Wandsworth Council privacy notice
The Council's retention schedule is currently being reviewed following recent changes in Data Protection legislation and will be available shortly. In the interim, should you require specific information relating to the above, please contact our GDPR and Information Governance Manager Tania Robinson.
Please find below guiding principles used in the production of the Council's retention schedule.
All organisations are duty bound to keep records (e.g. service user, staff and business records) for a minimum number of years. The authority needs to know where all its information is, how long it should be kept for and what reasons we are keeping it for, along with a well managed corporate disposal policy.
The Corporate retention schedule is a 'living document' that will be amended and modified as and when retention details change or regulations and legislation that govern information and its use are introduced or changed.
This schedule is based on a template provided by the Records Management Society (RMS) of Great Britain and the NHS Records Management: Code of Practice (January 2009).
Article 5 of the GDPR 2018 and Section 34 of the Data Protection Act 2018 require that personal data shall be:
- Adequate, relevant and not excessive
- Accurate and where necessary kept up to date
- Not kept for longer than is necessary for its purpose(s)
These three principles require authorities to have procedures in place, covering the review of information held on files. Such procedures include the establishment of a policy covering the retention and disposal of records. The purpose of this document is to provide the minimum periods of retention of records of all types, which would be either the statutory term (if it is applicable), or specified years (where there is no legal limit but retention is lead by business needs).
General guidance for all types of organisation
A record is anything that contains information, in any media, which has been created or gathered as a result of any aspect of the work of council employees including consultants, agency and/or casual staff.
All records need to be managed in a way that allows the information contained within them to be available when they are needed, where they are needed, about whom they are needed by the person who needs them.
Records can be held in a variety of ways:
Personal records about service users and staff
Types of records covered are electronic and/or manual:
- Service user records (electronic or paper based)
- Photographs, slides and other images
- Microform (i.e. microfiche and microfilm)
- Audit tapes, cassettes
- Video tapes
- Record of staff including payroll, personnel and administrative
- Computer media (e.g. CD-Rom)
- Computer output
- Digital records
- Scanned records
- Text messages (both outgoing from the organisations and incoming responses from the service user)
- Social media mechanisms
Records concerning the business of the organisation
Types of records covered are electronic and/or manual:
- Administrative records including personnel, estates, financial and accounting (e.g. budget information, annual report information)
- Information concerning complaint handling
- Manual (e.g. telephone messages, working papers)
- Printouts of audit trails from computer/automated systems
Regardless of the type of record, there is usually a requirement to keep the record for a minimum number of years. This period of time is calculated from the end of the calendar or accounting year following the last entry in the record (e.g. manual file or computer record).
Storage of records
All paper records should be stored in a secure location when not being used e.g. lockable filing cabinets, cupboards, rooms (locked and/or alarmed when out of normal working hours).
The accommodation has proper environmental controls and adequate protection against fire and flood, in line with current health and safety legislation.
All electronic records are secure, using organisation and technical measures available to the Council (please see local systems processes for further information) and are subject to the same retention and destruction dates as paper records.
Disposal of records (transfer to off-site storage)
This does not mean destruction of records (see below), this is the transfer to external storage.
Many teams retain paper records on-site for a short period of time, for example two years. They will then transfer the records to off-site storage for the remaining time, as defined by the retention periods outlined later in this document.
The GDPR and Information Governance Manager and the department leads for records management are responsible for reviewing the paper records at regular, defined intervals and co-ordinating any removal off-site.
Destruction of records
The destruction of records is an irreversible act. Many records contain sensitive and/or confidential information and their destruction must be undertaken in secure locations and proof of secure destruction may be required. Destruction of all records, regardless of the media, will be conducted in a secure manner to ensure there are safeguards against accidental loss or disclosure.
The secure destruction of computer media is normally undertaken by ICT.
Retention of records
Records need to be kept for specified periods of time. There are specific requirements listed by type of organisation within this section of the policy. This section has been prepared specifically so that it can be used as separate standalone documents.
Unless otherwise stated, personal data should not be held for longer than six years after the subject's last contact with the authority. This period reflects the general time within which, under the Limitation Act 1980, a civil action could be brought before the courts. It should also be noted that, under this Act, civil action can be taken up to twelve years following certain events.
Exceptions to the six-year period occur when records:
- Are held in legal documents 'under seal' where they may have to be retained for up to twelve years
- Need to be retained because the information contained in them is relevant to legal action which has been started
- Are required to be kept for longer or shorter period by statute
- Are archived for historical purposes
- Consist of a sample of records maintained for the purpose of retrospective comparison
- Involve the transfer of significant information, with subject identification, on to aggregated files
- Relate to individuals and providers of services who have, or whose staff have been judged unsatisfactory
- Are held in order to provide for the subject, aspects of his/her personal history
- Are obtained via data sharing agreements specifically for population-level intelligence purposes in accordance with the Council's public health duties, (e.g. births and deaths data, hospital data, crime data) to understand the population's health outcomes and need for services, however this type of data is usually anonymised
If the authority's Legal Department were to become aware of any pending legal action a note should be attached to the file confirming that the file should not be destroyed.
Records that can be destroyed after effective use
As a rule, the following types of records have no significant operational, informational or evidential value. They can therefore be destroyed as soon as they have served their primary purpose.
- Announcements and notices of meetings and other events, and notifications of acceptance or apologies
- Requests for stock information such as maps and travel directions, brochures etc.
- Requests for, and confirmations of, reservations for internal services (e.g. meeting rooms, car parking spaces, pool cars) where no internal charges are made
- Requests for, and confirmations of, reservations with third parties (e.g. travel, hotel accommodation, restaurants) when invoices have been received
- Transmission documents - letters, fax cover sheets, routing slips, compliments slips and similar items which accompany documents but do not add any value to them
- Message slips
- Superseded address lists and distribution lists
- Duplicate documents such as CC and FYI copies
- Unaltered drafts of documents and reports
- Snapshot printouts or extracts from databases
- Day files (chronological copies of correspondence)
- Personal diaries, address books etc.
- Working papers, where the results have been written into an official document and which are not required to support it
- Stocks of in-house publications which are obsolete, superseded or otherwise not required (e.g. magazines, marketing materials, prospectuses, catalogues, manuals, directories, forms, and other material produced for wide distribution)
- Published or reference materials received from other parts of the Council, from vendors or other external organisations, which require no action and are not needed for record purposes (e.g. trade magazines, vendor catalogues, flyers, newsletters).
Our retention schedule has been compiled with detailed consultation with directorate representatives from across the Council and guidance from the Records Management Society of Great Britain. It should therefore be seen as the single source of advice regarding retention of records and any local guidance should always follow information contained in this master document.