How do you do....it? Thread, Alumni Association and Data Protection Act in Technical; This has been going on for years, but no-one ever asked the question before now! Each year, we provide the ...
24th November 2011, 03:02 PM #1
Alumni Association and Data Protection Act
This has been going on for years, but no-one ever asked the question before now! Each year, we provide the head of our alumni group with names and addresses for the people who left our school 10 years ago, so they can write and invite them to a reunion. Anyone know where we stand in terms of the Data Protection Act? Since the alumni group is outside of the school, should we really be giving the information out?
IDG Tech News
24th November 2011, 04:09 PM #2
ditto, should you be keeping it for ten years, especially if you're not doing anything to ensure it's uptodate.
24th November 2011, 04:48 PM #3
Data retention is a separate issue, although one I will start a thread on it a moment. Following a conversation with a few other people here, we have decided that we will handle all the mailings ourselves, thus not sharing the information with anyone outside the school. A bit more work for our admin team to do, but it does sound the better option.
24th November 2011, 05:23 PM #4
in this case, inextricably linked. On the little info you've posted, you're possibly on dodgy grounds on principles 4, 5 and 6 and possibly schedule 3 of principle 1 re explicit consent, regardless of doing the processing internally or externally. Possible issues re principle 2 in that you are using the data for a purpose other than that which it was collected.
Most schools are fairly lax re their DP obligations.
24th November 2011, 11:53 PM #5
You are in breach of the DPA unless you have in your Schedule with the ICO that you will share your data with Alumni groups and that you have notified those whose data you will be sharing that this is the case (i.e. the Fair Processing notice which goes out each year to existing students) which will cover you with those going through the system at the moment when they hit the 10 year period ... but this cannot be done retrospectively as it is hard to say that you can honestly inform all those involved.
Contact each ex-student yourself and request permission to pass on the details. It is opt-in, not opt-out.
25th November 2011, 10:00 AM #6
Good job we've moved the mailings in-house then! Thanks for the input.
25th November 2011, 10:33 AM #7
Even the ICO are vague on this. Taken from Retaining personal data (Principle 5), you get:
But then just a few lines further down it says:
You may not need to delete all personal data when the relationship ends. You may need to keep some information so that you can confirm that the relationship existed – and that it has ended – as well as some of its details.
It also says:
However, personal data that is unlikely to be needed again should be removed from the organisation’s records – such as the individual’s emergency contact details, previous addresses, or death-in-service beneficiary details.
On the basis of that, I think we're okay to keep names and addresses (accepting that many of them will be out of date, of course) along with dates of entry/leaving, but should delete most other things after the person has turned 21 (based on the limitations of liability). Or am I misreading this?
There may often be good grounds for keeping personal data for historical, statistical or research purposes. The Data Protection Act provides that personal data held for these purposes may be kept indefinitely as long as it is not used in connection with decisions affecting particular individuals, or in a way that is likely to cause damage or distress. This does not mean that the information may be kept forever – it should be deleted when it is no longer needed for historical, statistical or research purposes.
29th November 2011, 11:55 AM #8
ACT Now are running an online session Data Protection and FoI for Schools on the 5th December
2 Thanks to jdoyle:
enjay (29th November 2011), GrumbleDook (29th November 2011)
29th November 2011, 01:04 PM #9
45 mins and 15mins for Q&A ... even with only a small group (24) that will cover the minimum of what you need to look at, not anything specific ... but will be a good eye-opener for many schools.
Originally Posted by jdoyle
By tmcd35 in forum General Chat
Last Post: 22nd October 2009, 01:06 PM
By sjplot in forum Network and Classroom Management
Last Post: 5th October 2007, 12:19 PM
By Paid_Peanuts in forum How do you do....it?
Last Post: 29th August 2007, 12:39 PM
By tickmike in forum General Chat
Last Post: 11th September 2006, 04:35 PM
By mark in forum School ICT Policies
Last Post: 26th September 2005, 08:19 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)