Introductory Statement
The school's Data Protection Policy applies to the personal Data held by the school's Board of Management (BOM), which is protected by the Data Protection Acts 1988 to 2018 and the EU General Data Personal Regulation (GDPR)
Data Protection Principles
The school BOM is a data controller of personal data relating to its past, present and future staff, students, parents/guardians and other members of the school community. As such the BOM is obliged to comply with the principles of data protection set out in the Data Protections Act 1988 to 2018 and GDPR, which can be summarised as follows:
- Obtain and process personal data fairly
- Consent
- Keep it only for one or more specified and explicit lawful purposes
- Process it only in ways compatible with the purposes for which it was given initially
- Keep personal data safe and secure
- Keep personal data accurate, complete and up to date
- Retain it for no longer than necessary
- Provide a copy of their personal data to any individual on request
Definition of data protection terms
In order to properly understand the school's obligations, there are some key terms, which should be understood by all relevant staff.
Personal data means any data relating to an identified person i.e. a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in or is likely to come into the possession of the Data Controller (BOM).
Data Controller is the Board of Management of the school
Data subject is an individual who is the subject of personal data
Data processing- performing any operation or set of operations on data including:
- Obtaining, recording or keeping the data
- Collecting, organising, storing altering or adapting the data
- Retrieving, consulting or using the data
- Disclosing the data by transmitting, disseminating or otherwise making it available
- Aligning, combining, blocking, erasing or destroying the data
Personal Data breach- a breach of security leading to the accidental or unlawful destruction, loss, alteration unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed. This means any compromise or loss of personal data, no matter how or where it occurs.
To whom will the policy apply? The policy applies to all school staff, the board of management, parents/guardians, students and others insofar as the measures under the policy relate to them.
Rationale
In addition to its legal obligations under the broad remit of educational legislation, the school has a legal responsibility to comply with the Data Protection Acts 1988 to 2018 and the GDPR.
This policy explains what sort of data is collected, why it is collected and for how long is it stored and whom it will be shared with. The school takes its responsibilities under the Data Protection law very seriously and wishes to put in place safe practices to safeguard individual's personal data. The efficient handling of data is also essential to ensure that there is consistency and continuity where there are changes of personnel within the school and Board of Management.
Other Legal Obligations
Implementation of this policy takes into account the school's other legal obligations and responsibilities. Some of these are directly relevant to data protection:
- The Data Protection Act, 1988 and the Data Protection (Amendment) Act, 2003 (henceforth referred to as the Data Protection Acts)
- Section 9(g) of the Education Act 1998: the parents of a student, or a student who has reached the age of 18 years, must be given access to records kept by the school relating to the progress of the student in his or her education.
- Section 20 of the Education (Welfare) Act, 2000: the school must maintain a register of all students attending the school. Attendance at school has a bearing on a pupil's attainment levels.
- Section 21 of the Education (Welfare) Act. 2000: the school must record the attendance or non-attendance of students registered at the school on each school day and maintain a record of reasons why students failed to attend. Furthermore, the Board of Management must inform the Educational Welfare Officer in writing, where a pupil is suspended for a period in excess of 6 days/or where a pupil is absent in excess of 20 school days in a school year/or where in the opinion of the principal the student is not attending regularly
- Section 28 of the Education (Welfare) Act, 2000, requires principals (Data Controllers)
- To communicate to a school, to which a student is transferring, any problems relating to school attendance which the pupil concerned had and any other appropriate matters relating to the pupil's educational progress
- To keep a record of the pupil's attendance and the reasons for failure to attend
- To inform the Educational Welfare Officer in writing, where a pupil is suspended for a period in excess of 6 days/or where a pupil is absent in excess of 20 school days in a school year or where in the opinion of the principal the student is not attending regularly
- Teaching is informed by pupil learning needs and the recording of pupil attainment is a
- cornerstone of good teaching.
- The school's existing procedures need to be clarified to ensure that the school complies with the spirit as well as the letter of the law e.g. accountability and transparency
Relationship to characteristic spirit of the school
St. Nicholas' Monastery NS seeks to enable each child to develop his potential in a caring environment where the talents of each child are valued. The school promotes respect for the diversity of values, beliefs, traditions, languages and ways of life in society. This work can best be done where there is a high level of openness and co-operation between staff, parents and pupils.
