Records Management - Records Creation: What it means in relation to Data Protection and Freedom of Information
The guidance in this document is intended to draw attention to some of the issues that need to be considered when creating any University record, in particular it seeks to highlight and give guidance in respect of the creation of some types of document that raise concerns in relation to both Data Protection and Freedom of Information.
The overall aim is:
- to ensure that staff have the information they need to create records in an informed and responsible way and;
- that the University can respond more efficiently to any requests for information that are made to it under the provisions of either of the two Acts.
1. Why is records creation an issue?
1.1. The Data Protection Act 1998 and the Freedom of Information Act 2000 both provide rights of access to information held by the University. These rights apply respectively both to the individual and to the public at large.
1.2. The Data Protection Act allows people to see information that the University holds about them. The Freedom of Information Act (from Jan 2005) gives the public the general right to access any recorded information.
1.3. The right of access under Freedom of Information is retrospective and will apply to all documents that are being created now, provided of course that they are still in the University’s possession in 2005.
1.4. Both pieces of legislation include exemptions that apply in certain circumstances, but it is prudent to work on the assumption that all records will be accessible.
2. Why do we need guidance?
2.1. The guidance in this document is intended to draw attention to the issues that need to be considered when creating any University record and to provide specific guidance on some types of document that raise particular concerns in relation to Data Protection and Freedom of Information.
2.2. A general aim is to ensure that staff have the information they need to carry out their jobs and that the University is able to respond efficiently to requests for information made under the provisions of either of the two Acts.
3. Where does responsibility lie?
3.1. Responsibility rests with you. All employees of the University are responsible for ensuring that their written communications are professional in tone and content.
4. What is a record?
4.1. A Record is recorded information in any form created or received by the University in the transaction of its business or conduct of its affairs and which it retains as evidence of that activity. Put more simply, a record is 'recorded evidence of business activity'.
5. Is academic freedom affected?
5.1. The ability to debate and examine difficult issues is an essential part of University life; this guidance does not limit academic freedom at all. All debate, however, needs to be conducted in a professional manner and the requirements of the Data Protection Act and Freedom of Information Act need to be observed.
6. The first thing to think about when creating a record
6.1. Before creating a record, always consider carefully its purpose. Ensure that you include all the information necessary to achieve that purpose and nothing else.
7. What to think about when writing about other individuals
7.1. The Data Protection Act gives individuals the right to see information that the University holds about them and it also requires that such information is relevant, accurate and not excessive. The examples used in the following bullet points are based on real examples:
- Do not include irrelevant information. For example, when giving an academic reference it is highly unlikely that you will be required to comment on a person’s health or personal circumstances, unless of course they have a direct bearing on the individual’s academic achievement.
- Always ensure that you differentiate between matters of fact and matters of opinion. For example, it is accurate to say ‘In my opinion, this student has very poor interpersonal skills’, as opposed to, ‘This student has very poor interpersonal skills’.
- Do not express opinions that
you cannot defend, or demonstrate. For example, the statement, ‘This
individual has absolutely no redeeming feature to recommend her’ is
a statement that cannot be substantiated.
- It is foolish to express opinions
in those areas where you are not qualified to do so. Do not say, ‘This
person has a personality disorder’, unless you are in a position to
make the diagnosis (i.e. a doctor) or are in a position to report the situation
as a previously established matter of fact.
- Be sure of your facts too. Do
not say, ‘This person has no knowledge of computer software’ unless
you know the statement to be factually true. Instead say, ‘While this
person was working with me s/he was not required to use a computer’.
- Never write in anger or in haste
- a particular danger with e-mails. Do not foolishly record, ‘The miserable
creature places herself in mortal danger of wasting my time’. Wait and
write the message when you have calmed down or have more time.
- It is simply bad behaviour to
speak disrespectfully of others. Even when expressing negative information
make sure it is expressed in a respectful way. Do not say, ‘One of the
higher apes could have put in a better performance than this student’.
Say instead, ‘This student’s performance falls well below the
standards required for the course'.
8. What to think about when providing a personal reference
8.1. Refer to section 23 of the Data Protection Handbook and refer to the previous section of this document for the kind of thing to bear in mind when writing personal references.
9.What to think about when writing an e-mail message
9.1. E-mails can be disclosed in response to a data protection request or a freedom of information request. Electronic messages can be legally binding and the University can be held liable for any defamatory statements contained in e-mails. For these reasons, do not write things in e-mails that you would not write in other forms of communication.
9.2. Restrict an e-mail to one topic, do not mix personal and University matters in one e-mail and, when involved in a discussion, try not to drift off the original topic.
9.3. Always try to maintain the context of an e-mail exchange. The meaning and context of an annotated e-mail can be clear at the time of writing but invariably becomes unclear over time - particularly so perhaps, for users not involved in the original discussion.
9.4. If you have something unpleasant you need to say, then just DON'T use e-mail. Speak to the person directly - a direct contact can often defuse a potential confrontation that e-mail would only encourage.
