Sent: 21 January 2025
Due: 18 February 2025
Received: 19 February 2025
FS-Case-680466369
Comment: The Highland Council only sent the Records Management Plan submission that was sent to the Keeper but, it was missing 3 appendices. Missing was as follows:
Appendix 3: Extract from minutes of Information Governance Board on 19 January 2023 requesting approval for Records Management Plan.
Appendix 17: Highland Council Business Classification Scheme.
Appendix 47: Register of Highland Council Vital Records.
Comments on Requests Not Responded to below:
#2 - This was responded to in another FOI request here.
#5 - The Highland Council do not maintain a Record of Processing Activities (RoPA) despite it being mandatory to do so under Article 30(1) GDPR.
#6 - The Highland Council do not keep a search log for SAR requests.
#7 - They do not use e-Discovery as a matter of course for conducting searches for data. Their records management is poor which makes conducting searches onerous but, this is a failing of their obligations to implement appropriate technical & organisational measures - Article 24 & 25 GDPR.
19 February 2025
Original FOI request: Records Management Plan & Related
Please supply the following information:
1. Full submission of the RMP made by the Highland Council and Highland Licensing Board to the Keeper of the NRS for assessment and agreement for which the Keeper's assessment of that submission was published in May 2024.
2. Latest versions of all Highland Council's Corporate Retention Schedules.
3. All internal policies and information from the Council's Information Management Portal related to the following from the Records Management Policy:
"The Information Management Portal details the roles and responsibilities of staff who manage Council information. It provides specific and useful information on managing records, managing emails, working securely; and exploiting the use of SharePoint, OneDrive and MS Teams in order to carry this out effectively. Emphasis is placed on the importance of managing and protecting the information used in their work, particularly for those staff handling personal and sensitive information."
4. Details about the Council's Information Management eLearning package, including:
- The name and provider of the eLearning software or platform used for Information Management and Data Protection training.
- Any available course outlines or modules related to Information Management, GDPR, and Data Protection.
5. Copy of the Council's ROPA with regard to Article 30 GDPR.
6. Copy of the Council's SAR request log template.
7. Internal policy & procedure for authorising and conducting tenant wide content searches in M365 eDiscovery for responding to FOI/EIR and SAR requests.
Please see the attached documents and we hope this answers your request.
👉 [DOWNLOAD Attached Document]
Under Section 20 of Freedom of Information (Scotland) Act, you have the right to request that the Highland Council reviews any aspect of how it has dealt with your request. This requirement for review should be requested to the Freedom of Information Officer, Chief Executive’s Office, Glenurquhart Road, Inverness IV3 5NX, or dpo@highland.gov.uk, within 40 working days of receipt of this response. The request should include details of the information requested and the aspects of the Highland Council’s response which you are not satisfied with.
If you are subsequently dissatisfied with the outcome of the Council's review, you have the right to appeal to the Scottish Information Commissioner under Section 47 of the Freedom of Information (Scotland) Act, within six months of receiving the Council's review response.
Yours sincerely
Rachel
Customer Services Officer, Customer Resolution & Improvement Team
Send an FOI request to the Highland Council here.