About Us
Groups
Join
Bulletin
LGCRS
Info Guides
Training
Jobs
Events
Conference
Member Area

15 September 2008 - HE/FE Group Meeting

Meeting 15 of the HE/FE Records Manager and Information Compliance Group

University of Durham, 15 September 2008

Present:

Wai Yan Loh University of Salford

Matthew Stephenson University of Salford

Sarah Wickham University of Huddersfield

Rachael Maguire London School of Economics

Steve Taylor New College Durham

Suzy Taylor New College Durham

Alan Carter Manchester University

Mary Liddell Brunel University

Charles Fonge University of York

Hannah Robinson University of Nottingham

Andrew Kinglake City University

Vicky Mays University of Hull

Suzie Mereweather University of Surrey

Michelle Alexander University of Liverpool

Victoria Cranna London School of Hygiene & Tropical

Medicine

David Evans Information Commissioner’s Office

Hazel Pryor City College Manchester

Carole McGinn University of Sunderland

Sophie Philipson University of Durham

Joshua McKim University of Durham

Henry Stuart University of Leicester

Alex Bostock University of Central Lancashire

Apologies were received from 3 people.

1.

Introduction/Welcome

Victoria Cranna welcomed attendees to the meeting, and thanked University of Durham for hosting the group.

There were no matters arising from the previous minutes.

2.

PRESENTATION: ‘Publication schemes’ David Evans, Information Commissioner’s Office

Discussion

David Evans from the Information Commissioner’s Office (ICO) talked about the requirements for publication schemes due to be produced by the end of this year and also answered further questions from the group relating to Freedom of Information (FoI) and Data Protection (DP).

David explained that he was new to Freedom of Information but had plenty of experience with the Data Protection side of the ICO’s work. He then went on to talk about how the FoI Act had impacted on the ICO. The ICO’s views regarding DP were not really challenged by anyone and they got away with making their own policy. As such, the ICO underestimated the case load that FoI would produce and made mistakes with interpreting the Act that were put right by the Information Tribunal and sometimes the High Court. Initial polices and guidance for FoI had to be re-written as the decisions came in. It could take 10 months between receiving and dealing with complaints.

The ICO now has more staff and the Policy Team is more robust. While there are still problems with different Information Tribunals reaching different decisions on the same thing, the ICO is now winning most Information Tribunal cases. The re-written policies are now more robust. As things have settled, the ICO is now able to focus on stakeholder meetings like this one and to look at the publication schemes in the light of experience.

More guidance is being produced and in short, plain English to make it easier to use. Guidance will be date labelled so that public authorities will be able to say which piece of guidance they relied on if a complaint is made " that is, you won’t be expected to know what the guidance will become but can argue from the guidance available at the time the request was received. Awareness guidance will be laid out by subject, rather than number to make it easier to find.

Publication schemes

David gave the background to the new model publication scheme. He explained that the original process of approving publication schemes had been very time consuming as there were over 100,000 public authorities to approve schemes for. As such, the decision was made to simplify the process for everyone’s benefit by producing only one basic model scheme containing seven classes of information that all public authorities should have, albeit in different qualities. From the basic scheme, sector specific model schemes were produced. Public authorities are required to sign up for the model scheme.

The new publication schemes do not need to be sent to the ICO for approval and the old publication schemes will be fine as long as they contain all the information required by the new publication schemes. Instead of an approval process, the ICO will be ‘dip’ sampling from March/April. This will involve checking random websites then following up with institutions that don’t have the information available. Formal enforcement will be used as a last result.

Questions

The question and answer session following David Evans presentation included:

  • Do Students’ Union (SU) activities need to be included in the publication scheme?

    If the SU is separate and at arms length, no. It depends on the relationship with the SU. If we don’t have the information, then we are not required to provide it. David said that the expectation of the ICO as to what HEIs hold may not match practice.

  • Is the new scheme proportionate or appropriate? Experience has shown that they are a damp squib and it is rare that we are able to refer people to the scheme.

