Fife Council recognises that the information it holds is an important asset that must be controlled and protected. In recognition of this, the Security and Compliance Team was formed and has various policies and procedures that must be followed to keep the Council’s valuable information secure, controlled and protected.
Information Governance
Information Governance (IG) is a term for all the ways in which the Council manages its information. IG comprises three principal arms, each of which are of equal importance in ensuring that the Council does the right thing with information and is compliant with the relevant legislation and regulation. These are, in alphabetical order, data protection (DP), information security (IS) and records management (RM). Over the course of 2018, the Council will be moving to an integrated approach to offering staff straight-forward guidance on what they need to do when working with or handling information. This will be under the banner of IG.
Fife Council has a duty to protect the funds it administers and for this purpose we may use the information you have provided to assist in the prevention and detection of fraud.
Data matching involves comparing computer records held by one body against other computer records held by the same or another body to see how far they match. This is usually personal information. Computerised data matching allows potentially fraudulent claims and payments to be identified but the inclusion of personal data within a data matching exercise does not mean that any specific individual is under suspicion. Where a match is found it indicates that there may be an inconsistency that requires further investigation. No assumption can be made as to whether there is fraud, error or other explanation until an investigation is carried out. The exercise can also help bodies to ensure that their records are up-to-date.
Audit Scotland requires Fife Council to participate in data matching exercises to assist in the prevention and detection of fraud. We are required to provide particular sets of data to Audit Scotland for matching for each exercise, and these are set out in Audit Scotland’s instructions, National Fraud Initiative in Scotland 2014/15 – Instructions for participants, which can be found at Audit Scotland’s website.
The processing of data by Audit Scotland in the NFI data matching exercise is carried out under the powers in Part 2A of the Public Finance and Accountability (Scotland) Act 2000. It does not require the consent of the individuals concerned under the Data Protection Act 1998.
Records Management involves the maintenance, retention and disposal of records in compliance with good practice and relevant legislation (including freedom of information and data protection).
A Fife Council record is defined as information that has been created or received by the Council, either in the course of its business, or in order to provide evidence of its activities. It is important that records are retained for certain time periods for legal or business reasons.
Records can be held on a range of media, including text, sound, image, and / or paper. For example records may include items such as hand-written notes; emails and correspondence; plans; photographs; videos; and tape-recordings of telephone conversations. Increasingly records are being kept on electronic record and document management systems, for example SharePoint.
What's the difference between document and records management?
The goal of document management is efficiency. The goal of records management is compliance.
Document Management
Document management involves the day-to-day capture, storage, modification and sharing of physical and / or digital files within an organisation.
Activities include:
- Reducing the number of lost or misfiled documents
- Providing faster search and retrieval of documents.
Helping to better organise existing documents - Improving general work processes and organisational efficiency
- Reducing the amount of physical space used to store documents, such as file cabinets, boxes and shelving.
Records Management
Records management establishes policies and standards for maintaining diverse types of records.
Activities include:
- Maintaining a records inventory of records held
- Applying required retention periods to stored items
- Identifying the owner (data custodian) for each record series
- Determining that a chain of custody and a proper audit trail both exist
- Applying legal holds to records where required
- Managing disposition (disposal of documents)
- Developing and implementing records policies and procedures - for both paper and electronic records
- Preserving records throughout their life cycle
The introduction of the Public Records (Scotland) Act 2011 places requirements on Fife Council to significantly improve the management of its public records. The Act requires us to prepare and implement a Records Management Plan which sets out our arrangements for the management of our records. See the publications below for more details.
Publications