Records Retention and Disposal Schedule
Information Management
Version control
Version Author
Policy Approved By
Approval Date
Publication Date Review Due
V 1.0
Information Governance Unit
Philip Jones, Head of
Information Governance
03/04/2012
April 2012
March 2013
Information Rights
Staffordshire County Council asserts its right to be identified as the author of this Retention Policy and Schedule, and a statement to this
effect must be clearly displayed when reproducing all or any part this document.
Disclaimer
This Policy and Schedule reflect the record keeping requirements of Staffordshire County Council. Staffordshire County Council accepts
no liability if this Retention Schedule is used by individuals or organisations outside of the Authority.
Understanding Retention and Disposal Schedules
Business Classification:
Describes the business functions, activities and processes that records support
Scope Notes: Further
define the business function, activity or process that records support
Disposal Action:
Specifies disposal action following end of retention period
Authority: Identifies
the legal, regulatory or business reasons that records need to be created, received and kept (even if
requirements are not explicitly stated)
Retention Trigger / Closure Procedure:
Defines the event that triggers the start of the retention period and/or closure procedure
Retention Period:
Specifies the length of time records must be kept following the retention trigger event
Contents
Business Classification
Page
Corporate Governance
1
Information Management
1
Information Access Management
1
Access to Information Compliance Audit
1
Data Controller Notification
1
Copyright Administration
1
Public Sector Information Reuse Management
1
Data Sharing Protocol Development
1
Publication Scheme Maintenance
1
Information Security Management
1
Information Security Compliance Audit
1
Incident Response & Investigation
1
Records Management Programme Implementation
1
Records Management Compliance Audit
1
Classification Scheme Development & Maintenance
2
EDRMS Specification & Configuration
2
Re-organisation Rationalisation & Closure Planning Support
2
Retention Schedule Development & Maintenance
2
Records Storage Management
2
Disposal Processing
2
Records Migration
2
Retrieval Requests Processing
2
Transfer Processing
2
Surveillance Management
2
Investigatory Powers Regulation Monitoring
2
Business Classification Scope Notes Retention Trigger (event triggering start of retention period) / Closure Procedure
Retention Period Disposal Action (following end of retention period)
Authority
Corporate Governance
Information Management
Information Access Management
Access to Information Compliance Audit Audit to ascertain compliance with access to information requirements Including: Privacy impact assessment
Close records at completion of audit
Retain records for 3 years after Date Closed
Destroy Data protection Act 1998
Data Controller Notification Notification data controllers to ICO Retention Period starts at Date Created
Retain records 6 years after Date Created
Destroy Limitation Act 1980, Data protection Act 1998 Copyright Administration Administration of copyright Excluding: Licensing Retention Period starts at
Date Created
Retain records 6 year after Date Created
Destroy Copyright, Designs & Patents Act 1988 Public Sector Information Reuse
Management
Management of public sector information reuse Close records when licence expires or terminated
Retain records 6 years after Date Created
Destroy Reuse of Public Sector Information Regulations 2005, Protection of Freedoms Bill Data Sharing Protocol Development Development negotiation & agreement of data
sharing protocols Excluding: Formal legal agreements & contracts
Close records when superseded or terminated
Retain records 6 years after Date Created
Destroy Data protection Act 1998, Data Sharing Code of Practice 2011 Publication Scheme Maintenance Maintenance of scheme of published & publicly
available information
Close records when superseded
Retain records 6 years after Date Created
Destroy Limitation Act 1980, Freedom of Information Act 2000
Information Security
Management
Information Security Compliance Audit Audit to ascertain compliance with information security requirements
Close records at completion of audit
Retain records for 3 years after Date Closed
Destroy Data protection Act 1998 Incident Response & Investigation Response to & investigation of security breach
incidents Close records at conclusion of investigation, subsequent action, or resolution of incident
Retain records 6 years after Date Created
Destroy Limitation Act 1980, Computer Misuse Act 1990, Police & Criminal Evidence Act 1984
Records Management
Programme Implementation
Records Management Compliance Audit Audit to ascertain compliance with records management requirements
Close records at completion of audit
Retain records for 3 years after Date Closed
Destroy Lord Chancellor's Code of Practice issued under s. 46 of Freedom of Information Act 2000
Management of Information Assets Including: Information access management, Information security management, records management programme implementation, records storage & surveillance management Excluding: Strategic planning, policy & standards development, communications management, training provision, enquiries management & statutory complaints management
Development & implementation of records management programme
Management of Information access Including: Publication scheme maintenance, compliance audit, privacy impact assessment, data controller notification, information rights management, copyright administration, reuse of public sector information, development of data sharing protocols Excluding: Enquiries management & statutory complaints management
Management of information security Including: Incident response & investigation, compliance audit & Information Asset Register maintenance
Business Classification Scope Notes Retention Trigger (event triggering start of retention period) / Closure Procedure
Retention Period Disposal Action (following end of retention period)
Authority
Classification Scheme Development & Maintenance
Development & maintenance of classification scheme(s) Including: Structuring & organisation of records & information systems
Close records when superseded
Retain records 1 year after Date Closed
Destroy Lord Chancellor's Code of Practice issued under s. 46 of Freedom of Information Act 2000 EDRMS Specification & Configuration Development, review & configuration of records
management elements of electronic document & records management systems (EDRMS) Including: consultation Excluding: ICT systems design, development, integration & maintenance
Close records when implementation completed
Retain records 1 year after Date Closed
Destroy Business Need
Re-organisation Rationalisation & Closure Planning Support
Provision of records management planning & support required by re-organisation, rationalisation & closure of services & premises
Close records following completion of re-organisation,
rationalisation or closure
Retain records 1 year after Date Closed
Destroy Business need
Retention Schedule Development & Maintenance
Development & maintenance of records retention schedules
Close records when SCC no longer responsible for all functions contained within schedule
Retain records 0 years after Date Closed
Destroy Lord Chancellor's Code of Practice issued under s. 46 of Freedom of Information Act 2000
Records Storage Management
Disposal Processing Administration of records disposal processes Including: Identification of records due for disposal, review, disposal authorisation, transfer or
destruction
Close records following disposal of records to which destruction process documentation relates
Retain records 6 years after Date Created
Destroy Lord Chancellor's Code of Practice issued under s. 46 of Freedom of Information Act 2000 Records Migration Planning & implementation of records migration
between systems, storage & migration or conversion to alternative media or formats
Close records of migration when records destroyed
Retain records 0 years after Date Closed
Destroy Lord Chancellor's Code of Practice issued under s. 46 of Freedom of Information Act 2000 Retrieval Requests Processing Processing of requests to retrieve records from
storage
Close records following return of issued item(s)
Retain records 1 year after Date Closed
Destroy Business need Transfer Processing Transfer of physical records into off-site storage Close records when
records destroyed
Retain records 6 years after Date Created
Destroy Business Need
Surveillance Management
Investigatory Powers Regulation Monitoring
Monitoring of investigatory powers processes Including: Access to communications data, covert human surveillance & directed surveillance Excluding: Carrying out of investigations & surveillance activities
Retention Period starts at Date Created
Retain records for 6 years after Date Created
Destroy Limitation Act 1980, Regulation of
Investigatory Powers Act 2000 & Code of Practice
Management of surveillance Including: Management of access to communications data, covert human surveillance & directed surveillance
Management of records storage Including: Storage capacity management, record transfer processing, retrieval request processing & disposal processing