Skip to content


JISCMail Lists and Information Governance

There can hardly be a department in the University that does not have at least one member of staff who is subscribed to a JISCMail List. JISCMail is a mailing list service dedicated to helping the FE, HE and research communities collaborate.

JISCMail is good. It connects professionals and helps us share good practice and keep up with what’s happening in our own niche areas. However, I would like to talk about some issues related to information governance and the use of these lists.

Freedom of Information

If you put a post on a JISCMail list, it is distributed to all subscribers to that list. Most subscribers choose to have posts emailed to them and most, if not all, will have this information sent to them at their institution. So, if I post an email to my group about Information Compliance, it will end up in the mailboxes of FOI officers at Northampton, Cambridge, Goldsmiths and a load of other places. Each of those institutions is subject to Freedom of Information. If someone were to ask one of them for any posts they hold made to the Information Compliance list, they might be obliged to disclose it. While they might ask me whether I had any views about whether they should do that, and would seek to apply any appropriate exemptions, they are under no obligation to agree with me.

In DMU’s case, all emails received by the institution are held in perpetuity by Archive Manager. While you may have deleted the email from Outlook, it is still “held” by the University for the purposes of FOI. Some institutions do not do this, and people delete JISCMail emails as soon as they’re read. Some institutions do not archive their emails in perpetuity, but their staff retain JISCMail emails for reference. Someone somewhere has got a copy of your email!

The point is this: If you post to a JISCMail list, keep it professional; while there’s a temptation to think it’s a closed shop, it isn’t. What you say could end up being disclosed under FOI. Consider whether you’d be happy for what you say to end up in the papers?

Check out the terms and conditions of the list. Is it a closed list, only viewable by subscribers? Does it suggest that information is posted in confidence? If so, that may be an exemption you could apply if someone were to make a request.

JISCMail’s statement on Freedom of Information is available here.

Data Protection Act

If you post personal data to a JISCMail list, the subject of that data is legally entitled to see it on request. That means that if you forward an email from someone to your JISCMail list and then someone makes disparaging comments about them, they could get to see it. The key thing here is that you should not post anything that identifies a third party to your JISCMail list. Strip out email headers and just leave the key information. No one needs to see that it’s signed “Algernon Winstanley”. It isn’t relevant, and it is a breach of the Data Protection Act.

One example I’ve been made aware of – from another institution – is where a Freedom of Information officer has forwarded a request to colleagues to collect the information, and that person has sent it to their JISCMail list to ask, “Do we have to give this kind of thing?” Ideally, the FOI officer should remove the personal information before forwarding, but if they don’t make sure you do!

JISCMail’s statement on Data Protection is available here.

Posted in Data Protection Act, Freedom of Information.

Tagged with , , .