Information governance policies
Contents
- Information governance policies
- Data protection policy
- Appropriate policy document
- Document retention and records management policy
Document retention and records management policy
Section 1: Introduction and Purpose
1.1. North Northamptonshire Council (NNC) recognises that its records are an important public asset and are a key resource to accountability and effective operation. They require careful management and this Policy sets out the Council’s responsibilities and activities in regard to the management and retention of its records.
1.2. In the course of carrying out its functions and activities, NNC collects and generates a wide range information from individuals and external organisations. This can be retained as hard copies or in electronic form.
1.3. Retention of documents may be necessary to fulfil statutory or regulatory requirements; as evidence in disputes; and historic and other value. The purpose of this policy is to ensure that records are retained for as long as necessary to meet legal, financial, and administrative requirements. This policy also seeks to ensure that information is disposed of in a secure and timely manner, when no longer required.
1.4. NNC will comply with all legal requirements governing the retention and disposal of records. This is including, but not limited to the:
- Data Protection Act 2018
- UK General Data Protection Regulations (UK GDPR)
- Freedom of Information Act 2000; and the
- Public Records Act 1958
1.5. The untimely destruction of documents could cause difficulties in defending litigious claims, meeting operational requirements; or failing to comply with applicable legislation.
1.6. Conversely, the permanent retention of data and information is unfeasible and appropriate disposal is necessary to allow for adequate storage space and compliance with UK GDPR.
1.7. The effective management of records in all formats depends as much on their efficient disposal as well as their long-term preservation. As a Local Authority we must be consistent in the way we handle and dispose of our information. This policy will assist the NNC in meeting local needs, whilst providing a consistent approach to record keeping across the organisation.
1.8. The policy will provide a corporate framework to govern how particular documents (or sets of documents) should be:
- Retained – and if so, in what format, for what period of time; or
- Disposed of – and if so, when and by what method
1.9. Additionally, this policy seeks to clarify the roles and responsibilities of designated officers in the decision-making process.
1.10. This policy is not concerned with the disposal or retention of unused materials (e.g. stocks of paper, unused forms).
1.11. The NNC retention schedule sets out the minimum retention periods for records, before they are either destroyed or transferred to an archive. It applies to all records, regardless of format, including electronic records, paper records, and other media.
Section 2: Policy outcomes
2.1. This policy should be used in conjunction with:
| Other key documents or legislation | Links to corporate outcomes |
|---|---|
| • Modern public services |
Section 3: Scope
3.1. The following Officers, AD’s or Directors are ultimately responsible for ensuring this policy is adhered to and ensure that effective management processes and monitoring are in place.
| Job Title | Director of Legal and Democratic |
|---|---|
| Service Area | Legal and Democratic |
| Directorate | Customer and Governance |
3.2. Responsibility for determining (in accordance with the retention schedule) whether to retain or dispose of specific documents rests with the individual Heads of Service.
3.3. The Data Protection Officer (DPO) and Data Protection (DP) Team (Information Governance (IG) Department) can advise of effective records management practices and requirements. However, they cannot be expected to possess the operational or background knowledge required to assess whether a particular document may be required for operational need. This is the responsibility of the relevant Head of Service. It is also the service areas responsibility to know the minimum retention periods prescribed by the legislation and guidance, which governs that service.
3.4. Nominated Information Champions are being sought within each area to act as a communication point and to support the implementation of the corporate records management programme in their respective areas.
Section 4: The Policy
4.1 Disposal
4.1.1. Disposal can be achieved by a range of processes:
- Confidential waste
- Physical destruction onsite (shredding)
- Permanent deletion from systems, including back up and archive
- Migration of documents to an external body
4.1.2. The following considerations should be taken into account when selecting any method of disposal:
- Under no circumstances should paper documents containing personal data or confidential information be simply deposited in non-confidential bins
- If steps are taken to make data virtually impossible to retrieve, then this will be regarded as equivalent to deletion
- Transfer of documents to a third-party (other than for destruction or recycling) where documents and records are of historic interest and intrinsic value
4.2 UK General Data Protection Regulations
4.2.1. Under UK GDPR retaining information that contain personal data, beyond the length of time necessary for the purpose it was obtained is unlawful. If legislation is silent on this provision; it is a matter for reasonable judgement and common sense as to how long personal data (which falls outside legislative guidance) should be retained. This is to be agreed by the Head of Service.
