SSAFA Volunteer Knowledgebase

Information Management and Retention Policy

Updated on

Purpose

This policy sets out the required processes that all SSAFA employees and volunteers must adhere to when creating, holding, using, retaining and disposing of information and data, in all forms

(paper-based copies, digital and online records).

Scope

This policy applies to any person directly employed, contracted, working on behalf of the Charity or volunteering with the Charity.

Responsibilities

Information Asset Owners identified within the data retention schedule are responsible for:

  • Ensuring that all applicable records are listed and that retention periods are accurate;
  • Approving the retention periods; and

Ensuring that personal data is retained in accordance with the schedule; is reviewed before disposal and appropriately disposed of/destroyed at the end of the retention period.

Retention of Records

Data protection law does not set specific time limits for the retention of different types of personal information. It is up to each organisation’s data controllers to set their own retention periods. These will depend on how long the information is required in relation to the specified purposes for which it has been collected and how long it needs to be held. For SSAFA, those decisions will be made by the Information Asset Owners shown within the schedule.

Decisions relating to the retention and disposal/deletion of personal data, or any other information should be taken with reference to the Schedule (as set out in this policy).

In all cases where the retention period recommended in the Schedule for specific types or items of personal information has expired, a review must be carried out prior to disposal, and consideration should be given as to the most appropriate method of secure deletion or disposal.

In certain circumstances an individual may exercise their right to be erased or forgotten from an organisation’s data records. Anyone receiving such a request should be directed to/seek guidance from the Data Governance Manager in the first instance prior to any action being taken.

Disposal/ Destruction of Records

All paper documents containing personal information should be disposed of confidentially and securely either by shredding or by using confidential waste bins or sacks. Such documents may include, but are not limited to, those containing names and contact details, verification documents, health-related information and financial information.

Electronic or digital communications including emails, digital versions of advertising and marketing collateral, Facebook pages, twitter accounts, photography, videos etc. and all other information stored digitally should also be reviewed regularly and if no longer required should be closed and/or permanently deleted. It is understood that the word “deletion” can mean different things in relation to electronic data, and that it is not always possible to erase all traces of it. However, the requirement is to delete the data or information record ‘beyond use’, so it will normally be sufficient simply to delete the information, with no intention of it ever being used or accessed again by anyone. In addition to deleting personal information from a live system, it should also be deleted from any back- up records of that system.

Retention of records for archiving, research or statistical purposes

Personal information can be kept indefinitely if held only for archiving purposes in the public interest; scientific or historical research purposes; or statistical purposes. There must be appropriate safeguards in place to protect individuals - for example, in some cases pseudonymisation may be appropriate. If retaining personal information for archiving purposes, it must not be used for any other purposes. In cases where archiving is considered appropriate the Data Governance Manager should be consulted for advice.

Data Retention Schedule

Use the following tables to find the types of personal data with specific retention requirements.

(Use keyboard arrows to move across columns)

Type of Record Microsoft Sensitivity Label Name Retention Period Reason for Retention Period Information Asset Owner
Social Work and Welfare Support Records

Children in Need Case files which have:

a) CiN meetings

b) CiN plan Records of one-off contact/consultations

Child in Need Case File Last Entry +35 years Statute of Limitations Act Director of Social Care Operations

Parenting skills

long term sickness

compassionate posting

Parenting Skills Last Entry +1 year Departmental Policy Director of Social Care Operations

Child protection case files which have:

a)    Conference minutes

b)    Core assessment

c)    Investigation

d)   CP Plans

Child Protection Case File Last Entry +35 years Statute of Limitations Act Director of Social Care Operations

Child Protection files:

a)    initial assessment

b)   advice only

Child Protection Initial Assessment Last Entry +7 years Statute of Limitations Act Director of Social Care Operations
Child Protection files referral investigated and found to be malicious or unfounded / unproven Child Protection Referral Malicious or Unfounded Last Entry +3 years Children Act 1989 Director of Social Care Operations
Looked after children Looked After Child Personal information retained for 100 years then destroyed Adoption and Children Act 2002
PS&SWS-RAF
Consultation - Record of one-off contacts PS and SWS Consultation Last Entry +1 year Service Policy Director of Social Care Operations
Referral - Process involving individual case management in the provision of support by SSAFA PS and SWS Referral Last Entry +6 years Statute of Limitations Act Director of Social Care Operations
Referral with assessment or report PS and SWS Referral with Assessment or Report Last Entry +6 years Statute of Limitations Act Director of Social Care Operations
Referral that involves supporting a Child in Need or Child Protection Plan PS and SWS Referral – CiN or Child Protection Last Entry +6 years Statute of Limitations Act Director of Social Care Operations
Adoption Services
Initial enquiry Adoption Initial Enquiry Data is kept for up to two years following an initial enquiry before being destroyed. Adoption Agencies Regulation 2005 Director of Social Care Operations
Where an assessment of a prospective adopter does not conclude with an Adoption Order Adoption Assessment Result No Adoption Order The Agency must destroy the records after a period of 10 years other than those where there is an issue of safeguarding importance which will be kept for 50 years. Adoption Agencies Regulation 2005 Director of Social Care Operations
Where a case does result in the granting of an Adoption Order Adoption Case Adoption Order Granted Retained for 100 years Adoption and Children Act 2002 Director of Social Care Operations
Schedule 1 offenders Schedule 1 Offender Date of birth +75 years Children Act 1989 Director of Social Care Operations
Young person’s files Foster carers files
  • Young Person's Files = Young Person File
  • Foster Carer File = Foster Carer File
Date of birth +75 years or 15 years after death of child (where child under 18 years) Reg 50 of care planning and case review (England) regs 2010 Director of Social Care Operations
Children and young people subject to supervision orders Child Subject to Supervision Order Age 18 years +3 Years Adoption and Children Act 2002 Director of Social Care Operations
Approved foster carers Approved Foster Carer File Closure +75 years Fostering regulations 2002 Director of Social Care Operations
Placements record of accidents Accident Placement Record Last entry +15 years and then review Fostering service (England) regulations 2011. Care planning regulations Director of Social Care Operations
Foster carer files Foster Carer File

Age 18 +none

Minimum 10 years from approval
Fostering service (England) regulations 2011. Care planning regulations Director of Social Care Operations
Enquiries/applications to become foster parents which do not lead to approval Foster Parent Enquiries and Applications Minimum 3 years from refusal or withdrawal, then review Fostering service (England) regulations 2011. Care planning regulations Director of Social Care Operations
Service users who have had the provision of advice and information only. Service User Advice and Information Only Last action + 5 years Fostering service (England) regulations 2011. Care planning regulations Director of Social Care Operations
Processes involved in assessing and providing individual support for children who have special educational or welfare needs Child Assessment of SEN or Welfare Needs Destroy 35 years from closure Common Practice Director of Social Care Operations
Short Break records Short Break Record 12-months after the end of the Short Break Operational department requirement Director of Social Care Operation

Employment Information
Employment records N/A 6 years + the current financial year after the employee has left Limitation Act 1980 Director of People
Personnel files including training records and notes of disciplinary and grievance hearings N/A
6 years + the current financial year after the employee has left Limitation Act 1980 Director of People
Pay and benefits input information N/A
6 years from the end of the tax year to which they relate Taxes Management Act 1970 Director of People
Criminal record disclosure Certificates N/A
No longer than is necessary after a recruitment decision is made Disclosure & Barring Service guidance, any retention will allow for the consideration and resolution of disputes or complaints. Director of People
Application forms/interview notes N/A
1 year from the date the vacancy is filled for unsuccessful candidates. 6 years + the current financial year after the employee has left for successful candidates Discrimination Acts and Limitation Act 1980 Director of People
Facts relating to redundancies N/A
6 years from the date of redundancy Limitation Act 1980 Director of People
Income Tax and NI Returns, including correspondence with tax office N/A
At least 3 years after the end of the financial year to which the records related Income Tax (Employment) Regulations 1993 Director of People
Statutory Maternity Pay records and calculations N/A
3 years after the end of the tax year in which the maternity period ends minimum but likely to be 6 years + the current financial year after the employee has left Statutory Maternity Pay (General) Regulations 1986 Director of People
Statutory Sick Pay records and calculations N/A
6 years + the current financial year after the employee has left Limitation Act 1980 Director of People
Accident books, and records and reports of accidents N/A
3 years after the date of the last entry

Social Security (Claims and Payments) Regulations 1979; RIDDOR 1985

Director of People
Health Records N/A
6 years + the current financial year after the employee has left Discrimination Acts and Limitation Act 1980 Director of People
Beneficiary Records

Contact notes

Risk and other assessments 

Form A

Referral forms

N/A
6 years after the end of service delivery relationship plus the current financial year HMRC requirement Director of Volunteer Operations
Volunteers N/A


