latest story, and once again on my earlier brush with politics, I begin to realise that what I thought of as apolitical policies were never really anything of the sort. All policies – and retention policies are no different – have to go through some sort of approval process. They have to take on board the needs of the organisation – political as much as financial and practical. In drafting retention policies for both the Houses of Parliament and the GLA (and for that matter, any of my other employers) I documented established and desired practice. If the Commons’ authorities wanted to keep information for 3 rather than 6 years, then that was what was written into my policy. I don’t remember if I challenged it at the time, but even if I had, it is unlikely that my view would have prevailed. It is most likely that at the time I accepted the view of those authorities unquestioningly. It didn’t seem unreasonable at the time, whatever hindsight suggests.
So those managing their employer’s information should remember that whilst it may be tempting to see themselves as objective rule-makers, they are probably nothing of the sort. In truth, records managers are as much a part of the culture of their organisation as anyone else, and it is perhaps more dangerous to continue to deceive ourselves to the contrary.