My records being up to date has potentially saved my life.

Under the Data Protection Act 1998, organisations are required to keep the information they hold about you, up to date, accurate and relevant and but also not excessively however, at times organisations need your help to do this. An example of this is your General Practitioner (GP)/ Local Surgery. A local surgery is required to retain your records for the life of the registered person plus ten years, which means the records could exist for some time[1].

Some would say that why do I need to keep my records up to date at my GP’s? I’m very rarely ill and whatever medication I need I can get over the counter. So what’s the point in keeping in contact with your GP? What happens if they need to get in contact with you instead? Or why would they need to contact you?

Cervical Cancer Screenings. That’s why. I make no apology to any readers of this blog, because it’s an important subject and if you’re male and think this doesn’t apply to you consider the women in your life that need to be told. I wrote this blog because this week (22nd-28th January 2017) is cervical cancer awareness week but it’s also Data Protection Day today (28th January 2017)

The facts:

  • Every day in the UK 9 women are diagnosed with cervical cancer
  • 3 women lose their lives from the disease every day
  • Cervical cancer is the most common cancer in women aged 35
  • 75% of cervical cancers are prevented by cervical screening (smear tests)
  • However 1 in 4 women do not attend this potentially life-saving test

To be invited for cervical screening in the UK you need to be registered with a GP, who needs to have your current address on file. The NHS ‘call and recall’ system invites all women who are eligible for screening and registered with a GP. This system also keeps track of any follow-up investigations and, if all is well, recalls you for screening at the appropriate time for you – either three or five years depending on your age. It is important that you make sure to update your GP with any changes of circumstance or address.

Across the whole of the UK women are invited for cervical screening between the ages of 25 and 64. Women aged 25–49 are invited every three years and women aged 50–64 are invited every five years. If you are eligible and have not received an invitation to attend cervical screening then you should contact your GP[2].

Just this week I had a pre-cancer cell removal operation done, and as I’ve moved around quite a bit the last year with my career, it makes me very glad that I have updated my records with my GP so they had the chance to tell me that my smear was due because if I hadn’t, then I might have forgotten all about the need to go get checked out and in this instance, it has probably saved my life.

Before it’s too late, keep your records up to date.

For more information on cervical screening, you can go to Jo’s Cervical Cancer Trust Website here:



[1] Accessed 28th January 2017

[2] Accessed 28th January 2017

Posted in records management | Tagged , , , , , , , , | Leave a comment

Oh it’s fine…we can just scan it!

I’m a scanning enthusiast. I hate paper; paper hates me, demonstrable by my current amount of paper cuts.  However, scanning is not the answer to all your problems.  It’s a short term fix to a long term problem unless it’s thoroughly thought out and planned appropriately.

Top 3 reasons organisations scan as a rash decision:-

  • We need to be paperless
  • We need to rationalise property
  • We have extra money floating around

But rash decisions are not the way to conduct scanning.  Fail to prepare; prepare to fail.  Think it through, scanning is not cheap and you could be chucking your money out the window along with really useful evidence too if you don’t do it correctly.

But how do I do it correctly I hear you ask? 

You need to consider how that paper is being generated.  You can go paperless today, but consider about tomorrow.  You can scan it but that won’t stop paper being created but equally scanning the records doesn’t mean the process is over then and there because scanning paper records does not automatically authorise the destruction of the source documents from which the scanned images have been created. The electronic record can legally take the place of the paper document; which can then be destroyed but you may need to consider whether it should be scanned in line with BS 10008:2014 or not because if it should and you don’t, you may risk records being thrown out as evidence in court.

Like all electronic records; scanned files must be accessible and readable for their full retention period.  This includes finding the file, opening the file, and reading the file regardless of the software used in its creation. Before destroying the records each scanned document image/file must be inspected visually to ensure they are complete (the entire document has been captured), clear and easily read but on the other end of the spectrum, the scanned records must be able to be purged and deleted especially if you are scanning personal data as PDFs you cannot purge will land you in hot water with the 5th Principle of the Data Protection Act or the Storage Limitation Principle of GDPR.

