Data Protection Policy
This policy is based on the policy formally adopted by the County Council but reflects the particular requirements of Hexham Middle School. It applies to all employees of the County Council who work at the school.
Introduction
An essential activity of the School is the requirement to obtain and process information about its staff, parents and students in order to perform its various functions. This will be done in accordance with the Data Protection Act 1998 (the Act) and other related legislation.
The School recognises its duty to handle personal data in a proper and confidential manner at all times, irrespective of whether the data is held on paper or by electronic means. This duty covers:
· The obtaining of personal data
· The storage and security of personal data
· The use of personal data
· The disposal and/or destruction of personal data
The School has a responsibility to ensure that data subjects have proper access to information that the School holds regarding them, provided that written request is made and the appropriate fee is paid.
Obligations
In compliance with the Act the School will:
· Acknowledge the rights of individuals relating to personal data and ensure that these rights can be exercised as specified in the Act.
· Ensure that personal data are obtained fairly and lawfully.
· Ensure that personal data will only be processed for the purposes specified.
· Obtain and process data in a confidential manner ensuring that the data are fit for the purposes specified, are not excessive and are disposed of when no longer required (subject to any statutory requirements).
· Ensure that necessary and sufficient steps are taken to ensure that the data are accurate and up to date.
· Ensure that necessary and sufficient security measures are in place to protect data against damage, loss, misuse or inappropriate disclosure.
· Ensure that transfer of data is done in a lawful manner with due regard for security.
Actions
To help discharge its obligations the School will:
· Have a named person with responsibility to ensure that all activities relating to the processing of personal data have sufficient safeguards and controls in place for security of data
· Ensure that all contracts between the School and third parties that involve processing of personal data will make reference to the obligations (previous page) and the necessity of compliance with the Act
· Ensure that employees (and others acting on behalf of the School) understand their responsibilities under the Act and that appropriate training or instruction is given for this purpose
· Ensure that employees (and others acting on behalf of the School) have access only to personal data that are necessary for the performance of duties
· Ensure that requests for access to personal data are dealt with in a courteous and timely manner whilst ensuring that the data subject (or authorised representative) does have a legitimate right to access the information.
· Work towards implementing the key principles of BS7799 ? The British Standard on Information Security Management
· Review this policy and safeguards and controls relating to it annually to ensure that they are still relevant, efficient and effective
Personal Data
Retention periods for keeping data within the Standards and Effectiveness School will be as follows:
| Data | Retention Period |
| Registers | 5 years after the cohort leaves school. |
| Pupil Data | Duration of education in Northumberland + 7 Years |
| Lesson Observations | 5 years |
| NC Assessments/SAT data) | Duration of education in Northumberland |
| Performance Target Data | Duration of employment plus 3 years |
| Ofsted Inspection Reports | 15 years |
| References given, or those relating to current employment | Duration of employment plus 3 years |
| References received which do not relate to current employment | 1 year |
| Performance Management Reviews | 5 years |
| Health (COSHH) details | 40 years |
| Appointment letter and signed Contract of Employment | 10 years from end of employment |
| Accident reports | 10 years |
| Letter of resignation/dismissal retirement | 5 years |
| Sickness records | Duration of employment plus 1 year |
| Application for unpaid/special leave of absence | 5 years |
| Documentation relating to changes in wages and salaries brought about by the application of the relevant Conditions of Service | 10 years from end of employment |
| Records relating to promotion, transfer and training | 10 years from end of employment |
| Records relating to Ill Health, Disciplinary, Capability and Redundancy Dismissals | 10 years |
| Correspondence relating to formal Disciplinary and Capability hearings | Current employment plus 5 years |
| Application Forms | Current employment plus 3 years |
| Recruitment and Interview Notes | 1 year |
| Financial Accounts | 3 years |