records management and data protection
This policy (Word) governs the management of all records produced or acquired by Shetland Islands Council and by its staff, in the course of its business, in all media and all locations.
This Retention and Destruction Schedule (pdf) has been created to support officers and elected members of the Shetland Islands Council in the areas of Data Protection, Freedom of Information and the Local Government (Scotland) Act.
The Schedule has been developed to reflect an understanding of the administrative processes that give rise to records/file creation. The Schedule is independent of any particular format of record that might be historically created,(e.g. paper, card, electronic).
The aims of the Schedule are to :
Assist officers and elected members in identifying records that may be worth preserving permanently as part of the Council’s archives.
Prevent the premature destruction of records that need to be retained for a specified period to satisfy legal, financial and other requirements of public administration.
Provide consistency for the destruction of those records not required permanently after specified periods.
Promote improved Records Management practices within the Council
Shetland Islands Council needs to collect and use certain types of information about people with whom it deals (pdf) in order to operate. These include current, past and prospective employees, suppliers, clients/customers and others with whom it communicates. In addition, it is required by law to collect and use certain types of information of this kind to comply with its own statutory duties and requirements and the requirements of Government departments for business data, for example. This personal information must be dealt with properly however it is collected, recorded and used - whether on paper, in a computer, or recorded on other material - and there are safeguards to ensure this in the Data Protection Act 1998.
This policy is adopted by Shetland Islands Council, Shetland NHS Board and Northern Constabulary as their Policy on data sharing, and will be followed by all service areas when entering into information sharing procedures, both internally and externally. The Policy will also form part of any formal Individual Procedure drawn up between partner organisations and any service areas within these organisations.
This Policy obliges parties to any information sharing procedures to adhere to it. However, partner organisations recognise that organisations may have their own internal procedures which must be followed. In such instances, the Individual Procedure will include details of those procedures, and attempts will be made to streamline internal procedures to ensure that there is compliance with this Policy.
The Data Protection Act 1998 gives people rights to enquire of the Council whether it holds personal information about them and allows them to find out what information is held on computer and paper records. This is called 'Right of Subject Access' (Word). The Act also gives people certain rights and demands that the Council responds in certain ways to such requests.