KILBRIDE NATIONAL SCHOOL
Ní neart go cur le chéile
Data Protection Policy
The school’s Data Protection Policy applies to the personal data held by the school which is protected by the Data Protection Acts 1988, 2003 and 2018.
The policy applies to all school staff, the Board of Management, parents/guardians, pupils, and others (including prospective or potential pupils and their parents/ guardians and applicants for staff positions within the school) insofar as the measures under the policy relate to them. Data will be stored securely, so that confidential information is protected in compliance with relevant legislation. This policy sets out the way personal data and sensitive personal data will be protected by the school.
The school is a data controller of personal datarelating to its past, present, and future staff, pupils, parents/guardians, and other members of the school community. As such, the school is obliged to comply with the principles of data protection set out in the Data Protection Acts 1988, 2003 and 2018 which can be summarised as follows:
The Data Protection Acts 1988, 2003 and 2018 apply to the keeping and processing of Personal Data, both in manual and electronic form. The purpose of this policy is to assist the school to meet its statutory obligations, to explain those obligations to school staff, and to inform staff, pupils, and their parents/guardians how their data will be treated.
The policy applies to all school staff, the board of management, parents/guardians, pupils, and others (including prospective or potential pupils and their parents/guardians, and applicants for staff positions within the school) insofar as the school handles or processes their Personal Data during their dealings with the school.
To properly understand the school’s obligations, there are some key terms which should be understood:
Data means information in a form that can be processed. It includes both automated data (e.g., electronic data) and manual data. Automated datameans any information on computer, or information recorded with the intention that it be processed by computer. Manual data means information that is kept/recorded as part of a relevant filing system or with the intention that it form part of a relevant filingsystem.
Relevant filing system means any set of information that, while not computerised, is structured by reference to individuals or by reference to criteria relating to individuals, so that specific information relating to a particular individual is readily, quickly, and easily accessible.
Personal Data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the Data Controlleri.e., the school.
Sensitive Personal Data refers to Personal Data regarding a person’s
Data Controller for the purpose of this policy is the Board of Management of Kilbride National School.
In addition to its legal obligations under the broad remit of educational legislation, the school has a legal responsibility to comply with the Data Protection Acts, 1988, 2003 and 2018.
This policy explains what sort of data is collected, why it is collected, for how long it will be stored and with whom it will be shared. As more and more data are generated electronically and as technological advances enable the easy distribution and retention of this data, the challenge of meeting the school’s legal responsibilities has increased.
The school takes its responsibilities under data protection law very seriously and wishes to put in place safe practices to safeguard individual’s personal data. It is also recognised that recording information accurately and storing it safely facilitates an evaluation of the information, enabling the principal and board of management to make decisions in respect of the efficient running of the school. The efficient handling of data is also essential to ensure that there is consistency and continuity where there are changes of personnel within the school and board of management.
Implementation of this policy considers the school’s other legal obligations and responsibilities. Some of these are directly relevant to data protection. For example:
Because Kilbride National School is a Catholic School, we seek to develop a sense of community that attempts to live out the teaching of Christ, especially in our treatment of others. We endeavour to develop the spiritual, intellectual, social, cultural, and physical potential of all our pupils. With the co-operation of the parents, this potential is developed as fully as possible, so that each pupil can achieve success at his or her own level of ability.
Kilbride National School seeks to develop the unique potential of each pupil. With the co-operation of the parents every effort is made to ensure that each pupil can achieve success at his or her own level of ability. Religion is an important part of life, and every pupil is encouraged to deepen his or her faith and to develop for themselves, a reasoned basis for the practice of that faith.
We aim to achieve these goals while respecting the privacy and data protection rights of pupils, staff, parents/guardians, and others who interact with us. The school wishes to achieve these aims/missions while fully respecting individuals’ rights to privacy and rights under the Data Protection Acts.
The Personal Data records held by the school may include:
Categories of staff data: As well as existing members of staff (and former members of staff), these records may also relate to applicants applying for positions within the school, trainee teachers and teachers under probation. These staff records may include:
Purposes: Staff records are kept for the purposes of:
Location: In a secure, locked filing cabinet and in electronic format that is password / access protected and in such a way that only personnel who are authorised to use the data can access. Employees are required to maintain the confidentiality of any data to which they have access.
Security: Records are kept in manual record form and electronic form. Personal files are securely kept within the relevant filing system in the principal’s office and in computer record form on our database packages. Electronic Data is password protected; we use NCTE firewall software and adequate levels of encryption.
