Data Retention Notice for RAGES
1. Introduction
1.1. The group gathers personal information from individuals and external organisations, all of which is recorded in documents and records, both in hard copy and electronic form.
1.2. Examples of the types of information
accumulated and generated are set out in Appendix 1 of this policy and
include membership details and other communications such as letters and
emails.
1.3. In certain circumstances it will be necessary to retain documents
for operational needs. Document retention is also required to preserve
information.
1.4. It is however not practical or appropriate for the group to retain
all records. Additionally, data protection principles require
information to be as up to date and accurate as possible. It is
therefore important that the group has in place systems for the timely
and secure disposal of documents that are no longer required.
1.5. This Data Retention Policy has been adopted by the Commitee and is implemented on a day to day basis.
2. Roles and Responsibilities
2.1. The group will adopt the retention and disposal guidance at Appendix 1 of this policy and strive to keep records up to date.
3. Retention and Disposal Policy
3.1. Decisions relating to the retention and disposal of data should be guided by:
-
Appendix 1 – Document Retention Schedule – Guidance on the recommended and statutory minimum retention periods for specific types of documents and records.
-
Appendix 2 – Quick Guide to document retention.
3.2. In circumstances where the retention period for a specific document
or category of documents has expired, a review should be carried out
prior to disposal and consideration should be given to the method of
disposal.
4. Disposal
4.1. Documents containing personal information should be disposed of
either by shredding. Such documentation is likely to include financial
details and contact lists with names and addresses.
4.2. Documents other than those containing confidential or personal
information may be disposed of by recycling or binning.
4.3. Electronic communications including email and all information
stored digitally should also be reviewed and if no longer required,
closed and/or deleted so as to be put beyond use. This should not be
done simply by archiving, which is not the same as deletion. It will
often be sufficient simply to delete the information, with no intention
of ever using or accessing it again, despite the fact that it may still
exist in the electronic ether. Information will be deemed to be put
beyond use if the Group is not able, or will not attempt, to use it to
inform any decision in respect of any individual or in a manner that
affects the individual in any way and does not give any other
organisation access to it.
4.4. Deletion can also be effected by using one of the following methods
of disposal:
-
Using secure deletion software which can overwrite data;
-
Using the function of “restore to factory settings” (where information is not stored in a removeable format);
-
Sending the device to a specialist who will securely delete the data.
Appendix 1
Data Retention Schedule
This Schedule may not be not exhaustive and any other record’s retention period should be reviewed at the time and added to this appendix.
RECORD | RETENTION PERIOD |
Minutes of meetings | Six years |
Membership forms | Two years after member’s membership expires |
Computer databases | Reviewed annually and delete members after expiry |
Bank statements and deposit slips | Minimum of six years |
Expense records | Six years |
Cash receipts | Three years |
Invoices | Six years |
E-mails | Deletion reviewed at least annually |
Appendix 2