Data Protection Policy
Introductory Statement
This statement sets out, in writing the manner in which personal data on staff, students and other individuals (eg. parents, members of board of management etc.) is kept and how the data concerned is protected.
All data is kept in either hard or soft copy format.
Sandford Parish National School seeks to enable each student to develop his/her full potential and provides a safe and secure environment for learning which promotes respect for the diversity of values, beliefs, traditions, languages and ways of life in society.
This policy was formulated by the staff of Sandford Parish National School and presented to and ratified by the Board of Management in the academic year 2017-2018. This policy replaces the policy ratified in 2006.
​
Aims
This policy applies to the keeping and processing of personal data, both in manual form and on computer, including personal data held on both school staff and students.
Schools are obliged to comply with the Data Protection Act, 1988 and the Data Protection (Amendment) Act, 2003 (henceforth referred to as the Data Protection Acts).
Under Section 9(g) of the Education Act, 1998, the parents of a student, or a student who has reached the age of 18 years, must be given access to records kept by the school relating to the progress of the student in his or her education.
Under Section 20 of the Education (Welfare) Act, 2000, the school must maintain a register of all students attending the school.
Under Section 21 of the Education (Welfare) Act, 2000, the school must record the attendance or non-attendance of students registered at the school on each school day.
The objectives of this policy are:
1. To ensure that the school complies with the Data Protection Acts.
2. To ensure compliance by the school with the eight rules of data protection as set down by the Data Protection Commissioner based on the Acts.
3. To ensure that the data protection rights of students, staff and other members of the school community are safeguarded.
​
Content of Policy
Details of all personal data, the format and purpose for collection of data.
The personal data records held by the school may include:
Staff records
These may include:
· Name, address and contact details, PPS number.
· Original records of application and appointment.
· Record of appointments to promoted posts, Deputy Principal, Assistant Principal 1 and Assistant Principal 2 posts.
· Details of approved absences (career breaks, parental leave, study leave, etc.)
· Details of complaints and/or grievances including consultations or competency discussions, action/improvement/evaluation plans and records of progress.
These records are kept as manual records as a personal file within a filing system and contact details on the computer. The school uses the Aladdin system which is approved by the DES.
The purpose for keeping staff records include to facilitate the payment of staff, to facilitate pension payments in the future, a record of promotions made and for ease of communication.
Student Records
These may include:
· Information which may be sought and recorded at enrolment, including:
o Name, address and contact details, PPS number
o Names and addresses of parents/guardians and their contact details
o Religious beliefs
o Racial, ethnic or national origin
o Membership of the Traveller community, where relevant
o Any relevant special conditions (eg. special educational needs, health issues etc.) which may apply
· Information on previous academic record
· Psychological assessments
· Attendance Records
· Academic record – subjects studied, class assignments, examination results as recorded on official school reports
· Records of significant achievements
· Records of disciplinary issues and/or sanctions imposed
· Other records eg. records of any serious injuries/accidents etc.
These records are kept as manual records as a personal file within a filing system and contact details on the computer.
The purpose for keeping student records includes to enable each student to develop his/her full potential, to comply with legislative or administrative requirements, to ensure that eligible students can benefit from the relevant additional teaching or financial supports, to support the provision of religious instruction, to enable parent/guardians to be contacted in the case of emergency etc.
Board of Management Records
These may include:
· Contact details of each member of the board of management.
These records are kept as manual records, computer record or both.
The purpose for keeping board of management records includes a record of board appointments, documenting decisions made by the board etc.
Other Records
These may include:
· The personal data records or company records of ancillary staff employed by the school.
These records are kept as manual records, computer records or both.
The purpose for keeping these records is for ease of contact and payment for these individuals.
Details of arrangements in place to ensure compliance with the eight rules of data protection
This policy sets down the arrangements in place to ensure that all personal data records held by the school are obtained, processed, used and retained in accordance with the following eight rules of data protection (based on the Data Protection Acts):
1. Obtain and process information fairly
2. Keep it only for one or more specified, explicit and lawful purposes
3. Use and disclose it only in ways compatible with these purposes
4. Keep it safe and secure
5. Keep it accurate, complete and up-to-date
6. Ensure that it is adequate, relevant and not excessive
7. Retain it for no longer than is necessary for the purpose or purposes required
8. Give a copy of his/her personal data to that individual on request.
“As a general rule in the area of education, a student aged eighteen or older may give consent themselves. A student aged from twelve up to and including seventeen should give consent themselves and, in addition, consent should also be obtained from the student’s parent or guardian. In the case of students under the age of twelve consent of a parent or guardian will suffice.”
1. Obtain and process information fairly
· Staff members, parents/guardians and students are made fully aware when they provide personal information of the identity of the persons who are collecting it, the purpose in collecting the data, the persons or categories of persons to whom the data may be disclosed and any other information which is necessary so that processing may be fair.
Personal information is processed fairly in accordance with the Data Protection Acts, with consent being obtained from staff members, parents/guardians or students where required.
