As public sector organisations creating an ever-expanding volume of data and face increasing regulatory requirements, the need for stringent records management policies has never been greater. Frank Hopping, Managing Director of Crown Records Management (UK & Ireland) examines what’s at stake and explores how to develop effective procedures.
Records managers have played an essential role within the public sector for decades. Efficient record keeping not only allows an organisation to operate on a day-to-day basis; it is also key to meeting various statutory and fiscal requirements, as well as preserving information needed to ensure effective decision-making and policy formulation.
In recent years, however, the introduction of a raft of legislation covering this field has led to a renewed recognition of the importance of records management. The introduction of the Freedom of Information Act in 2000 created a new onus on public sector bodies to retain information and make it accessible to the general public, while the Date Protection Act set strict security requirements and retention limitations for all forms of personal data, from staff employment records to the address details of housing tenants.
Over the last decade the growth in electronic data has also turned the concept of records management on its head. Organisations throughout the public sector now face new threats, from hacking to computer hardware theft, and good records management is no longer the responsibility of records managers alone. Indeed, it is now vital that everyone within an organisation, from the CEO to frontline staff, is aware of the need to protect data and understands individual responsibilities in this respect.
A number of high-profile cases have demonstrated what can happen if public sector workers disregard the importance of stringent data management and security procedures. During recent months the media has been peppered with tales of lost USB sticks, stolen laptops containing unencrypted information and even boxes of patient files being left in hospital corridors, leading to operational headaches, damaged reputations, public mistrust and even financial penalties.
This is particularly true within NHS trusts as they move from traditional hard-copy patient files towards e-records. Electronic information has specific security requirements and trusts must ensure that they adapt their records management policies accordingly, taking into account documents such as email messages which may not fall within the traditional remit of records managers.
So what practical steps can public sector organisations take?
Firstly, senior managers should establish stringent procedures for creating, sharing, handling and storing information and ensure that all employees are aware of their obligations and the potential consequences of data losses. These procedures should cover all types of information, from electronic files to hard copy records, and should encompass clear policies on the use of devices such as USB memory sticks, as well as the transportation of data off-site. In addition, all sensitive electronic data should be encrypted and should only be transported via secure methods.
Secondly, all staff should follow a consistent filing and naming system to ensure that documents can be accurately identified and tracked. All records should then be monitored throughout their lifecycle and should be accompanied by a retention schedule to ensure that they are neither destroyed before time or retained for too long both of which can break regulations. Once a record has reached the end of its lifespan, a certificate of destruction should be created and kept on file to support compliance requirements and provide a clear audit trail.
In addition, it is important that records are stored in a secure environment, particularly if they are deemed sensitive or hold special importance. Depending on the nature of the information each record contains, measures could include fire-proofing, electronic access restrictions, CCTV and anonymous barcode systems.
Storing crucial records off site with a credible supplier affords further protection, and can offer the added benefit of substantial space and cost savings. This may become an increasingly important factor as public sector organisations face up to the potential of spending cuts, freeing up additional resource for frontline services.
Public sector organisations should also back-up documents to ensure they are not lost or damaged a factor which is particularly crucial with regard to fulfilling the obligations of the Freedom of Information Act. To save space and cost, it is often worth creating electronic rather than hard-copy back-ups by scanning documents, but it is vital that long-term data is not stored on devices such as USB sticks or CD-ROMs, which may be damaged or rendered technologically obsolete.
To conclude, the field of records management is rapidly evolving as organisations create increasing amounts of data and legislation is tightened. The important role of records management must therefore stay front of mind for all employees, rather than being viewed as the responsibility of one person or department. Only by fostering such a culture can public sector bodies ensure they comply with the law and avoid the operational, reputational and financial consequences of lost data.
Frank Hopping is Managing Director of Crown Records Management, which offers hard-copy and electronic records management storage, as well as records management audits and secure destruction.
Visit www.crownrms.co.uk or call 020 8839 8000.
Recent Comments