Records Management Policy

1. Introduction

1.1 Albion Records Management Policy has been produced
to improve the management of information and to support compliance Data Protection legislation the Freedom of Information Act 2000 (FOIA) and associated legislation.

1.2 Effective records management ensures information can be retrieved more efficiently, can provide evidence of business activities, support decision-making, ensure the appropriate disposal of records, make better use of physical and server space and support compliance with Albion’s legal and regulatory obligations.

2. Purpose and Scope

2.1 Albion’s records are important assets that demonstrate its accountability, transparency, and legal compliance by providing evidence of its actions and decision-making. They are an important source of administrative, evidential, and historical information vital to Albion’s current and future operations.

2.2 Albion is committed to creating, distributing, retaining, storing, managing, and disposing of its records appropriately.

2.3 Efficient management of information and records is pivotal to support its core functions and maintain compliance with its legal and regulatory obligations.

2.4 This policy applies to all staff at Albion. This includes temporary, casual or agency staff and contractors, consultants and suppliers working for, or on behalf of, Albion.

2.5 This policy underpins the process by which Albion manages its information and records throughout their life from the point of creation or receipt, through to disposal. Albion’s Records Retention Schedule governs the period of time that record will be retained.

2.6 This policy covers all Albion records, regardless of format or media.

3. Policy Aims

3.1 The policy provides a framework for managing Albion’s records, and seeks to inform and assist staff across Albion in fulfilling their obligations and responsibilities under records management.

3.2 Through the effective management of records, Albion aims to:

3.2.1 create and capture authentic and reliable records to demonstrate evidence of accountability and information about Albion’s decisions and activities; and to protect and safeguard information, in particular confidential and sensitive data:

3.2.2 secure maintenance and preservation of access to the records, as long as they are required to support Albion operations;

3.2.3 have in place systems that enable records to be stored and transferred securely, and retrieved as necessary;

3.2.4 retain its records in accordance with agreed retention schedules and be guided by the generic Higher Education schedule compiled by the Joint Information Systems Committee (JISC)

3.2.5 where appropriate, securely dispose of confidential records and in accordance with Albion’s Record Retention Schedule;

3.2.6 adhere to all legal obligations, specifically those relating to Data Protection legislation, the Freedom of Information Act 2000, and the Public Records Act 1958;

3.2.7 achieve and maintain standards of best practice; and

3.2.8 promote staff awareness of records management and related issues.

4. Responsibilities

4.1 All staff, including third parties employed by Albion, must ensure the records for which they are responsible for are:

4.1.1 authentic, accurate and reliable;

4.1.2 maintained and disposed of in accordance with this policy, Records Retention Schedule, and Albion’s IT policies;

4.1.3 held on the most appropriate and secure medium for the task they perform;

4.1.4 identified as vital to the operation of Albion and preserved appropriately;

4.1.5 reviewed periodically for those that have been identified for permanent archive;

4.1.6 managed in accordance with staff understanding and adhering to policies relevant to their work; and

4.1.7 accessible to appropriate members of staff in times of absence or annual leave.

4.2 Registrar is responsible for the development and maintenance of records management policies and procedures. Furthermore, the promotion, implementation, maintenance and monitoring of all records management activity is governed by Registrar in
consultation with relevant staff.

4.3 Responsibility for adherence to the policies and procedures, including Data Protection and Freedom of Information obligations, lies with Trustees, Directors, Dean, and Heads of Professional Departments. Senior management responsibility for records management lies with Albion Executive.

5. Records Retention and Management

5.1 The implementation of records management is achieved through the development and proactive use of Albion’s Records Retention Schedule.

5.2 Establishing retention periods ensures that records are not mistakenly deleted too soon or kept for too long.

5.3 All Departments will contribute to the development and implementation of the Records Retention Schedule, by ensuring the following:

5.3.1 that the Records Retention Schedule is applied to records within their areas of responsibility, including oversight for the archiving and destruction of records in accordance with this policy, and the Data Protection Policy;

5.3.2 that the Records Retention Schedule is reviewed annually to ensure records are current,
appropriate and accurately reflect activities in their areas; and

5.3.3 effective manual and electronic filing systems are in place to enable timely and efficient access to data upon request, including Subject Access Requests submitted under Data Protection legislation.

5.4 The Registrar will provide appropriate guidance and support for members of staff to understand and adhere to the policy, raise awareness of the legal obligations and to effectively implement the method of managing information. The policy reinforces the process of managing
information and records appropriately throughout their lifecycle.

6. Records Retention and Disposal

6.1 All Departments are required to keep and maintain accurate records during their lifecycle and ensure records are disposed of appropriately and in accordance with the specified retention timescales.

6.2 The Records Retention Schedule assists staff to confidently dispose of records when they are no longer required and to ensure that records are disposed of consistently, no matter where they are held.

6.3 Retaining records for longer than necessary creates liabilities due to the need to respond to information requests made under Data Protection legislation (Subject Access Requests) and the FOIA. Furthermore, retaining personal data for longer than the purpose for which it was collected does not comply with Data Protection legislation.

6.4 The Lord Chancellor’s Code of Practice on the management of records issued under Section 46 of the FOIA, forms a requirement to establish records management systems and procedures. Whilst the provisions of the Code are not mandatory, failure to comply may be seen as indicative of failure to comply with the rest of the FOIA.

7. Information Access and Security

7.1 It is frequently necessary to control access to information, therefore, personal, commercially sensitive, or otherwise confidential information must be held securely, and in accordance with IT policies, and the Data Protection Policy.

8. Policy Review

8.1 This policy will be updated as necessary to reflect best practice and to ensure compliance with any changes or amendments to relevant legislation.