Data Protection Policy
We have a responsibility for ensuring that records are properly maintained, including security and access arrangements, in accordance with Education Regulations and all other statutory provisions. We aim to comply fully with the requirements and principles of the Data Protection Act 1984 and the Data Protection Act 1988. Staff involved with the collection, processing and disclosure of personal data are aware of their duties and responsibilities within these guidelines.
We undertake to obtain and process data fairly and lawfully by informing people of the reasons for data collection, the purposes for which the data are held, the likely recipients of the data and the person’s right of access. Information about the use of personal data is printed on the appropriate collection form. If details are given verbally, the person collecting explains the issues before obtaining the information.
We keep data that is accurate, adequate and relevant for purpose, and for not more that the length of time needed. We ensure that obsolete data is properly erased, electronic data being scrambled, hard-copy data being shredded.
Pupils, parents and staff may view their own personal data and receive a paper copy if they wish. Pupil data is shared with the parents.
In general, we will only disclose data about individuals with their consent. However there are circumstances under which the Headteacher may need to disclose data without explicit consent for that occasion: pupil data disclosed to authorised recipients related to education and administration necessary for the school to perform its statutory duties and obligations; pupil data disclosed to authorised recipients in respect of their child’s health, safety and welfare; pupil data disclosed to parents in respect of their child’s progress, achievements, attendance, attitude or general demeanour within or in the vicinity of the school; staff data disclosed to relevant authorities e.g. in respect of payroll and administrative matters; unavoidable disclosures, for example to an engineer during maintenance of the computer system. In such circumstances the engineer would be required to sign a form promising not to disclose the data outside the school. Officers and IT personnel working on behalf of the school are contractually bound not to disclose personal data.
Only authorised staff are allowed to make external disclosures of personal data. Data used within the school by administrative staff, teachers and welfare officers will only be made available where the person requesting the information is a professional legitimately working within the school who needs to know the information in order to do their work. The school will not disclose anything on pupils’ records which would be likely to cause serious harm to their physical or mental health or that of anyone else, including anything which suggests that they are, or have been, either the subject of or at risk of child abuse.
We have appropriate building security measures in place, such as alarms, window bars. Visitors to the school are required to sign in and out, to wear identification badges whilst in the school and are, where appropriate, accompanied.
Security software is installed on all computers containing personal data. Only authorised users are allowed access to sensitive computer files and all access is password protected. Computer files are backed up regularly. Staff are made aware of their Data Protection obligations and their knowledge updated as necessary.
Overall security policy for data is monitored and reviewed regularly on behalf of the Headteacher, especially if a potential security loophole or breach becomes apparent. A deliberate breach of this Data Protection Policy by staff will be treated as disciplinary matter, and serious breaches could lead to dismissal.
Review frequency: Annually
Date of last review: September 2016