1 What are records?
Records are defined in the Code as follows:
‘Information created, received and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business’.
This definition is taken from the British Standard dealing with records management, BS ISO 15489, published in 2000. But what does the term mean in practice? This is explained in the rest of the section.
An initial point to make is that records can be in any format. As the Code says (at paragraph 2 of Part 1): ‘The code applies to all records irrespective of the technology used to create and store them or the type of information they contain. It includes, therefore, not only paper files series and digital records
management systems but also business and information systems (for example case management, finance, and geographical information systems) and the contents of websites.’
The Freedom of Information Act (FOIA) provides a right of access to information, not to records, but also uses the term ‘records’. Does this mean they are two different things? There is a lot of debate among records and information managers about what these terms mean and how they should be used. Some people regard records as a subset of information with particular qualities that set records apart from other information – qualities such as structure, context and authenticity that come from the managed environment in which the records are kept and that give them value as reliable evidence of past actions and decisions. Other people think that the widespread use of IT within organisations has led to erosion of the distinction between records and information and use the terms interchangeably.
This series of guides does not adopt one approach over the other but uses the term ‘records’ because that is the term used in section 46 of the FOIA, under which the Code was issued. If information has been created or received in connection with your organisation’s work and is maintained as evidence and information by your organisation then it is likely to fall within the definition of ‘records’ quoted above, regardless of whether it is personal information, financial information or any other type of information.
2 Why are records kept?
Records are created not for the sake of it but to provide information about what happened, what was decided, and how to do things. Individuals cannot be expected or relied upon to remember or report on past policies, discussions, actions and decisions accurately all of the time. So, as part of their daily work they keep a record
– by updating a register or database, writing a note of a meeting or telephone call, or filing a letter or email – which ensures that they and their successors have something to refer to in the future. All organisations need to keep some records.
As the foreword to the Code puts it:
‘Records and information are the lifeblood of any organisation. They are the basis on which decisions are made, services provided and policies developed and communicated.’
EXAMPLES Organisations that keep records:
- Local authorities keep records about the way in which they carry out their statutory and other functions, the people to whom they provide services and others with whom they deal, their policies, procedures and decisions – about everything that matters to them and that staff need to do their jobs. Staff keep these records as part of their daily work.
- Banks keep records about their customers, their loan rates, their shareholders, their properties – again, about everything that matters to them and that staff need to do their jobs. As with local authorities, staff keep these records as part of their daily work. (Banks are not subject to the FOIA but are included because they are a good example.)
Records, if well-kept, are a reliable source of evidence and information. Following the good practice set out in the Code and explained in the other implementation guides should ensure that records are well-kept.
3 What is records management?
Records management is about controlling records within a comprehensive regime made up of policies, procedures, systems, processes and behaviours. Together they ensure that reliable evidence of actions and decisions is kept and remains available for reference and use when needed, and that the organisation benefits from effective management of one of its key assets, its records.
Records management operates at different levels. At a personal and local level it is about individuals keeping adequate records of their daily work – filing correspondence, policies and other key documents, managing their emails, keeping notes of meetings, and so on – and doing so in such a way that the records they keep can be found and used when needed, by themselves or others.
But records management also operates at a more strategic level:
- a senior executive should be specifically responsible for records management in the organisation
- decisions must be made about what records should be kept and for how long they should be kept
- IT equipment and software for keeping and storing records may need to be acquired and maintained
- staff need training and easy access to guidance
- access and disposal need to be managed and monitored.
Records management involves a range of activities and tasks. Many of them are already done by staff as part of their daily work and simply require common sense and adherence to standard operating procedures. But strategic decisions are likely to require more specialised knowledge and expertise and, if this is not available in-house, the organisation may need to draw on external expertise, e.g. by buying in consultancy when needed.
Records management does not exist in isolation. It connects to functions such as management of personal information for compliance with the Data Protection Act, information security, and information assurance. Records management is most successful when these connections are recognised in internal arrangements.
4 Why does records management matter?
Organisations with good records management practices benefit in many ways. One of the benefits set out in paragraph (iv) of the foreword to the Code is that it will support compliance with the FOIA and the
Environmental Information Regulations (EIR):
‘Access rights are of limited value if information cannot be found when requested or, when found, cannot be relied upon as authoritative. Good records and information management benefits those requesting information because it provides some assurance that the information provided will be complete and reliable. It benefits those holding the requested information because it enables them to locate and retrieve it easily within the statutory timescales or to explain why it is not held.’
The foreword goes on to give other benefits of good records management. They include:
- ensuring that authoritative information about past activities can be found and used for current business
- supporting compliance with other legislation and rules
- more effective use of resources – for example, disposing of records that are no longer needed frees up space within buildings and information systems and saves staff time searching for information that may no longer be there.
The foreword also outlines some risks that that can arise from poor records management. They include:
- poor decisions based on inadequate or incomplete information
- financial loss because reliable evidence is not available
- reputational damage because of criticism by the Information Commissioner for failing to comply with the information legislation he regulates
- failure to handle confidential information with the required level of security
- failure to protect information vital to the continued functioning of the organisation
- costs incurred because records are being kept for longer than they are needed or staff wasting time considering issues previously addressed and resolved.
All of these can lead to loss of reputation with damaging effects on public trust.
Taken together, these benefits and risks provide good reasons to ensure that effective records management is in place. The good practice recommendations in the Code and the guidance in the remaining guides in this series provide the necessary building blocks for effective records management.