On 15 July the Department for Digital, Culture, Media and Sport (DCMS) published a Code of Practice on the Management of Records issued under section 46 the Freedom of Information Act 2000 (FOIA). This replaces the previous version and provides guidance to public authorities (including local authorities) on keeping, managing and destroying information and records. The Code does not apply to bodies subject to the Freedom of Information (Scotland) Act 2002, to which a separate code applies.
The Code's stated purpose is to provide guidance to authorities which helps them to create a framework for keeping, managing and destroying their information, and therefore records. Complying with the Code will help them to:
- comply with FOIA, the Environmental Information Regulations (EIR)2 and other information rights legislation such as the UK General Data Protection Regulation, the Public Records Act 1958 and the Public Records Act (Northern Ireland) 1923 if they apply;
- fulfil their duty to publish information about their activities; and
- comply with the Re-use of Public Sector Information Regulations 2015.
The Code is divided into three sections:
1. Introduction to the Code and its legal basis.
2. The principles of good information management practice:
- Value - the authority must understand, manage and use its information in a way that enables it to understand its value, to make effective decisions for the benefit of society. Authorities must manage their information so that they can assess its current and future value. They must keep information as long as they can show it has value and dispose of it when it no longer has value. Authorities must be able to explain why they no longer hold information.
- Integrity - the authority and all its stakeholders must be able to rely upon and trust the information that it holds.
- Accountability - the authority's information management must enable it to provide a clear and accurate account of its activity in accordance with its legal and other obligations.
This section provides guidance on how authorities can put these principles into practice, including:
- putting in place appropriate governance, organisational capability and technical measures to ensure that they manage information in accordance with the Code;
- ensuring that their organisational capability includes an information management function with a designated manager of sufficient seniority to ensure that the authority discharges its responsibilities under the Code, adequate resources and suitably trained staff;
- ensuring that its technical capability includes appropriate tools and systems to manage, organise, locate and use information, back-up systems to recover from system failures and major disasters, and systems to ensure that the destruction of information is carried out in line with its sensitivity and is permanent; and
- when information is shared with a partner authority, body or contractor, putting in place an information sharing agreement which should specify:
o the obligation to record decisions, particularly in relation to the transfer or destruction of information;
o obligations under copyright, data protection legislation and FOIA;
o record management controls and any special requirements for the security and handling of personal information; and
o the ownership of any copyright.
3. Historical records
This part sets out guidance on how to comply with the Public Records Act 1958 (PRA) or its Northern Ireland equivalent. For authorities that are not subject to the PRA, the guidance suggests that authorities may wish to operate with regard to this part 3 where it is helpful.
The section covers:
- transferring public records to another body or to an archive;
- access to historical information transferred under FOI exemptions;
- retention of public records; and
- obligations where departments sponsor other bodies.
The annexes provide more information on:
- who the Code applies to;
- the status of the Code and the obligation to comply with it;
- the role of the Departmental Record Officer and Information Manager (for those familiar with the previous version of the Code, this is a significant change);
- the roles of regulatory and other bodies (including the Information Commissioner's Office);
- other sources of standards and guidance; and
- a glossary of terms.