Skip to content
contact us | home | accessibility


Google Custom Search
good practice and innovation
about us infoKits Tools & Techniques Publications Events
You are here: Home » infoKits » Records Management » Legal Compliance


Overview and Introduction
- What is a Record?
- What is Records Management?
- What is the Lifecycle of Information?
- What are Retention Periods?
- Why is Records Management Necessary Now?
- Legal and Regulatory Compliance
- Adopting a Records Management Programme
- Steps Towards Good Records Management
The Information Audit
- Why Do It and Where To Start?
- Objectives of the Information Audit
- A Health Warning
- The Relationship between Policy and Audit
- A Communication Strategy
- Information Gathering
- Electronic Records
- Good Housekeeping and Making Better Use of Investment
Functional Analysis
- Advantages and Disadvantages of Functional Classification
- A Practical Example
Records Retention Schedules
- Risk Assessment and Vital Records
- Disaster Recovery and Controlled Destruction
Implementation and Review
To Conclude
Sources of Further Information and Training






Legal Compliance

Legal Compliance is the main driver. The most important statutory areas are;

  • Freedom of Information Acts (2000 and 2002)

  • Data Protection (1998)

  • Health and Safety

  • Employment Law

  • Human Rights (2000)

  • Animal Welfare Acts And Regulation

  • Contractual Relationships

  • Environmental Information regulations

The JISC Study of the Records Lifecycle quotes 13 separate Acts of the UK Parliament, and over 30 Statutory Instruments of the UK Parliament in compiling its list of recommended retention periods for records of UK FE and HE institutions. To this must be added all statutes which do not give specific guidance on records retention but operate from a series of general principles.

The most important of these are:

The Freedom of Information Act 2000 and the Freedom of Information (Scotland) Act 2002

These two acts, which are in most respects similar give every member of the public the right of access to information held by every public authority in the UK, subject to a number of specific and limited exceptions. They are the direct result of the government commitment to transparency and open government. The Acts have two requirements:

  • That all public authorities maintain a publication scheme which is approved by the Information Commissioner, and details the information which the authorities will publish as a matter of course.

  • After 1 January 2005 anyone may request information from a Public Authority, has the right to know whether or not the information is held by the authority and normally will have the right to have access to it.

A full text may be found at Freedom of Information Act 2000

A briefing note by JISC can be found at Freedom of Information Act 2000 : implementation & practice

A full text of the Scottish Act may be found at Freedom of Information (Scotland) Act 2002

A briefing note by JISC can be found at Freedom of Information (Scotland) Act 2002 : implementation and practice


Data Protection Act 1998

The Data Protection Act 1998 is primarily concerned with protecting the rights of individuals to their personal data. It also defines eight principles with which those controlling or processing data must comply Personal Data must be:

  • Processed lawfully and fairly

  • Obtained only for a specified purpose or purposes

  • Adequate, relevant, and not excessive for the specified purpose

  • Accurate and up to date

  • Only kept as long as is necessary

  • Processed with due consideration for the data subject's rights

  • Kept securely

  • Not transferred outside the European economic area

One reason why records management is vital to Data Protection is that since 1984 when the first act was passed the definition of what is to be included as personal data has been steadily enlarged. At first it applied only to data in computerised systems. The 1998 Act extended this to all personal data in 'structured' files. On 1 January 2005 this was extended to unstructured personal data as well.

Regulatory Compliance

Regulatory compliance is almost as important as legislative compliance. This is an important element in both good management and institutional efficiency. Elements include:

  • Funding

  • Teaching Quality Assessment

  • Research Quality

  • Financial Audit

  • Risk Management

  • Disaster Planning and Business Recovery
Bookmark and Share
Link to the JISC Website

© 2009 Northumbria University, on behalf of JISC Advance
JISC infoNet is a JISC Advance service
This website is powered by Plone

 JISC Advance logo
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)