Aims
By introducing this policy the school aims
- To record the educational progress that a pupil is making thereby enabling parents and teachers to support the child's learning.
- To report to parents in a meaningful way on the educational progress of their children
- To establish clear, practical procedures that will enable parents/guardians (or past pupils who have reached the age of 18) to access records relating to educational progress.
- To ensure that this access is available within the capacity of the school to administer it.
- To establish a clear understanding, shared by management, staff and parents, as to the type of records that are maintained and how such records should be made available.
- To ensure that the school complies with legislative requirements while awaiting the issue of guidelines as to the 'prescribed manner' referred to in Section 9 (g) of the Education Act
- To ensure that, is so far as possible, the school complies with legislative requirements/principles of good practice while awaiting the issue of guidelines.
- To ensure that the school complies with the Data Protection Acts.
- To ensure compliance by the school with the eight rules of data protection as set down by the Data Protection Commissioner based on the Acts (see below).
- To ensure that the data protection rights of students, staff and other members of the school community are safeguarded.
One of the IT service companies that we use includes Cloud ware Limited (TIA Aladdin Schools) ("Aladdin"). Aladdin processes personal data on behalf of the school in order to provide an online management information system. The school’s liaison persons for any queries relevant to use of the Aladdin system are Katriona Cosgrove, Yvonne Gallagher and Paula Harrison.
Anyone provided with a username and password and who is authorised to use the Aladdin system by the school should adhere to and be aware of the following:
- users may be allocated different access rights to the Aladdin system. The access rights are solely determined by the school. If you have any concern over the access rights that you have please contact the Aladdin school liaison;
- a log is taken of some actions undertaken by the user when using the Aladdin system and made available to the school;
- a unique username and password is provided to each user. Users should keep their username and password confidential and not disclose it to anybody or allow any person to access the system using their username and password;
- the Aladdin system should only be used for the purposes of managing internal school administration activities and for no other purpose. The Aladdin system should not be accessed in the event of suspension or termination of the users' position at the school. The school is responsible for ensuring that access to the Aladdin system for terminated or suspended users is disabled;
- each user should ensure they are familiar with the Aladdin system before use. All queries should be referred to the Aladdin liaison person mentioned above;
- the user should notify the Aladdin liaison person in the event of any misuse or loss of their username and password;
- the user should only login to the Aladdin system when in a secure and non-public
- environment, e.g. the school or home of the user;
- the user should sign out of the Aladdin system or lock their device when leaving the device unattended;
- the Aladdin system should not be used to deal with emergency situations and it should not be relied upon during such times;
- users are responsible for ensuring that all communications sent to parents or guardians using the Aladdin system are accurate and are sent to parents/guardians for whom the school has appropriate and up to date consent and contact details;
- before each communication, users should consult with the appropriate school's database to determine which parents or guardians have consented to being contacted; - the Aladdin system should not be accessed through an unsecure network or internet connection. If in doubt, the user should wait until in a secure environment before accessing the Aladdin system;
- information available through the Aladdin system should only be printed or saved to an electronic device where absolutely necessary. Any hardcopy or electronic files originating from the Aladdin system should be treated in accordance with the relevant provisions of this policy; and
- users may be able to access the websites of other third party service providers when accessing the Aladdin system. When the user accesses a third party website from the Aladdin system they are leaving the Aladdin system and appropriate due diligence should be undertaken before sharing any personal data with that third party. The Aladdin liaison person should be contacted if the user is in any doubt.
Personal Data
The Personal Data records held by the school may include;
Staff records — all records will be stored in a secure filing cabinet. Access will be confined to the Principal, Chairperson of Board of Management and secretary. These records may include: Name, address and contact details, PPS number, names of next of kin. These records may be kept in a manual record (personal file within filing system), computer record (database) or both. Records of this nature are required to comply with health and safety legislation.
- Original records of application and appointment kept in a manual record within the school's filing system — to help school maintain record of qualifications etc.
