FOI Update: DCMS Guidance on Managing Public Authority Information and Records

DCMS has published an updated records management code of practice issued under Section 46 of the Freedom of Information Act 2000. Read our overview of key points.

On July 15, the Department of Digital, Culture, Media and Sports (DCMS) published a code of practice on records management published pursuant to Section 46 of the Freedom of Information Act of 2000 (FOIA). This replaces the previous version and provides guidance to public authorities (including local authorities) on the retention, management and destruction of information and records. The code does not apply to organizations subject to the Freedom of Information (Scotland) Act 2002, to which a separate code applies.

The stated purpose of the Code is to provide guidance to authorities that helps them create a framework for the retention, management and destruction of their information, and therefore records. Following the Code will help them:

  • comply with FOIA, Environmental Information Regulations (EIR)2 and other information rights legislation such as the UK General Data Protection Regulation, the Public Records Act 1958 and the Public Records (Northern Ireland) Act 1923 if they apply;
  • fulfill their obligation to publish information about their activities; and
  • comply with the Public Sector Information Reuse Regulations 2015.

The Code is divided into three sections:

1. Introduction to the Code and its legal basis.

2. The principles of good information management practices:

  • Value – the authority must understand, manage and use its information in a way that allows it to understand its value, to make effective decisions for the benefit of society. Authorities need to manage their information in such a way that they can assess its current and future value. They should retain the information for as long as they can show it has value and dispose of it when it no longer has value. Authorities must be able to explain why they no longer hold information.
  • Integrity – the authority and all its stakeholders must be able to trust and rely on the information it holds.
  • Responsibility – the authority’s information management must enable it to report clearly and precisely on its activity in accordance with its legal and other obligations.

This section provides guidance on how authorities can put these principles into practice, including:

  • put in place appropriate governance, organizational capacity and technical measures to ensure that they manage information in accordance with the Code;
  • ensure that their organizational capacity includes an information management function with a designated manager of sufficient seniority to ensure the authority meets its responsibilities under the Code, adequate resources and suitably trained staff ;
  • ensure that its technical capacity includes appropriate tools and systems to manage, organize, locate and use information, backup systems to recover from system failures and major disasters, and systems to ensure that the destruction of information is carried out in accordance with their sensitivity and is permanent; and
  • when information is shared with an authority, organization or partner contractor, set up an information sharing agreement which must specify: o the obligation to record decisions, in particular with regard to the transfer or destruction of information; o obligations under copyright, data protection law and FOIA; o records management controls and any special security and personal information processing requirements; and o ownership of any copyright.

3. Historical documents

This part provides advice on how to comply with the Public Records Act 1958 (PRA) or its equivalent in Northern Ireland. For authorities that are not subject to the PRA, the guidance suggests that authorities may wish to operate with respect to this Part 3 where useful.

The section covers:

  • transfer public documents to another organization or to an archive;
  • access to historical information transferred under FOI exemptions;
  • preservation of public archives; and
  • obligations when departments sponsor other organizations.

The appendices provide more information on:

  • to whom the Code applies;
  • the status of the Code and the obligation to comply with it;
  • the role of the Departmental Records Officer and Information Manager (for those familiar with the previous version of the Code, this is a significant change);
  • the roles of regulatory and other agencies (including the Information Commissioner’s Office);
  • other sources of standards and guidance; and
  • a glossary of terms.