If the outcome of the questions you have asked above is that you should probably keep a piece of information, the next obvious question is 'how long should we keep it for?'
In the last five years, under the pressures of Freedom of Information and Data Protection, great efforts have been made in the public sector to establish standardised lists of retention periods for particular classes of records which have been generated during the course of day-to-day business.
These retention periods are often based on the length of time such information is required to be kept for legal reasons as stated in specific Acts of Parliament or Statutory Instruments. These periods will usually have a specific ‘trigger’ which is used to calculate the starting point of the retention period (eg termination of contract, year of creation etc).
These periods represent the minimum amount of time such information should be kept. It does not necessarily mean that you must or even should destroy them after that amount of time, simply that you can. There may still be operational or historical reasons why you may decide to retain the information and it is often a question of assessing the likely risks involved.
It is likely that your institution has or is working on its own corporate retention schedule and you are strongly advised to confirm whether this is the case, and to follow its guidance before undertaking any activity in this area.
Many of these institutional retention schedules will be based on work undertaken by us to produce a generic records retention schedule for both further education institutions and higher education institutions. These are designed to work alongside the Business Classification Schemes mentioned in the chapter on 'Creating information.'
The information request register is a downloadable and customisable tool designed to help organisations to log and track information on the requests for information they receive under either the Freedom of Information Act (FoIA), or FoISA for Scottish organisations, Data Protection Act (DPA) or Environmental Information Regulations (EIR).
By using it organisations will automatically capture the data required as part of the annual information legislation and management survey – though it is entirely voluntary whether organisations wish to submit data in this way, or wish to keep its use for internal purposes only.
The Scottish version has been expanded for 2014 to collect the data required by the Scottish Information Commissioner’s (SIC) Office and can help organisations with collating data to meet the recently introduced requirement on organisations to submit quarterly statistics.