Categories of pupil data: These may include:
Purposes: The purposes for keeping pupil records are:
Location: In a secure, locked filing cabinet and in electronic format on our school database that is password protected in such a way that only personnel who are authorised to use the data can access the data. Employees are required to maintain the confidentiality of any data to which they have access.
Security: records are kept as manual records: a personal file is kept within the relevant filing system in the office and on computer database. The office where files are kept is locked and only accessed through the principal’s office or administrative office. All electronic files are password protected, and with the use of firewall protection software.
Some of the above records are stored in the School Archive after an individual has graduated from the school. See the section of this policy headed Data Protection Principles.
Categories of Board of Managementdata: These may include:
Purposes: To enable the Board of Management to operate in accordance with the Education Act 1998 and other applicable legislation and to maintain a record of board appointments and decisions.
Location: In a secure, locked filing cabinet and in electronic format that is password / access protected in such a way that only personnel who are authorised to use the data can access it. Employees are required to maintain the confidentiality of any data to which they have access.
Security: Records are kept in manual records e.g., a personal file within a relevant filing system, as computer records and on our database. The filing cabinet where records are kept is locked, electronic equipment and data is password protected and we have firewall security software with adequate levels of encryption.
Some of the above records are stored in the School Archive. See the section of this policy headed Data Protection Principles.
For example: Details of contractors, suppliers etc.
The school will hold other records relating to individuals. The format in which these records will be kept are on manual record within the relevant filing system, and on computer record / database. Some examples of the type of other records which the school will hold are set out below (this list is not exhaustive):
Categories of data: the school may hold some or all the following information about creditors (some of whom are self-employed individuals):
Purposes: This information is required for routine management and administration of the school’s
financial affairs, including the payment of invoices, the compiling of annual financial accounts and
complying with audits and investigations by the Revenue Commissioners.
Location: In a secure, locked filing cabinet that only personnel who are authorised to use the data can access. Employees are required to maintain the confidentiality of any data to which they have access.
Security: Records are kept e.g., on manual record as a personal file within the relevant filing system, on computer record / database). Security measures employed include locks, padlocks, password protection, firewall software and adequate levels of encryption.
Some of the above records are stored in the School Archive. See the section of this policy headed Data Protection Principles.
Categories of data: the school may hold the following data in relation to donors who have made
charitable donations to the school:
Purposes: Schools are entitled to avail of the scheme of tax relief for donations of money they receive. To claim the relief, the donor must complete a certificate (CHY2) and forward it to the school to allow it to claim the grossed-up amount of tax associated with the donation. The information requested on the appropriate certificate is the parents’ name, address, PPS Number, tax rate, telephone number, signature, and the gross amount of the donation. This is retained by the school in the case of audit by the Revenue Commissioners.
Location: In a secure, locked filing cabinet and in electronic format that is password / access protected and in such a way that only personnel who are authorised to use the data can access. Employees are required to maintain the confidentiality of any data to which they have access.
Security: These records are kept as manual records and on computer record / database. Security measures employed include, locks, padlocks, password protection, firewall software and adequate levels of encryption.
Some of the above records are stored in the School Archive. See the section of this policy headed Data Protection Principles.
Categories: CCTV is installed in the office but only looks externally i.e., perimeter walls/fencing. The CCTV system may record images of staff, pupils and members of the public who visit the premises.
Purposes: Safety and security of staff, pupils, and visitors and to safeguard school property and
equipment.
Location: Cameras are located externally as detailed in the CCTV Policy and plan / legend.
Recording equipment is in the Principal’s office.
Security: Access to images/recordings is restricted to the principal & deputy principal of the school.
Categories: The school will hold data comprising standardised results in respect of its pupils. These include class, mid-term, annual and continuous assessment results.
Purposes: The main purpose for which these standardised testing results and other records are held is to monitor a pupil’s progress and to provide a sound basis for their progress.
Location: In a secure, locked filing cabinet and on our school database that is password and access protected such that only personnel who are authorised to use the data can have access. Employees are required to maintain the confidentiality of any data to which they have access.
Security: These records are kept, in manual record within the relevant filing system, and on computer record / database in the school office for current pupils and in the school archive for past pupils. Security measures include locks on filing cabinet, padlocks on the door where archives are stored, electronic data is password protected, we employ firewall software and adequate levels of encryption.
