FOI Request - Retention and Disposal of Records
Request 101003548557
1. What policies exist within your organisation on the retention/disposal of paper records/electronic media and documents and their management by you? If possible, could you please provide a copy of the relevant documentation and policies that apply with respect to the above?
2. What policies exist in terms of the release of records/electronic media and documents over a period of time? and the impact of the release of such documents on individuals to whom they may have applied or their surviving relatives? is there a risk assessment or other process looked at before such documents and records are made public or released under FOI which may identify individuals such as former service users?
3. Do you maintain an archive Regarding your records and their management? How is this managed, and what policies exist on security and public access to your archives?
Could you please provide a copy of the relevant policies or documents regarding managing records?
4. Do you outsource the management of records? If so, to whom, and what assurances are you provided on integrity and data protection such as GDPR and secure management?
5. In the past 2 years, how many incidents of computer hacking or cyber intrusion have been detected within your organisation, what information was compromised, and what action was taken to protect the public information and data that may have been compromised or released by unauthorised third parties, please provide a brief summary of the incident and details of any lessons learned?
Response 07-05-2024
1. & 2. The Council's published Records Management Plan, specifically Element 5: Retention Schedules guidance, is published on the Moray Council website and is therefore exempt under section 25 of the Freedom of Information (Scotland) Act 2002 'information otherwise accessible'. For ease of reference a link to the web page can be found here:
http://www.moray.gov.uk/moray_standard/page_92812.html
3. As above, please see Element 7.
4. It is not outsourced.
5. Please see FOI Request - Cyber Security - 101003532070.
Further details will not be provided as they are exempt under the prevention or detection of crime (section 35(1)(a) exemption, as releasing such details may assist a future cyber attack.