Some questions you need to be asking yourself before scanning:

What about the people that create the paper? Who accesses that information? How regularly is it used? Do you need immediate access to it? Is your senior management bought into the paperless idea?   Where are you going to put the scanned images?  Can you search the scanned images once they stored? Are they PDF searchable? What meta data is there?   Is it going into an EDRMS that is fully managed? Do you have an infrastructure than store the images without it toppling over?  How are you scanning them?  Are you scanning them to BS1008:2014 standard?  Do you need to scan them to the standard? How business critical are those records? Do the need to be protected?  Can everyone see them or is there confidential information stored within?  Do you need those records?  Are they out of their retention period? How long do you need to keep them?  Do you need to keep them by law? If they are less than 5 years’ retention, is it worth spending the money on them being scanned? If the retention period is over 10 years, what processes do you have in place for digital preservation and continuity? What value do they hold to your organisation?  Is there a return on investment? Will your local archive want those files?  Who owns those records?   Who owns the risk if something goes wrong?  Can you change the process so that paper is no longer created? Do you need to factor in a budget for day-forward scanning so where paper is created; it too can be scanned, daily?

If you’ve satisfied the above questions, then I’d say you’re pretty ready to scan the records. However, make sure that the answers to the questions are done with some thought and consider the risks that are involved with each and every step. Also consider if the process goes wrong and those records aren’t available any more what will you do? You might have gone paperless, used up the spare money or emptied that property but you can’t put a price on defending yourself when you don’t have the records to hand when you need them.

Emily Overton of RMGirl Consulting is available to discuss any elements in this blog post and how to effectively implement a paperless environment.   You can contact her on 

Posted in records management, scanning | Tagged , , , , , , | Leave a comment

Calling all new information professionals!

Are you in the first three years of a career in information and records management? Whether you’re a current student or recently qualified, employed or self-employed we want to hear from you… there’s no age limit, and there’s a fantastic prize on offer!

Kindly sponsored by renowned IRM expert Alison North for an eighth year running, the IRMS New Professionals Award recognises the thoughts and observations, insight and expertise of those who have recently joined the profession.

Ours is an increasingly-diverse and rapidly-evolving industry, and it’s easy for those with less experience to feel overawed. This award demonstrates the value the IRMS puts on the fresh perspectives that those who are just starting out in the sector can bring.

And one of the best ways to share and develop that wisdom with like-minded folks is by attending the IRMS Conference – an annual gathering of 400 information professionals in fantastic venues across the country, expertly organised by our partners Revolution Events.

So whatever your line of study or work, and whatever you want to write about – personal experiences, contemporary issues, the state of the profession, or your vision of the future – just submit a written piece of 1500-2000 words to 31 December 2016, and you could be the winner of a fully-paid place at #IRMS17 in Glasgow!

Want to book for Conference early? That’s a great idea – discounted Early Bird rates are available via until 31 December – and don’t worry, we offer an alternative prize of equivalent cash to spend on your professional development. Not only that, there are prizes for up to 2 runners-up as well.

So get your thinking cap on… if you need some inspiration, why not check out the previous winners’ articles on the IRMS website? Good luck!

Posted in records management | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Records Management and Compliance: The bigger picture & the risk mitigation.

Following the ICO Records Management for Public Sector webinar, RMGirl has offered to provide some additional information that may assist the Public Sector in complying with information rights law.

Records Management (RM) is not just about compliance with the law and making sure that a filing cabinet isn’t left in a building that’s been emptied, or about reporting yourself to the ICO for a breach; it’s about knowing what you’ve got, why you’ve got it and how long you need to keep it. RM is also about maintaining the corporate memory of an organisation for historical purposes but also for litigation and financial investigations. RM covers the management of your records from creation through to destruction and everything in between. Poor knowledge of the information you hold leads to Information Governance failures which leads to ICO action.

