Request for records and information management - Freedom of information requests
Title or Description
Request for records and information management
FOI Number
2024187
Date Received
06/02/2024
Type of Request
FOI
Request or Question
1.????What kind of training do all employees receive (not the records managers/specialists), regarding information management?2.????Are there information management specialists involved in the training, such as records management professionals and/or archivists?
3.????Could you provide a copy of the information management training procedures (if any)?
4.????Is this training mandatory and if yes, do the employees have to repeat the training after a specific amount of time e.g., every 6 months/year?
5.????Does your organisation have staff with enhanced Records Management responsibilities, other than the Records Manager (e.g., champions, super-users, etc.)?
6.????What kind of special/specific training do you provide to staff that cover Records Management, Freedom of Information and anonymisation/redaction of documents?
7.????Could you provide a copy of the Records Management training, Freedom of Information and anonymisation/reduction training documents (if any)?
8.????Did you had any data breaches in 2023? If yes, how many there were?
9.????How do you classify your data breaches and which categories of data breaches did you experience in 2023?
10.???Is there a Human Resources policy for disciplinary actions against poor Records Management practices?
11.???Were there any instances of disciplinary actions taken because of poor Records Management practices in the year 2023?
12. How many departments/directorates does your council have and how many staff?
Response
1.????What kind of training do all employees receive (not the records managers/specialists), regarding information management? All employees are required to do annual online Information Management Training course on the councils learning management system. This course covers records management, data protection, information/cyber security and information access.
2.????Are there information management specialists involved in the training, such as records management professionals and/or archivists? Day to day responsibility for the records management function resides with the Information Manager and two Information Officers. The Council had an in-house Archives Service until April 2016 when it transferred with other cultural services functions to Live Borders - a not for profit charity that delivers leisure and cultural services in the Scottish Borders. The Council retains ownership of the records transferred and are managed by an Archives Manager.
It is important to know that the Council recognises the importance of good records management. There is an ongoing Data and Information Strategy Project. This is one of the Council s core projects. Discussions are starting to shape what some of the strategy outcomes might look like. This ongoing work is about how the council is transforming, will set how we work corporately going forward and will be a significant part of what we are doing in terms of our current (digital) transformation.
This project will cover all of the records management principles and help us to identify gaps and put further controls in place to ensure information is managed appropriately throughout its lifecycle.
3.????Could you provide a copy of the information management
training procedures (if any)? Please find attached copy of the Information Management training material.
4.????Is this training mandatory and if yes, do the employees have to repeat the training after a specific amount of time e.g., every 6 months/year? Yes, annually.
5.????Does your organisation have staff with enhanced Records Management responsibilities, other than the Records Manager (e.g., champions, super-users, etc.)? All have a responsibility to look after Council information however, overall responsibility for governance of information assets resides with the relevant Director and their Service Managers. Senior Information Asset Co-ordinators (SIACs) have been created to facilitate Service Level risk overview and information management. They effectively represent the Directors (SIAOs) at Board level on the Information Governance Group. Additionally, the Information Manager has a practitioner s certificate in records management.
6.????What kind of special/specific training do you provide to staff that cover Records Management, Freedom of Information and anonymisation/redaction of documents? Mandatory Information Management training covers Records Management and Information Access (FOI/EIR/SAR). There isn t any special/specific training for anonymisation/redaction of documents however, this is captured in guidance documentation such as Data Sharing Code of Practice. Guidance and support is sought from the Information Management Team. Guidance on UK and Scottish Commissioner websites are frequently referred to.
7.????Could you provide a copy of the Records Management training, Freedom of Information and anonymisation/reduction training documents (if any)? Please find attached relevant documentation. Please note the Information Management Team is in the process of reviewing some of these policies / procedures.
8.????Did you had any data breaches in 2023? If yes, how many there were? The Council record suspected and actual data breaches in the same register. The number recorded is 114.
9.????How do you classify your data breaches and which categories of data breaches did you experience in 2023?
We do not have a formal classification description built into our system used. However, the descriptions used in 2023 were as below but it should be noted that our system is a log of suspected and actual data breaches so not all of the below were actual data breaches.
Accidental loss
Alleged breach of personal data
Alleged disclosure of personal data
Alleged misuse of personal data
Cyber Attack
Disclosed in Error - External - Email
Disclosed in error - external letter
Disclosed in error - Internal
Disclosed in error - Internal and External
Disclosed in error - Internal email
disclosed in error - Other
Disclosed in error - Verbal external
Disclosed in error External/Technical
Disclosed in Error/WhatsApp
External Organisation
External security risk
Information misfiled
Lost device
Lost Files
Lost in mail
Lost in transit
Non secure disposal
Other
Other (alleged employee misconduct)
Other (Data Processor Cyber-attack)
Other/technical
Procedural failure
Technical
Technical/procedural failure
10.???Is there a Human Resources policy for disciplinary actions against poor Records Management practices? No, this would come under disciplinary and performance management policies.
11.???Were there any instances of disciplinary actions taken because of poor Records Management practices in the year 2023? No.
12. How many departments/directorates does your council have and how many staff?
These figures are based on the employee s main post holding and exclude casual staff and elected members:
Dept Headcount
Education and Lifelong Learning 2310
Corporate Governance 133
Finance 60
Infrastructure and Environment 1089
People, Performance and Change 134
Resilient Communities 430
Social Work and Practice - IJB 181
Social Work and Practice - SBC 215
Strategic Commissioning and Partnerships 587
Grand Total 5139
