Meeting 12 of the HE/FE Records Management Group



Meeting 19 of the HE/FE Records Manager and Information Compliance Group

Kings College London, 13 November 2009

Present: Rachael Maguire London School of Economics

Jeanette Wordsworth Liverpool John Moores University

Victoria Cranna London School of Hygiene & Tropical Medicine

Janette Young University of Wolverhampton

Gill Fildes Swansea Metropolitan University

Alison Bainbridge University of Roehampton

Anne Cameron King’s College London

David Evans Information Commissioner’s Officer

Stephane Goldstein Research Information Network

Matt Stephenson University of Salford

Andrew Wilson University of Brighton

Lucy Fincham University of Greenwich

Stephen Plant University of London

Sara Stock University of Essex

Jennifer Paddison Keele University

Naomi Notman Southampton Solent University

Henry Stuart University of Leicester

Phil Oakman University of Northampton

Caroline Dominey University of Exeter

Andrew Kinglake City University

Rosemary Harrison Goldsmith’s College

Jessica Silver Imperial College

Matthew Phillips University of Glamorgan

Samantha Mansfield Open University

Vicky Mays University of Hull

Kate Kwafo-Akoto London Southbank University

Paul Smallcombe Queen Mary College

Art Anderson Buckingham New University

Susan Graham University of Edinburgh

Apologies were received from 4 people.

1. Introduction/Welcome/Previous minutes

Jeanette Wordsworth welcomed attendees to the meeting and to King’s College London.

There was one correction to the previous minutes which was that Jessica Silver is a member and not the head of the Society of Archivists Records Management Group.

Jeanette also mentioned that in regard to the JISC survey relating to requests received by the sector (Item 6, KPIs) that she had received notification that the survey to see which of the questions should be kept and what other info would be useful had been launched.

2. PRESENTATION: Environmental Information Regulations and Freedom of Information update, David Evans, Information Commissioner’s Office

David talked about:

• The Environmental Information Regulations and how these interact with the FoIA. This presentation will be made available through the RMS website.

• The new Information Commissioner Christopher Graham, whose emphasis has been on using the powers available to the ICO and improving casework management

• Good practice guidelines. Most areas are now covered, though being rewritten in light of Information Tribunal decisions where necessary. Now looking at specific advice notes, Q&As. Please contact David if any advice is unreadable or unclear.

• FoI Workshop – a 2hour session with the health and central government sectors that consisted of an hour of the ICO talking followed by Q&A. This model is likely to be developed for other sectors.

• Model publication schemes. Central government had been checked with 9 schemes found not to be following the approved model. Within 12-18 months, it will be the HE sector’s turn. While all central government and police sites had been checked, there were larger numbers of organisations in the other sectors, so the ICO would consider what best to do. If the ICO feels concerned about a publication scheme, they will contact the public authority involved as a first step.

It was mentioned that members of the group had looked for publication schemes of other universities and could not sometimes find them.

• DP Fees. David explained the need for the new fees structure, but the opinion coming through was that we fit as a sector into Tier One, even though we are exempt rather than registered charities. The advice was to apply under Tier One and the ICO would confirm or say otherwise. David will push for a statement that clarifies this.

Discussion

Discussion started around the differences between the EIRs and FoI. David explained that with the EIR, that proportionality, a concept within Data Protection, does not exist as well as there being no cost limit. Also if no informal agreement can be reached on how much information falls within an EIR request, the ICO must produce a decision notice. The requirement to publish environmental information can easily fit within the publication scheme. It was suggested that the Sustainability or Environmental team was a good contact for ensuring this information is published. Animals could be covered through outputs e.g. waste or disease reports, depending on transmission of the disease. It was noted that very few HE/FE institutions had received many EIR requests, but it is an EU requirement to have the regulations in place, so we have to be aware of them.

The subject of section 43 and universities’ commercial interests was then discussed. David will be happy to take any information that argues against the position currently taken by the ICO. Interested members should feed this to Jeanette who will forward this on.

3. DISCUSSION: Dealing with difficult people

This item had been put forward by a member not present. If there was enough interest, we could get a guest speaker in.

Discussion split into two areas: dealing with difficult requesters and dealing with difficult staff members. The discussion started with what to do if you suspected you were being taped while on a phone call. Members said that in this case you would be well within your rights to end the phone call, while offering to continue via correspondence and/or a face to face meeting. Surreptitious recording is not admissible in court.

The discussion then went onto handling students, in particular ,about their options once they have received the data. Solutions included being frank about giving the data without interpretation, referring to any other procedures, but there was no requirement to give an opinion as to what to do next.

Vexatiousness and pseudonyms were then discussed. The original barrier with regards to using the vexatious exemption was set too high and the ICO’s guidance had been changed to reflect this. In one particular case, this did not help the institution who even had a County Court Judgement against the requester but had still been told to deal with this person by the ICO. The advice was to take as far as the Information Tribunal, after which the requester would not have the financial resources to go further. Some institutions use the advice of a legal person and psychologist when deciding if a request is vexatious. A list of vexatious litigants that the courts will no longer deal with is on the Court Service website.

Guidance on pseudonyms was found to be fine unless it wasn’t obvious that it was a pseudonym e.g. ‘Rose Bush’. David’s advice was to release if you would anyway, but if you were likely to want to exempt information, refuse.

Difficulties with staff members and non compliance are in many ways harder to handle. Some members have experienced colleagues refusing to deal with requests and reminders of obligations under the law don’t work. David said that for FoI this could lead to an enforcement team investigation, where a lot of info would need to be released, decision notices, going to the Information tribunal and if after that to the High Court, non release would be contempt of court. If personal data is involved, this is a straightforward prosecution. Members reminded colleagues that they do know more about this area than they and/or legal advisors do, to use the threat of fines to concentrate minds, to try to gain influence, to explain full ramifications, embed with the risk register, refuse or threaten to refuse to put a name to a response that did not follow advice and to sit and discuss the information to get a fuller picture of why they don’t want to release information.