- Record of appointments to posts of responsibility kept in a manual record within the school's filing system — to ensure accurate communication of responsibilities and seniority of postholders
- Details of approved absences (career breaks, maternity leave, parental leave, study leave etc.) kept in a manual record within the school's filing system — required by the Department of Education and Science;
- Details of work record (qualifications, classes taught etc.) kept in a manual record within the school's filing system — to facilitate personal and professional development within the school and to comply with school policy re movement of teachers from class to class;
- Details of sick leave including certified and non-certified sick leave. These records will include dates of absence and doctor's certificates (where supplied). All doctor's certificates are to be maintained within the school and may be required by the Chief Medical Officer. Dates covered by the certificate will also be recorded on the outside of the envelope;
- Details of complaints and/or grievances including consultations or competency discussions, action/improvement/evaluation plans and record of progress kept in a manual record within the school's filing system — to comply with agreed procedures;
- Records of disciplinary procedures (verbal warnings, written warnings etc.) — to comply with agreed procedures;
Note: a record of grievances or disciplinary procedures may be maintained which is distinct from and separate to individual personnel files. All such records will be stored in a secured filing cabinet at all times and access will only be available to the Principal and the Chairperson of the Board of Management. Where any such records are maintained on computer they will be in an encrypted file.
Student records: These may include:
Information which may be sought and recorded at enrolment, including:
- name, address and contact details, PPS number
- names and addresses of parents/guardians and their contact details
- religious belief
- racial, ethnic or national origin
- membership of the Traveller community, where relevant
- any relevant special conditions (e.g. special educational needs, health issues etc.) which may apply
- Information on previous academic record
- Psychological assessments
Previous attendance records (if transferring from another school)
All details outlined above are required to complete the register, which is a legal document within the school or to comply with legislation outlined in the Education (Welfare) Act 2000.
Records kept relating to the progress of that student in his or her education including: Annual Report: An annual written report on each child's attainment levels/progress in each subject will be sent to parents on a standardised form each June. Copies will be sent to both parents, if possible, on request, where parents live separately. They will include comments by teachers. The results of standardised tests in the format of a STEN score will be included for all students from 1 st to 6th classes. The standard report card may not be suitable for some students with Special Educational needs and the teachers will devise some suitable method for informing parents in such instances. All reports will be signed by the relevant class teacher and by the Principal. Copies of reports will be retained in the school in a store while students are enrolled in the school. They will be retained in other secure storage until past pupils reach 21 years.
Standardised Tests: Results of standardised tests in the format of a class record will be kept until children reach 21 years of age. The most recent test paper will be retained for one school year while the students are still in the school.
Teacher-designed Tests: Results of Teacher Designed tests will be retained by class teachers while students are still in their class. These may be passed on to the receiving teacher at the beginning of the next school year but will generally not be retained for longer than two school years. Teachers may share these results with parents at parent teacher meetings.
Screening Tests: The MIST Screening test is administered to all Senior Infant pupils in the Spring term. The results are retained while the students remain in the school. Diagnostic Tests: The Special Education Teachers may use Diagnostic tests with a small number of students. Generally, there will be parental consent for these tests and the results will be shared with parents.
Individual Pupil Profiles
Samples of Pupil's Work: Teachers will retain certain samples of students work each year. Some of these may be passed on with the child as they progress through the school and some may be sent home by the teacher at the end of the school year.
IEPs/ Support plans: Where pupils are receiving support as part of a group the SETs will outline at the beginning of each month the work they hope to do with the group. Where students are receiving support on a one-to-one basis parents, class teacher, SET, parents and the Principal may be involved in drafting an Individual Education Plan.
Records of attendance/absence: The roll will be taken digitally using the Aladdin system. Each teacher will only have access to their own class's attendance. All Roll books are retained indefinitely in the school. Explanations for absences which parents are required to send to the school are duly dated and stored by the class teachers in a specific folder. Reports are made to the Educational Welfare Service, by the relevant post holder, under terms of Education Welfare act. Notes from parents will usually be shredded annually. However, where a student's attendance record is a cause for concern these notes may be retained for a longer period and may be shared with an Educational Welfare Officer.
Psychological Assessments: Reports following psychological assessments are kept in the filing cabinet in the Principal's office and the Deputy Principal's room. The Principal and the class teacher or SET who have responsibility for the child have access to the report.