    David said that if we don’t think the definitions fit to contact the ICO and they will reconsider. However more generally, publication schemes are required under the FoI Act. If we want them removed, we would need to lobby the Ministry of Justice. They can provide a focus for information on the website or that can easily be released in 5 days.

  • How should minutes be handled? There is a reluctance to release these.

    Use open and closed sessions and publish before next meeting or as soon as approved by next meeting.

  • What does someone need to know, can get bogged down.

    Check the definition document guidance but ultimately, the publication scheme just needs to be good enough. If on the spot checks the ICO finds most of what they need to, they will move on to someone else. They are looking for the information or pointers to it and will follow up on promises for information that are not realised.

  • If your institution doesn’t accept that it as a public body and considers all strategies commercially sensitive, what action can you take?

    David said to consider the risk in not providing the strategies. Where exemption can be justified, there won’t be a problem, it’s where it is unjustified that there could be penalties. Also, consider the age of the strategy, which is likely to become less confidential over time. Record any decisions made and when the strategy ceases to become confidential. The ICO realises they have been remiss with regards publication schemes and will be upping their enforcement in this area.

  • Is the ICO doing any public awareness raising for publication schemes?

    Not this year as this focus is on practitioners. May do some next year.

  • With regards enforcement, will the ICO by strict with public authorities? What penalties will be used?

    If the publication scheme is not in place, then could lead to contempt of court and therefore loss of reputation. As it is a civil rather than a criminal penalty, more likely to use this power.

  • Any plans to tackle the proactive dissemination of EIR covered information?

    Could use the publication scheme for this purpose. EIR is the responsibility of Defra, not the ICO.

  • What is the situation for limited companies? What if they are dormant or based overseas, though wholly owned?

    Publication schemes still have to be produced for wholly owned limited companies, even those based overseas. However, you can include that information in your primary publication scheme. If the company is dormant, this should mean there is no information and hence no publication scheme needed.

  • A lot of our information is on our intranet, rather than the internet. How do I convince colleagues to make it available on the web?

    The information on the publication scheme should be made available to people within 5 working days. Log how much time spent dealing with requests for unlinked info.

  • Fees?

    Fees are generally not changing and are meant to cover costs for postage and photocopying. Not intended as revenue raising.

  • The ICO also intends to use the media to raise the profile of cases.
  • The current publication scheme is intended to last for how long?

    At least 5-6 years into the future, but possibly for longer.

  • While most people think of a publication scheme as a website, could you use other methods?

    Any guide to access to information available through the scheme (e.g. pdf list) would be fine. If using web links, make sure they work.

    David finished by saying that he would be happy to come to our meetings on an annual basis and will be present at the next meeting as well.

    3.

    PRESENTATION: “Information Security”, Suzie Mereweather, University of Surrey

    Suzie talked about information security, how it fits with records management and what it means for the higher education sector. Suzie’s presentation covered: Information security is not just IT systems security but covers all forms of information; different levels of security are required by different sectors with the more stringent security methods required by some sectors not necessarily cost effective in the HE sector; the biggest problem with information security is the people; an information security framework is used to determine risks and how you will deal with them; amongst other things. The slides will be made available on the HE/FE group website.

    Discussion

    The discussion after Suzie's presentation focussed on how information security was being brought into our institutions. About 10 institutions of those present have a specific person for information security. For some it was a box ticking exercise. In many cases, information security was the responsibility of IT, though the Information Security Officer might be base in IT departments but not come from an IT background. It was felt that IT driven responses to information security miss the other, just as important aspects of information security. There is a definite dovetail between information security and data protection. Funding bodies also appear to be making information security more of an issue, which may be a way to get staff interested and compliant.

    4.

    PRESENTATION, ‘Web 2.0 introduction’, Victoria Cranna, London School of Hygiene and Tropical Medicine

    This will be discussed further at our next meeting, however, in order to get members thinking about the topic Victoria presented an introduction to the subject in order to allow members to get their questions together for the next meeting. Victoria opened on Steve Bailey's book and blog about records management 2.0 and then went on through the main components of Web 2.0 such as wikis, blogs, social media like Facebook and external facilities for records storage. These are being used at the London School of Hygiene and Tropical Medicine on the website, with IT sharing file systems and calendars through wikis. The University of Edinburgh is a good point for guidance on Web 2.0 and University of Warwick also has good guidance on the use of blogs.