4. RMS matters

Matt Stephenson, current Chair of the RMS, gave a short talk encouraging members of the group who are not members to join. He mentioned a possible name change to Information and Records Management Society, which is this way round because the acronym IRMS is better than the alternative. Also mentioned was the RMS Conference which will be held in Manchester in March 2010. The theme is spring and developing skills. The new Information Commissioner will be a keynote speaker.

Also, the RMS Executive is felt to be detached from members, so a ‘Meet the Exec’ event will be held in Shrewsbury on 30th November 2009.

Despite calls for a Secretary to replace Rachael Maguire, who is stepping down from the role after two years, no volunteers have put themselves forward. Another invitation will go out on the listserve and anyone interested should contact Jeanette Wordsworth. Both Matt and Jeanette thanked Rachael for her contribution.

5. PRESENTATION: Research information Network, Stephan Goldstein

Jeanette introduced Stephan who had been invited to speak about how the Research Information Network (RIN) and the HE/FE group could share knowledge about use of FoI by researchers. Stephan explained that the work of the RIN was to look at the information needs of researchers, that is, how researchers use, manage and create information. This led to two seminars on use of the FoI Act.

The RIN has found that researchers have little awareness of FoI, lack training and understanding of the way the Act can be used and some skepticism about whether it can actually be useful. Duncan Tanner, a political historian, is writing a guide to use of FoI which focuses on building a relationship with the organization the researchers wants to request information from. But the training issue remains. Is this something that the group would be interested in developing?

Discussion

It was considered a good thing that researchers talk to the FoI Officers in their institutions in order to frame questions that would not be immediately rejected due to length or where information was likely to not exist. We could also encourage them to go to friendlier institutions first before trying the public authorities with a negative attitude to responding to requests.

6. PRESENTATION: Privacy Impact Assessments, Janette Young, University of Wolverhampton

Janette had volunteered to cascade the training she recently went to regarding Privacy Impact Assessments (PIA). The NHS is being required to do these, but other sectors can choose to. A PIA should be carried out at the start of a project to see what impact a system will have on the privacy of individuals. This is broader than Data Protection; with a focus on invasion of privacy e.g. body scanners. Normally the PIA is done too late, but it is best to embed PIAs within project management so not seen as a separate task to the project. A handbook is available from the ICO website which details the different stages of the PIA. Other tools like Data Protection templates are available in later stages if the PIA is missed.

Discussion

PIAs should help avoid breaches of privacy, the main reason the NHS has been required to do them. Other members who’ve done the training agreed that this was a good training day.

7. OPEN MIKE SESSION

Jeanette chaired a very useful discussion on several information compliance topics, which are summarised below);

Training feedback King’s have run a joint course on Data Protection with their Information Security team which they are happy to share with the group. Emaillogic’s email training programme, which focuses on behavioural training got the thumbs up from several members.

Security cameras in lecture rooms Some institutions are looking at putting CCTV cameras in lecture rooms but there are concerns about the privacy issues. Even if the processing of a livefeed or not, it is still covered by Data Protection. Liverpool John Moores have just formed a CCTV and Surveillance working group and Jeanette would be happy to share the outcomes with Group in due course.

GoogleDocs It was asked what pressure we as a group, or JISC acting for us, could put on cloud computing providers like Google re contracts to ensure that data stored stays within the EEA. There is also the issue of whether we could be assured that information stored in GoogleDocs or similar would still be available 5 years down the line. These can be backed up to digital repositories but the problem can be getting staff to upload to digital repositories. Victoria Cranna said she was doing a paper on issues relating to publishing and use of digital repositories which she was happy to do a summary on when finished.

C: drive Strategies to deal with staff members who use C: drives were requested. Training on where to store and how to has gone down very well, but can be a problem when dealing with lack of alternatives to network storage. Personal hard drives and memory sticks can help but are vulnerable to loss. Can also offer a ‘weeding’ service where if a staff member runs out of space, they come to you to help clear things.

Record Impact Calculator/Records Management maturity model It was asked if anyone had used these. Some members had looked into the maturity model and found this relatively clear, but the more detailed impact calculator had not been looked at in depth. Pilot project funding for the impact calculator was due to be announced and Steve Bailey will be invited to provide feedback nest year.

Retention periods for student artefacts It was asked if anyone had looked at this, no one at the meeting had so it will be taken to the listserve.

2010 meetings Themed meetings will be considered for next year and volunteers to host are also welcome to put themselves forward. Tuesdays to Thursdays were considered better days for travel and Liverpool John Moores, Salford and Goldsmith’s were put forward as venues at the meeting. A further request for venues will go out on the listserve.

Round Robin emails There had been some controversy relating to the messages on the listserve about FoI requests received. Possible ways around limiting the need to deal with so many emails were discussed from responding to the member who first asked who could then report back or stopping after 3 or 4 responses or using a prefix. However, the problem was that enough members found it useful to know a) when a request had been received by other institutions; b) when a request had only been received by a certain set of institutions e.g. Russell Group or based on a geographical area; and c) to know this fairly rapidly, rather than waiting a day for the member asking to report back. It was also felt that the debate the previous day had put off some members from using the list and that the list was too useful a resource to lose its friendly nature in too many rules. To limit the amount of emails coming through, members can use the Digest option. Matt Stephenson volunteered to send the instructions on how to use the Digest option.

Meeting closed at 3.30pm

Next meeting date to be announced

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download