Records Management: Top Tips
The discipline of good records management is a valuable tool in supporting information compliance and business efficiency across the University. The following practical tips can help you manage the records you work with throughout their lifecycle.
1) Understand why you are creating a record.
2) Name records in a recognisable and consistent way.
3) Include the review or disposal date in a record folder name or mark it on the physical copy.
4) Records that need to be seen by others for business reasons should be moved to a shared University Information system.
5) Ensure only those who are allowed to see the record have access to it.
6) Ensure records are protected from unauthorised change and stored in the right format, system or physical environment.
7) Check the University Records Retention Schedule to see how long you need to keep the record.
8) Contact the University Archives (Modern Records Centre) if you think the record has historical value.
9) Review records regularly and dispose of any that are no longer required. Annual reviews are recommended.
10) Check the University's Information Classification and Handling Procedure if you need to dispose of confidential or sensitive records.
What is a record?
Records exist in a wide variety of formats and can be electronic (digital) or physical hard copy. This can include:
Records are defined by the relevant British Standard as: "information created, received and maintained as evidence and as an asset by an organisation or person, in pursuit of legal obligations or in the transaction of business. In terms of recognising a record then it should have characteristics of authenticity, reliability, integrity and useability."
GDPR goes live this week
GDPR will be fully in force from this Friday - 25 May 2018. Over the last few months we have provided guidance on when we can use personal data; what we need to tell individuals about how we use their personal data; how we hold and then delete that data; and how quickly we need to respond in the event of a personal data breach.
Where possible use University managed devices (laptops/PCs/phones) and have your Windows 7 PGP encryption / Windows 10 and BitLocker encryption enabled. Smartphones should also be password protected. Do not share passwords for any devices. If you use a personal device it is your responsibility to ensure it is secure (remind yourself of the existing minimum mandatory working practices) and do not allow others to use your device.
Please remember that you need to make sure any personal data is kept securely. Ensure you use the Warwick email system for work purposes.
We will be publishing the University’s updated Data Protection Policy soon.
GDPR : Reporting Personal Data Breaches
The University is required to keep a record of all security incidents involving personal data. Reportable incidents must be reported to the Information Commissioner by the Data Protection Officer (DPO) of the University of Warwick, within 72 hours of detection, and without undue delay to individuals affected by the incident. It is vital that all staff report a personal data breach, however minor, as soon as possible after discovery so that we can use the 72 hours to establish what has happened, the size of the breach and whether it needs to be reported further.
Here is guidance on what a personal data breach is, what to do if you know (or suspect) there has been one and how the IDC Team will manage such breaches. Please find below the forms required: