🔏
Sensitivity and access procedures
  • Access to personal and sensitive information: Internal Procedural Manual
  • Sensitivity Criteria
    • Overview of workflow
    • 2.1 Due diligence
    • 2.2 Personal data
    • 2.3 Business sensitivity
      • 2.3.1 Identifying business sensitive information
      • 2.3.2 Determining the appropriate access status
    • 2.4 Cultural sensitivity
    • 2.5 Distressing or offensive content
    • 2.6 Child sexual abuse material
      • 2.6.1 What is child sexual abuse material?
        • 2.6.1.1 What is an 'indecent' image?
      • 2.6.2 Who are we safeguarding?
      • 2.6.3 Relevant legislation
        • 2.6.3.1 Wellcome's position
      • 2.6.4 Staff welfare and safeguarding
      • 2.6.5 How to flag CSAM or potential CSAM
      • 2.6.6 Cataloguing
      • 2.6.7 Requests for access
        • 2.6.7.1 Facilitation of onsite access
      • 2.6.8 Digitisation and take down
  • Managing Access
    • Undertaking sensitivity review
      • Further guidance on the personal data flowchart
      • Restriction and closure periods
      • Redaction
      • Catalogue titles and descriptions
      • CALM fields
        • Assigning OrderingCodes
      • Sierra fields
        • Sierra Access Status+Conditions
      • Documenting decisions
      • Packaging physical material
    • Access Status Options
      • Safeguarded access
      • Access conditions statements
      • Changes to the access status
        • Temporary changes to the access status
        • Permanent changes to the access status
        • January openings
      • Missing & Withdrawn Items
    • Access Exceptions
    • Access to Uncatalogued Collections
    • Access to NHS Records
  • Access and Copying Conditions
    • Access and copying conditions
  • Online Access
    • Assessment for online access
  • Access Appeals
    • Access appeals process
  • Collections, Access, Diversity and Inclusion forum (CADI)
    • About the forum
    • Resources
    • Topics
      • Child Sexual Abuse Material
      • Working with communities and academics
      • Content Advisories
      • By Appointment
      • Participatory cataloguing
Powered by GitBook
On this page
  • Records under 20 years old
  • Records over 20 years old
  • Legally privileged information

Was this helpful?

Edit on GitHub
  1. Sensitivity Criteria
  2. 2.3 Business sensitivity

2.3.2 Determining the appropriate access status

Guidelines for determining the appropriate access status and time span for material containing business sensitive information

Records assessed for business sensitive information may be given an access status of open or closed. They cannot be restricted, as this process is geared towards the protection of personal data sensitivities

It may be appropriate to consider redaction of files, rather than close large amounts of material. Guidelines for redaction procedures are covered in Section X.

Business sensitivity is very dependent on context and declines at varying rates. We take the Public Record Act’s 20-year rule as a starting point for assessing and managing access. Records under 20 years’ old should be reviewed more carefully.

Records under 20 years old

  • Check the accession paperwork to see if the depositor has flagged any sensitive material or concerns.

  • Where information that is likely to cause damage to the depositor is identified, they should be contacted in the first instance to see if they wish for the record(s) to be closed and to negotiate a closure period if required. Due to the contextual nature of business sensitivity, records are more likely to require re-review upon expiry of the closure period and potentially have the closure period extended. This should be explained to the depositor during negotiations.

  • Bear in mind the depositor can only grant permission to release information that could cause damage to themselves and not any third parties.

  • If the depositor cannot be contacted, the record(s) should be closed for 20 years and then re-reviewed.

  • It is not feasible to contact third parties for their permission. In this instance, records containing business sensitive information should be closed for 20 years and then re-reviewed.

Records over 20 years old

  • Older records are less likely to contain information that is business sensitive, but they should still be reviewed.

  • If possible, the depositor should be contacted for permission to disclose information that is likely to cause them damage. If this is not possible, or if the records contain information potentially harmful to third parties, judgement should be exercised to determine when enough time has passed for the information to lose its sensitivity.

  • It is highly unlikely information will still be business sensitive after 60 years and longer closure periods should be avoided.

Legally privileged information

  • Records containing this information cannot be disclosed without the permission of the privilege holder.

  • Where such information is identified, the depositor should be contacted to discuss waiving legal privilege either immediately or at a specified date. If they refuse to waive privilege, the record should be returned to them. Material should also be returned if the depositor does not hold the legal privilege.

Previous2.3.1 Identifying business sensitive informationNext2.4 Cultural sensitivity

Last updated 1 month ago

Was this helpful?