+ Post New Thread
Results 1 to 7 of 7
How do you do....it? Thread, Data Retention and Archiving in Technical; We have been reviewing policy and procedure in the school, and something which has cropped up as a potentially serious ...
  1. #1

    Join Date
    May 2006
    Posts
    159
    Thank Post
    5
    Thanked 10 Times in 5 Posts
    Rep Power
    18

    Data Retention and Archiving

    We have been reviewing policy and procedure in the school, and something which has cropped up as a potentially serious issue, is the one of data retention.

    I'm told that currently all data about children must be held in our establishment for 5 years. This lead to questions regarding email retention.

    We host our own email using exchange 2003, and have "limited" measures in place for email archiving. I was wondering how other schools handle long term data archiving (software and hardware), especially email archiving, and what systems they have in place to process requests under the FOI act.
    Last edited by klawd; 15th September 2009 at 12:38 PM. Reason: typo

  2. #2

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,037
    Thank Post
    209
    Thanked 425 Times in 306 Posts
    Rep Power
    144
    The only system which we are required to retain the information in is SIMS and the finance system as far as I know, both of which deal with their own archiving inside the program, so as long as you have up-to-date backups should the worst happen, as far as retaining data is concerned you're covered (as far as I'm aware.)

    All the rest is merely a service that is provided to the student or staff member while they are in attendance at the school so we don't retain anything network wise for that long. We keep Students work on the network for 6 months after they leave, and it will be available on backup tapes for a further 12 months until the last monthly backup with it on gets over written. Same for staff home folders and e-mail accounts.

    Please someone correct me if I'm wrong.

    Mike.

  3. #3
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,485
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    We run a similar system to Maniac, although leavers' work is kept for longer as we archive it to our NAS (don't think I've ever been asked for anything more than about 6 months old, though).

    My understanding is that the FOI does not require us to provide any and all information which we have ever held about someone, merely to provide what information is still held at the time of the enquiry.

    Remember also that there is a "get out clause" in the FOI which pretty much means that an organisation can refuse a request if it is too difficult to provide the information.

  4. #4

    Join Date
    Dec 2007
    Location
    Nottinghamshire
    Posts
    187
    Thank Post
    59
    Thanked 21 Times in 19 Posts
    Rep Power
    17
    We hold data on Sims backups as maniac does, also when checking with the major exam boards they say that they won’t ask for information relating to any course work (electronic or otherwise) past 6 months after the results date (for the longest).

    We currently keep user areas for 1 year for students and staff. Emails are kept on a 1 year rolling backup as part of our monthly backups. These are all backed up to tapes and stored off site.

  5. #5

    Join Date
    May 2006
    Posts
    159
    Thank Post
    5
    Thanked 10 Times in 5 Posts
    Rep Power
    18
    Thanks for the responses. Very interesting.

    How do people handle email retention and archiving?

    There has been an incident here, which has referred to correspondence via email between staff and parent, which took place some time ago (over 6 months), for evidence purposes.

    Just wondering how others deal with this.

  6. #6

    Join Date
    Jan 2009
    Posts
    182
    Thank Post
    17
    Thanked 21 Times in 19 Posts
    Rep Power
    15
    It's all horribly complicated and I think we all worry that we'll get it wrong - applies to paper files as well as e-files (and as some establishments already scan all paper documents and then retain the e-file, it gets even more complex)

    Need to retain evidence of correspondence and internal documents so that an audit trail and evidence that things that should have been done, have been done. This might be for a long time: consider the student who comes back with a legal challenge that he/she hadn't been looked after properly, perhaps years later when the trigger for the action is dropping out of uni. This needs to be balanced with the Data Protection principle that we should not keep data that is not held for the benefit of the data subject. In that context we get requests for verification of old exam results - some as far back as the 1960s - so that sort of e-data needs pretty permanent storage.

    The big load on any school that is brave enough to do things by the book must be the cost of weeding the files, whether electronic or paper.

    My guess - not our policy, my guess - is that 6 months or a year might not be long enough in some cases. Storage space is cheap so I would tend to go for longer storage.

  7. #7


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,628
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    Quote Originally Posted by klawd View Post
    Thanks for the responses. Very interesting.

    How do people handle email retention and archiving?

    There has been an incident here, which has referred to correspondence via email between staff and parent, which took place some time ago (over 6 months), for evidence purposes.

    Just wondering how others deal with this.
    There are 3 main approaches:

    1) Favoured by companies who get sued a lot (or rather, favoured by their legal dept):

    "We don't keep anything older than 3 months". That's their policy and it's legal to do so. They also usually make impromptu per-user archiving (say .pst to a network homedir) impossible (automated regular sweeps of fileservers) and grounds for dismissal* or disciplinary action.

    2) Favoured by hoarders, packrats and people who panic.

    "Let's keep everything!!!!" "On sata disks, yay - terabytes are cheap". These people are hated by their legal depts, their sysadmins and loved by professional evidence audit teams (per-day rate + terabytes = happy bonus time for auditors) and Ontrack (same reason - "we don't need no stinking enterprise rated sata, use the pc world special").

    3) The balanced approach

    "How long, assuming our backups are good and regularly tested, do we need to retain email for the purpose of school business?"

    Decide that and then set your time. You are under _no_ obligation to save email correspondance to "prove" one way or another whether something did or didn't happen beyond then. Saving it can later bite you in the arse and so can not saving it, so it's a wash overall. Retention should be "reasonable", not kept out of fear you'll get spanked if you don't.

    If you have $requested_data, and the requestee has a legal claim to see it, hand it over. But "sorry, that's outside our data retention periods" is also a perfectly valid response. Provided you have a set policy that states "we keep X for $time".

    *if you're the sysadmin who kept a "just-in-case" backup of the mailserver before carrying out some work and the evidence search team finds it, you will not be popular.
    Last edited by pete; 16th September 2009 at 10:34 PM.

  8. Thanks to pete from:

    enjay (17th September 2009)

SHARE:
+ Post New Thread

Similar Threads

  1. Retention Policy for Web Filter, Email and Data
    By sjl in forum School ICT Policies
    Replies: 3
    Last Post: 8th July 2009, 07:11 PM
  2. Data Retention Policies.
    By Geoff in forum School ICT Policies
    Replies: 11
    Last Post: 13th June 2007, 10:45 PM
  3. Data Retention Policies?
    By Geoff in forum School ICT Policies
    Replies: 3
    Last Post: 1st May 2007, 12:12 PM
  4. Archiving Data
    By daveyboy in forum School ICT Policies
    Replies: 0
    Last Post: 21st March 2007, 11:43 AM
  5. Data retention
    By Dos_Box in forum School ICT Policies
    Replies: 21
    Last Post: 27th March 2006, 08:40 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •