Spring is around the corner, and what better way to celebrate than by learning something new? Act Now Training are offering a special Spring sale with 10% off on all one day courses until 21/04/23. Plus, we have some exciting discounts on our GDPR certificates!
Our one day courses are designed to provide you with a comprehensive understanding of various information governance topics, including data protection, records management, FOI and information security. Whether you are a beginner or an experienced professional, our courses are tailored to meet your specific needs.
Our Intermediate Certificate in GDPR strengthens the foundations established by our UK GDPR Practitioner certificate. Delegates will cover more challenging topics and gain a deeper awareness of the fundamental data protection principles. It is an excellent option for those with an established knowledge base and experience in data protection who wish to level up their knowledge and sharpen their skills.
Our Advanced Certificate in GDPR course is perfect for those who want to take their GDPR knowledge to the next level. This course covers the more complex aspects of GDPR and provides you with the practical skills needed to manage GDPR compliance effectively. You will learn how to break down complex multi-faceted scenarios and learn how to analyse case law, MPNs, ICO reprimands and Enforcement notices. This course is unlike any other, it challenges delegates with real world complex scenarios and is excellent in showcasing a much higher level of knowledge depth and understanding.
Don’t miss this opportunity to enhance your information governance skills and take advantage of our Spring sale. To take advantage of this offer, simply book your chosen course before 21/04/23 and enter the code SPRING10 at checkout and the relevant discount will be applied.
The awards ceremony took place on Monday night at the IRMS Conference in Glasgow. Act Now was also nominated for two others awards including Innovation of the Year for our Advanced Certificate in GDPR Practice.
Ibrahim Hasan said:
“I would like to thank the IRMS for a great event and the members for voting for us. It feels really special to be recognised by fellow IG practitioners. We are proud to deliver great courses that meet the needs of IRMS members. This award also recognises the hard work of our colleagues who are focussed on fantastic customer service as well as our experienced associates who deliver great practical content and go the extra mile for our delegates. Congratulations to all the other IRMS awards winners.”
It has been another fantastic year for Act Now. We have launched some great new courses and products. We have exciting new courses planned for 2023. Watch this space!
BTW – Act Now also won the best elevator pitch prize at the conference vendor showcase. Click here to watch Ibrahim’s pitch.
The Public Records (Scotland) Act 2011 (PRSA 2011) requires public bodies in Scotland to develop a Records Management Plan and submit it for the approval of the Keeper of the Records of Scotland. Many of these plans, usually approved on a five year basis, are now approaching the time when they will need to be revised and put through the approval process once again. Moreover, the Keeper’s team have been actively revising their “Model Plan” and will be expecting more from authorities on the submission of their new plans over the next couple of years.
The PRSA 2011 received Royal Assent on 20 April 2011, aiming to fill a gap in information governance which had long existed. Although there had been some sector specific records requirements there was no overall legislative framework guiding the creation, management or retention of information in the Scottish public sector.
The Act came in on the back of the 2007 Shaw Report which blamed poor record keeping for many of the difficulties faced by former residents of residential schools and children’s homes. The Scottish Government took a broad view of the implications of Shaw; this in turn led to the PRSA covering a broad range of named public authorities including the Scottish Government and Parliament, local authorities, NHS, police and the courts.
Despite concerns, strongly expressed at the time by COSLA among others, that the Act would present yet another onerous burden during a period of particularly harsh austerity, it is probably fair to say that the PRSA has been a success, giving Scotland a solid statutory basis for its record keeping for the first time.
Records Management Plans
The core of the Act is the requirement to develop and maintain a Records Management Plan. This, in theory, can take any form but in practice authorities have tended to closely follow the Keeper’s “Model” comprising (originally) 14 elements:
Senior management responsibility
Records manager responsibility
Records management policy statement
Archiving and transfer arrangements
Business continuity and vital records
Competency framework for records management staff
Assessment and review
One significant change to the way that the Keeper will be assessing authorities’ Records Management Plans is that there is now an “Element 15” in the Model Plan, covering third party records. S2 and S3 of the Public Records (Scotland) Act always defined the scope of the legislation broadly so as to cover the records of external agencies carrying out functions on behalf of the public authority, but that is now going to be more explicitly defined and the Keeper will expect to see evidence of policies and procedures under this “Element 15”.
The Keeper is currently undertaking a review of these requirements so it is as yet unclear exactly what will be required. The issue was covered in some detail at the Stakeholders’ forums which the Keeper hosted last year, and there is some guidance and model contractual clauses available from the National Records of Scotland, and from the Scottish Council on Archives and Quality Scotland.
Another significant change in the Keeper’s approach to what will be required from Records Management Plans is a general refocussing on data protection. This had always featured in the Model Plan with element 9 dedicated to the appropriate management of personal data but now data protection runs through the Keeper’s guidance like the writing through a stick of rock. As well as beefing up element 9, each section of the Keeper’s guidance now includes a data protection theme as an example of good practice.
The scope of the PRSA continues to broaden. The Keeper is currently going through the approval process of the Integrated Joint Boards, and (as with Freedom of Information?) there will be pressure to extend the list of bodies covered by the Act. The position of Trusts and some other arms-length authorities remains unclear but all organisations of a public nature would be well advised to get up to speed with the requirements of the Public Records (Scotland) Act 2011.
Throughout the process of the passage of the Bill, the Keeper always made a commitment to use the carrot rather than the stick. This has worked well, with the very helpful team at the NRS providing support and guidance on a range of records issues. As the records environment matures, however, and as more is expected of authorities, might we see a more robust approach from the regulator? In retrospect, some of the early schemes which the Keeper approved now look somewhat thin; it may be unlikely that these would have passed had they been submitted today.
Act Now has arranged a series of webinars and full day workshops on the themes raised by the developments within the PRSA. Among other issues, we will be looking at:
Records Management Policies. Some authorities conflate “policy” and “Plan”. I’d suggest a clear separation, with the Policy simply summarising the case for records management, allocating responsibilities, defining terms and setting out key principles. This element of the plan can also be used to include area-specific policies and procedures which perhaps don’t fit neatly elsewhere.
We’ll consider the standards and resources available. What are the standards that you need to know about? In developing or amending your plan, how far can you rely on off-the-shelf resources such as business classification schemes and retention schedules? What do you have to do to make these really work for you?
The Keeper has a self-review mechanism for already established Records Management Plans. The “Progress Update Review” mechanism is available and the Keeper has suggested that completing this process will delay the requirement for a full resubmission of your Plan. But what factors should be considered in deciding when to use the PUR and when to complete a full resubmission?
Links to other relevant legislation. In particular, the GDPR, the Data Protection Act 2018 and the Freedom of Information (Scotland) Act 2004. As noted above, the start of the review of the model scheme was at the same time as the implementation of the GDPR and this seems to have very much focussed the Keeper’s attention on data protection. What will authorities need to do to ensure that their RMPs are up to speed with the new DP requirements?
Electronic Records Management. In theory, records principles are blind to the media by which the information is created, stored and managed. In practice, however, the Records Management Plan can be an excellent focus to develop and promote policies and practical guidance which relates specifically to information in alternative media.
Getting “buy in”. We will consider the best ways to get support for the Records Management Plan within your organisation. It is important that you are able to show the benefits of good records management – and not just in terms of statutory compliance or improved efficiency. By developing a culture of regarding information as a corporate asset you be able to demonstrate that records management is vital in evidencing the rights and responsibilities of the organisation and in maintaining a high quality corporate memory through the development of a proper archive service.
Making it real. The RMP should not just be a paper exercise but should be a functioning set of tools which ensure that the organisation derives maximum value from its information resources. To be of real value, the Plan needs to be embedded throughout the organisation, rather than just a neat stack of policies on a corner of the Chief Executive’s desk.
Craig Geddes is a qualified archivist and records manager, with 28 years’ experience working across the range of information governance activities. He has recently joined the Act Now team to deliver freedom of information and records management courses in Scotland.
On first sight, that’s a pretty startling statistic. The IRMS is the main industry body for records managers. If anyone could be expected to have articulated a vision for electronic records management, it was the people in that room.
But the truth is, I’m not that surprised by Julie’s experience.
Firstly, I think it’s partly to do with what Julie asked. If she’d asked whether those present had a records management policy, I suspect a much bigger proportion would have put their hands up. And many records management policies probably include a statement saying how the organisation aspires to manage electronic records. That’s a vision – but those present probably didn’t think of it as such.
But what about those who just don’t have any statement? I suspect a lot of people in that room didn’t have anything – no policy, no strategy, no vision. And I think I know why.
The people responsible for records management in a lot of organisations are nervous of getting it wrong. And all the talk of visions, strategies and programmes isn’t helping. All the competing theories and evolving attitudes are hard to keep up with. 10 years ago, public bodies were being encouraged to adopt electronic document and records management systems. Now it’s rare to hear a success story about such systems, and hardly anyone thinks they’re a good idea. How do you come up with a vision for the future operation of your organisation when the future keeps changing?
What’s more, in most organisations, the person responsible for records management may be relatively junior. Often they will be someone who was drafted into the role; it might only be part of their job.
But it is important that records management is addressed. Any business needs to manage its information. Back at the start of my career I worked for a pharmaceutical company. Our records management unit ensured that they were able to prove that they discovered their marketed drugs first – some of those records were worth billions to the business.
And it is necessary for compliance with legislation. For example, if you look at many civil monetary penalties issued by the Information Commissioner’s Office, you will find that poor records management played a part.
And public authorities of course are subject to the Freedom of Information Act. Section 46 of the Act requires the Lord Chancellor to issue a Code of Practice on the management of records. The Code of Practice was written by the National Archives and sets out the features that they expect to see in public authorities’ records management.Whilst not a statutory requirement, the Information Commissioner is unlikely to look kindly on a public authority that fails to meet its FOI obligations due to records management failings. Indeed he has been known to issue a practice recommendation to an authority insisting that they improve their records management.
So organisations – especially public sector ones – need to do something about records management. But what?
We can start by using the Code of Practice as a guide. What do the experts at the National Archives think should be in place?
And we can stop letting “the best be the enemy of the good”. Julie McLeod’s straw poll, as well as the more detailed research she was reporting on at the conference showed that many organisations had done very little. What actually needs to happen is something. We should improve records management one step at a time. We must be pragmatic.
That’s what I’m going to attempt to do in my new course for Act Now Training on Records Management and the Section 46 Code of Practice. I’ll explain the different requirements of the Code and practical things you can do to meet them. That’s obvious. But I’ll also tell you not to panic. Don’t try to do it all at once. What are the key things you can do that will improve your records management almost overnight? You will leave with an action plan for your organisation – so you’ll instantly be ahead of 90% of those conference delegates I mentioned. The key words are “Just Do It.”