ÄûÃÊÊÓƵ

Division of General Counsel, Governance and Compliance

Frequently Asked Questions

Please see below for a list of FAQs relating to records management. If you've got any questions that aren't answered below, please don't hesitate to get in touch with the Information Management team at GDPR@sussex.ac.uk.

What is a record?

A record, or records, can be understood as 'information created, received, and maintained as evidence by an organisation or person, for our legal obligations or for the transaction of our business.'

Records are a crucial part of our organisation: they facilitate the delivery of our academic services, support decision-making, document the University’s aims, policies, and activities, and ensure that legal and administrative requirements are met. They provide evidence of the activities and transactions taking place and the decisions made by us.

Did you know that a 'third of records are duplicates, increasing storage costs by 1/3?'

Every record is a piece of information, but not every piece of information is a record. One way to think about records is to think of them as a collection of information.

Example: An invoice requiring payment, an email approving training, a letter of resignation, a grant application, or a spreadsheet are all records. However, a name and date of birth written down on a piece of paper could be important information, but it is not likely to be a record.

What is a 'master record'?

Although the principles in the Records Management Policy apply to all University records, the Master Records Retention Schedule provides more specific detail regarding which records make up the University’s ‘master records’.

A ‘master record’ is a core University record which has ongoing institutional, authoritative and/or evidential value. The University’s master records are assessed by business needs, legal requirements and Higher Education standards and best practice.

Example: A final published version of a policy but not the working drafts, or audited Financial Statements are both master records. A committee member who receives the minutes of meetings holds a duplicate copy rather than the master record itself.

Why are records important?

Records are a crucial part of our organisation: they support decision-making, facilitate the delivery of our academic services, document the University’s aims, policies, and activities, and ensure that legal and administrative requirements are met. They provide evidence of the activities and transactions taking place and the decisions made by staff. They also form the University's collective memory that must be available beyond the recollection or working life of any single member of staff.

What formats can records be in?

Records can be in any format regardless of how they were created and how they are stored whether hard copy or digital; held by individuals or in centralised systems.

Example: The paper minutes of a meeting documenting decisions; an online invoice requiring payment; an email approving expenditure; a handwritten letter of complaint; a podcast of a lecture; a photograph taken at a graduation ceremony for use in promotional materials are all records, regardless of their format.

What is records management?

'Records management is about controlling records within a comprehensive regime made up of policies, procedures, systems, processes and behaviours.' - from The National Archives.  

Records management incorporates the practice of creating, identifying, classifying, providing access to, storing archiving, and sometimes the destruction of records. This is called the record’s life cycle and it is one of the key concepts in records management. The University’s Records Management Policy outlines the importance of, and principles which underpin records management.

Records Management life cycle

Why is records management important?

Effective records management is an institutional priority, given how integral record keeping is to ensuring the University runs as efficiently as possible and meets its various obligations. Without it, the University is likely to waste time and resources and risks reputational damage and non-compliance with important legislative and regulatory requirements.

Proper records management ensures that all of the University's records are created, received, used, stored and disposed of in our day-to-day work in a way that facilitates their most efficient and effective use.

Did you know that staff can spend 10% or more of their day looking for information or trying to locate files and records?

Good records management ensures that:

  • Information can be found easily when needed and increases the University’s efficiency and accountability;
  • the University can be confident that records are an authoritative source of information and provide a solid basis for decision-making, policy development, and service provision;
  • legal and regulatory compliance obligations can be met; and
  • information is protected appropriately.

To find out more about the benefits of good records management, please visit the Importance and benefits of good records management page.

Who is responsible for records management?

All staff are responsible for records management and should familiarise themselves with the Records Management Policy and adhere to it when creating and maintaining records as part of their work for the University.

Where records are used by multiple teams, there should always be a clear understanding of which area or role has ultimate responsibility for the maintenance of the record.

Records should be created and maintained with appropriate security measures and access controls in place, based on the content and value of the records and any applicable legislative or regulatory requirements (e.g. data protection).

Where can I hold records?

Records should be created and maintained with appropriate security measures and access controls in place, based on the content and value of the records and any applicable legislative or regulatory requirements (e.g. data protection). There should be knowledge of where records are held and how to access them, and where applicable, it should be clear how records are connected to other records. 

All University records and data should be held securely, using appropriate electronic or physical storage. Usually, this means the use of systems and storage that are supported by the University’s IT Services, and physical space that can be locked. Generally, it is best not to store records locally or on your desktop, but to use storage that is recommended and supported by the University’s IT Services. This is because shared University systems are better solutions for meeting operational needs and enabling records to be retrieved and used by everyone who needs them records than personal folders.

You can find more information here and it includes options such as the University’s shared / group drives, OneDrive for Business (using your Sussex username) and Box.

How long should I keep records?

The length of time records should be kept can vary and is subject to legal requirements, University policies, guidance and codes of good practice.

Records should only be kept for as long as they are required. When they are no longer needed – for example for institutional business or regulatory or legal compliance purposes - they should be disposed of.

Did you know that “typically, 95% of files older than 3 years will never be retrieved?”

If you have any queries, or would like further advice about records retention, please contact the Information Management team.

How long should 'master records' be kept?

