Information Rights for Records Managers

Nov 2018 | 224pp

Price: £69.95
CILIP members price: £55.95

eBook (PDF)
How to buy eBooks turqoise_arrow

Share this page

Join our mailing list

Information Rights for Records Managers

Rachael Maguire

Records Managers have tended to find themselves given the responsibility for managing requests under the Freedom of Information (FOI) and Data Protection Acts (DPA), without necessarily having training and/or an academic background in legal studies. This book aims to fill this knowledge gap by offering a fully up to date, accessible, comprehensive guide to information rights specifically for those without a legal background.

Information Rights for Records Managers aims to be as comprehensive as possible, including coverage of the new General Data Protection Regulations (GDPR),  so that the guidance practitioners can provide is as fully informed as possible. Content covered includes:

  • Responding to FOI requests, including exemptions, internal reviews and benchmarking
  • Coverage of DPA and GDPR regulations, where the differences lie and what the implications are for professionals operating under the acts
  • Personal data requests and enquiries under GDPR
  • Working with the European Information Regulations (EIR) and where the differences lie with FOI
  • Discussion of the two strands of records management and information rights work and how the two interact in daily work
  • Practical case studies from a range of organisations and institutions to demonstrate practice.

The book will be useful reading for all professionals in the public and private sectors who have responsibility for information rights, particularly around FOI and DPA. Its introductory nature will also mean that it will be very useful students and new professionals seeking to increase their knowledge.


1 Introduction to information rights law

What is information rights law?
What else is available?
Who works in information rights law?
General access to information
Access to personal information
Access to environmental information

2 Freedom of information

Handling requests: the basic method
The right to information: section
Identifying a request: section
Logging the request
Determining who has the information and forwarding the
request to them
Requesting clarification and defining scope: section 16/15 duty
to advise and assist
Drafting the response and sign-off

3 Freedom of information exemptions

Refusing the request due to an exemption
Section 12, The cost limit
Section 21 (FoIA)/25 (FoISA), Information already available
Section 22 (FoIA)/27 (FoISA), Information due for publication
and research
Sections 23, 24, 25, 26 (FoIA)/section 31 (FoISA), Security bodies,
national security and defence
Section 27 (FoIA)/section 32 (FoISA), International relations
Section 28, Relations within the UK
Section 29, (FoIA)/section 33(2) (FoISA), The economy
Section 30 (FoIA)/section 34 (FoISA), Investigations and proceedings
conducted by a [Scottish] public authority
Section 31 (FoIA)/section 35 (FoISA), Law enforcement
Section 32 (FoIA)/section 37 (FoISA), Court records, etc.
Section 33 (FoIA)/section 40 (FoISA), Audit functions
Section 34, Parliamentary privilege
Section 35 (FoIA)/section 29 (FoISA), Formulation of government/
Scottish administration policy
Section 36, Prejudice to the effective conduct of public affairs
Section 37 (FoIA)/section 41(FoISA), Communications with Her
Majesty, etc. and Honours
Section 38 (FoIA)/section 39(1) (FoISA), Health and safety
Section 39 (FoIA)/section 39(2) (FoISA), Environmental information
Section 40 (FoIA)/section 38 (FoISA), Personal information
Section 41 (FoIA)/section 36(2) (FoISA), Information provided in
Section 42 (FoIA)/section 36(1) (FoISA), Legal professional privilege
Section 43 (FoIA)/section 33 (FoISA), Commercial interests
Section 44 (FoIA)/section 26 (FoISA), Prohibitions on disclosure
Section 14, Vexatious and repeated requests
Writing the refusal notice
Dealing with complaints and follow-up requests
Publication schemes and disclosure logs

4 Data protection: principles and main features

Regulations and Directives
Data protection main features
What is personal data?
The data protection principles
Previous principles turned articles
Conditions for processing/lawfulness of processing
Special categories of personal data
Data controllers, joint data controllers and data processors
Data controller responsibilities

5 Data protection: rights of data subjects

Recording requests
Subject access requests: what you have to provide
Subject access requests: scoping the request for copies of
personal data
Subject access requests: providing the response
Requests for rectification
Requests for deletion: the right to be forgotten
Right to restrict processing
Objections to processing
Requests for data portability
Automated processing and profiling

6 Data protection: internal enquiries

Privacy notices and consent forms
Data protection or privacy impact assessments
Transfers to other countries and within international organizations
Dealing with internal enquiries
Responding to the ICO

7 Environmental Information Regulations

Environmental information
Who is covered by the EIR?
Processing EIR requests
Verbal requests
Time to respond
Clarification, transfers and formats
Charging fees
Exceptions: EIR-speak for exemptions
Regulation 12(4)/10(4): the ‘administrative’ or class-based exceptions
Regulation 12(5)/10(5): the subject-based exceptions
Personal data and the EIR
Complaints about EIR requests

8 Other information-related laws

Access to medical records
Access to local government records
Re-use of Public Sector Information Regulations
Privacy and Electronic Communications Regulations and the
ePrivacy Regulation
Computer Misuse Act
Public Records Act and the Code of Practice for Records Management
INSPIRE Regulations

9 Fitting information and records management into
information rights work

Information and records management: is it necessary?
The section 46 FoIA/section 61 FoISA Code of Practice for Records
Disposal/retention schedules
Information asset registers
Fitting in records management around other tasks

10 Resources

Legal cases
Social media, blogs and listservs

Rachael Maguire is the Records Manager and Data Protection Officer at the London School of Economics, covering records management, data protection and freedom of information. She has been working in the fields of information management and information rights for two decades, mainly in the public sector. She has a Masters in Information Rights Law, is a Fellow of the Information and Records Management Society (IRMS) and on the Accreditation Sub Committee of the IRMS, as well as on the Editorial Board of the Records Management Journal.

More titles in this category >>