+ Post New Thread
Results 1 to 9 of 9
How do you do....it? Thread, Alumni Association and Data Protection Act in Technical; This has been going on for years, but no-one ever asked the question before now! Each year, we provide the ...
  1. #1
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75

    Alumni Association and Data Protection Act

    This has been going on for years, but no-one ever asked the question before now! Each year, we provide the head of our alumni group with names and addresses for the people who left our school 10 years ago, so they can write and invite them to a reunion. Anyone know where we stand in terms of the Data Protection Act? Since the alumni group is outside of the school, should we really be giving the information out?

  2. #2
    jdoyle's Avatar
    Join Date
    Mar 2008
    Location
    Republic of Swindon
    Posts
    393
    Thank Post
    68
    Thanked 49 Times in 42 Posts
    Rep Power
    57
    ditto, should you be keeping it for ten years, especially if you're not doing anything to ensure it's uptodate.

  3. #3
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    Data retention is a separate issue, although one I will start a thread on it a moment. Following a conversation with a few other people here, we have decided that we will handle all the mailings ourselves, thus not sharing the information with anyone outside the school. A bit more work for our admin team to do, but it does sound the better option.

  4. #4
    jdoyle's Avatar
    Join Date
    Mar 2008
    Location
    Republic of Swindon
    Posts
    393
    Thank Post
    68
    Thanked 49 Times in 42 Posts
    Rep Power
    57
    in this case, inextricably linked. On the little info you've posted, you're possibly on dodgy grounds on principles 4, 5 and 6 and possibly schedule 3 of principle 1 re explicit consent, regardless of doing the processing internally or externally. Possible issues re principle 2 in that you are using the data for a purpose other than that which it was collected.

    Most schools are fairly lax re their DP obligations.

  5. #5

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,935
    Thank Post
    1,341
    Thanked 1,783 Times in 1,106 Posts
    Blog Entries
    19
    Rep Power
    594
    You are in breach of the DPA unless you have in your Schedule with the ICO that you will share your data with Alumni groups and that you have notified those whose data you will be sharing that this is the case (i.e. the Fair Processing notice which goes out each year to existing students) which will cover you with those going through the system at the moment when they hit the 10 year period ... but this cannot be done retrospectively as it is hard to say that you can honestly inform all those involved.

    Contact each ex-student yourself and request permission to pass on the details. It is opt-in, not opt-out.

  6. #6
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    Good job we've moved the mailings in-house then! Thanks for the input.

  7. #7
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    Even the ICO are vague on this. Taken from Retaining personal data (Principle 5), you get:
    You may not need to delete all personal data when the relationship ends. You may need to keep some information so that you can confirm that the relationship existed – and that it has ended – as well as some of its details.
    But then just a few lines further down it says:
    However, personal data that is unlikely to be needed again should be removed from the organisation’s records – such as the individual’s emergency contact details, previous addresses, or death-in-service beneficiary details.
    It also says:
    There may often be good grounds for keeping personal data for historical, statistical or research purposes. The Data Protection Act provides that personal data held for these purposes may be kept indefinitely as long as it is not used in connection with decisions affecting particular individuals, or in a way that is likely to cause damage or distress. This does not mean that the information may be kept forever – it should be deleted when it is no longer needed for historical, statistical or research purposes.
    On the basis of that, I think we're okay to keep names and addresses (accepting that many of them will be out of date, of course) along with dates of entry/leaving, but should delete most other things after the person has turned 21 (based on the limitations of liability). Or am I misreading this?

  8. #8
    jdoyle's Avatar
    Join Date
    Mar 2008
    Location
    Republic of Swindon
    Posts
    393
    Thank Post
    68
    Thanked 49 Times in 42 Posts
    Rep Power
    57
    ACT Now are running an online session Data Protection and FoI for Schools on the 5th December

    https://student.gototraining.com/4pb...55727962711552

  9. 2 Thanks to jdoyle:

    enjay (29th November 2011), GrumbleDook (29th November 2011)

  10. #9

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,935
    Thank Post
    1,341
    Thanked 1,783 Times in 1,106 Posts
    Blog Entries
    19
    Rep Power
    594
    Quote Originally Posted by jdoyle View Post
    ACT Now are running an online session Data Protection and FoI for Schools on the 5th December

    https://student.gototraining.com/4pb...55727962711552
    45 mins and 15mins for Q&A ... even with only a small group (24) that will cover the minimum of what you need to look at, not anything specific ... but will be a good eye-opener for many schools.

SHARE:
+ Post New Thread

Similar Threads

  1. VLE and data protection act
    By tmcd35 in forum General Chat
    Replies: 0
    Last Post: 22nd October 2009, 12:06 PM
  2. Changes to data protection act
    By sjplot in forum Network and Classroom Management
    Replies: 18
    Last Post: 5th October 2007, 11:19 AM
  3. Folder access - Data Protection Act - How do you do it?
    By Paid_Peanuts in forum How do you do....it?
    Replies: 7
    Last Post: 29th August 2007, 11:39 AM
  4. Data Protection Act And Root/Administrators Passwords.
    By tickmike in forum General Chat
    Replies: 4
    Last Post: 11th September 2006, 03:35 PM
  5. Data Protection Act - re: Remote Access
    By mark in forum School ICT Policies
    Replies: 18
    Last Post: 26th September 2005, 07:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •