Information Rights for Records Managers

1 Introduction to information rights law
Introduction What is information rights law? What else is available? Who works in information rights law? General access to information Access to personal information Access to environmental information Conclusion

2 Freedom of information
Introduction Handling requests: the basic method The right to information: section Identifying a request: section Logging the request Determining who has the information and forwarding the request to them Requesting clarification and defining scope: section 16/15 duty to advise and assist Reminders Drafting the response and sign-off Conclusion

3 Freedom of information exemptions
Introduction Refusing the request due to an exemption Section 12, The cost limit Section 21 (FoIA)/25 (FoISA), Information already available Section 22 (FoIA)/27 (FoISA), Information due for publication and research Sections 23, 24, 25, 26 (FoIA)/section 31 (FoISA), Security bodies, national security and defence Section 27 (FoIA)/section 32 (FoISA), International relations Section 28, Relations within the UK Section 29, (FoIA)/section 33(2) (FoISA), The economy Section 30 (FoIA)/section 34 (FoISA), Investigations and proceedings conducted by a [Scottish] public authority Section 31 (FoIA)/section 35 (FoISA), Law enforcement Section 32 (FoIA)/section 37 (FoISA), Court records, etc. Section 33 (FoIA)/section 40 (FoISA), Audit functions Section 34, Parliamentary privilege Section 35 (FoIA)/section 29 (FoISA), Formulation of government/ Scottish administration policy Section 36, Prejudice to the effective conduct of public affairs Section 37 (FoIA)/section 41(FoISA), Communications with Her Majesty, etc. and Honours Section 38 (FoIA)/section 39(1) (FoISA), Health and safety Section 39 (FoIA)/section 39(2) (FoISA), Environmental information Section 40 (FoIA)/section 38 (FoISA), Personal information Section 41 (FoIA)/section 36(2) (FoISA), Information provided in confidence/Confidentiality Section 42 (FoIA)/section 36(1) (FoISA), Legal professional privilege Section 43 (FoIA)/section 33 (FoISA), Commercial interests Section 44 (FoIA)/section 26 (FoISA), Prohibitions on disclosure Section 14, Vexatious and repeated requests Writing the refusal notice Dealing with complaints and follow-up requests Publication schemes and disclosure logs Conclusion

4 Data protection: principles and main features
Introduction Regulations and Directives Data protection main features What is personal data? Definitions The data protection principles Previous principles turned articles Conditions for processing/lawfulness of processing Special categories of personal data Data controllers, joint data controllers and data processors Data controller responsibilities Conclusion

5 Data protection: rights of data subjects
Introduction Recording requests Subject access requests: what you have to provide Subject access requests: scoping the request for copies of personal data Subject access requests: providing the response Requests for rectification Requests for deletion: the right to be forgotten Right to restrict processing Objections to processing Requests for data portability Automated processing and profiling Conclusion

6 Data protection: internal enquiries
Introduction Privacy notices and consent forms Data protection or privacy impact assessments Transfers to other countries and within international organizations Dealing with internal enquiries Responding to the ICO Conclusion

7 Environmental Information Regulations
Introduction Environmental information Who is covered by the EIR? Processing EIR requests Verbal requests Time to respond Clarification, transfers and formats Charging fees Exceptions: EIR-speak for exemptions Regulation 12(4)/10(4): the 'administrative' or class-based exceptions Regulation 12(5)/10(5): the subject-based exceptions Personal data and the EIR Complaints about EIR requests Conclusion

8 Other information-related laws
Introduction Access to medical records Access to local government records Re-use of Public Sector Information Regulations Privacy and Electronic Communications Regulations and the ePrivacy Regulation Computer Misuse Act Public Records Act and the Code of Practice for Records Management INSPIRE Regulations Conclusion

9 Fitting information and records management into information rights work
Introduction Information and records management: is it necessary? The section 46 FoIA/section 61 FoISA Code of Practice for Records Management Disposal/retention schedules Information asset registers Fitting in records management around other tasks Conclusion

10 Resources
Introduction Legislation Guidance Legal cases Social media, blogs and listservs