Whilst records management principles apply to all University records, the University also publishes additional guidance to use which applies specifically to the University’s ‘master records,’ known as the Master Records Retention Schedule.

The Schedule provides specific detail about which records make up the University’s master records, how long these should be retained, and what the recommended disposal action following the end of the retention period is. It applies to master records in all media and formats.

The Master Records Retention Schedule is split into broad sections, with each section then broken down further to detail specific groups and types of records.

Why do we need a Master Records Retention Schedule?

The Master Records Retention Schedule is important because it

  • ensures that the University’s key records are kept for as long as they are needed and destroyed or archived when no longer required;
  • helps to comply with various legal requirements, including Data Protection and Freedom of Information legislation;
  • provides consistency in record keeping for key records across the University;
  • avoids duplication of records and ensures there is a single, master record;
  • reduces organisational costs by saving space, storage costs and time by reducing the number of unnecessary records; and
  • identifies records of long-term value and secures them from accidental destruction.
When is a record redundant, obsolete, or trivial?

Redundant information exists when it is duplicated across different places and versions, whether in the same system or in multiple systems. This can create confusion with multiple versions and misunderstanding about which is the 'right' one. A key step in managing redundant information is to define a ‘Single Point of Truth’ for each type of record.

For example, sending a link to a document enables a single copy to be viewed and edited if required by multiple people, without the creation of duplicates.

Obsolete information can mean ‘no longer in general use’ or ‘discarded’ or ‘replaced’ or ‘outdated’. Records can become obsolete for all these reasons, or it can simply be incorrect or incomplete. In all these instances, obsolete information can prompt confusion as well as actions or outcomes based on bad information.  A key step in managing obsolete information is to delete them when they are no longer needed.

Trivial information is the material that are created in day-to-day activities but does not meet the definition of a ‘record’. This should be deleted when it is no longer needed.

How do I dispose of records?

Disposal of records is an important part of records management.

All records that are classified as ‘Sensitive’ must be disposed of securely. Paper records should be disposed of using confidential waste disposal and secure shredding. If you require confidential waste bags or bins, you can contact Sussex Estates and Facilities Helpdesk. Electronic records should be deleted from IT equipment and servers and IT Services can help with batch deletion of large sets of data.

When paper records only include information that is already in the public domain, they can be disposed of using paper recycle bins.

How do I transfer records to the University's archive?

If records are no longer in active use, for example no longer required for current business or compliance needs, but have long term historical value, they should be transferred to the University's archive for permanent preservation. The University’s archive document the functions, organisation and activities of the University, and are used by staff, students, alumni, and the wider research community. Both paper and digital records are preserved, and records should be transferred in the format in which they were held when in use.

If records need to be sent to the University’s archive, the Collections team will provide a pro forma for completion which will ask for confirmation of details about the records, including their format and whether they are open, i.e., accessible to anyone, or closed, i.e., with access restricted – for either a specified time or indefinitely.

Please contact the University Collections team for further information.

Where can I find more information about managing research data?

The University maintains a dedicated page of guidance on the storage, curation, preservation, and provision of research data that can be accessed on the webpage Research data management.

Records management and the Freedom of Information Act 2000

The Freedom of Information Act 2000 (FOIA) is a law that gives everyone a general right of access to information held by certain bodies including the University, e.g. in paper and electronic files, emails, audio and video recordings, photographs and brochures.

The University is required to ‘provide advice and assistance’ to people who have or propose to make requests for information and to provide individuals with a ‘general right of access’, on written request, to information held by the University.

Good records management ensures that the University meets FOIA compliance obligations and information is protected appropriately. Good records management helps staff quickly locate the right information which in turn supports the process of responding to requests for information and meeting the statutory timescales for doing so.

Records management and data protection

The University has a duty to comply with the principles and requirements of Data Protection legislation when processing personal data. Failure to do so could have significant financial, regulatory and reputational impacts for the University.

Data protection legislation gives individuals a number of rights in relation to their personal data including:

  • The right to access: individuals have a right to access their personal data held by the University;
  • The right to rectification: Individuals have a right to ask the University to rectify any inaccuracies in the personal data held about them or, if the personal data is incomplete, to ensure that the data is completed;
  • The right to erasure: Individuals have a right to ask the University to have personal data erased, also known as the right to be forgotten. The right is not an absolute one and only applies in certain circumstances.

Good records management ensures that the University is able to comply with individuals’ rights and also meets Data Protection legislation compliance obligations when it comes to

  • having an overview of any processing activities that occur at the University, including the repositories that hold personal data;
  • understanding where and when data is shared with third parties, and whether that is covered by contractual or data sharing arrangements;
  • having a broad understanding of privacy issues and where there is a need to conduct a Data Protection Impact Assessment (DPIA); and
  • understanding any processing issues with existing or new activities and identifying where there are any further compliance issues to address.

Good records management helps staff quickly locate the right information which in turn supports the process of responding to requests for information on time.

How can the Information Management team help you?

The Information Management team is happy to provide advice on all aspects of records management and implementing the Master Records Retention Schedule, and we can answer questions related to legal, administrative or archival retention requirements for particular records.

If you have any queries, or would like further advice about information and records management at the University, please contact the Information Management team.

 

Last updated 3 March 2023