Records Management Section
The University of Edinburgh Records Management Section
 

Restricting Access to Your Folders

  1. When you request a new folder, if you wish to restrict access to it, you must tell the Central Records Registry (CRR) what access restrictions apply.
  1. This document explains:
  1. How to decide if access restrictions are required,
  2. How to restrict access to a folder,
  3. How to request a new access group or changes to an existing one,
  4. What to do if you need to access a restricted folder,
  5. How queries about restricted folders will be handled, and
  6. How to remove access restrictions from a folder.

Decide if access restrictions required?

  1. Most folders do not need to be restricted. The default access restriction is that folders are accessible to all members of Policy and Planning (PP) staff. A lot of information held by PP could be disclosed in response to a freedom of information request, so there is no point in restricting access to it. Furthermore all PP staff have access to privileged information, and as a matter of course are expected to treat it with the appropriate level of confidentiality. Only in exceptional circumstances will the information in your folder require additional protection, for example:
  1. Information about individual members of staff, their employment conditions, sick leave, etc.
  2. Exceptionally sensitive personal information about individual students, e.g. details of a student's medical condition in relation to his academic appeal.
  3. Sensitive information about plans, negotiations or policies that are in the development stage, where wider circulation could jeopardise their successful implementation.
  4. Information about staffing plans before they have been announced.
  5. Information about a substantial reorganisation of the University before it has been announced.
  6. Information about some aspects of negotiations with the unions during the negotiations.
  1. If access to your folder does not need to be restricted you do not need to read the rest of this document.

How to restrict access to a folder

Who can access the folder?

  1. Access can be restricted to one or more access groups. An access group is a list of the people who are authorised to access particular folders.
  1. Select the appropriate access group or groups for your folder. If none of the access groups are suitable for your folder request a new access group.

Method of restricting access

  1. Select a method for restricting access to the paper version of your folder and tell the CRR what you have chosen.  The options are:
  • The folder is created by the CRR and when not in use by the folder owner or authorised users, it is kept in the CRR in the open cabinets. The folder can only be borrowed by authorised users. This method of restriction is suitable for folders containing sensitive personal information about students.
  • The folder is created by the CRR and when not in use by the folder owner or authorised users, it is kept in the CRR in a locked filing cabinet. This method of restriction is suitable for folders containing sensitive information about plans, negotiations or polices that are in the development stage and where wider circulation could jeopardise successful implementation.
  • The folder is created by the CRR and the CRR keeps a record of its existence and location, but the folder is kept locally by its owner. The owner must store the folder in a locked filing cabinet. This method of restriction is suitable for folders containing information that is so sensitive that CRR staff should not see it, for example personal information about individual members of staff.
  1. The electronic version of your folder will be created by you and kept in your team folder on the K drive. You will tell the CRR what it is, and where it is. This method of restriction is suitable for folders containing information that is restricted to a particular team. This is an interim arrangement pending an Electronic Document and Records Management System (EDRMS) solution.
  1. Avoid giving restricted access folders titles that give away what is sensitive about the contents. For example if you are investigating the closure of a course rather than calling the folder “Closure of wine tasting course” try to find a less sensitive title, for example “Course review”. Tell the CRR if you cannot give the folder a bland title and access to the folder title itself needs restricting. The CRR will keep a record of the title but the folder title will not appear on the folder list on the PP intranet or on the K drive.

Access groups

Requesting a new access group

  1. If none of the existing access groups are suitable for your folder, request a new one.
  1. Decide who should be included in the access group and list them. List the people in terms of their roles rather than personal names. Express the role in the most appropriate form, for example if the convenership of a committee regularly rotates, say that access to the committee folders is restricted to the convener rather than to the Director of Planning, because the Director of Planning will not always be the convener.
  1. If applicable, point to the golden copy membership list. For example if access is restricted to the members of a particular committee, provide the CRR with the folder reference number for the current membership list.
  1. Specify which member of the access group is the access group custodian. The access group custodian is the person who has responsibility for determining who is a member of the access group, and is the person the CRR will contact with any queries. The custodian for access groups that are limited to the membership of a particular committee will normally be the committee secretary. The custodian for access groups that are limited to the staff in a particular business unit will normally be the head of that unit.
  1. Send details of your new access group to the CRR at recordsmanagement@ed.ac.uk.

Updating an existing access group

  1. To update the membership of an existing access group contact the CRR at recordsmanagement@ed.ac.uk.
  1. The CRR will confirm any changes with the access group custodian.

Accessing a restricted folder

  1. To access a restricted paper folder follow the usual procedures for retrieving a paper folder.
  1. If you are not on the access group list for the folder the CRR will contact the folder owner to ask if you can have access.
  1. When a restricted folder is on loan to you, you must always keep it in a locked filing cabinet or drawer when it is not in use. Avoid taking restricted folders away from the office, but if it is necessary you must take appropriate security measures. Consult the home working checklist for further guidance.

Queries about restricted folders

  1. For restricted folders CRR staff will only be able to answer queries at the level of the whole folder because only the folder users will know the content of papers placed on your restricted folders.

Removing access restrictions

  1. Folders do not remain sensitive forever. Access restrictions must be removed when the folder is no longer sensitive.
  1. Only folder owners can remove access restrictions from folders. When the restriction falls away tell the CRR (recordsmanagement@ed.ac.uk).

Author: Anne Thompson
Version 6, August 2006

Terms & conditions Privacy & cookies Website accessibility Freedom of information publication scheme

The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336

Page last updated: Thursday July 05 2012