Data Protection Policy/Information Security Management Policy for West Hill Primary

All staff at West Hill Primary School recognise the importance of following the principles of the Data Protection Act 1998 and of making sure that information relating to staff, pupils, parents and governors is securely and appropriately managed.

West Hill Primary School needs to keep certain information about our employees, pupils and other users to allow us, for example, to monitor performance, achievement and health and safety. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. To do this we must comply with the Data Protection Principles which are set out below:

The Eight Data Protection Principles

The principles state that data must be:-

  • Obtained and processed fairly and lawfully
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate
  • Not kept longer than necessary
  • Processed in accordance with the Data Subject’s rights
  • Secure
  • Not transferred to countries which do not have similar protective legislation

Staff Responsibility

All staff that process or usepersonal information must ensure that they follow the principles laid out in the Data Protection Act 1998 at all times. In order to ensure this happens, the School has developed this policy. This policy does not form part of the contract of employment for staff, but it is a condition of employment that employees will abide by the rules and policies made by the School. Any failures to follow the policy can therefore result in disciplinary proceedings.

All staff are responsible for :

  • Checking that any information that they provide to the School in connection with their employment is accurate and up to date.
  • Informing the School of any changes to information they have provided.
  • Handling all personal data (eg pupil attainment data) with reference to this policy
  • Keeping any personal data securely
  • Ensuring that any personal information is not disclosed either orally or in writing or via the internet or by any other means, accidentally or otherwise, to any unauthorised third party.

The Data Controller

The School, as a body, is the Data Controller under the 1998 Act and the Governors are therefore ultimately responsible for the implementation. However the Designated Data Controller will deal with day to day matters. The Data Controller at West Hill Primary School is currently Julie Dobson, Head Teacher. The Data Controller is required to undergo training as necessary, to make sure that the procedures in this policy are followed, and to provide detailed guidance where required.

The Data we hold

We are registered with the Data Protection Commissioner. The data we hold is as follows:

How held / What type of system / Where stored
Manual/computerised / Pupil’s academic records / Head’s office
Manual/computerised / Class lists / School office/admin comp network
Manual/computerised / Staff Personnel files / School office
Computerised / SIMS – STAR module / Admin computer network
Computerised / SIMS – Attendance Module / Admin computer network
Computerised / SIMS – Personnel module / Admin computer network
Computerised / SIMS - FMS / Admin computer network
Computerised / SIMS - Assessment / Admin computer network
Computerised / Free School Meals data / Admin computer network
Computerised / Pupil’s Medical Records / Admin computer network
Computerised / Parents benefits information / Admin computer network
Computerised / Ethnic categories / Admin computer network

The data is used by authorised members of school staff to support the legitimate interests of the school, i.e. the provision of education. Relevant parts of the data may be disclosed legitimately to authorised personnel within the school, to Wandsworth LEA, to Health advisers, Social workers and other relevant agencies, to prospective employers and to the data subjects themselves.

Data processing is done internally by authorised school staff and externally by LEA officers.

Data collection

We follow the principles of the Data Protection Act in collecting only relevant and necessary information. Our forms include the following wording “All information that you supply will be treated in the strictest confidence. It will be subject to the conditions of the Data Protection Act” and those giving information are asked to sign to signify agreement to “I give consent to the school to use this data within the boundaries of the Data Protection Act”.

We are aware of individuals’ rights to see what data we hold whether manually or on computer, with the following exceptions:

  • material whose disclosure would be likely to cause serious harm to the physical or mental health or emotional condition of the pupil or someone else
  • material concerning actual or suspected child abuse
  • references supplied to potential employers of the pupil, any national body concerned with student admissions, another school, an institution of further or higher education, or any other place of education and training
  • reports by a school to a juvenile court.

We send home a copy of the basic data held in SIMS (name, address, contact details, emergency

contacts etc) each year to ensure accuracy.

Under the Data Protection Act 1998 and the Education (Pupil Information, England) Regulations 2000, all pupils are entitled to have their educational records disclosed to them, free of charge, within 15 school days of making a written request. A parent will be supplied with a copy of their child's educational record at no greater cost than that of supplying it.

Where a young pupil seeks access to his or her records we will try to establish whether the pupil understands the nature of the request. If we form the view that the pupil does not understand owing to youth or immaturity then the request need not be complied with. A record is kept of all requests and decisions.

Data storage

Electronic data is stored on the Administration computer network. This is password protected and access rights are restricted to authorised personnel. The data is ‘backed up’ every night onto tape and these tapes are kept in a secure safe. Computer screens are located so that they are not easily seen by visitors to the office, and password protected screen savers are used to increase security.

Anti-virus software is installed on the network and is updated every month

Data held on paper is stored in the school office in locked cabinets.

Disposal of data

Records are destroyed when no longer relevant, paper formats by shredding, with the following constraints:

  • Records that are part of the financial records (e.g. dinner registers) of the school are kept for seven years;
  • Other records (e.g. attendance registers) are kept for five years;
  • When pupils change school the academic records are sent to the new school within 15 days of the pupil being taken off our school roll. If it is not know which school the child transfers to records will be sent within 15 days of a request from a new school. Failing that the record will be kept for 5 years. An entry is made in Star showing where records have been sent.

Electronic transmission of data

WestHillPrimary School is moving towards electronic transmission as the main method of data transfer. The PLASC is transmitted electronically.

E-mail will become an increasingly common method of communication. Staff are urged to delete unread e-mails from unknown sources and with irrelevant subject headings in order to minimise the risks of virus transmission. Pupil data is transferred to the LEA, when necessary, by secure file transfer.

Although staff are not restricted to the use of the internet for school business only, it is expected that

Private use will not interfere with the performance of their normal duties.

  • Staff will not include abusive or offensive materials in e-mails.

Policy reviewed September 2015

Review of this policy due September 2017

1