To avoid a sticky mess ending in self-reporting an incident or worse, finding out about your incident from someone else, there are several things you can do to reduce the risk of A) ending up with an incident or B) not being able to learn from it because you have no record of what happened. RMGirl’s top 10 tips of things you can do include:

1. Get Senior Management buy-in

  • Engage with your SIRO or your Caldicott Guardian. After all, they are accountable for managing RM risks.
  • If you are finding it difficult to demonstrate what and where the risks are; it’s worth considering asking the ICO for help through a voluntary audit.

2. Risk escalation

  • Find out where RM strategy and tasks sit within your organisation
  • Get RM on your risk register with action plans and action owners

3. Hire a Records Manager

  • RM is easier to propel when you have someone who knows how.

4. Make friends with your IT team

  • Find out how your EPR / ECM / EDRM / all systems work and where your information is stored.

5. Nominate RM co-ordinators or champions

  • In a large organisation 1 Records Manager cannot manage every single service, they will need the help of people who know their service inside out.
  • Highlight the people in your organisation who want to make a change
  • Invite the Heads of Service to assist

6. Write an Information and Records Management Policy

  • Organisations need policies, to make it clear what is expected of people and to provide a way to hold them to account
  • Policies should be written in plain English and be as easy as possible to understand and follow
  • You need a foundation to build your RM empire on, you can’t build awesome turrets if there is a huge puddle in your basement.

7. Write an up-to-date retention schedule

  • NHS Code of Practice has had an overhaul – check your guidance is up to date. If you’re not in the NHS, use the corporate retention periods as a starting point.
  • Join professional networking groups, make contacts with other Records Managers who have already forged ahead with retention schedules.
  • Bear in mind the IICSA enquiry by Alexis Jay before destruction and review your records before you destroy them. Personal data which falls under the IICSA enquiry has a moratorium on destruction and therefore doesn’t not put you in breach of the DPA until that moratorium is lifted.

8. Offsite Storage / Properties with Lofts and Basements

  • Find out what’s in storage! How many boxes of records do you actually have? What valuable information is sitting in those boxes that could be put to use? Or is putting you at risk of breaching the 5th Data Protection principle?
  • Find out how many properties you own and when their lease dates are up for renewal along with whether they have any non-standard storage.

9. Training

  • Everyone needs training, even for the basics – it never hurts to have a reminder.
  • Utilise your intranet. Populate it with quick guides on specific subjects or with FAQs.
  • Get in on your induction programme
  • Find out where volunteers or bank/temporary staff enter the organisation so they aren’t missed.
  • Put a business case forward for end of year money to back train all staff who’ve been in the organisation for years such as using a staff handbook and delivering it to staff with their payslips (been there, done it, super effective!)
  • Become a member of professional body (e.g. – they offer discounts with training providers, some of which don’t need the staff to leave their desk.

10. Change Management

  • Bring staff with you. Lead them into change.
  • Train the managers with their secretaries or teams, so they all hear the same message
  • Relate the training content back to risks that they are familiar with in their daily environment (e.g. Clinical risk)
  • Implement new stuff into the organisation with their involvement – give them a chance to contribute.
  • Make their life easier. If it’s quicker and easier to do than what they were doing before, it will have a bigger success rate.

Other than the resource to fulfil the above tips or such as hiring a Records Manager, the above is FREE. That’s not something you hear very often! Yes! FREE and every single one of those top tips can help reduce the risk of non-compliance with DPA and FOI but also assist you in the bigger picture of maintaining and managing your organisations corporate memory and having defensible disposition.

Emily Overton (RMGirl) is currently an Information and Records Manager for Central Government and Director for the Information and Records Management Society with a decade experience in the field, however, the views, opinions and advice are not on behalf of either organisation but that of her own persona and business as RMGirl. Emily can be contacted on or via twitter on @rmgirluk

Posted in compliance | Tagged , , , , , , , , , | Leave a comment