Policy paper

Records management and retention and disposal policy

Updated 30 December 2019

Introduction

HMRC is committed to the efficient management of our records for the effective delivery of our services, to document our principal activities and to maintain the corporate memory. The benefits of effective records management are:

• protecting our personal data and business-critical records and improving business resilience
• ensuring our information can be found and retrieved quickly and efficiently
• complying with legal and regulatory requirements
• reducing risk for litigation, audit, and government investigations
• minimising storage requirements and reducing costs

Purpose

The principles outlined in this policy have been developed to provide a consistent approach to managing records throughout their whole lifecycle and regardless of its format.

The policy is aligned with the Lord Chancellor’s Code of Practice on the management of records issued under section 46 of the Freedom of Information Act 2000 and the 7 information management principles agreed across government for management of information. The department is obliged to meet the legal requirements for the retention and disposal of records in accordance with relevant legislation, particularly the Public Records Act 1958 (PRA 1958), the Freedom of Information Act 2000 (FOIA 2000), the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulation (GDPR).

Scope

A record can be defined as ‘information created, received, and maintained as evidence and information by an organisation or person, in pursuance of legal obligations or in the transaction of business.

You can read about legislation that relates to, or affects archives, records management or public sector information on The National Archives website.

This policy applies to digital and paper records managed within HMRC and to records that third parties manage on behalf of HMRC. It applies from when records are first created or received by the department until they are disposed of, either by destruction or selected for permanent preservation to The National Archives (TNA) and other places of deposit.

Policy statement

Records and information management

Information created or acquired on behalf of HMRC belongs to the department and must be reviewed and disposed of routinely and in accordance with Retention and Disposal Schedules and supporting guidance on reviewing records. These records should have designated owners throughout their lifecycle, whether that is named individuals or nominated business areas.

Records and information must be stored and handled in accordance with the requirements of the Government Security Classification System and related security, information and disclosure policies and guidance. Intranet governance is specified in the Corporate Comms CMS Governance Policy and Intranet CMS Help Directory.

Digital continuity must be considered for the systems and formats that are used to store digital records. Guidance about managing digital continuity is available on the TNA website. Paper and digital records must be supported by metadata that documents their authority, status, structure, and integrity to demonstrate their administrative context and relationship with other records.

All records must be traceable and retrievable. Paper file movements and movements of data must be tracked, including for files migrated into or out of the department through machinery of government changes. More information about Machinery of government change can be found on the TNA website.

Records must be stored in environmental conditions that protect them from deterioration. Refer to TNA guidance Requirements for an offsite store for more information.

Retention and disposal

Information held for longer than is necessary carries additional risk and cost. Records and information should only be retained when there is a business need to do so. Under UK GDPR and the DPA 2018 personal data processed by HMRC must not be retained for longer than is necessary for its lawful purpose.

The default standard retention period for HMRC records is 6 years plus current, otherwise known as 6 years + 1. This is defined as 6 years after the last entry in a record followed by first review and/or destruction to be carried out in the additional current (+1) accounting year. Whilst this default retention period applies to the vast majority of our records, it does not apply to all records. Some records are required to be retained by law, for longer or shorter retention periods.

Records must only be retained beyond the default HMRC retention period if their retention can be justified for statutory, regulatory, legal or security reasons or for their historic value. The disposal periods for records retained for extended duration must be included business area retention and disposal schedules.

Specific retention and disposal responsibilities

HMRC will identify, appraise, and select records identified as having historic value, and if applicable, arrange for the HMRC Departmental Records Officer (DRO) to transfer the records to TNA at 20 years + 1 or earlier. Historic records can be transferred earlier by agreement of all parties affected by the decision. Records with historic value, retained beyond the 20 year + 1 will be with Lord Chancellor authorisation.

Data processing, storage and destruction of records can be undertaken by third parties contracted for those purposes, provided that it is compliant with UK GDPR/DPA 2018 and departmental Offshoring policy. All parties must agree on who owns the data, what data is shared, levels of information security, who should have access, and what the disposal arrangements are (such as destruction or return of data).

Processes must be in place to ensure that records pending audit, litigation or investigation are not destroyed.

Records that are closed records and within their retention period should not be altered or tampered with and should continue to be available for accountability, research, or re-use until either on site storage or in an offsite approved storage facility until they are reviewed, and either destroyed, or transferred to TNA.

Records must be securely destroyed in accordance with departmental security policy. Processes must be in place to ensure that all backups and copies are included in the destruction of records, or that data is put beyond use.

Retention requirements for personal data

GDPR Article 5(1)(e) about storage limitation specifies that personal data shall be kept for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as it will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of GDPR.

HMRC’s lawful basis for processing personal data is set out in our Privacy Notice.

Personal data must be periodically reviewed in accordance with HMRC’s retention schedules and if it is no longer needed, it should be deleted or anonymised as appropriate. Anonymised data is not subject to GDPR or the Data Protection Act 2018.

Any challenges to the retention of personal data must be considered in accordance with GDPR Article 17 (Right to erasure), or the equivalent sections in the DPA 2018 if the processing is for law enforcement purposes. The right to erasure does not apply where we are legally obliged to process personal data or where the processing is necessary for performing our functions.

Where HMRC would be required to erase personal data, but the personal data must be maintained as evidence for legal purposes or for reasons of important public interest, HMRC must (instead of erasing the personal data) restrict its processing.

Appraising records for National Archives

HMRC will perform regular appraisals to understand which records are likely to have wider historical value and should therefore be kept indefinitely. Appraisal reports should be used to identify groups or series of key departmental records which are required for ongoing administrative, legal, or fiscal purposes. The report will act as the basis for appraising records that have short, medium and long term value and for developing detailed line of business retention and disposal schedules. It will enable HMRC to identify records to be transferred to TNA for permanent preservation. The DRO can provide help and assistance in developing these.

Staff should refer to the HMRC Key Events List to help identify appropriate records for permanent preservation. The TNA Records Collection Policy and HMRC Records Collection Policy sets out an overview of the types of records which are or are not collected from public bodies. TNA Operational Selection Policies are guides about selecting records according to government function and type of activity or record.

Roles and Responsibilities

HMRC Departmental Records Officer (DRO)

All information created in government is managed through the provisions of the Public Records Act and related legislation and this mandatory role leads on departmental compliance with the Public Records Act.

In HMRC, the DRO champions a culture of good information management across the organisation. The role of the DRO is to ensure records are managed in accordance with regulatory requirements, records which require permanent preservation are selected for preservation and are transferred to the National Archives at the appropriate time.

The DRO has a clear reporting line to the Senior Information Risk Owner (SIRO).

The DRO maintains the department’s statutory relationship with TNA and the Advisory Council on National Records and Archives.

Senior Information Risk Owner (SIRO) and wider role of CDIO

The Chief Digital Information Officer (CDIO) occupies the position of SIRO. The role of the SIRO is to take ownership of HMRC’s information risk, act as an advocate for information risk at board level and provide written advice to the Accounting Officer on the content of their annual governance statement of internal control regarding information risk. The SIRO owns the information incident management framework.

CDIO is also responsible for the data architecture, infrastructure, security, applications, and IT services. The CDIO, working with Business Area, has responsibility for the continued integrity of datasets, maintaining and enforcing application of policies and standards applicable to the system and scrutinising the system remaining alert, for example, to the creation of new dataset combinations which raise new challenges, around privacy concerns and data retention and disposal.

CDIO is also responsible for ensuring upgrades and maintenance do not result in an adverse impact on retention requirements. Similarly, requirements around record management and retention should be identified and agreed by programmes and projects prior to the design, development and, or implementation of a new process or system (see below).

Information Asset Owners (IAO) and other Process Owners

Within HMRC, Director Generals (DGs) (Process Owner Tier 0) are assigned specific responsibilities, as IAOs, in relation to management of all records created or acquired in their business areas. The IAO is a mandated role across government. The IAO role is to understand what information is held, what is added and what is removed, how information is moved, and who has access and why. As a result, they are able to understand and address risks to the information and ensure that information is fully used within the law for the public good. DGs will provide a written judgement of the security and use of their asset annually to support the audit process. The IAO responsibilities also include implementation of this policy and overall regulatory compliance.

In accordance with the requirements outlined in this policy, all Process Owners are responsible for:

• keeping up to date and complying with the regulatory framework outlined under Purpose

• maintaining and publishing their own record retention and disposal schedules for all the records that they acquire and create

• continually reviewing these records in accordance with HMRC and their own Retention Schedules and delete, anonymise, or restrict processing as appropriate in accordance with this policy

• identifying, appraising, and selecting records with historic value, and if applicable, arrange for the HMRC DRO to transfer the records to TNA. This includes maintaining appraisal reports to understand which records are likely to have wider historical value and should therefore be kept indefinitely

• developing their own assurance programmes to ensure that the core principles in this policy are being complied with. Register/appraisal reports, retention policies and retention and disposal schedules should be reviewed by line managers on an annual basis and evidence should be retained for future reviews

• auditing and monitoring the secure disposal of their own records as well as those of any third parties that share or produce records on their behalf. This includes maintaining an audit trail of their review, destruction, and disposal decisions

• ensuring their areas of responsibility provide an appropriate level of commitment and resource to assist and facilitate the department in competently responding to appropriate external third-party audit or assessment programmes including those by Her Majesty’s Inspector of Constabulary (HMIC), Information Commissioner’s Office (ICO) and the TNA Information Management Assessment (IMA) Programme

All staff responsibilities

In accordance with this policy, staff are responsible for managing, storing appropriately, and disposing of the information they create and receive as part of their normal daily business activities, including emails and working documents on personal drives, such as OneDrive.

Under the Civil Service Code all staff are responsible for keeping accurate public records and handling information as openly as possible within the legal framework for the Public Records Act and Section 46 Code of Records Management Practice. Staff should also refer to the Records and Information Management Protocol and the Information Management Strategy.

Appraising records is a responsibility of all business areas and is primarily focused on identifying key departmental records which are needed for ongoing administrative, legal, or fiscal purposes. Understanding the value of such collections will:

• assist efficient and effective administration
• enable decision making and policy development based on current information
• allow organisations to be accountable in terms of the management of resources, as well as legal and financial scrutiny

Appraisal should also help HMRC business areas understand which records are likely to have wider historical value and should therefore be kept indefinitely. The HMRC Records Collection Policy describes which records are likely to hold this kind of value, and therefore need to be managed in a way that ensures long term survival.

Other responsibilities

The Estates Directorate will support Process Owners by managing HMRC’s outsourced paper records centres.

Public requests for HMRC information must be actioned by Process Owners in accordance with relevant legislation.

Evaluation, monitoring and measurement

The DRO is responsible for providing an annual Information and Records Management progress report to HMRC’s Executive Committee (ExCom). This forms part of our commitment to meet our requirements for ExCom oversight; and compliance with this process is assessed as part of the annual Departmental Security Health Check assessment.

All staff, including contractors should be made aware of this Policy, the associated departmental Records Management induction training, and local/DRO Records Management guidance.

Review

This policy will be formally reviewed at least every 3 years by the Departmental Records Officer to ensure that any national or local guidelines, standards or best practice that have been issued and that HMRC needs to work to, are reflected in a timely manner.