Referrals for SET or other supplementary teaching and communications relating to this e.g. a record of parents' decision not to allow the child to attend at learning support or resource teaching, are kept by the Special Education Teacher. Records of the progress of pupils with learning difficulties and disabilities will be stored in the relevant SET's classroom. These records will be archived following the student's transfer to another school and retained within the school until the student reaches 21 years.
Enrolment Form/POD form: Enrolment/POD forms contain sensitive personal information which would fall under the terms of data protection legislation. These documents are retained in the school while the pupil is enrolled. They are retained within the school's secure, manual filing system. These records will be archived following the student's transfer to another school and retained within the school until the student reaches 21 years.
Record of child's breaches of code of behaviour: Where a child is significantly in breach of the Code of Behaviour specific incidents will be recorded. This record is retained in the Principal's office. These records will be archived following the student's transfer to another school and retained within the school until the student reaches 21 years.
Records of any serious injuries/accidents are retained in the specific incident book which is retained in the Principal's Office. These records will be archived following the student's transfer to another school and retained within the school until the student reaches 21 years.
Indemnity form for administration of medicine: In certain specified cases children may require medication during school hours (See Administration of Medicines Policy). Indemnity forms are stored in the filing cabinet in the Secretary's office.
Whether the child is exempt from studying Irish
Records of any reports the school (or its employees) have made in respect of the student of the state Departments and/or other agencies under Children's First Act 2015.
Parents'/Guardians' records: These may include:
- Name, address and contact details of parents/guardians — required to support a child's enrolment and for emergency contact purposes;
- Religious beliefs — to assist the school in its commitment to further the promotion of its stated ethos;
- Nationality/ethnic origin — to ensure the school has the information necessary to put any additional supports required in place;
- Membership of the Traveller community — to ensure the school has the information necessary to put any additional supports required in place;
- Occupations — required to fill one of the fields in the school register;
- Number of children in family — sometimes has significance in educational attainment;
- Marital status — to support the school in its efforts to promote equality.
Board of Management records: These may include:
- Name, address and contact details of each member of the board of management;
- Records in relation to appointments to the board;
- Minutes of board of management meetings and correspondence to the board this may include references to particular individuals.
All Board of Management records are maintained indefinitely in the school. They will be stored securely within the filing cabinet in the principal's office.
CCTV Images / Recordings
CCTV is installed externally in the playground and at the main entrance to the building. These CCTV systems may record images of staff, students and visitors to the school. Purposes: Safety and security of staff, students and visitors and to safeguard school property and equipment.
Administration of Records
The Principal will have control of all records retained within the school. The Principal is generally responsible for handling requests for access to records.
Only personnel as outlined above will have access on a regular basis to the various records held. Class teachers may share access to their records of student progress with parents at the annual parent teacher meeting or at other scheduled meetings during the year. Where parents of students currently enrolled in the school require access to records relating to a previous school year they must request this in writing allowing a minimum of two weeks' notice to allow the school collate the requested records.
Access to Records
Under Section 20 of the Education (Welfare) Act, 2000, each school principal must maintain a register with the names of all children attending that school. When a child is transferring from the school, the principal must notify the principal of the new school of any problems relating to school attendance that the child concerned had and of any other matters relating to the child's educational progress that he or she considers appropriate. Under Section 28 of the Act, schools may supply personal data, or information extracted from such data, to other schools or another prescribed body if they are satisfied that it will be used in recording the student's educational history, monitoring the student's educational progress or developing the student's full educational potential. The bodies which have been prescribed (and so can share information) under Section 28 are:
- The Minister for Education and Science (which includes the Inspectorate and the National Educational Psychological Service (NEPS)
- The National Council for Special Education (NCSE)
- Tusla Child and family agency
- Each school recognised in accordance with section 10 of the Education Act, 1998
- Each place designated by the Minister under section 10 of the Education Act, 1998 to be a centre for education.
In certain exceptional circumstances (e.g. when required by law) personal data will be disclosed to third parties, including the Department of Education and Science, Tusla, Gardaí, in legal proceedings, HSE personnel etc.
Data can generally be disclosed to an individual himself/herself or with his/her consent.
