The Council's retention schedule is currently being reviewed following recent changes in Data Protection legislation and will be available shortly. Should you require specific information relating to the retention schedule, please contact our GDPR and Information Governance Manager Tania Robinson.
Please find below guiding principles used in the production of the Council's retention schedule.
All organisations are duty bound to keep records (e.g. service user, staff and business records) for a minimum number of years. The authority needs to know where all its information is, how long it should be kept for and what reasons we are keeping it for, along with a well managed corporate disposal policy.
The corporate retention schedule is a 'living document' that will be amended and modified as and when retention details change or regulations and legislation that govern information and its use are introduced or changed.
This schedule is based on a template provided by the Records Management Society (RMS) of Great Britain and the NHS Records Management: Code of Practice (January 2009).
Article 5 of the GDPR 2018 and Section 34 of the Data Protection Act 2018 require that personal data shall be:
These three principles require authorities to have procedures in place, covering the review of information held on files. Such procedures include the establishment of a policy covering the retention and disposal of records. The purpose of this document is to provide the minimum periods of retention of records of all types, which would be either the statutory term (if it is applicable), or specified years (where there is no legal limit but retention is lead by business needs).
A record is anything that contains information, in any media, which has been created or gathered as a result of any aspect of the work of council employees including consultants, agency and/or casual staff.
All records need to be managed in a way that allows the information contained within them to be available when they are needed, where they are needed, about whom they are needed by the person who needs them.
Records can be held in a variety of ways:
Types of records covered are electronic and/or manual:
Types of records covered are electronic and/or manual:
Regardless of the type of record, there is usually a requirement to keep the record for a minimum number of years. This period of time is calculated from the end of the calendar or accounting year following the last entry in the record (e.g. manual file or computer record).
All paper records should be stored in a secure location when not being used e.g. lockable filing cabinets, cupboards, rooms (locked and/or alarmed when out of normal working hours).
The accommodation has proper environmental controls and adequate protection against fire and flood, in line with current health and safety legislation.
All electronic records are secure, using organisation and technical measures available to the Council (please see local systems processes for further information) and are subject to the same retention and destruction dates as paper records.
This does not mean destruction of records (see below), this is the transfer to external storage.
Many teams retain paper records on-site for a short period of time, for example two years. They will then transfer the records to off-site storage for the remaining time, as defined by the retention periods outlined later in this document.
The GDPR and Information Governance Manager and the department leads for records management are responsible for reviewing the paper records at regular, defined intervals and co-ordinating any removal off-site.
The destruction of records is an irreversible act. Many records contain sensitive and/or confidential information and their destruction must be undertaken in secure locations and proof of secure destruction may be required. Destruction of all records, regardless of the media, will be conducted in a secure manner to ensure there are safeguards against accidental loss or disclosure.
The secure destruction of computer media is normally undertaken by ICT.
Records need to be kept for specified periods of time. There are specific requirements listed by type of organisation within this section of the policy. This section has been prepared specifically so that it can be used as separate standalone documents.
Unless otherwise stated, personal data should not be held for longer than six years after the subject's last contact with the authority. This period reflects the general time within which, under the Limitation Act 1980, a civil action could be brought before the courts. It should also be noted that, under this Act, civil action can be taken up to twelve years following certain events.
Exceptions to the six-year period occur when records:
If the authority's Legal Department were to become aware of any pending legal action a note should be attached to the file confirming that the file should not be destroyed.
As a rule, the following types of records have no significant operational, informational or evidential value. They can therefore be destroyed as soon as they have served their primary purpose.
Our retention schedule has been compiled with detailed consultation with directorate representatives from across the Council and guidance from the Records Management Society of Great Britain. It should therefore be seen as the single source of advice regarding retention of records and any local guidance should always follow information contained in this master document.
Updated: 24 January 2019