Categories: At the beginning of each academic year, parents/guardians and pupils are asked to provide the school with certain information so that the school can make returns to the DE referred to as “September Returns”. These September Returns will include sensitive personal data regarding personal circumstances which are provided by parents/guardians and pupils based on explicit and informed consent. The September Return contains individualised data (such as an individual pupil’s PPS number) which acts as an “identifier” for the DE to validate the data that belongs to a recognised pupil. The DE also transfers some of this data to other government departments and other State bodies to comply with legislation, such as transfers to the Department of Social Protection pursuant to the Social Welfare Acts, transfers to the Educational Research Centre, and transfers to the Central Statistics Office pursuant to the Statistics Acts. The data will also be used by the DE for statistical, policymaking and research purposes. However, the DE advises that it does not use individual data, but rather aggregated data is grouped together for these purposes. The DE has a data protection policy which can be viewed on its website (www.education.ie). The DE has also published a “Fair Processing Notice” to explain how the personal data of pupils and contained in September Returns is processed. This can also be found on www.education.ie (search for Circular Letter 0047/2010 in the “Circulars” section).
Purposes: The school asks parents/guardians and pupils to complete September Returns for the
purposes of complying with DE requirements to determine staffing and resource allocations and
to facilitate the orderly running of the school. The main purpose of the September Returns is for the
DE to determine whether the pupil qualifies for English language support and/or additional
resources and support to meet their educational needs. The September Returns are submitted to the DE electronically. The DES has their own policy governing the security of the data sent to them by all primary schools. The co-operation of each pupil and/or their parents/guardians in completing the September Return is greatly appreciated as the school’s aim is to ensure that each pupil is assisted in every way to ensure that s/he meets his/her full potential.
Location: All such data is kept in a secure, locked filing cabinet and in electronic format that is password / access protected and in such a way that only personnel who are authorised to use the data can access. Employees are required to maintain the confidentiality of any data to which they have access.
Security: These records are kept in manual record form and on computer record / database. Security measures include locks & padlocks on rooms where data is stored, password protection on electronic devices where data is stored, firewall software and adequate levels of encryption.
Some of the above records are stored in the School Archive. See the section of this policy headed Data Protection Principles.
Our school policies need to be consistent with one another, within the framework of the overall School Plan. Relevant school policies already in place or being developed or reviewed, shall be examined with reference to the data protection policy and any implications which it has for them shall be addressed.
The following policies may be among those considered:
Data in this school will be processed in line with the data subjects' rights.
Data subjects have a right to:
Section 3 access request
Under Section 3 of the Data Protection Acts, an individual has the right to be informed whether the school holds data/information about them and to be given a description of the data together with details of the purposes for which their data is being kept. The individual must make this request in writing and the data controller will accede to the request within 21 days.
The right under Section 3 must be distinguished from the much broader right contained in Section 4, where individuals are entitled to a copy of their data.
Section 4 access request
Individuals are entitled to a copy of their personal data on written request.
Providing information over the phone
In our school, any employee dealing with telephone enquiries should be careful about disclosing any personal information held by the school over the phone. The employee should:
In our school the Board of Management is the data controller, and the principal will be assigned the role of co-ordinating implementation of this Data Protection Policy and for ensuring that staff who handle or have access to Personal Data are familiar with their data protection responsibilities.
The following personnel have responsibility for implementing the Data Protection Policy:
Name | Responsibility |
Board of Management | Data Controller |
Principal: Deirdre Murphy | Implementation of Policy |
Teaching Personnel: As per staff list | Awareness of Responsibilities |
Administrative personnel: As per staff list | Security and Confidentiality |
This Data Protection Policy has been ratified by the Board of Management, and it is the school's agreed Data Protection Policy. It is available and circulated within the school community by means of the school’s website. The entire staff has been briefed on the Data Protection Policy and it has been put into practice in accordance with the specified implementation arrangements. It is important that all concerned are aware of any changes implied in recording information on pupils, staff, and others in the school community.
In this context the following applies:
Parents/guardians and pupils will be informed about this Data Protection Policy at the time of enrolment of the pupil by directing their attention to the school website.
The implementation of the policy will be monitored by the principal and the Board of Management.
At least one annual report will be issued to the Board of Management to confirm that the actions/ measures set down under the policy are being implemented.
Reviewing and evaluating the policy
The policy will be reviewed and evaluated annually and as necessary. Ongoing review and evaluation will take cognisance of changing information or guidelines (e.g., from the Data Protection Commissioner, DE or Tusla), legislation and feedback from parents/guardians, pupils, school staff and others. The policy will be revised as necessary in the light of such review and evaluation and within the framework of school planning.
This policy was reviewed by the Board of Management in 2021.
Next Review date: September 2022.