Data Retention Policy

Effective file keeping and data management are vital to allow mediaburst to carry out is business functions. To comply with the principles of the Data Protection Act 1998, records containing personal data must be:

• Disposed of appropriately to ensure that copyrights are not breached and to prevent them falling into the hands of unauthorised personnel.
• Retain for only as long as necessary.
• Retrievable and easily traced.
• Stored appropriately having regard to the sensitivity and confidentiality of the material recorded.

This policy applies equally to paper, electronic media and any other method used to store personal data. The period of retention only commences when the record is closed.

Storage

All data and records should be stored securely to avoid misuse or loss.

All data records will be stored in the most convenient and appropriate location having regard to the period of retention required and the frequency with which access will be made to the record.

The degree of security required for file storage will reflect the sensitivity and confidential nature of any material recorded. Any data file or record which contains personal data of any form can be considered as confidential in nature. Examples of appropriate storage include password protecting electronic documents and locking paper documents in a secure cupboard or drawer.

Retention

Data and records should not be kept for longer than necessary. The Data Protection Act requires that personal data processed for any purpose “shall not be kept for longer than necessary for that purpose”.

Five years should be regarded as the maximum period of retention, though a shorter period may sometimes be appropriate. No data file or record should be retained for more than 5 years after it is closed unless a good reason can be demonstrated. Reasons for longer retention may include:

• If there is a threat of litigation, records likely to be affected should not be amended or disposed of until the threat has been removed.
• Records are maintained for the purpose of retrospective comparison (e.g. finance)
• Records contain information relevant to legal action which has been started or is in contemplation.
• Records relate to individuals or providers of services who are judged unsatisfactory. The individuals may include employees or volunteers who have been the subject of serious disciplinary action.
• Records should be archived for historical or research.
• Statute requires retention for a longer period.

Destruction and Disposal

All information of a confidential or sensitive nature must be securely destroyed when no longer required and a register of the disposal of such records maintained. The employee or volunteer concerned is responsible for doing this. The procedure for the destruction of confidential or sensitive records is as follows:

1. Electronic files should be deleted in such a way that they cannot be retrieved by simply undoing the last action or restoring the item from the Recycle Bin. Destruction of backup copies should also be dealt with.
2. Media and equipment should be physically destroyed prior to disposal.
3. Paper should be mechanically shredded if the content is sensitive.

Get in touch

As always, if you have any specific concerns or would like further reassurance then please get in touch.

Contact us