Welcome to Edinburgh Napier University's Records Management Intranet site.
What is Records Management?
Records Management is a discipline which aims to systematically control the creation, maintenance, use and disposition of an organisation's records in all formats throughout their lifecycle for business needs, efficiency and for legal and financial accountability.
The Records created and maintained by Edinburgh Napier University are our corporate memory, and as such are a vital asset for ongoing operations, providing valuable evidence of our activities. These records must be managed effectively to derive maximum business benefit and to fulfil our statutory duties.
Effective records management is also vital to enable the University to meet its obligations under Freedom of Information, Data Protection and Environmental Information legislation.
Responsibilities for Records Management
ALL University staff who create, maintain or receive records in the course of their work have records management responsibility. This includes the need to adopt good practice in creating and maintaining records, ensuring that records are held in an organised and structured fashion to aid retrieval, that information requests made in terms of the Freedom of Information (Scotland) Act 2002 are recognised and answered and that personal information is kept and used in line with the requirements of the Data Protection Act 1998. Deans of Schools, Heads of Schools and Directors of Service Areas have overall responsibility for the management and compliance of records arising from the business of their own area.
To enable these activities Governance Services supports the development, dissemination and promotion of consistent records management standards, systems and processes. This support includes the provision of advice and guidance, assistance with the development of retention schedules and the delivery of a programme of staff training and development.
Please use the navigation on the left to find out more about the resources available to support effective records management at Edinburgh Napier University.
How can keeping a record too long breach legislation?
There is a significant body of law which sets out specific periods of time for which certain records must be retained. Retaining records beyond these periods exposes the University to risk of potential legal action. How can this happen? if the University is requested to produce the information in response to a legal challenge (e-discovery/ legal discovery) or information is requested under 'access to information' legislation, such as the Data Protection Act 1998 and/or Freedom of Information (Scotland) Act 2002, etc.
Are there other risks to keeping information beyond its approved/specified retention period?
Retaining information too long also increases the risk of the information being 'forgotten' about and appropriate security not being maintained eventually resulting in a breach occurring through disclosure. There are numerous examples of this happening with personal data - details of which are available on the UK Information Commissioner's website.
Inefficient working practices if redundant information has to be trawled through when looking for information.
What are the risks of destroying information too soon?
The University does not have the information to defend its position in the event of a legal challenge e.g. contractual or health and safety information.
Breach of legislation where the law specifies a certain retention period for the information.
Electronic storage space is 'cheap', why not just keep everything forever?
The UK Information Commissioner's Office currently has the power to fine organisations up to £500,000 for a breach of the Data Protection Act 1998. This may be increased to a percentage of annual turnover once the new EU Data Protection Regulation comes into effect after 2017. That is a very high price indeed to pay for breaching the legislation by keeping information too long.
Based on various research carried out, the cost of time wasted searching through redundant information is in excess of £300,000.00 per year for organisations of a similar size to the University.
Electronic records vs. physical records
If you are keeping records electronically you need to consider how you would prove that they are authentic and have not been altered over time if they were required as evidence for legal purposes (evidential weight and legal admissibility
It is easy to forget about disposing of electronic records once they have reached their retention period - out of sight, out of mind. Schedule periodic disposal events using the appropriate University records retention schedule
to ensure all information and records (physical and electronic) are managed correctly.