4.3 Standard Operation Practice (SOP)
4.3.1. There are some records that do not need to be kept at all; SOP defines types of records which staff may routinely destroy in the normal course of business.
4.3.2. SOP usually applies to information that is duplicated, unimportant or only short- term facilitative value. Some examples are:
- compliment slips
- catalogues and trade journals
- telephone message slips
- non-acceptance of invitations
- requests for stock information such as maps, plans or advertising material
- out of date distribution lists
- duplicate copies of documents (see below)
4.3.3. Duplicated and superseded material such as stationery, manuals, drafts, forms, address books and reference copies of annual reports maybe destroyed as being unimportant. This includes electronic copies of such.
4.4 Format of records
4.4.1. This Document Retention and Records Management Policy is relevant to records which are electronic, paper or record which have been transferred to another format such as microfiche.
4.5 Reviewing the schedule
4.5.2. These guidelines prescribe minimum and permanent retention periods. The guidance will be reviewed at regular intervals to ensure it is still fit for purpose.
4.5.3. If you need help or further information relating to this policy, please contact:
| Job Title | Deputy Data Protection Officer |
|---|---|
| Service Area | Information Governance Department – Data Protection Team |
| Directorate | Customer and Governance |
| Contact email | [email protected] |
4.5.4. Below are the details of the responsible officer for implementation.
| Job Title | Data Protection Officer |
|---|---|
| Service Area | Information Governance Department – Data Protection Team |
| Directorate | Customer and Governance |
| Contact email | [email protected] |
Section 5: Considerations
5.1 Consultation
5.1 After consideration, there was no requirement for consultation or engagement activity regarding this policy.
5.2 Equality Implications
5.2 After consideration, there are no equality implications arising from this policy.
5.3 Health assessments and inequalities
5.3 After consideration, there are no health implications arising from this policy.
5.4 Climate Impact
5.4 After consideration, there are no climate implications arising from this policy.
5.5 Community Impact
5.5 After consideration, there are no community implications arising from this policy.
5.6 Crime and Disorder Impact
5.6 After consideration, there are no crime and disorder implications arising from this policy.
5.7 Data Protection Implications
5.7 After consideration, there are no data protection implications arising from this policy.
5.8 Legal and Governance
5.8 After consideration, there are no legal implications arising from this policy.
5.9 Resources and Financial
5.9 After consideration, there are no financial and / or resource implications arising from this policy.
5.10 Risk
5.10 After consideration, there are no significant risks, positive or adverse arising from this policy.
Section 6: Appendix A: Key Disposal and Retention Considerations
Introduction
No document should be earmarked for disposal unless due regard has been given to 5 Key Disposal and Retention considerations detailed in this Appendix and with reference to the Retention Schedule Document.
Key Consideration 1
Has the document been appraised?
As a first step, the nature and contents of any document being considered for disposal should be ascertained. No document(s) should be earmarked or designated for disposal unless this has been done. In so far as existing documents are concerned it follows that the above can only be achieved by the carrying out of physical inspection and appraisal. The process may only take a few minutes – perhaps even seconds.
Nonetheless it can be a skilled task – depending on the complexity of the document(s) concerned – and should only be undertaken by officers who possess the sufficient operational knowledge to enable them to identify the document concerned and its function within both the individual Department and corporate frameworks.
Any decision to the effect that future documents of a specified description be disposed of on expiry of a specified retention period should be an informed one i.e. taken with a full appreciation and understanding of the nature and function of such documents.
The above is largely common-sense, and hardly needs to be stated. However, if appraisal is inadvertently overlooked or carried out negligently, or by an employee who lacks the necessary background operational knowledge, the Council runs the risk of important documents being destroyed in error.
