Karin,
an interesting topic, with varied opinion!
Do we need a council policy on record retention that advises
managers and staff on how long records must be kept. ...YES...
In essence e-mail messages can be records, but...email systems are not
record-management systems, therefore e-mail messages and attachments must be
removed from e-mails systems and declared as records in the 'physical or
electronic' record-keeping systems.
The organisation must through its policies and procedures establish the
first principle: that information created within or recieved by the
organisation regardless of the physical or electronic formats in which it
may be received, held, disseminated etc is 'Corporate Information' and is
not owned by the individual but by the organisation. Even though the e-mail
is a person to person communication system, this communication is
facilitated by the employment of the individual within the organisation and
therefore the information communicated is 'corporate' and not 'personal'.
Personal information may be communicated via e-mail as 'company policy' but
it should be monitored to ensure no liability to the company, and the
employees informed accordingly, a 'privilege' that can be removed from the
individual if the company chooses to do so, to protect itself or others from
litigation.
It is good practice to list examples of information types that are
considered to be records of the organisation and this should also include
e-mail attachments as well as the e-mail itself. A generic listing can be a
start point and a more specific listing will be created as you formulate a
'local retention schedule' at departmental or section level, with the aid of
those who have experience of the business processes that support the
'activities and functions' of that part of the organisation, these key
people can help determine what information or record types are key to that
process and essential for retention, the remainder can be disposed of as
soon as is practicable.
Under the 1958 Public Record Act, in short, all information or data created
or received by 'Public Bodies' is a 'record' and must be managed. The
introduction of retention scheduling can enable you to put a framework in
place which allows you to be liberal in some quarters and rigid in others.
By using an EDRM System, you can manage both physical and electronic formats
in the one system, and can embed many criteria for control of the declared
record as an automatic functionality of the system, takes it out of the
users control.
Local EDRMS Administrators can be empowered to enforce policy at a variety
of levels within the system and a 'Super user' has the final say on behalf
of the organisation, a principle you could carry forward to the shared drive
concept.
If EDRMS if beyond the budget, then a similar though less robust (from a
'centralised managed function view point') is the use of shared drives and
folder access permissions, structure the folders in the shared drive in
accordance with your requirements and only give access when everyone has
signed up to the governing rule-set, departmental and individual access is
only given when all individuals in each department have signed up.
Subject Access requests and disproportionate effort - I agree that
this can be used but all the more reason to have a clear policy that states
upfront how long we strive to keep information for in permanent/easily
available form, and that any requests for information from an earlier period
must be judged on a case by case basis, taking required effort into account.
Your retention schedule / guidance material should reflect the requirements
of the DPA with regards keeping personal information, once the purpose for
which the information was gathered has been fulfilled you should dispose of
the information at a time specified in your retention schedule. Bear in mind
the potential for litigation if information is retained for too long or
short a period, if retention rules are not set or do not reflect other
statutory requirements to keep certain record(s) or information types for
'fixed' periods.
Q are we confusing 'FOI Access with DPA Subject Access' FOI Access has
'disproportionate effort' and 20 day turn-around, where as, DPA has no such
restriction and 40 day turn-around.
You can considerably limit the FOI issue by your publication scheme and the
use of EDRMS, whereby all records can be 'flagged' in the classification
scheme Metadata, as FOI exempt, where appropriate. If in doubt as to the
level of effort required then an information audit should be carried out and
once analysed, effort can be contributed to each class or series of records
within the system, this could be of considerable benefit to you and your
clients, as you will know from the onset of a request the likely level of
disproportionate effort involved, it may also help you with your charging
scheme for access.
hope this helps,
regards,
Joseph
Joseph Wisener BA Hon's
EDRM System Manager
Civil Aviation Authority
Tel 01293 573962
Email [log in to unmask]
-----Original Message-----
From: Bleasdale Karin [mailto:[log in to unmask]]
Sent: 09 January 2004 12:56
To: [log in to unmask]
Subject: Emails
Can anyone help me with the following queries that have come from two of my
colleagues. My thoughts are that these emails should form part of a
structured file therefore not really being a problem. Any thoughts?
Are retrieving emails considered to be of a disproportionate effort.
The answer to this will also help FOI - as it can go in our Publication
Scheme....
Do we need a council policy on record retention that advises
managers and staff on how long records must be kept.
Subject Access requests and disproportionate effort - I agree that
this can be used but all the more reason to have a clear policy that states
upfront how long we strive to keep information for in permanent/easily
available form, and that any requests for information from an earlier period
must be judged on a case by case basis, taking required effort into account.
Another point to consider is how we would locate emails, both for
Data Protection and Freedom of Information purposes. The former would
hopefully be easier to locate than the latter. And who would do this?
Records Management Officer SSD
LB Hammersmith & Fulham
Tel: 020 8753 5118
Fax: 020 8753 5103
The information contained in this e-mail is intended for the recipient or
entity to whom it is addressed. It may contain confidential information that
is exempt from disclosure by law and if you are not the intended recipient,
you must not copy, distribute or take any act in reliance on it. If you have
received this e-mail in error, please notify the sender immediately and
delete from your system.
**********************************************************************
This e-mail, and any files transmitted with it, are confidential.
If you are not the intended recipient, please notify our Help Desk
(e-mail: [log in to unmask] or phone: +44-1293-573333)
immediately.
You should not copy or use this e-mail or attachments for any purpose
nor disclose their contents to any other person.
Please note that all e-mail messages sent to the Civil Aviation Authority
are subject to monitoring / interception for lawful business purposes.
**********************************************************************
|