IP, Technology & Data

Last Tuesday I attended the Public Records Conference in Edinburgh, and delivered a presentation on the potential legal implications of the new Public Records (Scotland) Act 2011 (the “PRSA”).

The PRSA is intended to “make provision about the management of records by certain authorities”. The theory is that there is a moral imperative to improve record keeping in Scotland, and that the data protection law and freedom of information regimes are only as good as the records which are kept.

In his keynote address, the Keeper of the Records of Scotland Mr George MacKenzie mentioned that records keepers hate the stereotype of “dusty archives”. When it came to my turn to speak, my opening line was, pointing to my grey suit – “I worked at the Registers of Scotland for 4 years – when I started at the Registers, this suit was white”.

After that it was down to serious law, and the headlines of my presentation were as follows:

  • The public authorities to which the PRSA applies are set out in the Schedule. The voluntary sector will only be involved in complying with the PRSA when and where they are contracted by a public authority to perform a public function. The concept of “public function” isn’t defined in the PRSA and could prove controversial. Should the public sector start making provision in contracts for private providers to comply with the PRSA?
  • Public records are those created by a public authority in carrying out its’ functions. They’re also records created by or on behalf of a contractor in carrying out the authority’s functions (this is not intended to include persons who provide goods or services, but does however mean that authorities must arrange for managing contractors’ records as well as their own). Finally they’re also records created by any other person that have come into the possession of the authority or a contractor in carrying out the authority’s functions (examples include correspondence, reports, evidence or statistics which relate to the function).
  • Authorities must create records management plans, “agreed” with the Keeper. The issue here is about selecting someone at senior enough level to be taken seriously in driving this forward. This is a resource burden for public authorities and others and may require investment in training.
  • By the end of 2011 the Keeper will issue guidance to authorities about the form and content of records management plans. s. 5 of the PRSA provides that a plan will be reviewed not earlier than 5 years after the date of last review. However under s. 6 at any time Keeper may carry out a records management review to check on compliance. The triggers for this ad hoc checking of a plan aren’t clear.
  • If the authority fails to comply with any of the requirements of the PRSA, the Keeper may take such steps as Keeper considers appropriate to publicise the failure. Unlike the Data Protection Act, there are no monetary penalties for failure to comply. There is therefore a suggestion that the PRSA may be “toothless”.
  • The PRSA is intended to be complementary to the Freedom of Information (Scotland) Act (“FOISA”). FOISA is a model publication scheme, while the PRSA is a model records management plan. The list of organisations to which FOISA and PRSA apply are different. The PRSA seeks to support FOISA, but it will not in any way impinge on FOISA or bring about a change in Schedule 1 of FOISA.

The full guidance notes for the PRSA can be read here.

It became clear during the conference that, at the outset at least, the PRSA is going to be enforced in a collaborative fashion. I don’t think we will see authorities being publicly censured for failures to comply, in the short term at least. It is scheduled to come into force at the start of 2013.

If you’d like more information, or are interested in some training on the PRSA for your organisation, then please email me or your usual TIO Group contact.

Follow me