Key Consideration 2
Is retention required to fulfil statutory or other regulatory requirements?
There is, in fact, very little specific legislation that stipulates mandatory retention periods for documents in Local Government.
The pieces of legislation which do, either directly or indirectly, impose minimum retention periods are as follows:
Tax Legislation: Minimum retention period for certain financial records are imposed by statutes such as the VAT Act 1994, and the Taxes Management Act 1970. The relevant retention periods are identified in the Retention Schedules Document.
Statutory Register: Various Local Government statutes require to be kept of certain events, notifications, or transactions. It is implicit with such legislative requirement that these records be maintained on a permanent basis, unless the legislation concerned stipulates otherwise.
The Audit Commission Act 1998: This provides auditors with a right of access to every document relating to the Council that appears necessary for the purpose of carrying out the auditor’s function under the Act.
The Local Government Act 1972, s.225: Any document deposited with “the proper officer” of the Council in accordance with Statute should be retained permanently.
Part VA of the Local Government Act 1972: This governs public access to certain documents relating to Council and Committee meetings. Certain documents that form part of the public part of the agenda are required to be available for inspection by members of the public.
Key Consideration 3
Is retention required to evidence events in the case of dispute?
On occasions, the Council becomes involved in disputes with third parties. Such disputes, if not satisfactorily resolved, can result in the dissatisfied party bringing legal proceedings against the Council, usually (but not always) with a view to obtaining monetary compensation.
Conversely, the Council may wish to institute legal proceedings against an individual or organisation e.g. to recover an unpaid debt, or in respect of faulty workmanship. Where a dispute arises, or litigation has been commenced it is important that the Council has access to all correspondence and other documentation that is relevant to the matter.
Without such, there is the danger that the Council’s position will be compromised, and the possibility that an unmeritorious claim might succeed, or that the Council may be unable to assert legal entitlements.
The Limitations Act 1980 specifies time limits for commencing litigation. The starting point therefore, is that the retention period is the length of time that has to elapse before a claim is barred. The 6 year retention period and risk assessment: As stated above the majority of potential legal claims are statute barred on the expiry of 6 years. For this reason many organisations consider it prudent to retain files and records for a period of 6 years from the date when the subject matter was completed.
Heads of Service (or designated officers) should be prepared to carry out a risk analysis, with a view to disposal of such documents within a shorter period of than the 6 year time frame.
Key Consideration 4
Is retention required to meet the operational needs of the department?
In some cases retention may be desirable (whether permanent or otherwise) even though no minimum retention period applies. Heads of Service (or designated officers) should be open to the danger of discarding documents or records that might be useful for future reference purposes (e.g. training), as precedence, or for performance management (performance indicators, benchmarking and comparison exercises). A professional judgement needs to be made as to the usefulness of a particular document.
Key Consideration 5
Is retention required because the document or record is of historical interest or intrinsic value?
In most cases this consideration will not be applicable. However, it is certainly possible that some documents currently in Council storage may be of historic interest and / or even have some monetary value.
Illustration
A local authority may have in its possession records of damage to property caused by air raids during WWII. These records may well be of interest to museums and local history societies. Where it is suspected that the document falls within this description, appropriate enquires should always be made before taking any further action.
Even if the document is of historical or monetary value, disposal rather than retention by the Council may well be the appropriate option.
