Changeflow GovPing Legal & Judicial HMPPS Information Management Policy Framework
Routine Guidance Added Final

HMPPS Information Management Policy Framework

Favicon for www.gov.uk UK Ministry of Justice
Published
Detected
Email

Summary

The Ministry of Justice and HM Prison and Probation Service published the HMPPS Information Management Policy Framework, establishing principles and responsibilities for managing HMPPS information. The policy applies to all HMPPS staff, contractors, agency staff, and third-party suppliers who handle HMPPS information. It outlines legal obligations including the Freedom of Information Act 2000, Environmental Information Regulations 2004, Data Protection Act 2018, UK General Data Protection Regulations, and Public Records Act 1958.

View original document View source feed page

What changed

The HMPPS Information Management Policy Framework sets out the information management principles and responsibilities for all HMPPS personnel and third parties handling HMPPS information. The policy establishes compliance obligations under multiple data protection frameworks including FOIA, EIR, UK GDPR, DPA 2018, and the Public Records Act 1958.\n\nAffected parties including Local Information Managers, Regional Information Security and Assurance Leads, and Heads of Business Assurance must understand and implement the mandatory actions specified. Senior leadership must ensure all staff handling HMPPS information are trained on this policy. The policy should be read alongside the HMPPS Records Management handbook, Records Retention and Disposition Schedule, and Government Security Classifications policy.

What to do next

  1. All HMPPS staff should read this policy
  2. Local Information Managers, RISALs and HoBAs should familiarise themselves with mandatory actions
  3. Governors and Directors must ensure staff understand the policy and its mandatory requirements

Archived snapshot

Apr 15, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Guidance

HMPPS information management policy framework

Information management responsibilities of those who manage HMPPS information.

From: Ministry of Justice and HM Prison and Probation Service Published 15 April 2026 Get emails about this page

Applies to England and Wales

Documents

HMPPS information management policy framework

PDF, 390 KB, 11 pages

Details

This policy sets out HMPPS’s information management principles and our peoples’ responsibilities and is one of the policies for which the Departmental Records Officer (DRO) is responsible.

It should be read in conjunction with HMPPS Records Management handbook and the Records, Retention and Disposition Schedule (RRDS).  It should also be read in conjunction with the Government Security Classifications policy. The information risk policy and the Government Security Classifications policy can be found at Government Security Classifications - GOV.UK.  This policy applies to all staff employed by the HMPPS, to contractors and agency staff, and third-party suppliers who manage information on behalf of HMPPS.

It also ensures we meet our legal obligations with respect to managing information and data including the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), the Data Protection Act 2018, the UK General Data Protection Regulations (DPA) and the Public Records Act 1958. Section 46 of the FOIA, the Code provides guidance ‘to all relevant authorities as to the practice which they should follow in connection with the keeping, management and destruction of their records.’

This policy should be read by all staff, particularly those responsible for handling and managing HMPPS information such as Local Information Managers (LIM), Regional Information Security and Assurance Leads (RISALs) and Head of Business Assurance (HoBA).

Governors, Directors and Deputy Directors of Probation and Heads of Group must ensure that all staff, particularly those responsible for handling and managing HMPPS information LIMs, RISALs and HoBA are familiar with the content of this policy and understand the mandatory actions set out.

Updates to this page

Published 15 April 2026

Sign up for emails or print this page

Get emails about this page Print this page

Related content

Named provisions

Information Management Principles Staff Responsibilities Legal Obligations Freedom of Information Act 2000 Data Protection Act 2018 UK General Data Protection Regulations

Related changes

Favicon for www.gov.uk Response to Independent Review into Releases in Error
Routine Apr 15, 2026 UK Ministry of Justice Legal & Judicial
Favicon for www.gov.uk Releases in Error, England and Wales, Apr 2025–Mar 2026
Routine Apr 15, 2026 UK Ministry of Justice Legal & Judicial
Favicon for www.gov.uk Prison System Digitalisation: £82M Package to Reduce Release Errors via Justice ID
Routine Apr 15, 2026 UK Ministry of Justice Legal & Judicial

Get daily alerts for UK Ministry of Justice

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.gov.uk
UK Ministry of Justice gov.uk/government/organisations/ministry-of-justice.atom
Legal & Judicial

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from MoJ.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
MoJ
Published
April 15th, 2026
Instrument
Guidance
Legal weight
Non-binding
Stage
Final
Change scope
Minor

Who this affects

Applies to
Government agencies
Industry sector
9211 Government & Public Administration
Activity scope
Information management Records management FOIA compliance
Geographic scope
United Kingdom GB

Taxonomy

Primary area
Data Privacy
Operational domain
Compliance
Compliance frameworks
GDPR Data Protection Act 2018
Topics
Criminal Justice Public Health

Browse Categories

Agriculture & Food Safety 65 AI Regulation 3 Banking & Finance 293 Consumer Protection 46 Courts & Legal 361 Data Privacy & Cybersecurity 76 Defense & National Security 51 Education 22 Energy 100 Environment 86 Environmental & Energy 11 Environmental Regulation 7 Financial Regulation 2 Government & Legislation 279 Government Operations 5 Healthcare 136 Healthcare & Life Sciences 5 Housing 16 Immigration 8 Immigration & Border Control 1 Insurance 58 Labor & Employment 114 Legal & Judicial 9 Pharma & Drug Safety 104 Public Health 2 Real Estate & Housing 3 Sanctions & Export Controls 1 Securities & Investments 1 Securities & Markets 103 Securities Regulation 6 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Commerce 2 Trade & Sanctions 135 Transportation 60

Get alerts for this source

We'll email you when UK Ministry of Justice publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!