Data Protection and Record Keeping

Please note this policy will be updated this term in accordance with new data regulations coming into effect mid 2018



The Staff and Board of Management of Saint Brigid’s National School formulated this policy. The purpose of the policy is to identify the personal data that is retained by the school in manual and electronic form and to ensure confidential and manageable procedures are in place when giving access to such records by parents and staff.


  • To ensure the school complies with legislative requirements and that the data protection rights of parents, pupils and staff are safeguarded
  • To clarify the types of records maintained and the procedures relating to making them available to the relevant bodies
  • To put in place proper recording and reporting framework on the educational progress of pupils
  • To establish clear guidelines on making these records available to parents and past pupils who are over 18
  • To stipulate the length of time records and reports will be retained.

The Eight Rules of Data Protection

Based on Data Protection Act 1988 and Data Protection Amendment Act 2003

  1. Obtain data and process fairly
  2. Keep it only for explicit lawful purposes
  3. Use it and disclose it only in ways compatible with these purposes
  4. Keep it safe and secure
  5. Keep it accurate up to date and complete
  6. Ensure that it is adequate, relevant and not excessive
  7. Retain it for no longer than necessary for the purpose
  8. Give a copy to individual on request


Types of Data

  1. Personal Data:

This data relates to personal details of the students such as name, address, date of birth, gender, ethnic origin, nationality, religious belief, medical details, dietary information, PPSN, contact details and parents names. These are kept in the office in a locked filing cabinet.

  1. Student Records:
  • Personal details of the student and parents or guardians
  • Sensitive Medical data
  • School report cards
  • Psychological/Clinical/Occupational Therapy/Speech and Language Assessments
  • Standardised Test Results
  • Screening Tests such as MIST and NRIT
  • Teacher – designed tests.
  • Assessment Folders and Profiles
  • Diagnostic Tests Reports
  • Individual Education Plans
  • Learning Support/Resource Data such as records of permission/refusal to access LS/RT services in the school and exemptions in Irish
  • Minutes of meetings with parents
  • Attendance Records and Absence notes
  • Behaviour Records
  • Discipline Committee Records
  • Accident Reports
  • Child Protection Records.
  • Mobile Phone Contracts
  1. Data relating to Staff

This data relates to personal and professional details of the Staff such as name, address, date of birth, contact details, payroll number, attendance records, qualifications, school records, sick leave, CPD, curriculum vitae, school returns, classes taught and seniority.

  1. Administrative Data:
  • Attendance Reports, Roll Book, Registers
  • Accident Report Book
  • Administration of Medicines Indemnity Form
  • Policies
  • HSE files
  • Board of Management files
  • Accounts
  1. Electronic Data:

A large part of the schools’ database is stored electronically on Aladdin, a cloud based administration system which is password protected.


Access to Records:

Those listed below will have access to data held by the school where relevant and appropriate

  • Parents/guardians of pupils under 18
  • Past pupils over 18
  • Health Service Executive
  • National Educational Welfare Board
  • National Educational Psychologists Service
  • National Council for Special Ed.
  • Designated school personnel
  • Department of Education & Skills
  • First and second-level schools (where relevant).


A parental authorisation form must be completed by parents in the event of data being transferred to outside agencies such as health professionals etc.  Outside agencies requesting access to records must do so in writing giving seven days notice.  Parents/Guardians can make such a request either by phone, email or in writing.

First and Second level schools must confirm transfers in writing before data can be transferred.

Annual written reports are given to parents of children from 1st – 6th classes in mid June. A standardized form is used. Standardized test results are included on the 2nd 4th and 6th report cards.


Responsibilities of Staff


The Principal: Mr. Courtney

The Principal assumes the function of data controller and supervises the application of the Data Protection Act within the school. The Principal will ensure records are accurate, up to date, treated confidentially and stored securely.

The Teachers should

  • Maintain accurate, up to date records. These may include contact information, behaviour reports, medical information, assessments, test scores, standardized test answer books, parent teacher meeting notes, and pupil portfolios.
  • Store standardized test answer books for analysis and pass to next teacher. The front page must be shredded once the next test has been administered.
  • Keep all sensitive data out of sight
  • Pass relevant data to next teacher and destroy information that is not relevant in a responsible manner. (Shredder available in Learning Support and Office)
  • Use Aladdin or password protected folders to save electronic data, (not USB keys or external hard drives)
  • Provide end of year reports to parents using a DES standardized form, a template of which is stored on Aladdin
  • Record absence reasons on Aladdin
  • Keep absence notes in cases where teachers have a concern and pass these to Deputy Principal at end of each year
  • Send mobile phone contracts to Deputy Principal

The Learning Support Coordinator should

  • Maintain accurate and up to date test results and report cards and store these securely in locked cabinets.
  • Store all other records for 10 years until past pupil reaches 23
  • Maintain and store assessment reports and sensitive records
  • Remove and shred records when past pupils reach 23 (10 years)
  • Provide data to outside agencies after receiving written requests
  • Provide teachers access to test scores, reports and assessments on pupils in their class
  • Provide student transfer records to another school when requests are made in writing

The Learning Support Teachers should

  • Store sensitive records in locked cabinets
  • Use password protected folders, Google Drive or Aladdin
  • Not store sensitive data on USB keys or external hard drives that are not password protected
  • Destroy information that is no longer relevant in a responsible manner

The Special Needs Assistants should

  • Maintain a weekly log
  • Maintain a home school communication notebook if necessary
  • Pass records to Learning Support Coordinator if pupil is reassigned.

The Post Holder with responsibility for administration of medicines should

  • Obtain relevant medical information and consent forms from parents of children with medical conditions.
  • Display medical information including photos on the staffroom notice board and share this information with staff as necessary.
  • Store all medical information securely and destroy when child has left the school.
  • Keep medical records accurate, up to date and relevant

The Deputy Principal should

  • Ensure completed school roll books are stored in a secure location and access is limited to authorized personnel only.
  • Maintain and store securely behaviour reports, absence notes, school register, roll books attendance records, transfer information and mobile phone contracts.
  • Share attendance records with NEWB
  • Upload test results, accident and behaviour records via Aladdin and share these with the current class and support teachers annually
  • Share necessary medical information of pupils with staff using the yard notebooks.

The School Secretary should

  •  Maintain the electronic school administration system
  • Store all student and parents’ personal information provided on enrolment forms in a locked cabinet
  • Remove data on past pupils and store in a secure location for 10 years.


Links to other Policies:

This Data Protection Policy is linked to

  • Child Protection Policy
  • Anti Bullying Policies
  • Substance Abuse Policy
  • Administration of Prescribed Medicines Policy
  • Enrolment Policy
  • Code of Behaviour


Success Criteria:

  • Compliance with Data Protection Act 1988 and Data Protection Amendment Act 2003 Statute of Limitations Act 1957
  • Systematic reporting to parents on education progress in place
  • Easy access to records
  • Framework in place for ease of compilation and reporting
  • Manageable storage of records