Changeflow GovPing Legal & Judicial HMPPS Information Management Policy Framework
Routine Guidance Added Final

HMPPS Information Management Policy Framework

Favicon for www.gov.uk UK Ministry of Justice
Published
Detected
Email

Summary

The Ministry of Justice and HM Prison and Probation Service (HMPPS) have published a policy framework setting out information management principles and responsibilities for HMPPS staff, contractors, agency staff, and third-party suppliers. The policy ensures compliance with the Freedom of Information Act 2000, Data Protection Act 2018, UK GDPR, Environmental Information Regulations 2004, and Public Records Act 1958. Local Information Managers, Regional Information Security and Assurance Leads, and Heads of Business Assurance are specifically targeted as responsible parties.

View original document View source feed page

What changed

HMPPS has introduced a comprehensive information management policy framework that consolidates information management principles and staff responsibilities under one document. The policy establishes mandatory obligations for managing HMPPS information in compliance with multiple UK data protection laws including the Data Protection Act 2018, UK GDPR, Freedom of Information Act 2000, Environmental Information Regulations 2004, and Public Records Act 1958.

Affected parties including all HMPPS staff, contractors, agency workers, and third-party suppliers who handle HMPPS information must comply with the framework. Key roles such as Local Information Managers, Regional Information Security and Assurance Leads, and Heads of Business Assurance bear specific responsibilities for policy implementation. Senior leadership including Governors, Directors of Probation, and Heads of Group must ensure their staff are trained on the mandatory actions set out in the policy.

What to do next

  1. All HMPPS staff must read and familiarise themselves with this policy
  2. Local Information Managers, RISALs and Heads of Business Assurance must understand mandatory actions
  3. Governors, Directors and Deputy Directors must ensure staff are trained on this policy

Archived snapshot

Apr 15, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Guidance

HMPPS information management policy framework

Information management responsibilities of those who manage HMPPS information.

From: Ministry of Justice and HM Prison and Probation Service Published 15 April 2026 Get emails about this page

Applies to England and Wales

Documents

HMPPS information management policy framework

PDF, 390 KB, 11 pages

Details

This policy sets out HMPPS’s information management principles and our peoples’ responsibilities and is one of the policies for which the Departmental Records Officer (DRO) is responsible.

It should be read in conjunction with HMPPS Records Management handbook and the Records, Retention and Disposition Schedule (RRDS).  It should also be read in conjunction with the Government Security Classifications policy. The information risk policy and the Government Security Classifications policy can be found at Government Security Classifications - GOV.UK.  This policy applies to all staff employed by the HMPPS, to contractors and agency staff, and third-party suppliers who manage information on behalf of HMPPS.

It also ensures we meet our legal obligations with respect to managing information and data including the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), the Data Protection Act 2018, the UK General Data Protection Regulations (DPA) and the Public Records Act 1958. Section 46 of the FOIA, the Code provides guidance ‘to all relevant authorities as to the practice which they should follow in connection with the keeping, management and destruction of their records.’

This policy should be read by all staff, particularly those responsible for handling and managing HMPPS information such as Local Information Managers (LIM), Regional Information Security and Assurance Leads (RISALs) and Head of Business Assurance (HoBA).

Governors, Directors and Deputy Directors of Probation and Heads of Group must ensure that all staff, particularly those responsible for handling and managing HMPPS information LIMs, RISALs and HoBA are familiar with the content of this policy and understand the mandatory actions set out.

Updates to this page

Published 15 April 2026

Sign up for emails or print this page

Get emails about this page Print this page

Related content

Named provisions

Information Management Principles Staff Responsibilities Legal Obligations Government Security Classifications

Related changes

Favicon for www.gov.uk Prison Digitalisation £82M to Cut Release Errors
Priority review Apr 15, 2026 UK Ministry of Justice Legal & Judicial
Favicon for www.gov.uk Probation Professional Register Policy Framework Guidance
Routine Apr 15, 2026 UK Ministry of Justice Legal & Judicial
Favicon for www.find-tender.service.gov.uk Northumbria Police Awards £36.6M IT Hardware Framework Across 7 Lots to 41 Suppliers
Routine Apr 15, 2026 Find a Tender - Latest Notices Trade & Sanctions

Get daily alerts for UK Ministry of Justice

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.gov.uk
UK Ministry of Justice gov.uk/government/organisations/ministry-of-justice.atom
Legal & Judicial

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from MoJ UK.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
MoJ UK
Published
April 15th, 2026
Instrument
Guidance
Legal weight
Non-binding
Stage
Final
Change scope
Minor

Who this affects

Applies to
Government agencies Legal professionals Law enforcement
Industry sector
9211 Government & Public Administration
Activity scope
Information management Records management Data protection
Geographic scope
United Kingdom GB

Taxonomy

Primary area
Data Privacy
Operational domain
Compliance
Topics
Cybersecurity Criminal Justice

Browse Categories

Agriculture & Food Safety 64 AI Regulation 3 Banking & Finance 292 Consumer Protection 44 Courts & Legal 361 Data Privacy & Cybersecurity 73 Defense & National Security 51 Education 19 Energy 100 Environment 86 Environmental Regulation 7 Financial Regulation 2 Government & Legislation 279 Healthcare 136 Housing 16 Immigration 8 Insurance 58 Labor & Employment 113 Legal & Judicial 2 Pharma & Drug Safety 104 Public Health 2 Securities & Markets 103 Securities Regulation 6 Tax 65 Telecom & Technology 47 Trade & Sanctions 135 Transportation 57

Get alerts for this source

We'll email you when UK Ministry of Justice publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!