Records Retention Policy

Introduction

1.1 This policy sets out a structured approach to reviewing and destroying records in relation to Cabot Learning Federation (the Federation).

1.2 The retention period for each type of record is shown in the table below. In addition, data protection legislation makes it unlawful to keep the information when it is no longer needed for the purpose for which it is held. This requirement is uncertain and allows discretion and may vary according to the circumstances, but in practice it means that the Federation should promptly destroy the record once the retention period in the table below has been reached. Occasionally there may be special circumstances which mean that a record should be kept for longer (for example where there is a risk of litigation or a request from an outside body such as the Independent Inquiry into Child Sexual Abuse (IICSA) see below). The Federation should refer to its insurance policies and further legal advice should be sought in these circumstances.

1.3 The retention periods stated in the table below are the minimum storage requirements, in practice the Federation carries out a data cleanse of its files every 12 months. Accordingly, a 3 year retention period means 3 years plus up to 12 months to allow the Federation to securely dispose of the information.

1.4 Information must be securely deleted. This applies to paper records, electronic information and biometric information.

1.5 This policy does not apply to records connected with commercial activities.

1.6 The Federation will discuss document retention with its insurers (who may specify longer retention periods). If there is any conflict then any longer retention periods specified by the insurers should prevail.

1.7 If an email falls into one of the categories set out in the table then it should be filed centrally as soon as is reasonable.

1.8 "Routine" emails which do not fall into any of the categories in the table may be kept in inboxes for up to 1 year and should then be deleted. An examples of a routine email is an internal email advising staff that the weekly meeting is cancelled.

1.9 Independent Inquiry into Child Sexual Abuse (IICSA):

1. The IICSA has issued retention instructions to a range of institutions regarding records relating to the care of children. In light of this, we are advising schools to temporarily cease the routine destruction of those records which might be relevant to the Inquiry in case they are requested by the Inquiry or made subject to a disclosure order. This means that before destroying any document the Federation should consider if it contains information that may fall within the Inquiry's remit.
2. The range of documentation which might need to be kept is wide. It will include any information linked to alleged or established child sexual abuse, whether by staff, volunteers or pupils with no limitation date. For example, a list of pupils who attended an overnight school trip or admission registers which show which pupils were at the Federation at a given time. As such, documents should be kept for longer than the retention periods listed in the policy if they concern information which might be relevant to the Inquiry. The Federation should therefore review the retention periods under each of the rows below in case they are relevant to IICSA.
3. Please note that the Federation should keep this under review so that it recommences document destruction at the appropriate time.

1.10 Archiving in the public interest:

1. Section 12.2 of the policy provides for the retention of personal data for reasons of archiving in the public interest for an indefinite period. The Federation should only keep documents indefinitely for archiving if it is complying with the relevant aspects of data protection legislation as detailed below.
2. There is an archiving in the public interest exemption under the GDPR which allows personal data to be:
   • ·             kept for longer than usual; and
   • ·             used for purposes which are incompatible with the purposes for which it was originally obtained.
3. The Federation should satisfy itself that this exemption applies if it keeps personal data for archiving reasons. Broadly speaking, the exemption will apply if:
   • the personal data is being kept for reasons of archiving in the public interest e.g. enabling academic historical research or genealogical research or enabling educational use;
   • the personal data will not be used for the purposes of measures or decisions with respect to a particular data subject. For example, the personal data could not be used to check whether an individual was entitled to join the alumni association; and
   • the use of the personal data is not likely to cause substantial damage or substantial distress to a data subject.
4. When relying on this exemption the Federation must put certain safeguards in place. What amounts to appropriate safeguards will depend on what information is being retained and you may wish to take legal advice on this point.
5. The Federation should also be aware that a recital to the GDPR (albeit which is not legally binding) states that organisations which rely on this exemption should be under a legal obligation to archive and to provide access to the records. However, the National Archives' (a non-ministerial government department) position is that in the UK no such legal obligation is required and the archives do not need to be made publicly available.
6. The Federation should ensure that its privacy notices for staff, pupils and parents cover the retention of their personal data indefinitely for reasons of archiving in the public interest.
7. If the Federation has any questions or concerns about particular documents we would be pleased to advise further. Please note that this specific advice would fall outside of the fixed fee for this policy.
8. The Federation should also have particular regard to paragraph 1.9 above before destroying any records. If in doubt, legal advice should be sought.

Retention Periods