234mm x 156mm
Download Flyer Request e-Inspection Copy

Information Rights for Records Managers


Records Managers have tended to find themselves given the responsibility for managing requests under the Freedom of Information (FOI) and Data Protection Acts (DPA), without necessarily having training and/or an academic background in legal studies. This book aims to fill this knowledge gap by offering a fully up to date, accessible, comprehensive guide to information rights specifically for those without a legal background. Information Rights for Records Managers aims to be as comprehensive as possible, including coverage of the new General Data Protection Regulations (GDPR), so that the guidance practitioners can provide is as fully informed as possible. Content covered includes:

  • Responding to FOI requests, including exemptions, internal reviews and benchmarking
  • Coverage of DPA and GDPR regulations, where the differences lie and what the implications are for professionals operating under the acts
  • Personal data requests and enquiries under GDPR
  • Working with the European Information Regulations (EIR) and where the differences lie with FOI
  • Discussion of the two strands of records management and information rights work and how the two interact in daily work
  • Practical case studies from a range of organisations and institutions to demonstrate practice.

The book will be useful reading for all professionals in the public and private sectors who have responsibility for information rights, particularly around FOI and DPA. Its introductory nature will also mean that it will be very useful students and new professionals seeking to increase their knowledge.

1 Introduction to information rights law
Introduction What is information rights law? What else is available? Who works in information rights law? General access to information Access to personal information Access to environmental information Conclusion

2 Freedom of information
Introduction Handling requests: the basic method The right to information: section Identifying a request: section Logging the request Determining who has the information and forwarding the request to them Requesting clarification and defining scope: section 16/15 duty to advise and assist Reminders Drafting the response and sign-off Conclusion

3 Freedom of information exemptions
Introduction Refusing the request due to an exemption Section 12, The cost limit Section 21 (FoIA)/25 (FoISA), Information already available Section 22 (FoIA)/27 (FoISA), Information due for publication and research Sections 23, 24, 25, 26 (FoIA)/section 31 (FoISA), Security bodies, national security and defence Section 27 (FoIA)/section 32 (FoISA), International relations Section 28, Relations within the UK Section 29, (FoIA)/section 33(2) (FoISA), The economy Section 30 (FoIA)/section 34 (FoISA), Investigations and proceedings conducted by a [Scottish] public authority Section 31 (FoIA)/section 35 (FoISA), Law enforcement Section 32 (FoIA)/section 37 (FoISA), Court records, etc. Section 33 (FoIA)/section 40 (FoISA), Audit functions Section 34, Parliamentary privilege Section 35 (FoIA)/section 29 (FoISA), Formulation of government/ Scottish administration policy Section 36, Prejudice to the effective conduct of public affairs Section 37 (FoIA)/section 41(FoISA), Communications with Her Majesty, etc. and Honours Section 38 (FoIA)/section 39(1) (FoISA), Health and safety Section 39 (FoIA)/section 39(2) (FoISA), Environmental information Section 40 (FoIA)/section 38 (FoISA), Personal information Section 41 (FoIA)/section 36(2) (FoISA), Information provided in confidence/Confidentiality Section 42 (FoIA)/section 36(1) (FoISA), Legal professional privilege Section 43 (FoIA)/section 33 (FoISA), Commercial interests Section 44 (FoIA)/section 26 (FoISA), Prohibitions on disclosure Section 14, Vexatious and repeated requests Writing the refusal notice Dealing with complaints and follow-up requests Publication schemes and disclosure logs Conclusion

4 Data protection: principles and main features
Introduction Regulations and Directives Data protection main features What is personal data? Definitions The data protection principles Previous principles turned articles Conditions for processing/lawfulness of processing Special categories of personal data Data controllers, joint data controllers and data processors Data controller responsibilities Conclusion

5 Data protection: rights of data subjects
Introduction Recording requests Subject access requests: what you have to provide Subject access requests: scoping the request for copies of personal data Subject access requests: providing the response Requests for rectification Requests for deletion: the right to be forgotten Right to restrict processing Objections to processing Requests for data portability Automated processing and profiling Conclusion

6 Data protection: internal enquiries
Introduction Privacy notices and consent forms Data protection or privacy impact assessments Transfers to other countries and within international organizations Dealing with internal enquiries Responding to the ICO Conclusion

7 Environmental Information Regulations
Introduction Environmental information Who is covered by the EIR? Processing EIR requests Verbal requests Time to respond Clarification, transfers and formats Charging fees Exceptions: EIR-speak for exemptions Regulation 12(4)/10(4): the 'administrative' or class-based exceptions Regulation 12(5)/10(5): the subject-based exceptions Personal data and the EIR Complaints about EIR requests Conclusion

8 Other information-related laws
Introduction Access to medical records Access to local government records Re-use of Public Sector Information Regulations Privacy and Electronic Communications Regulations and the ePrivacy Regulation Computer Misuse Act Public Records Act and the Code of Practice for Records Management INSPIRE Regulations Conclusion

9 Fitting information and records management into information rights work
Introduction Information and records management: is it necessary? The section 46 FoIA/section 61 FoISA Code of Practice for Records Management Disposal/retention schedules Information asset registers Fitting in records management around other tasks Conclusion

10 Resources
Introduction Legislation Guidance Legal cases Social media, blogs and listservs

Rachael Maguire is the Records Manager and Data
Protection Officer at the London School of Economics, covering records
management, data protection and freedom of information. She has been working in
the fields of information management and information rights for two decades,
mainly in the public sector. She has a Masters in Information Rights Law, is a
Fellow of the Information and Records Management Society (IRMS) and on the
Accreditation Sub Committee of the IRMS, as well as on the Editorial Board of
the Records Management Journal.

'This book is very well organised, and Maguire's style is very accessible and straightforward. I think many professionals would feel less intimidated by the broad area of information rights law having read this book; I have certainly found that to be the case, despite having been in my (additional) role of Data Protection Officer for over two years.'

Catholic Archives

You might also be interested in..

« Back