· Sensitive personal information is processed fairly in accordance with the Data Protection Acts, with explicit consent being obtained from staff members, parents/guardians or students, where required.
2. Keep it only for one or more specified, explicit and lawful purpose
The persons whose data is collected know the reason for its collection and why.
The purpose for collection is lawful.
School management is aware of the different sets of data which are kept and the specific purpose of each.
3. Use and disclose it only in ways compatible with these purposes
Procedure in place, which is in accordance with the Data Protection Acts to facilitate the transfer of information to another school when a student transfers.
Note: Under Section 20 of the Education (Welfare) Act, 2000, each school principal must maintain a register with the names of all children attending that school. When a child is transferring from the school, the principal must notify the principal of the new school of any problems relating to school attendance that the child concerned had and of any other matters relating to the child’s educational progress that he or she considers appropriate. Under Section 28 of the Act, schools may supply personal data, or information extracted from such data, to other schools or another prescribed body if they are satisfied that it will be used in recording the student’s educational history, monitoring the student’s educational progress or developing the student’s full educational potential. The bodies which have been prescribed (and so can share information) under Section 28 are:
· The Minister of Education and Science (which includes the inspectorate and the National Educational Psychological Service (NEPS)
· The National Council for Special Education (NCSE)
· The National Educational Welfare Board (NEWB)
· Each school recognised in accordance with section 10 of the Education Act, 1998
· Each place designated by the Minister under section 10 of the Education Act, 1998 to be a centre for education.
4. Keep it safe and secure
Appropriate security measures must be taken against unauthorised access to, or alteration, disclosure or destruction of, the data and against their accidental lass or destruction.
· Access to the information (including authority to add/amend/delete records) restricted to authorised staff on a “need to know” basis. Authorised staff are: Senan, Murray, Yvonne Davis, Andrea Morrow, Eilis Murphy and Irene Black.
· Person who has access to information based on “need to know” basis
· Computer systems are password protected.
· Information on computer screens and manual files are kept out of view of caller to school/office
· Back-up procedures in place for computer held data, including off-site back-up.
· Measures taken to ensure that staff are made aware of the security measures and comply with said.
· All waste paper and print outs disposed of carefully
· Steps taken to ensure that no unauthorised person can access data from computers which are no longer in use or subject to change of use.
· Designated person responsible for security
· Periodic reviews of the measures and practices in place.
· Premises are secured when unoccupied
· Contracts with other data processors impose equivalent security obligations.
5. Keep it accurate, complete and up-to-date
Clerical and computer procedures are adequate to ensure high levels of data accuracy
Appropriate procedures are in place, including periodic review and audit, to ensure that each data item is kept up-to-date.
Note: While this rule applies to all computer held data and any new manual records created from July 2003, it will only apply to existing manual records from October 2007.
6. Ensure that it is adequate, relevant and not excessive
· Information held is adequate in relation to the purpose for which it is kept.
· Information held is relevant in relation to the purpose for which it is kept.
· Information held is not excessive in relation to the purpose for which it is kept.
Note: While this rule applies to all computer held data and any new manual records created from July 2003, it will only apply to existing manual records from October 2007.
7. Retain it for no longer than is necessary for the purpose or purposes
· Policy in place for the retention periods for all items of personal data kept.
· Management, clerical and computer procedures in place to implement this policy.
Note: While this rule applies to all computer held data and any new manual records created from July 2003, it will only apply to existing manual records from October 2007.
The following particular requirements should be met:
· School registers and roll books are required to be kept indefinitely within the school, unless no longer required for administrative purposes and may be deposited with the Local Authority Archive Service.
· Pay, taxation and related school personnel service records should be retained indefinitely within the school
· Where litigation may potentially arise in the future, the relevant records should be retained until the possibility of litigation ceases.
In line with statute of limitations it is suggested that the information on student files might, as a general rule, be retained for a period of six years after the student has completed the Senior Cycle and/or reached the age of 18.
8. Give a copy of his/her personal data to that individual on request
On making an access request any individual about whom you keep personal data, is entitled to:
· A copy of the data which is kept about him/her
· Know the purpose for processing his/her data
· Know the identity of those to whom the data is disclosed
. Know the source of the data, unless it is contrary to public inte Know the logic involved in automated decisions
· A copy of any data held in the form of opinions, except where such opinions were given in confidence.
To make an access request, an individual must:
· Apply in writing
· Give any details which might be needed to help identify him/her and locate all the information you may keep about him/her.
· Pay an access fee if the school wishes to charge one. The school need not do so, but if it does it cannot exceed the prescribed amount of €6.35.
​
Roles and Responsibility for development, implementation and reporting
Board of Management/Principal
The Board of Management, through the Principal and teaching staff has overall responsibility for the development and implementation of this policy.
​
Success Criteria
The success of this policy will be judged by the successful implementation of its stated aims.
​
Review
This policy to be reviewed regularly or as the Board of Management deem necessary
​
Ratification & Communication
Presented to the Board of Management school year 2017/2018