RVC Website: | Home | Courses | Higher Degrees | Research | Clinical Services | RVC Enterprise | About Us | Contacts | Search |

Information compliance and you:
an introduction for Bloomsbury Colleges staff

Bloomsbury Colleges logoWe all handle information, and today, others can often get access to it. Whoever you are and whatever you do, Freedom of Information, the Environmental Information Regulations, Data Protection and records management will affect you in your work for your Bloomsbury Colleges institution. This page has been produced by the Bloomsbury Colleges Records Management Group as a quick guide to these areas for new staff. More information is available from your local BCRMG co-ordinator or the BCRMG website - see About the Bloomsbury Colleges Records Management Group (BCRMG).

What is Freedom of Information?

The Freedom of Information Act 2000 (FOIA) has created a general right of public access to all types of recorded information held by public authorities. The higher education sector in general, including all of the Bloomsbury Colleges institutions, is subject to the FOIA.

The Act is intended to promote a culture of openness and accountability, by providing people with rights of access to the information held by public sector bodies.

What does Freedom of Information involve?

The FOIA enables people to gain access to information in two ways:

  • Firstly, your institution has to produce and maintain a publication scheme, which summarises the information which it routinely makes available, e.g. on the web or in print form. The publication scheme will explain how information is accessible and whether a charge applies, and may include links to information. If someone requests information which is covered by the publication scheme, it is sufficient to refer them to the information (e.g. if the information is on-line) or to the publication scheme, which will explain how they can get access to it.
  • Secondly, your institution can receive requests for information under the FOIA. Requests must be in writing, and must provide a name and contact details (e.g. email address). Requests can be made by any person, can be delivered to any member of staff, and do not need to mention Freedom of Information. When responding to a request, we must locate and retrieve the information, and assuming that no exemptions apply, we must confirm or deny the existence of the information and provide a copy within 20 working days. Fees can normally only be charged for postage and reprographics. There are limits on the amount of work which we have to do to answer requests, and there are exemptions which allow information to be withheld in certain circumstances. However, the presumption is that most information should be released.

Individuals who are unhappy about how their Freedom of Information request has been handled can complain via your institution's internal FoI complaints procedure. Once they have gone through that, they can appeal to the Information Commissioner, the body which regulates Freedom of Information and Data Protection. The Commissioner can compel a public authority to release information.

The FOIA allows access to information held by public authorities regardless of when the information was created or how long it has been held. Good records management (see below) is therefore essential for Freedom of Information, in order to locate information and to ensure that it is not kept for longer than necessary. We do not have to create information in order to respond to a request: the right of access is to information which we hold when the request arrives.

Individuals cannot use Freedom of Information to gain access to personal data about them. This has to be done under the Data Protection Act (see below).

Some tips for complying with Freedom of Information:

  • Routine requests for information (e.g. from prospective students, library users) can continue to be dealt with under existing procedures, but procedures must be consistent with the FOIA. Remember that we have to respond within 20 working days, and must provide the information or explain how they can get access to it. If your institution doesn't hold the information, it is sufficient to send a response explaining that. If a request needs to be forwarded to someone else, do so ASAP so that your institution can respond within the deadline.
  • Many routine requests are for information which is publicly available, e.g. on the website. We still have to respond, but it is sufficient to direct the user to where the information is located, or to the publication scheme.
  • Your institution will have its own procedures for dealing with Freedom of Information requests. Usually, you should refer to your Freedom of Information officer any request which mentions Freedom of Information; involves information which you believe should not be released; or seems particularly difficult, tricky or complex. Your Freedom of Information Officer is Simon Jackson (sjackson@rvc.ac.uk, ext. 6384).
  • When you're out of the office, arrange for someone to check your post and set up an out of office reply on your email. In your out office reply, tell enquirers to send their emails to the email address of someone who will deal with information requests in your absence. A request for information will not be counted as "received" by your institution until it is forwarded to that address.

What are the Environmental Information Regulations?

The Environmental Information Regulations 2004 (EIRs) are the UK implementation of an EU directive which gives individuals the right of access to information about the environment. "Environmental information" is defined broadly, and includes information about the state of the elements of the environment; factors affecting environmental elements (e.g. pollution); environmental policies, plans and programmes; cost benefit and other economic analyses used in environmental decision making; and environmentally-related information about sites and structures, health and safety, and conditions of human life.

Like Freedom of Information requests, requests under the EIRs can be from anyone, can be delivered to any member of staff, and do not have to mention the Regulations. Unlike FoI, requests do not have to be in writing. We have to respond to requests within 20 working days. The rights of access and exemptions are broadly similar to Freedom of Information, although there are differences. If we receive a request which falls under the Regulations, we have to treat it as such even if it is submitted as an FoI request.

The following are examples of the areas in which your institution could receive requests under the EIRs:

  • Noise, pollution, air quality etc.
  • Waste and recycling.
  • Energy usage and energy efficiency.
  • Building works, estate development, land ownership/acquisition etc.
  • Environmental policies, plans and procedures.
  • Environmentally-related health and diseases.

If you receive a request for information in one of these areas, it is advisable to contact your institution's Freedom of Information officer (Simon Jackson: sjackson@rvc.ac.uk, ext. 6384) unless you would normally supply the information as a matter of routine. See the tips above for complying with Freedom of Information, which are also applicable to the EIRs.

What is Data Protection?

Data Protection provides a safeguard for personal privacy in relation to computerised or other systematically filed information. The Data Protection Act 1998 (DPA) regulates the use of personal data, meaning information about identifiable, living human beings.

