Civil Wills Data Retention Policy
|Date of Revision||Version||Description||Author|
|26/01/2018||0.1||Initial Draft for review by Adrian Traher||Civil Wills|
The main aim of the retention policy is to enable Civil Wills to have better management of records to support the business in making decisions.
This policy is required to support the organised creation, retrieval, proper storage and preservation of Civil Wills essential records, and to enable identification and destruction of information where there is no continuing business, legal or historical significance. It also helps us to comply with the requirements of relevant legislation.
This policy covers all data retained in Civil Wills custody or control in whatever medium the data is contained in. It is therefore not restricted to paper documents, but also encompasses data contained in electronically readable format.
This policy should be read in conjunction with the data protection policy and any prevailing information security policies as their objectives also relate to the protection and security of data.
This document covers the following aspects, and applies to employees, temporary workers or subcontractors working on behalf of Civil Wills at all locations. We also expect consultants and goods & services providers to introduce and follow appropriate data retention practices.
Information that needs to be kept by law
Certain pieces of legislation set out types of information that should be kept and how long they should be kept for, for example, the Health and Safety at Work Act. Where there is a legal requirement to keep information by law, we must do this. There are limits as to how long information needs to be kept for legal purposes.
Information that has ongoing business value
This is information that is of value to Civil Wills, which is needed for both day to day activities and longer term strategic planning.
You may find that some documents aren’t listed within the retention schedule. The retention schedule lists the documents that it is essential to keep in line with the principles above.
If you have a definable ongoing business need to keep some information, then it will generally be acceptable to retain it for as long as you need it.
Effective archives support the business by enabling us to use knowledge to make better decisions and to have records available that can help to understand how decisions were made or how we followed our processes if there is a query or challenge.
Storing information for longer than necessary creates cost for the business through either offsite archives or within our IT infrastructure, as well as the cost to the organisation of not being able to use our information resources effectively to support us in our work.
This policy applies to all records at Civil Wills, including electronic records.
|Information Security/ Data Protection Officer
|§ Responsible for the administration of this policy|
|IT Director||§ Responsible for establishing appropriate technical enforcement controls (e.g., Electronic Archives and back-ups)
|Directors/ Managers||§ Responsible for ensuring that depositing and disposing of archive records happens effectively within their business areas. It is their responsibility to ensure that complete and accurate records are retained in line with legislative requirements and good practice.
§ Directors and Managers shall be responsible for communicating these requirements to the relevant employees
|Employees||§ Responsible for creation, use, management and preservation of the records in accordance with all statutory requirements.
§ Employees leaving the company are responsible for returning any data held upon departure.
This policy will ensure that Civil Wills is complying with the golden rule of data protection which requires that we do not store material about our customers, staff or other people who could be identified that has no business use.
To comply we must:
- Only keep information for as long as there is a business need keep records secure, whether electronic or paper.
- Allow a person access to information held about them, should they request it.
- Destroy papers and electronic data for which there is no continuing business need and send papers that cannot be destroyed to archive for as short a time as possible
- Keep data secure while it remains in any office
- Keep track of where information is stored
- Continue to apply these good practices to avoid stockpiling papers in the future.
Freedom of Information (if applicable)
The Freedom of Information Act does not require organisations to keep all information in case it is requested. However, Civil Wills must be able to locate and retrieve information that we hold when it is requested. Failure to respond to a request in the allocated time can have repercussions including action from the Information Commissioner.
Civil Wills staff can continue to destroy records in line with this policy. The only exception is where information has been requested by under the Freedom of Information Act before the scheduled destruction date.
Archiving is defined as secure storage of documents such that they are rendered inaccessible by authorised users in the course of day to day business, but which can be retrieved is so required/upon request.
Paper records must be archived in secure storage (offsite or onsite), with boxes/storage clearly labelled to include date of destruction.
Electronic records shall be archived in accordance with technical access controls and in a format that secures the confidentiality, integrity and availability of the documents.
Destruction and Disposal of Records
It is recognised that Civil Wills cannot retain all corporate data indefinitely. This is due to the financial cost of data storage, the need for well-structured records to aid information retrieval and legal challenges in retaining personal data about our customers for longer than there is a clear need to do so.
In general, records will not be retained beyond the lifespan indicated in the retention schedule unless the director/Manager of the originating department indicates otherwise.
The retention period is computed from the end of the financial year to which the records relate.
Destruction is defined as physical or technical destruction that is sufficient to render the information contained therein to be irretrievable by any ordinary commercial means.
At the end of their useful life, records should be confidentially destroyed. Civil Wills shall maintain and enforce suitable destruction methods appropriate to the type of information archived. Types include physical storage media such as CD-ROMs, DVD’s, Hard Drives, backup tapes, Mobile Devices, Portable Devices or database records or backup files. Paper documents shall be shredded using secure locked consoles where appropriate. Shredded waste to be collected and disposed of by suitably vetted suppliers. This should be completed in line with the Document labelling transfer storage and deposition matrix.
Civil Wills liaises with any off-site archive providers to ensure that they cannot destroy our records without authorisation from Civil Wills. It is the responsibility of Civil Wills to order the destruction of the records.
There may incidences when the Legal Department/advisors may issue a litigation hold request to a Director/ Manager which requires the documents relating to a potential or actual litigation, or other claim or dispute, or regulatory action to be retained in accordance with instructions. These must be upheld in line with the instructions from the Legal Department/advisors.
This policy is reviewed regularly by Information Security/ Data Protection Officer
We will continue to review the effectiveness of this policy to ensure it is achieving its stated objectives.