    Discussion

    Victoria started the discussion on some of the issues relating to Web 2.0 and records management. These include: how to manage records held outside the organisation, ensuring access, security and longevity; being locked into a system; and copyright issues e.g. the recent Google web browser controversy. It looks like EDRMS are now defunct and classification is turning into tagging.

    A lively discussion followed that covered: staff expectations of what Web 2.0 can do for them, particularly younger staff; how changes in storage can lead to complaints e.g. storage of photos on Facebook rather than a network drive; are the tools as robust as they claim, for example, couldn’t access the VLE on a Saturday, but can make lectures available on YouTube and Second Life; the need for a policy framework; how to access Googledocs for FoI requests; copyright and use of photos on the web; how to handle situations where a staff member may only give one lecture a year and do they have to use the VLE for this; can institutional repositories help; what level of blogging should academics be allowed to do, what should their focus be on; possible bullying or harassment; privacy issues, which are more likely to be brought up by older staff or students as there is a different expectation of privacy amongst younger staff and students; does declaring records matter and should we be focused on information management instead; can be easier to use an already available outside service e.g. image management; can JISC provide answers to these questions as well as the questions.

    5.

    OPEN MIKE SESSION

    Victoria chaired a very useful discussion on several information compliance topics, most of which are summarised below (in no particular order);

    Copyright policy Matt Stephenson is writing a copyright policy (specifically copyright, not IP) and asked if anyone had any examples. In particular, he is looking to identify who owns the copyright on specific items like lecture notes, coursework, do academics actually own the copyright they sign away to publishers, etc. If you have any examples of copyright policy, please forward them to Matt.

    Family Search Family Search is a family history service set up by the Church of the Latter Day Saints. They have been in touch with a few older universities with an offer to digitise records and share any profit gained from this half and half. None of the universities contacted reported taking up the offer at this meeting.

    JIGG update Alan Carter has taken over responsibility for adding content to JIGG due to Jonathan Orford leaving the project. The funding for JIGG runs out in December 2008 and JISC will be reviewing it to see if it has a future and if it should be subsumed into JISC Legal. It needs to be used or we will lose it. Some suggestions for encouraging use at the meeting were to link to relevant ICO and IT tribunal decisions and for discussions about publication schemes to go to the site. Any further suggestions should be forwarded to Alan.

    Records retention of assessed work Malcolm Baker of University of Westminster had asked Sarah Wickham to raise the issue of retention of assessed work on his behalf, as he could not attend the meeting. Practice differs as in some institutions it goes back to students, in some it is kept for the same time as exam scripts. Different auditing practices can mean that some assessed work is kept longer than others or sampling occurs.

    Data management and preservation Victoria asked if anyone had any recommendations for policies, particularly with current initiatives on data sharing. Matt suggested sticking to principles and law. Alan reported that funding councils are getting tougher on academics who don’t anonymised and that JISC have a data archives and repositories document available.

    Email management policy Victoria also asked if anyone had a good email management policy, which led to a discussion on what it should contain. How to use is important but can be hard to get through and there are problems with determining retention. If you have any examples, please forward them to Victoria.

    Retention polices and practice Alex asked who was using the JISC retention schedule and who had created their own. The consensus appeared to be that where necessary, the JISC schedule was relied on but generally adapted for the individual institution. Victoria also asked if anyone did annual destruction days. People thought a day could be useful for smaller institutions, but a range of days falling into natural slow periods would be better at a larger.

    Meeting closed at 3.45 pm

    Next meeting December 2008 at the Open University (tbc).

    http://www.lse.ac.uk/collections/secretariat/legal/disclaimer.htm

Word file Meeting 15.doc  (38 KB)  
Top of the page
 
PRINTED FROM THE INFORMATION AND RECORDS MANAGEMENT SOCIETY WEBSITE