Director of Volunteer Operations
Details of applicants not recruited N/A
No longer than 6-months after the volunteer decides he/she does not wish to join Operational department requirement Director of Volunteer Operations
Accident, injury or incident reports N/A
Three years for accident records and 40 years for any health-related records (i.e. asbestos surveys Health and Safety Executive Director of Volunteer Operations
Initial application form and contact details N/A
3 years after leaving SSAFA Operational department requirement Director of Volunteer Operations
Volunteer complaints and or grievances N/A
3 years after completion of the investigation Financial Conduct Authority Director of Volunteer Operations
Training records N/A
Destroy as soon as notified that the volunteer is leaving Operational department requirement Director of Volunteer Operations
Vetting decisions N/A
3 years after leaving SSAFA Operational department requirement Director of Volunteer Operations
Conflicts of interest register for trustees N/A
5 years from the date on which the record was made. Financial Conduct Authority Director of Volunteer Operations
Volunteer expenses N/A
6 years from the end of the tax year to which they relate Taxes Management Act 1970 Director of Volunteer Operations
Fundraising
Donations N/A
6 years + the current financial year HMRC requirement Director of Fundraising/ Marketing/ Communications
Legacies N/A
15 years from financial year file was closed Operational department requirement Director of Fundraising/ Marketing/ Communications
Donor/supporter indicates intention to leave a gift in a will or notification of possible legacy N/A
From date of notification to One hundred and ten (110) years. Operational department requirement Director of Fundraising/ Marketing/ Communications
Analyse performance of fundraising over time and future targeting. N/A
Indefinitely UK GDPR (Anonymised data for statistical purposes) Director of Fundraising/ Marketing/ Communications
Managing unsubscribes N/A
Indefinitely UK GDPR (Anonymised data for statistical purposes) Director of Fundraising/ Marketing/ Communications
Suppression when renting 3rd party data N/A
Indefinitely UK GDPR (Anonymised data for statistical purposes) Director of Fundraising/ Marketing/ Communications
Website data N/A
6 months, personal information on website database must be deleted after 6-months Operational department requirement Director of Fundraising/ Marketing/ Communications
Declarations (gift aid etc.) N/A
6 years in case of an audit: These records must provide a clear link between the donor, declaration and donation. HMRC requirement Director of Fundraising/ Marketing/ Communications
Marketing & Communications
Crisis communications log N/A
Partial destruction, note of name and address kept after four years – total destruction after 10 years Operational department requirement Director of Fundraising/ Marketing/ Communications
Case study log N/A
Partial destruction, note of name and address kept after four years – total destruction after 10 years Operational department requirement Director of Fundraising/ Marketing/ Communications
Case study information/ stories for publicity and fundraising purposes; including all consent files, photos and videos N/A
Held for 2 years, then removed from all marketing channels Operational department requirement/ best practice Director of Fundraising/ Marketing/ Communications
Email marketing records on DotDigital N/A
Manual deletion of email lists every six months UK GDPR requirement Director of Fundraising/ Marketing/ Communications
SSAFA Housing
Applications and registration forms N/A
7 months after applicant is notified of outcome, or, in the case of people taking up residency: 5 years after departure or, in the case of a child protection issue, until the youngest child reaches 18 years of age or 7 years after death or other departure Operational department requirement Chief Operating Officer

Hard copies of Residents Induction/ Sign up pack.

N/A
5 years Operational department requirement Chief Operating Officer
Prospective residents who are not admitted N/A
3 years after the last action Operational department requirement Chief Operating Officer
Accident and injuries report and records N/A
6 years from time of accident occurring Operational department requirement Chief Operating Officer
Files relating to Steppingstone homes family in residence N/A
5 years after departure or, in the case of child protection issues, until the youngest child reaches 18 years of age Operational department requirement Chief Operating Officer
Facilities
TDSI N/A
Data is deleted by the administrator when the building pass is handed in and no longer required. Operational department requirement Chief Operating Officer

Corporate Governance Records Management

The Companies Act 1985 requires certain statutory records and registers to be kept for the life of the company, such as the Memoranda and Articles of Association, copies of all resolutions filed at Companies House, minutes of board and shareholder meetings and the registers of directors/secretaries.


Record Type Record Description Retention Period Reason/ Further Guidance Information Asset Owner

Governing/ Constitutional Documents
Certificates of Incorporation Constitution, Trust Deed, Memorandum and Articles of Association, Royal Charter, Charity Commission schemes/orders
Permanent

Charities Act 2011, Companies Act 2006

Controller

Board meetings
Board meetings, AGMs, Special Committee meetings
Permanent
Companies Act 2006
Controller

Trustee appointments
Appointment notices, election results, signed contracts, trustee declarations
Permanent
Charities Act 2011, Companies Act 2006
Controller

Statutory Registers
Registers of directors and voting members, directors’ residential addresses, charges, secretaries, debentures. For members of charity with non-voting rights or no material influence on governance.
Permanent
Charities Act 2011, Companies Act 2006
Controller

Merged charities
Merger registration documentation, registers of mergers, vesting declarations
Permanent
Charities Act 2011
Controller

Joint working agreements
Partnership agreements, memoranda of understanding, Service Level Agreements

6 years from conclusion of relationship

Limitation Act 1980
Controller

Policy and Strategy documents
Business Plans, organisation charts, strategies, policies, procedures
Standards years from superseded
Recommended practice
Controller
Previous Article IT Policy
Next Article Staff who also Volunteer Guidance