Polasaí Um Chosaint Sonraí
Introduction & Rationale
This policy was formulated by the staff and Board of Management of Gaelscoil Mhic Amhlaigh and applies to all staff, pupils and anyone with whom the school has business. The school recognises and accepts its responsibility as set out in the following;
- Data Protection Act 1998 and Data Protection (Amendment) Act 2003.
- Education Act 1998, section 9(g), requiring a school to provide access to records to parents and to past pupils over 18 years of age.
- Education Act 1998, section 22.2(b), requiring a school to regularly evaluate students and periodically report the results of the evaluation to the students and their parents.
- Education Welfare Act 2000, requiring a school to report school attendance and transfer of pupils.
Aims of the Policy
- To ensure that the school complies with its legislative obligation.
- To protect the rights and privacy of all those who are the subjects of data that comes into the possession of the school. (Personal Data, Pupil Data, Administrative Data, Board of Management Data).
- To clarify the types of records maintained and the procedures relating to making them available to the relevant bodies, including parents and pupils over 18 years of age.
Gaelscoil Mhic Amhlaigh as Data Controller will take all reasonable steps to meet this responsibility and to promote good practice in the handling and use of personal information. In particular, the school will comply with the Data Protection Principles as set out in the Data Protection Acts. These principles state that data must be;
- fairly and lawfully processed.
- processed for limited purposes.
- used and disclosed only in ways compatible with these purposes
- adequate, relevant and not excessive.
- accurate and, where necessary, kept up to date.
- kept no longer than necessary.
- processed in accordance with data subjects rights.
- kept in a safe and secure place.
The data controller must give a copy of his/her personal data to an individual on request.
Overview of Policy
The Principal assumes the function of Data Controller and supervises the application of the Data Protection Act within the school. The data under the control of the Principal comes under the following headings;
- Sensitive Personal Data
- Religious Belief
- Staff medical certificates and correspondence from Medmark group.
- Pupil medical certificate.
- Personal Data
- Enrolment Data
This data relates to personal details of the students such as name, address, date of birth, gender, dietary information, PPSN.
- Staff data
This includes names, addresses, PPSN, contact details, payroll number, CVs, attendance records and copies of employment contracts.
- Parent/Guardian Data
This includes details listed on a pupil’s enrolment form and payments made to the school.
- Other
This includes CVs on file, submitted by persons applying for work
experience/substitute work.
- Pupil Records
- Results of Teacher-Designed Tests
- Standardised Tests Results
- Copy of IEP (Individual Education Plan for pupils with SEN)
- Behaviour Plan and, Classroom support Plan, if applaiacble
- Confidential reports
- used and disclosed only in ways compatible with these purposes
- adequate, relevant and not excessive.
- accurate and, where necessary, kept up to date.
- kept no longer than necessary.
- processed in accordance with data subjects rights.
- kept in a safe and secure place.
The data controller must give a copy of his/her personal data to an individual on request.
Overview of Policy
The Principal assumes the function of Data Controller and supervises the application of the Data Protection Act within the school. The data under the control of the Principal comes under the following headings;
- Sensitive Personal Data
- Religious Belief
- Staff medical certificates and correspondence from Medmark group.
- Pupil medical certificate.
- Personal Data
- Enrolment Data
This data relates to personal details of the students such as name, address, date of birth, gender, dietary information, PPSN.
- Staff data
This includes names, addresses, PPSN, contact details, payroll number, CVs, attendance records and copies of employment contracts.
- Parent/Guardian Data
This includes details listed on a pupil’s enrolment form and payments made to the school.
- Other
This includes CVs on file, submitted by persons applying for work experience/substitute work.
- Pupil Records
- Results of Teacher-Designed Tests
- Standardised Tests Results
- Copy of IEP (Individual Education Plan for pupils with SEN)
- Behaviour Plan and, Classroom support Plan, if applicable
- Confidential reports
Correspondence from parents, if deemed applicable to retain.
- Copy of Court Orders regarding access.
- Copy of End of Year Report.
- Approval of resources from NCSE.
- Records of breaches of serious or gross misbehaviour.
- Records of meetings between the Principal and parents, if applicable.
- Records of Parent/Teacher Meetings, if applicable.
- Records of communication and/or meetings between the Teacher/parent, if deemed applicable.
- Administration of Medicine Indemnity Form.
- Letters of transfer.
- Copies of correspondence that has been sent to external agencies.
- Administrative Data
- Incident Report Books (Timpistí Ar Scoil, Nótaí Eolais faoi hEachtra)
- Teacher class record books (hardbacks)
- Roll Books & Registers
- Sign In/Out book for pupils
- Sign In/Out book for visitors
- Board of Management
- Complaints presented to the Board and all subsequent correspondence
- Payroll data
- Financial data
- The ‘Minutes’ of Board of Management meetings recording the decisions
reached by the Board in the discharge of its statutory duty. This file/folder also includes;
- (i) correspondence of a non-routine nature received & discussed by BOM
- (ii) copies of the Financial Reports presented to the Board
- (iii) copies of the Principal’s Reports presented to the Board and
- (iv) any other documentation that the Board, in its absolute discretion deems appropriate to be included in this file/folder.
Disclosure of Records
Elements of the data listed above may be disclosed, where relevant and appropriate, with the consent of the data controller to the following;
- Parents/guardians, past pupils over 18 years of age
- School staff
- Outside agencies such as the DES, HSE, NCSE, TUSLA
- Other schools to which pupils are transferring.
Parental authorisation will be sought in advance of release of data to outside agencies.
Outside agencies requesting disclosure of data must do so in writing.
Parents/Guardians must also make such a request in writing to the Data Controller.
Responding to Requests
The data controller will respond to requests within 40 days of receipt of same.
Guidelines on Retention Time for Data
All data will be retained for the duration of a pupil’s enrolment / staff employment and for an additional period of between 1 and 8 years. In certain circumstances some data may be retained indefinitely.
Personal Data & Pupil Records
The following will be kept for 8 years after the pupil leaves the school;
- Records of Parent/Teacher Meetings, if applicable
- Copy of End of Year Report for each year in school
- Standardised Test Results for each year in school
- Copy of most recent professional reports from outside agencies
- Copies of Individual Education Plans
- Records held by the Principal in relation to child protection/child welfare will be held indefinitely
Retention Time for Administrative Data
- Incident Report Books and record sheets of fire drills will be kept for8 years
- Staff records will be retained for 1 year following their departure and then will be shredded
- Records in relation to staff welfare will be held for 8 years
- Records for employees of the Board of Management will be retained for 8 years
- Applications/CVS submitted for work experience will be shredded at end of the current school year
- Financial records (office) will be kept for 8 years
- Sign In/Out Book for Pupils and, Sign In/Out book for Visitors will be shredded at the beginning of the following school year.
- Roll books will be kept forever
Retention Time for Board of Management Data
The ‘Minutes’ of the Board of Management meetings will be held indefinitely.
Storage
Data that is to be stored for 8 eight years will be stored in a secure location and will be accessible by designated personnel only.
Data stored on computers is password and firewall protected. Passwords are changed regularly.
All data that is designated for long term storage will be transferred to a secure location. Thereafter, at the commencement of each new school year, data that is in excess of 8 years, will be destroyed and the relevant long term storage data from the previous school year will be placed in storage.
Implementation Date
Data protection strategies have been in place since the school opened in 2006. The practices and policy were reviewed during the school year 2016-2017. This updated policy is effective from 16th January 2017 following ratification by the Board of Management.