The minimum age at which consent can be legitimately obtained for processing and disclosure of personal data under rules 1 and 3 above is not defined in the Data Protection Acts. However, guidance material published on the Data Protection Commissioner's website states the following:
"As a general rule in the area of education, a student aged eighteen or older may give consent themselves. A student aged from twelve up to and including seventeen should give consent themselves and, in addition, consent should also be obtained from the student's parent or guardian. In the case of students under the age of twelve consent of a parent or guardian will suffice."
School Personnel
Teaching staff will have access to records pertaining to children in their class. They may store a photocopy of records in their filing cabinet while the child is in their class, but all such copies will be passed to the next teacher when the child moves on. The secretary may have copies of various school records (see above) stored in the filing cabinet.
Outside Agencies
Parents/guardians will have access to all written, school records pertaining to their child/ren. Past pupils who have reached 18, may also request to see copies of records pertaining to them. To facilitate this, the school will retain records until past pupils reach 21 years.
Education Welfare Officers may request information regarding pupil attendance or pupil behaviour.
Second Level Schools may request information regarding pupils who have transferred to their school. The school will only transfer information when they are satisfied that the child has enrolled in the particular second level school. Where psychological reports or other sensitive information is requested the school will generally require the written consent of the parents/guardians.
Health Board: The school provides information regarding pupils who have enrolled in the school. This is to facilitate testing which the HSE carries out in the school with parental permission. For access to educational records from the school the HSE must make a request in writing and parental consent may also be requested.
Requesting access to records
To make an access request, any individual (or outside agency) must:
- Apply in writing
- Give any details which might be needed to help identify him/her and locate all the information you may keep about him/her
- For current records one weeks' notice will be required;
- For archived records four weeks' notice will be required. (Please be aware that these time frames do not include school holiday periods when post, emails etc. are not checked.)
The Data Controller is responsible for ensuring that following a request for access to records, that all records are made available, including manual and electronic files. Where no information is held on an individual, the data controller will inform the individual within 40 days.
Any errors or omissions identified will be rectified, once notified to the data controller, within 40 days of a request being made.
The fee charged will be refunded to the individual if the request cannot be complied with or if it is necessary to rectify, supplement or erase the personal data concerned.
Note A: Access requests by students
- Students aged 18 and over are entitled to access their personal information in accordance with the Data Protection Acts.
- Students under 18 years of age can be given access to their personal information, depending on the age of the student and the nature of the record i.e. it is suggested that:
- if the information is ordinary, routine or non-controversial (e.g. a record of a test result) the student could readily be given access
- if the record is of a sensitive nature, it would be prudent to seek parental/guardian consent
- if a student has some disability or medical condition that would impair his or her ability to understand the information, or if disclosure would be likely to be harmful to the individual concerned, parental/guardian consent should be sought.
Note B: Exceptions to note:
Schools should note that data protection regulations prohibit the supply of:
- health data to a patient in response to a request for access if that would cause serious harm to his or her physical or mental health. The regulations also provide that such data is to be communicated only by, or after consultation with, an appropriate "health professional", normally the patient's own doctor
- personal data obtained in the course of carrying on social work if that would cause serious harm to the health or emotional condition of the data subject concerned. The regulations apply to social work carried on by Ministers, local authorities, the HSE or any other such bodies receiving financial assistance from public funds.
Success Criteria
The practical indicators of the success of this policy will include:
- Systematic compilation of uniform records by staff
- Systematic reporting to parents on educational progress in place
- Parents/pupils can access records without undue disruption of teaching time. (especially important in the case of teaching principals) Storage of records is manageable
Roles and Responsibility
The secretary will have responsibility in conjunction with the Principal for the safe storage of all dated records. Al teachers have responsibility for the safe storage of their own personal records of pupil assessment. Parents will be informed of their rights to access data relating to their child's progress.
Implementation Date
This policy will be implemented from April 2023.
Timetable for Review
This policy will be reviewed as a matter of course every two years. It will be amended sooner than that should legislation or National Guidelines require some amendments.
Ratification and Communication
This policy has been ratified by the Board of Management on ______________________.
Signed: __________________________________________ Date: ___/___/______
(Chairperson of Board of Management)
Signed: ___________________________________________ Date: ___/___/______
(Principal)