New IRMS Records Management and Retention Period Guidance
The Information and Records Management Society have released new guidance on records management and retention, updating the 2016 Schools Toolkit widely used by Somerset schools.
The new guidance can be found at https://irms.org.uk/page/SchoolsToolkit - unlike the 2016 version, there is no option to download a handy PDF unless you are an IRMS member, and the guidance must be viewed online.
Some significant clarifications are summarised below:
Page 12: Pupil Record: clarity on what a pupil record consists of, and how maintained and academy schools should respond to requests by parents/pupil so information provided is consistent across settings.
Page 14: Transferring pupil records: much more information about safe transfer and advice that the CTF should be accompanied by paper files for SEND and CP data that may not be included in the CTF.
Page 19: Advice on email management: this has been completely rewritten and clearly states that emails are not a filing system, and emails should be transferred to the school MIS or other storage system where they could be considered part of the pupil record; part of a contract; or relate to an employee. Once transferred, original emails can be deleted.
Page 22: Social Media: a new section with clear advice on how to do a social media risk assessment, set up a school Facebook or Twitter accounts safely, and how to be aware of social media retention periods.
Page 26: Information Security, Business Continuity and Digital Continuity: this is a rewritten section with more detail on preventing data loss by protecting paper data, preventing malware, training staff and ensuring that breaches are investigated, recorded and reported accurately.
Page 48: GDPR overview: information on GDPR and how it relates to schools.
Page 53: Advice on using consent as a lawful basis for data processing and how to seek consent.
Page 55: Suggested sample consent form for pupil images (the eLIM DPO will issue a copy of this to schools in the next newsletter).
Page 64 onwards: Records Retention Schedule: much more detail has been added to this in relation to GDPR. An interesting clarification is on page 78 – Disciplinary and Grievance Procedures. The old guidance suggested that the staff personnel file should be weeded for outdated complaints e.g. oral warnings should be weeded after 6 months, The new guidance is much clearer that warnings and grievances should not be automatically weeded in case of future complaints, and that a record should be kept even though the case may not be considered ‘active’.
Somerset County Council's Records Management Team (who co-authored the IRMS document) are updating their School Retention Schedule advisory document. We hope to be able to share this in the next newsletter.
If you are concerned about your records retention contact the DPO dposchools@somerset.gov.uk
|