Information Commissioner on Backups and Deleted Files

The Information Commissioner has published new guidance on when information will be ‘held’ by a public authority for the purposes of the Freedom of Information Act (note that Scotland has its own law and guidance). Paragraphs 28-36 of the guidance deal with the tricky topic of deleted computer files and backups.

The guidance suggests that the focus should not be on whether it might be technically possible to recover a file, but on whether the authority’s behaviour indicated an intention to do so. Thus leaving a file in a computer’s recycle bin does indicate an indication to recover it, but emptying the recycle bin is a sign of no further intention (even if it might be technically possible to reconstruct the file from hidden information on the disk).

For off-line storage the guidance distinguishes between backups, where the information is only kept as a “safeguard against disaster”, and archives, where there whole purpose of storage is to allow future recovery. Identifying which storage is which, and treating it in accordance with that identification, is therefore important. The guidance highlights a recent Tribunal case where the absence of a “fixed policy on the deletion and reuse of the backup tapes” seemed to indicate that the tapes were actually being used as an archive.

Although it will be up to a future Tribunal case to determine whether this was actually the reason for the decision, documenting and following a clear deletion and reuse policy for backups may be important if you don’t want to have to search them to respond to Freedom of Information requests.

By Andrew Cormack

I'm Chief Regulatory Advisor at Jisc, responsible for keeping an eye out for places where our ideas, services and products might raise regulatory issues. My aim is to fix either the product or service, or the regulation, before there's a painful bump!

Leave a Reply

Your email address will not be published. Required fields are marked *