9.5. Think of other people’s feelings before sending an e-mail message.
10. What do I need to consider when preparing meeting agendas and receiving papers?
10.1. It is advisable to divide meeting agendas into at least two sections – open business (i.e. business information that you would be happy to release in response to a freedom of information request, or to see published within the University's publication scheme) and closed business.
You may need to sub-divide closed business further as some information will be sensitive for much longer than other information. For example, some policy decisions might be sensitive while they are being considered, but become less sensitive once a decision is made. On the other hand some information, such as the University’s IT security measures, might remain sensitive for a very long time.
10.2. Structuring the agenda in this way enables you to deal more easily with individual freedom of information requests, as it will be transparent what information the University is cautious about releasing. It will also assist the University in compiling its publication scheme, as it might adopt different publication dates for open and closed business. For example, open business might be published within a month of the minutes being confirmed, while closed business might be released following a number of years.
10.3. However if you classify particular items as closed business you need to be prepared to explain which exemption under the Freedom of Information Act justifies such closure. This can be done by requiring any paper submitted to a committee for consideration, to be accompanied by a cover sheet indicating which exemption applies. A Committee Business Cover Sheet is available.
11. What do I need to think about when drafting minutes of meetings?
11.1. Minutes of meetings can serve a number of different purposes and such purposes affect the level of detail required in them. Again different sections of the same set of minutes may be intended to serve different purposes and it can be appropriate therefore for different styles to be adopted within the same document. For example:
- If the purpose is to identify who agreed to do what, consider using a simple action list.
- If the purpose is to provide an audit trail for University decisions and the reasons for those decisions, then you need to record both the decision and the reason(s) for taking it.
- If the purpose is to communicate detailed information to people who were not present at the meeting, then you will need to record a more detailed account of what was said. However, if this is the case it is prudent to consider whether there are better ways of communicating such information than using the formal minutes, everyday experience tells us that errors do occur when one person is recording what another person has said.
- If the purpose is simply to record that the committee discussed a particular item (e.g. a new policy or strategy document) then it will be sufficient for the formal minutes to record that simple fact. The person working on the particular having the responsibility of taking fuller notes delegated to him/her.
11.2. For any minutes, consider whether it is necessary to identify individuals by name, or more appropriate to identify them by their role or job title only. Some individuals might prefer their names not to be included either in minutes published on the University’s publication scheme or released in response to requests for information; the University’s approach is to accommodate such preference if there is valid reason.
This is a particularly important consideration if minutes are to be published on the Internet. In such circumstances ensure that all committee members are aware and have the opportunity of asking for their names to be removed. If an individual does object to the inclusion of their names in the published minutes, the objection should be respected until such time as the University is able to make a final determination.
11.3. Boards of examiners: under data protection legislation students will be entitled to ask for anything said in the minutes concerning them as individuals, while Freedom of Information legislation will entitle them to access the minutes of the board itself.
11.4. To ensure that an individual examiner’s identity is not revealed, consider if it is actually necesssary to record their names in the minutes in the first place. For example, instead of saying ‘Dr Jones said that...’, say, ‘It was suggested that…’, or ‘An examiner said…’
12. What to think about when considering documents for inclusion in the University's publication scheme
12.1. We are under a legal obligation to publish all information that is included in our publication scheme.
12.2. The Freedom of Information Act requires the University to produce and maintain a publication scheme. The scheme lists the types of information that the University intends to make available to the public as a matter of routine, the scheme can be viewed from http://www.ncl.ac.uk/foi
12.3. The main advantage of having information on the publication scheme is that the University does not then have to respond to individual requests for it. Consider the advisability therefore of having documents included in the University’s publication scheme if you believe that there may be a lot of requests for it.
12.4. In some cases the publication scheme will limit the types of information that will be made available. For example our scheme says 'The University will not publish any information that constitutes personal data or any information that affects its commercial operations.' Consequently you may decide to withhold certain pieces of information from publication.
12.5. In respect of the previous point it is as well to bear in mind that the same information, although not published, may nevertheless be sought under the Freedom of Information requests regime, and under which you will need to provide a reason for non-disclosure if that is the decision that is taken.
13. Dealing with draft documents?
13.1. Generally speaking there is no need to retain drafts once a final document has been approved. Exceptionally however some documents relating to for example, major policy projects, need to be kept as part of the University’s record of evidence for its decision making. This however is the exception rather than the rule and should only happen where draft documents reveal significant changes in approach.
14. What should you be doing now?
14.1. Review the approach that you adopt when you create records, particularly e-mails and references. Look at the Data Protection Handbook at http://www.ncl.ac.uk/internal/data.protection/handbook26.htm
14.2. Secretaries of committees should consider which approach is most suitable for their respective committees and advise the committee accordingly.
15. What other help is available?
15.1. In addition to the information contained on this site, further advice and guidance in respect of records management, data protection and freedom of information can be gained by emailing Rec-Man@ncl.ac.uk or telephoning ext. 8209.
February 2004