Data Protection Policy




This policy was formulated by the Staff and Board of Management of Scoil Maelruain Senior School. The purpose of this policy is to identify the records required to be retained by the school and to ensure confidentiality and manageable procedures in relation to access to such records by parents and stakeholders.


  • A policy on data protection and record keeping is necessary to ensure that the school has proper procedures in place in relation to accountability and transparency.
  • It is good practice to record pupil progress so as to identify learning needs.
  • A policy must be put in place to ensure a school complies with legislation such as;

Education Act 1998 ( Section 9g requiring a school to provide access to records to students over 18/parents)

Data Protection Acts 1998 – 2003

Education Welfare Act 2000 – ( requiring a school to report school attendance and

transfer of pupils)

Child Care Act 1991

Children’s Act 1997

Freedom of Information Act 1997

Relationship to School Ethos:

Scoil Maelruain Senior promotes openness and co-operation among staff, parents, management and pupils as a means towards providing the caring environment through which a child can develop and grow to full potential.


  • To ensure the school complies with legislative requirements
  • To clarify the types of records maintained and the procedures relating to making them available to the relevant bodies
  • To put in place a proper recording and reporting framework on the educational progress of pupils
  • To establish clear guidelines on making these records available to parents and past pupils who are over 18.
  • To stipulate the length of time records and reports will be retained.


The Principal assumes the role of data controller and supervises the application of the Data Protection Act within the school. The data under the control of the principal comes under the following headings:

  1. Personal Data:

Personal data of students

* Information which may be sought and recorded at enrolment, including

  • Name, address and contact details, PPS number
  • Names and addresses of parents/guardians and their contact details
  • Religious belief
  • Racial, ethnic or national origin
  • Membership of the traveller community, where relevant
  • Any relevant special conditions (eg. Special educational needs, health issues etc which may apply

This information is initially gathered on the enrolment forms which are then stored in a locked filing cabinet in the Secretary’s office. (When a pupil leaves sixth class they are then stored in the strong room). Some details are then uploaded to the Alladin software package. Computer records are kept on password protected PCs. Some details are also uploaded to the Primary Online database.

  1. Student Records:

Student  records may include

  • School report cards
  • Psychological assessments ( if any)
  • Assessments carried out by other professionals eg. Speech and language assessment
  • Standardised Tests
  • Attendance Records
  • Screening Test –NRIT
  • Teacher –designed tests
  • Diagnostic Tests Reports
  • Individual Education Plans
  • Learning Support/Resource Data
  • Portfolios of student work
  • Details of behavioural incidents
  • Contracts

Format: Student records are held by each class teacher in a filing cabinet. Some information is also stored on password protected computers.

Purpose for keeping student records:

  • To enable each student to develop his/her full potential
  • To comply with legislative or administrative requirements
  • To ensure that students can benefit from additional teaching supports
  • To support the provision of religious instruction
  • To enable parents/guardians to be contacted in the case of emergency

Transfer of Personal Data The data controller, (normally the Principal of the school or another person designated by the Principal or Chairperson of the Board) may supply data kept by her, or information extracted from such data, to the data controller of another prescribed body if satisfied it will be used for a relevant purpose only.

Examples of this are as follows:

  • · The school may supply information to secondary schools into which pupils are enrolled regarding their performance in standardised tests. The NCCA designed Education Passport is now mandatory for schools to use as they transfer from primary to secondary.
  • · Information required by other government bodies so that resources may be obtained for use by children with Special Educational Needs e.g. National Council for Special Education (N.C.S.E.) or National Education Psychological Service (N.E.P.S.).
  • · The Department of Education and Skills.

· Information regarding attendance/non Attendance of pupils may be given to TUSLA / National Education Welfare Board (NEWB).

· The Health Service Executive (H.S.E).

  • · Child and Family Services such as Lucena Services, CAMHS and the H.S.E.
  • · The Gardaí
  1. Staff Records

These may include:

  • Name, address, date of birth, contact details and PPS number
  • Original records of application and appointment
  • Records of appointments to promotion posts
  • Details of approved absences (career break, parental leave, study leave etc).
  • Teaching Council details
  • Garda vetting
  • Daily signing in book

Format: These details are stored in a file in the Principal’s office. Attendance details are recorded on the On Line Claims System and are accessed by the Secretary, Deputy Principal and Principal.

