HMPPS information management policy framework
Information management responsibilities of those who manage HMPPS information.
Applies to England and Wales
Documents
Details
This policy sets out HMPPS’s information management principles and our peoples’ responsibilities and is one of the policies for which the Departmental Records Officer (DRO) is responsible.
It should be read in conjunction with HMPPS Records Management handbook and the Records, Retention and Disposition Schedule (RRDS). It should also be read in conjunction with the Government Security Classifications policy. The information risk policy and the Government Security Classifications policy can be found at Government Security Classifications - GOV.UK. This policy applies to all staff employed by the HMPPS, to contractors and agency staff, and third-party suppliers who manage information on behalf of HMPPS.
It also ensures we meet our legal obligations with respect to managing information and data including the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), the Data Protection Act 2018, the UK General Data Protection Regulations (DPA) and the Public Records Act 1958. Section 46 of the FOIA, the Code provides guidance ‘to all relevant authorities as to the practice which they should follow in connection with the keeping, management and destruction of their records.’
This policy should be read by all staff, particularly those responsible for handling and managing HMPPS information such as Local Information Managers (LIM), Regional Information Security and Assurance Leads (RISALs) and Head of Business Assurance (HoBA).
Governors, Directors and Deputy Directors of Probation and Heads of Group must ensure that all staff, particularly those responsible for handling and managing HMPPS information LIMs, RISALs and HoBA are familiar with the content of this policy and understand the mandatory actions set out.