The overriding principle of the DPA is that all processing of data must be carried out in accordance with the law, and must be fair to the people who are the subjects of the data. Other principles include: the use of data only for the specific purpose that justified its collection; its relevance to that purpose; its accuracy; the length of time it is kept; the rights of data subjects; security; and transfer of data to third parties, especially outside the European Economic Area.

Sensitive personal data includes ethnic origins, health, trade union membership, sexual life, and religious or political beliefs. There are stronger rules on the use of this data, and in general it can only be collected and processed with individuals' explicit consent.

People whose data are kept (data subjects) have the right to be informed whether data on them is held and the purpose for which the information is used, and to obtain a copy of the information about them. This right now applies to most types of information held about an individual in electronic or paper form, subject to certain exemptions. Data Protection requests have to be submitted in writing, and may involve proof of ID and payment of a statutory fee. A response has to be sent within 40 calendar days.

Some tips for complying with Data Protection:

  • Remember that people have the right to ask about data held on them. Data Protection requests should normally be referred to your institution's Data Protection officer; contact your BCRMG co-ordinator if you are unsure who that is.
  • If you collect personal data, be sure that data subjects have been informed about how the information will be used and who it will be shared with.
  • Take measures to ensure personal data is up to date, accurate and secure, e.g. by following your institution's IT policies and procedures.
  • Consider Data Protection before releasing data to third parties, especially those outside your institution. Remember that the family and friends of students and staff have no automatic right to data about them; nor do the police and the government, unless certain conditions are met. If in doubt about whether to release personal data, contact your Data Protection officer.
  • Don't keep personal data for longer than is necessary. Follow your institution's record retention schedules, or use the JISC's model schedule if one has not yet been developed for your institution (see below).

What is records management?

Records management is about ensuring that the information which we need to document what we do is generated and kept as efficiently as possible. Records act as evidence of our decisions and activities, and preserve information which we may need in the future. In the past, records were kept in paper form, but today most records are generated and kept electronically. Our information is now subject to legislation which requires us to manage it effectively, to meet Data Protection requirements and so that we can produce information when it is requested under the Freedom of Information Act or the Environmental Information Regulations (see above). However, the main reason for having good records management is that it helps us to work better.

How does records management help?

  • We can find the information we need, when we need it. Records management helps us to organise our records in a consistent and coherent way, saving time in looking for information.
  • It saves space (both physical storage space and server space), by reducing duplication and ensuring that records are kept for no longer than necessary. Records are disposed of according to agreed procedures.
  • Our records have value as evidence. Records are kept in ways which ensure that their authenticity cannot be challenged, e.g. in a court of law.
  • It protects us and the institution. We will have the information which we need to defend our legal rights and those of others.
  • We will meet legal, regulatory and contractual requirements. Good records management is not only necessary for Freedom of Information and Data Protection reasons (see above). Regulatory bodies like the Quality Assurance Agency may require us to keep records, and we also need to keep records to show compliance with contracts and for audit purposes.

What does records management involve?

Records management involves establishing an institution-wide records management policy, and developing the standards and procedures to implement it. Your BCRMG co-ordinator (sjackson@rvc.ac.uk, ext.6384) will be able to advise you on the guidance which is available within your institution. Most records management programmes focus on creating two types of standards for staff to follow:

  • Classification schemes. These provide a common way of organising your records, according to subjects or business functions and activities. They allow you to organise your records hierarchically, and can be applied to paper files, Windows folders and email folders.
  • Retention schedules. These specify how long you should keep common types of records.

A model classification scheme and retention schedule for higher education has been developed by the Joint Information Systems Committee (JISC): see HE Business Classification Scheme and Records Retention Schedule

Some tips for good records management:

  • Follow any records management standards or procedures which have been developed in your institution. Contact your BCRMG co-ordinator for advice, or see the BCRMG web pages.
  • If you don't have them already:
    • Set up a classification scheme and retention schedule(contact your BCRMG co-ordinator first). You can use the JISC standards as guidance (see above). Aim to use the same scheme for your paper and electronic information, so that your records are organised consistently.
    • Set up a naming convention for your electronic files. This will make it easier to identify what a file relates to, without having to open it.
  • Remember that emails are records too! Most correspondence now takes place by email, and email is used to make key decisions. Make sure that relevant emails are saved into your record keeping system, e.g. by printing them out and adding them to paper files if you keep your records in paper form. Don'tleave emails permanently in your in box or sent items folder.
  • Use shared directories or shared paper files for information which your colleagues need to access. Leaving it in your personal files/directories makes it difficult for others to find what they need, e.g. when you are away. Set up a booking in/out system for paper files, so that you know where they are.
  • Use appropriate and professional language, particularly when referring to individuals. Remember that what you write could be released under Data Protection or Freedom of Information.
  • Remember that records are owned by your institution. You can't take them with you when you leave, and you have a duty to keep them in an orderly state. Records management is much easier if you build it into your daily working practices.


About the Bloomsbury Colleges Records Management Group (BCRMG)

The Bloomsbury Colleges is a consortium consisting of six University of London institutions. The BCRMG exists to promote co-operation among the Colleges in the areas of Data Protection, Freedom of Information and records management.

Each College has a BCRMG co-ordinator who can help to address issues or questions which you may have arising from this leaflet. The RVC's BCRMG co-ordinator is:

Simon Jackson
FOI Officer
Email: FOI@rvc.ac.uk or sjackson@rvc.ac.uk
Telephone: 01707 666384

September 2011

FOI Contact Details

FOI Officer
Library and Information Services Division
Royal Veterinary College
Hawkshead Lane
North Mymms
Hatfield
AL9 7TA
United Kingdom


Telephone: +44 (0)1707 666535
Email: FOI@RVC.ac.uk


See: Submitting a request for information on submitting Freedom of Information or Environmental Information requests

Designed and developed by the RVC Electronic Media Unit