POLICY: Information Technology - Retention Schedule and Policy POLICY URL: https://lsi-ac.uk/policy/3a6691b3-3ab1-42df-ae9b-c720272ba09a POLICY STATEMENT: The School is committed to managing records responsibly through the systematic retention and secure disposal of documents. This policy ensures adherence to legal requirements and best practices, maintaining the integrity and confidentiality of information. It applies to all staff, supporting effective information governance and safeguarding the School’s reputation and operational effectiveness. POLICY PRINCIPLES: ------------------ - Compliance : Adhering to legal and regulatory requirements governing record retention; - Transparency : Providing clear guidance on record retention periods and disposal procedures; - Confidentiality : Ensuring the confidentiality of sensitive records throughout their lifecycle; - Accessibility : Facilitating appropriate access to records during retention periods; - Efficiency : Retaining records only for as long as operationally necessary or legally required; - Security : Safeguarding records against unauthorised access, loss, or damage; - Review : Periodically reviewing retention schedules to reflect changes in legislation and operational practices; - Accountability : Assigning clear ownership and responsibility for record management; - Environmental Considerations : Disposing of records in an environmentally responsible manner; - Data Minimisation : Limiting the volume of data retained to the minimum necessary; - Auditability : Enabling effective audits of record-keeping practices and compliance; - Continuous Improvement: Actively seeking to refine record retention and disposal practices. REGULATORY CONTEXT: ------------------ This Policy has been developed in line with the applicable laws, regulations, regulatory advice, and sector best practices, including the following: R1. Office for Students (OfS): Regulatory Notices and Advice - Regulatory notices are additional information about OfS' regulatory requirements and are part of the regulatory framework. Regulatory advice helps providers understand and meet OfS requirements. R2. UK Government : Data Protection Act 2018 - Legislation aimed at controlling the processing of personal data, laying down principles with respect to the processing of personal data, and the rights of data subjects R3. Information Commissioner's Office (ICO): Guide for higher education institutions - Provides guidance for higher education providers on their obligations under data protection law. R4. JISC (Joint Information Systems Committee): Digital Infrastructure Guidelines - Guidelines for universities and colleges in the UK on how to manage their digital infrastructure. R5. Quality Assurance Agency (QAA): The Quality Code - This code represents a shared understanding of quality practice across the UK higher education sector, protecting public and student interests and championing the UK's reputation for quality. R6. Quality Assurance Agency (QAA): Advice - Learning and Teaching - METRICS: ------------------ The following metrics will be measured and regularly reviewed as performance indicators for the School to ensure the effectiveness of this policy and associated operations: M1. Accuracy of Document Disposal: Percentage of documents disposed of securely and in compliance with the policy annually. Ensures that confidential information is properly destroyed, protecting data integrity and confidentiality. M2. Incident Reporting Frequency: Number of incidents related to improper retention or disposal of documents reported each year. Monitors issues related to policy adherence and helps address weaknesses in the system. M3. Percentage of Records with Defined Retention Periods: Percentage of records for which retention periods are clearly defined and documented. Ensures that all records have appropriate retention periods assigned, supporting systematic record management. SECTION 1: Retention Period ------------------ 1.1. Timeframe (by CTO): We may retain your personal data for up to 6 years after your association with us ends, unless otherwise specified. A core record of your data will be kept indefinitely to provide references and verify academic history after graduation; This policy ensures compliance with data retention regulations and supports the ability to verify academic credentials and provide references long after your association with the School has concluded. SECTION 2: Other Relevant Policies ------------------ 2.1. Retention Policy Integration (by All staff and students): This Retention Policy must be read in conjunction with other School policies, including the IT and Data policies; Integrating this policy with the IT and Data policies ensures comprehensive management and understanding of data retention practices, aligning with the School’s broader governance and compliance framework. SECTION 3: Changes to this Privacy Notice ------------------ 3.1. Policy Review: This policy is subject to regular review; Regular reviews ensure the policy remains current, effective, and aligned with best practices and legal requirements, thereby maintaining its relevance and accuracy over time. SECTION 4: Other Notices ------------------ 4.1. Privacy Notices: We strive to protect your privacy diligently. Please note that additional privacy notices are available on our website, covering various aspects such as enquiries, applications, current students, alumni, and website usage; These notices ensure transparency and inform you about how your data is managed across different activities, helping you understand our comprehensive approach to privacy protection.