Section 7: Appendix B: Accountability
Document Version Control
| Author (Post holder title): | Interim Data Protection Officer |
|---|---|
| Document File Name: | Document Retention and Records Management Policy |
| Document held by (name and / or section): | Information Governance Department – Data Protection Team |
| For internal publication only or external also: | Internal and external |
| Document retained in council’s corporate repository (service area’s Intranet page): | Yes |
| Document added to policy register: | Yes |
Change History
| Issue | Date | Comments |
|---|---|---|
| 1.0 | 23 October 2023 | Final approved version |
NB: Draft versions 0.1 - final published versions 1.0
Consultees
| Internal | External |
|---|---|
| Information Management Board | N/A |
Accountability
| Granted approval level (CLT / committee) | Approval Date DD/MM/ YYYY | Who is responsible for delivery of the policy |
|---|---|---|
| Information Management Board | 23/10/2023 | Interim Data Protection Officer – Neill Bolderston |
Distribution List
| Internal | External |
|---|---|
| All staff | Constituents of North Northamptonshire |
Section 9: Appendix C: Accountability Equality Screening Assessment
The Equality Screening Assessment form must be completed to evidence what impact the proposal may have on equality groups within our community or workforce. Any proposal that identifies a negative impact must have a full Equality Impact Assessment completed before the proposal progresses further.
1: Proposal
| Requirement | Detail |
|---|---|
| Title of proposal | Document Retention and Records Management Policy. The council recognises that its records are:
|
| Type of proposal | New policy |
| What is the objective of this proposal? | The purpose of this policy is to provide a corporate framework governing how particular documents (or sets of) should be:
|
| Has there been or when will there be consultation on this proposal? (List all the groups and communities, including dates) | This policy is going to the Information Management Board for approval. |
| Did the consultation on this proposal highlight any positive or negative impact on protected groups? (If yes, give details) | N/A |
| What processes are in place to monitor and review the impact of this proposal? | The policy will be reviewed in line with UK Data Protection legislative changes. |
| Who will approve this proposal? (Committee, CLT) | Information Management Board. |
2: Equality Consideration
In turn, consider each protected group to ensure we meet our legal obligations of the Equality Act (2010).
| Protected Groups | General Equality Duty Considerations:
- Include factual evidence of how people in this group may be affected - Consider the outcomes and processes - Does this seek to eliminate discrimination - Does this promote fostering good relations | Changes:
- What changes can be made to mitigate any negative impact - Are there opportunities to remove possible barriers or disadvantages that a group may face | Impact Delete as appropriate. There can be more than one answer per protected group. |
|---|---|---|---|
| Age Different age groups that may be affected by the proposal in different ways. | N/A | N/A | Neutral |
| Sex Is one sex affected more than another or are they affected the same? | N/A | N/A | Neutral |
| Disability It is likely to have an effect on a particular type of disability? Why? | No issue | This policy is compliant with the writing to inclusion guidance. | Positive |
| Gender Reassignment Will there be an impact on trans males and / or trans females? | N/A | N/A | Neutral |
| Race Are people from one ethnic group affected more than people from another ethnic group? | N/A | N/A | Neutral |
| Sexual Orientation Are people of one sexual orientation affected differently to people of another sexual orientation? | N/A | N/A | Neutral |
| Marriage and Civil Partnership Are people in a Marriage or Civil Partnership treated less favourably? | N/A | N/A | Neutral |
| Pregnancy and Maternity Are people who are pregnant, or have a baby of 6 months old or younger, effected by this proposal? | N/A | N/A | Neutral |
| Religion or Belief Does the proposal effect people differently depending on whether they have or do not have a religion or a belief? | N/A | N/A | Neutral |
| Health and Wellbeing 1. Health behaviours (E.g. diet, exercise, alcohol, smoking) 2. Support (E.g. community cohesion, rural isolation) 3. Socio economic (E.g. income, education). 4. Environment (E.g. green spaces, fuel poverty, housing standards). | N/A | N/A | Neutral |
3: Equality Impact
| Question | Response |
|---|---|
| What overall impact does the proposal have on the protected groups? | Positive Impact This policy will ensure that the protected characteristic data of individuals is:
|
| Does an Equality Impact Assessment need to be completed? | No |
| Copy attached to relevant report? | Yes |
| Is this document going to be published with the relevant report? | Yes |
4: Ownership
| Question | Response |
|---|---|
| Directorate | Customer and Governance |
| Service area | Information Governance Department – Data Protection Team |
| Lead officer’s job title | Interim Data Protection Officer |
| Date completed | 2 October 2023 |
Last updated 08 May 2024