Tag Archive for records management

Upcoming events: Autumn 2019

FOIMan highlights events he will be speaking at in Autumn 2019.

Paul speaking at podium

Paul speaking at IRMS 2019 conference (© Alison Drew 2019)

Last week I ran a workshop at the IRMS Public Sector Group on the relationship between FOI and records management. It was great fun and thanks again to Elizabeth Barber and Sarah Graham for inviting me, and to everyone who was there for taking part so enthusiastically. I’m hoping to return to speak at the PSG again later in the year, so watch this space.

I thought I’d highlight some other forthcoming public events that I’ll be speaking at. In addition to the below, don’t forget you can bring me to your organisation to deliver training, workshops and briefings – get in touch for a quote if that’s of interest. And I’m always willing to consider invitations to speak at free-to-attend industry/professional events, so just let me have details if you are looking for a speaker.

Please note that all links below are to external sites that I have no control over. Should you have any questions about these events or courses, or the websites, please get in touch with the relevant organisation.

12 September: I’ll be chairing a workshop on Effective Records and Information Management in Edinburgh. Understanding Modern Government are offering a £50 discount off the normal rates to readers of this blog. To obtain the discount follow the relevant link below and complete the company’s form.

Charity/Education/Local Gov/ Health £345.00+VAT

Central Gov – £395.00+VAT

Private Sector – £445.00+VAT

27 September: ‘The Linchpin: the role of Freedom of Information Officers in opening up the UK’s public authorities’, free ODI Fridays talk at the Open Data Institute

10 October: Effective Records and Information Management in London

7 November: Handling Subject Access Requests (private sector focus) for UMG Training in London

19 November: Handling Subject Access Requests (public sector focus) for Understanding Modern Government in Manchester

28 November: Excel at handling Freedom of Information requests for Understanding Modern Government in London

 

Data protection doesn’t require important records to be destroyed

FOIMan explains why any organisation which blames the destruction of important records on data protection rules is being either disingenuous or is ignorant of what the law requires.

In recent weeks The Guardian has drawn attention to the plight of those innocent people who have lived in the UK for many years, only to be told recently by the Home Office that they could face deportation. This week the Home Secretary finally apologised, but many people are still in a legal limbo, unable to prove their status, not realising that they would ever need to.

Now a former Home Office employee has reported that disembarkation cards which might have helped establish the status of many of these people were deliberately destroyed by the Home Office a few years ago. Responding to the claim, the Home Office has conceded that records were destroyed but claims that this was necessary to comply with the Data Protection Act (DPA). The records were, according to them, destroyed:

to ensure that personal data … should not be kept for longer than necessary. Keeping these records would have represented a potential breach of these principles.

This argument has a long pedigree. It was cited by a police chief constable at the time of the Soham murders as a reason why records were not retained about Ian Huntley which might have prevented his employment as a caretaker at a school. It was used more recently by the House of Commons to justify the early destruction of MPs’ expenses records.

In both these cases, and in the latest example, this is just plain wrong. If the press officer or whoever drafted this statement had checked with their Data Protection Officer, they would have been able to tell them this.

It is true that one of the data protection principles requires that personal data be kept no longer than necessary, and that data controllers – organisations – are required to put in place procedures to ensure this. However, note that word “necessary”. It places the responsibility fairly and squarely at the door of the organisation that has collected the data to decide what is “necessary” and to justify it. If records are still being used to answer enquiries about individuals’ immigration status (as the Home Office whistleblower has maintained), or are at the centre of one of the biggest scandals to hit modern British politics, I would suggest that it is “necessary” to retain them, and to do so can be easily justified. Data protection laws do not say they must be destroyed.

Furthermore, even if there is a view that it is no longer necessary to retain records for their original purpose, both the DPA 1998 and GDPR permit records to be retained for historical research purposes in a record office. The Home Office whistleblower reports that it was suggested that the cards be offered to a record office, but that they were told that no archive wanted them. As public records, the National Archives would have had first option on these and since these records would seem to be of great value to genealogists and those studying the history of migration and minority ethnic communities in the UK, it is hard to imagine them turning such an offer down. Even if they did, are we to believe that other record offices, including for example Brixton’s Black Cultural Archives (based in Windrush Square), a repository specialising in the history of Britain’s African and Caribbean communities, would have said no? It seems unlikely if they were given the opportunity (and the significance of the cards was explained to them). Data protection rules would have allowed the cards to be retained indefinitely in a record office.

Data protection rules simply do not require records with continuing value to be destroyed. Anyone claiming that they do is being disingenuous or is ignorant of what data protection requires. Let’s hope that organisations – particularly those that should know better – stop churning out this misconception every time that they are criticised for the disposal of records.

References:

Home Office destroyed Windrush landing cards, says ex-staffer, The Guardian, 17 April 2018 https://www.theguardian.com/uk-news/2018/apr/17/home-office-destroyed-windrush-landing-cards-says-ex-staffer

MPs to escape expenses investigations after paperwork destroyed by Parliament, Daily Telegraph, 2 November 2014 https://www.telegraph.co.uk/news/newstopics/mps-expenses/11204405/MPs-to-escape-expenses-investigations-after-paperwork-destroyed-by-Parliament.html

The politics of records management, FOIMan blog, 7 November 2014 https://www.foiman.com/archives/1337

Soham police chief ‘ignored advice’, The Guardian, 26 March 2004 https://www.theguardian.com/uk/2004/mar/26/soham.ukcrime

GDPR’s Duty to Document

FOIMan explains how GDPR puts keeping records well at its very centre.

