Information management - Records review, retention and disposal SOP (W1012)
1.0 Summary of changes
1.1 This joint procedure/SOP has been updated to include a new section 3.4.3 for the joint Essex Police and Kent Police HR Disposal Schedule.
1.2 Minor amendment to S 9.0 in August 2023 removing link to Records Management and Archived Storage (interim guidance).
2.0 What this procedure/SOP is about
2.1 This procedure/SOP explains the standards and processes which all users will adopt in order to achieve the principles set out in the policy in relation to the retention and disposal of records. Compliance with this procedure/SOP and any governing policy is mandatory.
3.0 Detail the procedure/SOP
3.1 Decisions about how long records should be retained are based on both an assessment of the statutory and regulatory requirements, and the business requirements as defined in policy and procedures.
3.2 Statutory or other regulatory requirements (e.g., Criminal Procedure and Investigations Act, 1996) may demand minimum retention periods, submission of records to an archive authority (e.g., Essex Record Office) or auditors for any necessary approval. Retention decisions should not be made intentionally to circumvent any rights of access.
3.3 Records that are no longer required should be destroyed or deleted as early as possible and in an authorised, systematic manner.
3.4 Each Information Asset Owner has identified the records they are required to retain together with any statutory, legal and corporate governance requirements that are relevant and the retention period. This information has been compiled into the following documents:
3.4.1 Essex Police:
W 1012 Records Retention and Disposal Schedule Policing
W 1012 Records Retention and Disposal Schedule Non-Policing
3.4.2 Kent Police:
NPCC Review, Retention and Disposal Schedule. Further information can be found in the inSite Records Management pages for relevant supporting material.
3.4.3 Joint Essex Police and Kent Police HR Disposal Schedule The collaborative HR disposal schedule is available in Policy L1 – Human Resources section 7.3
3.5 Amendments to either schedule must be approved by the Senior Information Risk Owner for each Force. Each IAO must also identify records that pertain to a pending or actual litigation case, investigation, or access to information requests.
3.6 Procedures governing the removal of records from operational systems should be applied on a systematic and routine basis, in the course of normal business activity. No record should be disposed of without the assurance that:
it is no longer required
no work is outstanding
no litigation, investigation or access to information request is current or pending
3.7 Action to dispose of a record will encompass:
immediate physical destruction, including overwriting and deletion
retention for a further period within the business unit
transfer to an appropriate storage area or medium under another IAO’s control
transfer to a central storage area managed on behalf of Essex Police or Kent Police by an independent provider
transfer to an external archive, for example the Essex Record Office
3.8 Records pertaining to pending or actual litigation, investigation or access requests should not be destroyed. In addition, material required for national review, whether this is Public Enquiry, Home Office led, or other, should also be retained. It is the responsibility of Information Asset Owners to communicate this requirement, including storage arrangements and length of retention. Notifications of national requirements will be made to Information Asset Owners by the forces' respective heads of information management and assurance, who will also report these requirements to the Senior Information Risk Owners via the information management and assurance board(s) for Kent and Essex.
3.9 Authorised records destruction should be carried out in a way that preserves the confidentiality of any information they contain.
3.10 All copies that are authorised for destruction, including security copies, preservation copies and backup copies, should be destroyed.
3.11 A record should be made of the destruction together with the appropriate authorisation.
3.12 Each IAO will document:
who will be responsible for authorising the destruction or deletion of records
the level of authorisation required for different records
any criteria for destruction or deletion
3.13 IAOs should ensure the following:
duplicate records containing identical information are Identified and disposed of at the same time
confidentiality of the information is maintained during the destruction or deletion process
a record is kept of all documents deleted or destroyed together with the name of the individual authorising the destruction
4.0 Equality Impact Assessment (EIA)
4.1 This procedure/SOP has been assessed with regard to an Equality Impact Assessment. As a result of this assessment it has been graded as having a low potential impact as the proposals in this procedure/SOP would have no potential or actual differential impact on grounds of age, sex, disability, race, religion or belief, marriage and civil partnership, sexual orientation, gender reassignment and pregnancy and maternity.
5.0 Risk assessment
5.1 There is an overall risk concerning the use and management of Essex Police and Kent Police information. Advice and guidance relating to the assessment of risk is contained within the individual procedures. The Corporate Risk Register will contain any risks in relation to Information Security.
6.1 The following have been consulted during the formulation of this document:
The Information Management Boards (IMB’s) for Essex and Kent.
7.0 Monitoring and review
7.1 The Records Manager will be responsible for ensuring that the procedure/SOP will remain current in line with HMG and ACPO policy.
7.2 This procedure/SOP will be reviewed by or on behalf of the forces’ SIROs every two years.
8.0 Governing force policy
Related force policies or related procedures (Essex) / linked standard operating procedures (Kent)
8.1 Joint Essex Police and Kent Police
W 1000 Policy – Information Management
W 1001 Procedure/SOP – ICT Acceptable Use
W 1002 Procedure/SOP – User Account Management
W 1004 Procedure/SOP – Incident Reporting and Management
W 1005 Procedure/SOP – Information Asset Owners
W 1006 Procedure/SOP – Government Security Classification Scheme (GSC)
W 1007 Procedure/SOP – Assurance of Information Assets
W 1008 Procedure/SOP – Physical Security
W 1009 Procedure/SOP – Protective Monitoring
W 1010 Procedure/SOP – Records Management (Physical and Digital)
W 1011 Procedure/SOP – Data Protection
W 1014 Procedure/SOP – Information Sharing Agreements
W 1015 Procedure/SOP – Redaction
W 1016 Procedure/SOP – Encryption of Files and Removable Digital Media
W 1017 Procedure/SOP – Sanitisation, Re-Use and Disposal
W 1019 Procedure/SOP – Freedom of Information
W 1020 Procedure/SOP – Use of Bluetooth
W 1021 Procedure/SOP – Shared and Standalone Devices
W 1022 Procedure/SOP – Data Protection Impact Assessments
8.2 Data security
8.2.1 Essex Police and Kent Police have measures in place to protect the security of data in accordance with our Information Management Policy – W 1000 Policy – Information Management.
8.3 Retention and disposal of records
8.3.1 Essex Police and Kent Police will hold data in accordance with our Records Review, Retention & Disposal Policy – – W 1012 Procedure/SOP - Records Review, Retention and Disposal.
8.3.2 We will only hold data for as long as necessary for the purposes for which we collected.
9.0 Other source documents, e.g. legislation, APP, Force forms, partnership agreements (if applicable)
Data Protection Act 2018 and College of Policing’s Authorised Professional Practice on Information Management (which superseded MoPI Guidance Version 2
Essex - W 1012 Records Retention and Disposal Schedule Policing
Essex - W 1012 Records Retention and Disposal Schedule Non-Policing
Joint HR Disposal Schedule
Kent - NPCC Review, Retention and Disposal Schedule
Policy reference: Records review, retention and disposal SOP (W1012) Contact point: Head of Operational and Information Security Date last reviewed: August 2023
If you require any further information or to request any documentation referenced within the policy please email [email protected]. For general enquiries, contact us.