Purpose for keeping staff records:

  • To facilitate the payment of staff
  • To facilitate pension payments in the future
  • To keep a record of promotions made

  1. Administrative Data
    • Attendance records, Roll Book, registers. ( Pupils’ attendance is recorded and stored on the Alladin software administration system. This system is password protected and is accessed by the Secretary and the Principal. Teachers have access to their own class records)
    • Accident report book
    • Late arrival/early leaving record books
    • Policies
    • HSE files
    • Board of management Files
    • Accounts
    • Pupil behaviour records and records of allegations/incidents of bullying and alleged bullying
    • Records kept in line with Child protection (manually recorded notes)

Format: These will be kept on computers protected by passwords. Some will be kept manually. Hard copies will be stored securely in the Secretary’s and/or Principal’s office.

Purpose: These may include

  • Accurate register of pupils
  • Documenting incidents
  • Recording decisions made at Board of Management meetings.

Access to Records:

The following will have access where relevant and appropriate to the data listed above:


*Past pupils over 18

*Health Service Executive

*National Educational Psychological Services

* National Educational Welfare Board

*Designated School Personnel

*Department of Education and Skills

*First and second- level schools (once it has been confirmed by the school that the    pupil has been enrolled)

* Board of Management

With the exception of child-protection related data which is governed by ‘ Child Protection Procedures ‘, data on attendance, (governed by NEWB) ,data regarding achievements in literacy and numeracy, ( governed by the National Strategy for literacy and numeracy) and education passports ( sixth class report cards forwarded to second level schools student is enrolled in – governed by Department of Education), parental authorisation must be provided by parents in the event  of data being transferred to outside agencies. Outside agencies requesting access to records must do so in writing. Parents/guardians of current pupils can make such a request by phone or in writing. Past pupils and parents of past pupils seeking data must do so in writing.

A standardised school report form, provided by the National Council for Curriculum and assessment and provided under “Alladin “ software is used. These are issued in June.



Records are kept for a minimum of 7 years. Standardised test booklets are shredded at the end of sixth class. Sixth class test booklets are kept for 1 year. Percentiles are kept on record until past pupils reach adulthood ( 21 years of age).

  • A pupil profile is held for each pupil in the school on computer file on Aladdin package.
  • As children pass on to second level, their records are stored in the strong room for a period of time ( 7 years minimum).
  • A pupil profile and selection of records are held by each teacher in his/her individual classroom and passed on to the next teacher where appropriate.
  • All completed school roll books and school registers are stored in the school administration office/locked storage room indefinitely. Access to these files is restricted to authorised personnel only. For computerised records, systems are password protected.

Success Criteria;

  • Compliance with Data Protection Act and Statute of Limitation Act.
  • Reasonably easy access to records
  • Manageable storage of records.

Roles and Responsibilities:

The school staff, under the direction of the Principal will implement and monitor this policy. Individual teachers will design, administer and record all in-class testing. The Principal will ensure records are maintained and stored, particularly the records of students transferring to another school.

Implementation Date:

This new policy is effective from February 2017.

All records held from before that date will continue to be maintained in the school.

Review/Ratification and Communication:

This policy was ratified by the Board of Management on February 9th 2017.

The policy will be available on the school website and through the office.

It will be reviewed every four years and amended if necessary.


  • Education Act 1998
  • Education Welfare Act 1998
  • Data Protection Act 2003
  • Freedom of Information Act.

Data Protection Rules ( Data Protection Commissioner)

Your legal responsibilities as a Data Controller

You have certain key responsibilities in relation to the information which you keep on computer or in a structured manual file about individuals. These may be summarised in terms of eight Rules which you must follow and which are listed below.

You must

  • Obtain and process the information fairly
  • Keep it only for one or more specified and lawful purposes
  • Process it only in ways compatible with the purposes for which it was given to you initially
  • Keep it safe and secure
  • Keep it accurate and up-to-date
  • Ensure that it is adequate, relevant and not excessive
  • Retain it no longer than is necessary for the specified purpose or purposes
  • Give a copy of his/her personal data to any individual on request

These provisions are binding on every data controller. Any failure to observe them would be a breach of the Act.