Back in December, the Information Commissioner, Elizabeth Denham, indicated her wish for a new duty to document law. I’ve written previously about this here and here.

On 28 April, I explored this issue a bit further in a talk to the public sector group of the Information and Records Management Society (IRMS) at a venue in Westminster. I’d been asked to talk about the need to keep records for corporate requirements identified in the FOI s46 Code of Practice.

The s46 Code does spell out the need to keep records to meet legal requirements, to record precedent, to document legal and other rights, and to justify actions taken. It’s worth noting that s.48 of FOIA gives the Information Commissioner the power to issue “practice recommendations” requiring public authorities to bring their practice into line with the Codes of Practice. So the s46 Code establishes a duty to document and the Act gives the Commissioner (admittedly limited) powers to enforce it.

Leaving FOI behind though, I handed delegates postcards of the image above. It illustrates the data protection principles as set out in the General Data Protection Regulation (GDPR). Right at the centre of my image is the accountability principle. It means that organisations will not be able to comply with the other principles without being able to demonstrate their compliance. In other words, they need to keep records to show what they are doing with people’s personal data. What they told those people when it was collected. Whether they gave consent. What their data protection impact assessment concluded. And so on.

Keeping records – and keeping them well – is central to compliance with GDPR. Records management should form a central plank of your GDPR preparations over the next year. Not least because it is very clear that the Information Commissioner is very interested in records management indeed.

Let me know if you need a speaker for your event – I’m always happy to help if I can. If you’re looking for in-house training on GDPR, get in touch for a quote.

References:

s.46 Code of Practice

GDPR

Delving Deeper into Denham’s Drive for a Duty to Document

FOIMan examines the Information Commissioner’s proposals for a new duty to document.

In December, the Information Commissioner, Elizabeth Denham, gave a speech at an event celebrating 250 years of freedom of information. During the speech Ms. Denham indicated that she wanted the government to legislate for a “duty to document”.

I wrote briefly about this at the time. But in my latest piece for PDP’s Freedom of Information Journal (available here), I’ve looked further into the Information Commissioner’s proposals.

Amongst the issues explored are:

  • what effect FOI has had on public sector records management;
  • how the Information Tribunals have dealt with the issue of records management;
  • what problems is the Commissioner seeking to resolve;
  • what tools are available to the Commissioner now;
  • and finally, are there any existing duties to document along the lines that Elizabeth Denham suggests?

Better information?

FOIMan reviews the government’s response to Sir Alex Allan’s review of government record-keeping and information management.

The Cabinet Office

“Good records management is essential for good government”, said Sir Alex Allan in his report to the Cabinet Secretary on the management of digital records in December 2015 (though dated August 2015 at the bottom of the report itself). It wasn’t particularly surprising that he found that the state of records management was not good:

“almost all departments have a mass of digital data stored on shared drives that is poorly organised and indexed.”

He didn’t comment on what that said about the quality of government.

The Cabinet Office – now responsible for information management across government – has published its response this week in a report entitled Better Information for Better Government. For a start, the fact that it has taken the best part of 18 months to respond to a fairly straightforward analysis of the issues with information management within government gives a clue to the single most important reason why records are in a mess: information management is not a priority – for civil servants or their political masters.

The problems that Sir Alex identified – lack of high-level buy-in, failure to comply with record-keeping procedures, a vast legacy of poorly organised information – persist, and the new report doesn’t really offer much in terms of a way forward. It repeats Sir Alex’s analysis of record-keeping, providing a very useful summary of how the problem developed. It also agrees with Sir Alex’s conclusion that technology is the answer – though adds little to our knowledge of how technology will do this. A table lists the technologies that are most likely to be of assistance, but no conclusions are reached as to what should be done. Data analytics or eDiscovery tools are highlighted as being a potentially useful solution, before the report points out that their expense and the need for specialist users might lead Departments not to employ them.

There’s an emphasis in the report on Departments doing their own thing. It’s not hard to imagine those leading the project being fobbed off by Departments wary of Cabinet Office interference, and perhaps weary of (mostly failed) attempts to address poor records management over the years.

The report does recognise the most significant impediment to improved information management: people. There is talk of “creating the expectation of regular information management”. This is to be done by making it easier to save records by improving the technology used, but also by using “nudge” techniques:

“Departments might also consider deploying behavioural science techniques to encourage civil servants to perform information management tasks more regularly and effectively.”

The overwhelming feeling I had when reading this report was deja vu. We’ve heard many times before that records management is poor in government (and, to be fair, in most organisations outside government). We’ve also heard that technology and culture change are the answers. Reading this report I didn’t get the impression that addressing this problem is a priority, nor that leaders in government would be pressing for that to change. Without prioritisation and leadership, I’m afraid we’ll be reading another report like this in a decade’s time, and the decade after that, and…

Sources:

Government digital records and archives review by Sir Alex Allan, Cabinet Office, December 2015

Better Information for Better Government, Cabinet Office, January 2017