Data Retention PolicyNorth Ealing Primary School
Data Retention Policy
The School has a responsibility to maintain its records and record-keeping systems. When doing this, the School will take account of the following factors:
- The most efficient and effective way of storing records and information;
- The confidential nature of the records and information stored;
- The security of the record systems used;
- Privacy and disclosure; and
- Accessibility of records and record-keeping systems.
This policy does not form part of any employee’s contract of employment and is not intended to have a contractual effect. It does, however, reflect the School’s current practice, the requirements of current legislation and best practice and guidance. It may be amended by the School from time to time and any changes will be notified to employees within one month of the date on which the change is intended to take effect. The School may also vary any parts of this procedure, including any time limits, as appropriate in any case.
This policy sets out how long employment-related and pupil data will normally be held by the School and when that information will be confidentially destroyed in compliance with the terms of the UK General Data Protection Regulation (UK GDPR) and the Freedom of Information Act 2000.
Data will be stored and processed to allow for the efficient operation of the School. The School’s Data Protection Policy outlines its duties and obligations under the UK GDPR.
Information (hard copy and electronic) will be retained for at least the period specified in the attached retention schedule. When managing records, the School will adhere to the standard retention times listed within that schedule.
The retention schedule refers to all records regardless of the media (e.g. paper, electronic, microfilm, photographic etc) in/on which they are stored. All records will be regularly monitored by
The schedule is a relatively lengthy document listing the many types of records used by the School and the applicable retention periods for each record type. The retention periods are based on business needs and legal requirements.
DESTRUCTION OF RECORDS
Where records have been identified for the destruction they should be disposed of in an appropriate way. All information must be reviewed before destruction to determine whether there are special factors that mean destruction should be delayed, such as potential litigation, complaints or grievances.
All paper records containing personal information, or sensitive policy information should be shredded before disposal where possible. All other paper records should be disposed of by an appropriate waste paper merchant. All electronic information will be deleted.
The School maintains a database of records that have been destroyed and who authorised their destruction. When destroying documents, the appropriate staff member should record in this list the following:
- File reference (or other unique identifiers);
- File title/description;
- Number of files;
- Name of the authorising officer;
- Date destroyed or deleted from the system; and
- Person(s) who undertook destruction.
RECORD KEEPING OF SAFEGUARDING
Any allegations made that are found to be malicious must not be part of the personnel records.
For any other allegations made, the School must keep a comprehensive summary of the allegation made, details of how the investigation was looked into and resolved and any decisions reached. This should be kept on the personnel files of the accused.
Any allegations made of sexual abuse should be preserved by the School for the term of an inquiry by the Independent Inquiry into Child Sexual Abuse. All other records (for example, the personnel file of the accused) should be retained until the accused has reached normal pension age or for a period of 10 years from the date of the allegation if that is longer. Guidance from the Independent Inquiry Child Sexual Abuse states that prolonged retention of personal data at the request of an Inquiry would not contravene data protection regulation provided the information is restricted to that necessary to fulfil potential legal duties that a school may have in relation to an Inquiry.
Whilst the Independent Inquiry into Child Sexual Abuse is ongoing, it is an offence to destroy any records relating to it. At the conclusion of the Inquiry, it is likely that an indication regarding the appropriate retention periods of the records will be made.
Where records have been identified as being worthy of preservation over the longer term, arrangements should be made to transfer the records to the archives. A database of the records sent to the archives is maintained by the Business Manager. The appropriate staff member, when archiving documents should record in this list the following information:
- File reference (or other unique identifiers);
- File title/description;
- Number of files; and
- Name of the authorising officer
TRANSFERRING INFORMATION TO OTHER MEDIA
Where lengthy retention periods have been allocated to records, members of staff may wish to consider converting paper records to other media such as digital media or virtual storage centres (such as cloud storage). The lifespan of the media and the ability to migrate data where necessary should always be considered.
TRANSFERRING INFORMATION TO ANOTHER SCHOOL
We retain the Pupil’s educational record whilst the child remains at the School. Once a pupil leaves the School, the file should be sent to their next school. The responsibility for retention then shifts onto the next school. We retain the file for a year following transfer in case any issues arise as a result of the transfer.
We may delay destruction for a further period where there are special factors such as potential litigation.
RESPONSIBILITY AND MONITORING
The Business Manager has primary and day-to-day responsibility for implementing this Policy. The Data Protection Officer, in conjunction with the School, is responsible for monitoring its use and effectiveness and dealing with any queries on its interpretation. The Data Protection Officer will consider the suitability and adequacy of this policy and report improvements directly to management.
Internal control systems and procedures will be subject to regular audits to provide assurance that they are effective in creating, maintaining and removing records.
Management at all levels are responsible for ensuring those reporting to them are made aware of and understand this Policy and are given adequate and regular training on it.
Emails accounts are not a case management tool in itself. Generally emails may need to fall under different retention periods (for example, an email regarding a health and safety report will be subject to a different time frame to an email which forms part of a pupil record). It is important to note that the retention period will depend on the content of the email and it is important that staff file those emails in the relevant areas to avoid the data becoming lost.
All schools with the exception of independent schools, are under a duty to maintain a pupil record for each pupil. Early Years will have their own separate record keeping requirements. If a child changes schools, the responsibility for maintaining the pupil record moves to the next school. We retain the file for a year following transfer in case any issues arise as a result of the transfer.
The committee with oversight for this policy
Policy to be approved by
Policy last reviewed by the Resources Committee
Policy last ratified and adopted by Full Governing Body
Policy / Document due for review