Data Protection Policy of St. Mary’s Secondary School, New Ross
Introductory Statement
The school’s Data Protection Policy applies to the personal data held by the school which is protected by the Data Protection Acts 1988 and 2003. The policy applies to all school staff, the board of management, parents/guardians, students, and others (including prospective or potential students and their parents/guardians and applicants for staff positions within the school) insofar as the measures under the policy relate to them. Data will be stored securely so that confidential information is protected in compliance with relevant legislation. This policy sets out the manner in which personal data and sensitive personal data will be protected by the school.
Data Protection Principles
The school is a data controller of personal data relating to its past, present, and future staff, students, parents/guardians, and other members of the school community. As such, the school is obliged to comply with the principles of data protection set out in the Data Protection Acts 1988 and 2003 which can be summarised as follows:
- Obtain and process Personal Data fairly: Information on students is gathered with the help of parents/guardians and staff. Information is also transferred from their previous schools. In relation to information the school holds on other
individuals (members of staff, individuals applying for positions within the School, parents/guardians of students, etc.), the information is generally furnished by the individuals themselves with full and informed consent and compiled during the course of their employment or contact with the School. All such data is treated in accordance with the Data Protection Acts and the terms of this Data Protection Policy. The information will be obtained and processed fairly. - Keep it only for one or more specified and explicit lawful purposes: The School will inform individuals of the reasons they collect their data and will inform individuals of the uses to which their data will be put. All information is kept with the best interest of the individual in mind at all times.
- Process it only in ways compatible with the purposes for which it was given initially: Data relating to individuals will only be processed in a manner consistent with the purposes for which it was gathered. Information will only be disclosed on a need-to-know basis, and access to it will be strictly controlled.
- Keep Personal Data safe and secure: Only those with a genuine reason for doing so may gain access to the information. Sensitive Personal Data is securely stored under lock and key in the case of manual records and protected with firewall software and password protection in the case of electronically stored data. Portable devices storing personal data (such as laptops) should be encrypted and password-protected before they are removed from the school premises. Confidential information will be stored securely and in relevant circumstances, it will be placed in a separate file which can easily be removed if access to general records is granted to anyone not entitled to see the confidential data.
- Keep Personal Data accurate, complete, and up-to-date: Students, parents/guardians, and/or staff should inform the school of any change that the school should make to their personal data and/or sensitive personal data to ensure that the individual’s data is accurate, complete and up-to-date. Once informed, the school will make all necessary changes to the relevant records. The principal may delegate such updates/amendments to another member of staff. However, records must not be altered or destroyed without proper authorisation. If alteration/correction is required, then a note of the fact of such authorisation and the alteration(s) to be made to any original record/documentation should be dated and signed by the person making that change.
- Ensure that it is adequate, relevant, and not excessive: Only the necessary amount of information required to provide an adequate service will be gathered and stored.
- Retain it no longer than is necessary for the specified purpose or purposes for which it was given: As a general rule, the information will be kept for the duration of the individual’s time in the school. Thereafter, the school will comply with DES guidelines on the storage of Personal Data and Sensitive Personal Data relating to a student. In the case of members of staff, the school will comply with both DES guidelines and the requirements of the Revenue Commissioners with regard to the retention of records relating to employees. The school may also retain the data relating to an individual for a longer length of time for the purposes of complying with relevant provisions of law and or/defending a claim under employment legislation and/or contract and/or civil law.
- Provide a copy of their personal data to any individual, on request: Individuals have a right to know what personal data/sensitive personal data is held about them, by whom, and the purpose for which it is held.
Scope
Purpose of the Policy: The Data Protection Acts 1988 and 2003 apply to the keeping and processing of Personal Data, both in manual and electronic form. The purpose of this policy is to assist the school to meet its statutory obligations, to explain those obligations to School staff, and to inform staff, students, and their parents/guardians how their data will be treated. The policy applies to all school staff, the board of management, parents/guardians, students, and others (including prospective or potential students and their parents/guardians, and applicants for staff positions within the school) insofar as the school handles or processes their Personal Data in the course of their dealings with the school.
Definition of Data Protection Terms
In order to properly understand the school’s obligations, there are some key terms that should be understood by all relevant school staff:
Data means information in a form that can be processed. It includes both automated data (e.g. electronic data) and manual data. Automated data means any information on a computer or information recorded with the intention that it be processed by a computer. Manual data means information that is kept/recorded as part of a relevant filing system or with the intention that it forms part of a relevant filing system.
Relevant filing system means any set of information that, while not computerised, is structured by reference to individuals or by reference to criteria relating to individuals, so that specific information relating to a particular individual is readily, quickly, and easily accessible.
Personal Data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the Data Controller i.e. the school.
Sensitive Personal Data refers to Personal Data regarding a person’s
- racial or ethnic origin, political opinions, or religious or philosophical beliefs
- membership in a trade union
- physical or mental health or condition or sexual life
- commission or alleged commission of any offense or
- any proceedings for an offense committed or alleged to have been committed by the person, the disposal of such proceedings or the sentence of any court in such proceedings, criminal convictions, or the alleged commission of an offense.
Data Controller for the purpose of this policy is the board of management, St.
Mary’s Secondary School, New Ross.