Message and Guidance for Leavers regarding University records and information that they process and manage
University records and information might be the last thing on your mind as you prepare to leave the University, but to help us maintain continuity of operations and compliance with legislation and regulation after you have left please can you ensure that all University records and information kept in personal storage areas are made accessible to the relevant colleagues before you go.
If you need any guidance or advice in this regard please speak to one of the following: your line manager, your team/department’s records management co-ordinator or contact the University’s Information Governance Manager.
Here are a few FAQs below which you may find useful:
What are personal storage areas?
Electronic: H: Drive, C: Drive (including your Desktop), Outlook, email archives, MySite (SharePoint), portable devices (phones, tablets, USB sticks, FlashDrives, SD cards, CDs, etc), Personal Computers, personal cloud storage such as OneDrive, DropBox, etc.
Physical storage doesn’t really need an explanation, but might include desk drawers or a filing cabinet which you hold the only key for (it has happened in the past); papers taken home to be worked on and left there, etc.
How do I make the records/information kept in personal storage areas accessible to others?
Electronic: Set up folders on SharePoint or the S: Drive and move the records there. If you are concerned about the confidentiality of the records/information then ensure that a folder is set up which is either password protected or has the necessary access controls on it. Information Services can help you with doing this for folders on the S: Drive, but on SharePoint individuals can set these up themselves (or your team’s records management co-ordinator). It is possible to drag and drop emails and other files in MS Office into new folders on the S: Drive, or move them in bulk, and you can also integrate Outlook with SharePoint to do this too. Please ensure at least one colleague (perhaps your line manager?) has access.
Physical: Ensure any records/information are returned to the University and let colleagues know where the information is and how to access it. The Manual and Physical Data Security Policy refers.
Are emails records?
The content of a ‘document’ determines if it is a record, not the format (e.g. text document, spreadsheet, email, etc.). If the content of the email is ‘evidence of a business transaction, decision, action or advice’ then it is a record (more detail below and on the Records Management intranet site and email guidance pages). If there is a chance that someone else will need to refer to the information in future then please keep it even if you don’t think it is a ‘record’. Don’t forget that the University is asked for a wide range of information under the Freedom of Information (Scotland) Act 2002 and under Data Protection legislation and that missing information can affect both future University decisions /actions and individuals.
A record is any piece of information created or received and maintained by an organisation or person in the course of their business or conduct of affairs and kept as evidence of such activity. Records can be held in the form of letters, memos, faxes, reports, databases, e-mails, plans, videos, photographs, slides, audio recordings, CDs, CD-ROMs, microfilm and any other medium.
Records have three main purposes:
- Evidence of a transaction and its terms in the event of a dispute;
- As reference material for the organisation of facts, background, prior actions and ideas to be used in the decision-making process;
- To comply with legislative or professional requirements for the retention of records.
Can you delete/destroy the records/Information?
If you are thinking of deleting or destroying records and information please consult the Records Retention Schedule (RRS) for your area before doing so. If you don’t know what the retention period is you can do one of the following: check the RRS, speak to your line manager/records management co-ordinator or ask the Information Governance Manager.
Further information can be found on the Destruction of Personal Data intranet page and the Safe Disposal of Confidential Waste guidance
Information risks include destroying information too early and keeping information too long as well as unlawful disclosure (data breach) and loss.
Thanks for doing this and best wishes for the future!
Please also see: