Dublin 7 Educate Together National School Data Protection Policy

Introductory Statement

The school’s Data Protection Policy applies to the personal data held by the school which is protected by the Data Protection Acts 1988 and 2003.

The policy applies to all school staff, the board of management, parents/guardians, students and others (including prospective or potential students and their parents/guardians and applicants for staff positions within the school) insofar as the measures under the policy relate to them. Data will be stored securely, so that confidential information is protected in compliance with relevant legislation. This policy sets out the manner in which personal data and sensitive personal data will be protected by the school.

Data Protection Principles

The school is a data controller of personal data relating to its past, present and future staff, students, parents/guardians and other members of the school community. As such, the school is obliged to comply with the principles of data protection set out in the Data Protection Acts 1988 and 2003 which can be summarised as follows:

  • Obtain and process Personal Data fairly: Information on students is gathered with the help of parents/guardians and staff. Information is also transferred from their previous schools. In relation to information the school holds on other individuals (members of staff, individuals applying for positions within the School, parents/guardians of students etc.), the information is generally furnished by the individuals themselves with full and informed consent and compiled during the course of their employment or contact with the School. All such data is treated in accordance with the Data Protection Acts and the terms of this Data Protection Policy. The information will be obtained and processed fairly.
  • Keep it only for one or more specified and explicit lawful purposes: The School will inform individuals of the reasons they collect their data and will inform individuals of the uses to which their data will be put. All information is kept with the best interest of the individual in mind at all times.
  • Process it only in ways compatible with the purposes for which it was given initially: Data relating to individuals will only be processed in a manner consistent with the purposes for which it was gathered. Information will only be disclosed on a need to know basis, and access to it will be strictly controlled.
  • Keep Personal Data safe and secure: Only those with a genuine reason for doing so may gain access to the information. Sensitive Personal Data is securely stored under lock and key in the case of manual records and protected with firewall software and password protection in the case of electronically stored data. Portable devices storing personal data (such as laptops) should be encrypted and password protected before they are removed from the school premises. Confidential information will be stored securely. In relevant circumstances it will be placed in a separate file which can easily be removed if access to general records is granted to anyone not entitled to see the confidential data.
  • Keep Personal Data accurate, complete and up-to-date: Students, parents/guardians, and/or staff should inform the school of any change which the school should make to their personal data and/or sensitive personal data to ensure that the individual’s data is accurate, complete and up-to-date. Once informed, the school will make all necessary changes to the relevant records. The principal may delegate such updates/amendments to another member of staff. However, records must not be altered or destroyed without proper authorisation. If alteration/correction is required, then a note of the fact of such authorisation and the alteration(s) to be made to any original record/documentation should be dated and signed by the person making that change.
  • Ensure that it is adequate, relevant and not excessive: Only the necessary amount of information required to provide an adequate service will be gathered and stored.
  • Retain it no longer than is necessary for the specified purpose or purposes for which it was given: As a general rule, the information will be kept for the duration of the individual’s time in the school. Thereafter, the school will comply with DES guidelines on the storage of Personal Data and Sensitive Personal Data relating to a student. In the case of members of staff, the school will comply with both DES guidelines and the requirements of the Revenue Commissioners with regard to the retention of records relating to employees. The school may also retain the data relating to an individual for a longer length of time for the purposes of complying with relevant provisions of law and or/defending a claim under employment legislation and/or contract and/or civil law.
  • Provide a copy of their personal data to any individual, on request: Individuals have a right to know what personal data/sensitive personal data is held about them, by whom, and the purpose for which it is held.

Scope

Purpose of the Policy: The Data Protection Acts 1988 and 2003 apply to the keeping and processing of Personal Data, both in manual and electronic form. The purpose of this policy is to assist the school to meet its statutory obligations, to explain those obligations to School staff, and to inform staff, students and their parents/guardians how their data will be treated.

The policy applies to all school staff, the board of management, parents/guardians, students and others (including prospective or potential students and their parents/guardians, and applicants for staff positions within the school) insofar as the school handles or processes their Personal Data in the course of their dealings with the school.

Definition of Data Protection Terms

In order to properly understand the school’s obligations, there are some key terms which should be understood by all relevant school staff:

Data means information in a form that can be processed. It includes both automated data (e.g. electronic data) and manual data. Automated data means any information on computer, or information recorded with the intention that it be processed by computer. Manual data means information that is kept/recorded as part of a relevant filing system or with the intention that it forms part of a relevant filing system.

Relevant filing system means any set of information that, while not computerised, is structured by reference to individuals or by reference to criteria relating to individuals, so that specific information relating to a particular individual is readily, quickly and easily accessible.

Personal Data means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the Data Controller i.e. the school.

Sensitive Personal Data refers to Personal Data regarding a person’s

  • racial or ethnic origin, political opinions or religious or philosophical beliefs
  • membership of a trade union
  • physical or mental health or condition or sexual life
  • commission or alleged commission of any offence or
  • any proceedings for an offence committed or alleged to have been committed by the person, the disposal of such proceedings or the sentence of any court in such proceedings, criminal convictions or the alleged commission of an offence.

Data Controller for the purpose of this policy is the Board of Management represented by the Chairperson, Board of Management, Dublin 7 Educate Together N.S.

Rationale

In addition to its legal obligations under the broad remit of educational legislation, the school has a legal responsibility to comply with the Data Protection Acts, 1988 and 2003.

This policy explains what sort of data is collected, why it is collected, for how long it will be stored and with whom it will be shared. As more and more data is generated electronically and as technological advances enable the easy distribution and retention of this data, the challenge of meeting the school’s legal responsibilities has increased.

The school takes its responsibilities under data protection law very seriously and wishes to put in place safe practices to safeguard individual’s personal data. It is also recognised that recording factual information accurately and storing it safely facilitates an evaluation of the information, enabling the principal and board of management to make decisions in respect of the efficient running of the School. The efficient handling of data is also essential to ensure that there is consistency and continuity where there are changes of personnel within the school and board of management.

Other Legal Obligations

Implementation of this policy takes into account the school’s other legal obligations and responsibilities. Some of these are directly relevant to data protection. For example:

  • Under Section 9(g) of the Education Act, 1998, the parents of a student, or a student who has reached the age of 18 years, must be given access to records kept by the school relating to the progress of the student in their education
  • Under Section 20 of the Education (Welfare) Act, 2000, the school must maintain a register of all students attending the School
  • Under section 20(5) of the Education (Welfare) Act, 2000, a principal is obliged to notify certain information relating to the child’s attendance in school and other matters relating to the child’s educational progress to the principal of another school to which a student is transferring
  • Under Section 21 of the Education (Welfare) Act, 2000, the school must record the attendance or non-attendance of students registered at the school on each school day
  • Under Section 28 of the Education (Welfare) Act, 2000, the School may supply Personal Data kept by it to certain prescribed bodies (the Department of Education and Skills, the National Education Welfare Board, the National Council for Special Education, Túsla other schools, other centres of education) provided the School is satisfied that it will be used for a “relevant purpose” (which includes recording a person’s educational or training history or monitoring their educational or training progress in order to ascertain how best they may be assisted in availing of educational or training opportunities or in developing their educational potential; or for carrying out research into examinations, participation in education and the general effectiveness of education or training)
  • Under Section 14 of the Education for Persons with Special Educational Needs Act, 2004, the school is required to furnish to the National Council for Special Education (and its employees, which would include Special Educational Needs Organisers (“SENOs”)) such information as the Council may from time to time reasonably request
  • The Freedom of Information Act 1997 provides a qualified right to access information held by public bodies which does not necessarily have to be “personal data” as with data protection legislation. While schools are not currently subject to freedom of information legislation, if a school has furnished information to a body covered by the Freedom of Information Act (such as the Department of Education and Skills, etc.) these records could be disclosed if a request is made to that body
  • Under Section 26(4) of the Health Act, 1947 a school shall cause all reasonable facilities (including facilities for obtaining names and addresses of pupils attending the school) to be given to a health authority who has served a notice on it of medical inspection, e.g. a dental inspection
  • Under Children First: National Guidance for the Protection and Welfare of Children (2011) published by the Department of Children & Youth Affairs, schools, their boards of management and their staff have responsibilities to report child abuse or neglect to TUSLA - Child and Family Agency (or in the event of an emergency and the unavailability of TUSLA, to An Garda Síochána).

Relationship to the characteristic spirit of Dublin 7 Educate Together N.S.

Dublin 7 Educate Together (D7ET) is committed to the ethos and values of our patron body Educate Together.

Our D7ET school community is committed to fostering a school environment that is:

  • A place where we are welcomed and in turn are welcoming of others.
  • A place where we are treated with respect and in turn treat others respectfully.
  • A place where we feel happy and safe.
  • A place where we are encouraged to achieve our full potential.
  • A place where our self esteem and self confidence can flourish.
  • A place of quality teaching and learning.
  • A place where a love of learning is nurtured.
  • A place where we can be ourselves and in turn allow others to be themselves.

We aim to achieve these goals while respecting the privacy and data protection rights of students, staff, parents/guardians and others who interact with us. The school wishes to achieve these aims/missions while fully respecting individuals’ rights to privacy and rights under the Data Protection Acts.

Personal Data

The Personal Data records held by the school may include:

  1. Staff records:
    1. Categories of staff data: As well as existing members of staff (and former members of staff), these records may also relate to applicants applying for positions within the school, trainee teachers and teachers under probation. These staff records may include:
      • Name, address and contact details, PPS number
      • Original records of application and appointment to promotion posts
      • Details of approved absences (career breaks, parental leave, study leave etc.)
      • Details of work record (qualifications, classes taught, subjects etc.)
      • Details of any accidents/injuries sustained on school property or in connection with the staff member carrying out their school duties
      • Records of any reports the school (or its employees) have made in respect of the staff member to State departments and/or other agencies under mandatory reporting legislation and/or child-safeguarding guidelines (subject to the DES Child Protection Procedures).
    2. Purposes: Staff records are kept for the purposes of:
      • the management and administration of school business (now and in the future)
      • to facilitate the payment of staff, and calculate other benefits/ entitlements (including reckonable service for the purpose of calculation of pension payments, entitlements and/or redundancy payments where relevant)
      • to facilitate pension payments in the future
      • human resources management
      • recording promotions made (documentation relating to promotions applied for) and changes in responsibilities etc.
      • to enable the school to comply with its obligations as an employer including the preservation of a safe, efficient working and teaching environment (including complying with its responsibilities under the Safety, Health and Welfare At Work Act. 2005)
      • to enable the school to comply with requirements set down by the Department of Education and Skills, the Revenue Commissioners, the National Council for Special Education, TUSLA, the HSE, and any other governmental, statutory and/or regulatory departments and/or agencies
      • and for compliance with legislation relevant to the school.
    3. Location and Security:
      • In a secure, locked filing cabinet that only personnel who are authorised to use the data can access. Employees are required to maintain the confidentiality of any data to which they have access.
      • The records of staff members current and former are kept in manual and digital format in personal files and in digital format as an OnLine Claims System (OLCS provided by Dept of Education and skills. (DES).
      • Manual files are retained in the secretary’s office. The principal, deputy principal, secretary and chairperson (as Data Controller) only, will have access to those files which will contain information solely related to professional matters.
      • Digital files are retained on the School computer (currently in the secretary’s office) and are protected by password known only to the chairperson, (as Data Controller) the secretary, the deputy principal and the principal. These records will be retained in the school.Certain data may be held in cloud storage that is no less secure than the data held on the school computer.
  2. Student/Pupil records:
    1. Categories of student/Pupil data: These may include information which is sought and recorded at enrolment and may be collated and compiled during the course of the student’s time in the school. These records may include:
      • name, address and contact details, PPS number
      • date and place of birth
      • names and addresses of parents/guardians and their contact details (including any special arrangements with regard to guardianship, custody or access)
      • membership of the Traveller community, where relevant
      • whether English is the student’s first language and/or whether the student requires English language support
      • any relevant special conditions (e.g. special educational needs, health issues etc.) which may apply
      • Information on previous academic record (including reports, references, assessments and other records from any previous school(s) attended by the student
      • Psychological, psychiatric and/or medical assessments
      • Attendance records
      • Photographs and recorded images of students.
      • Academic record – subjects studied, class assignments, examination results as recorded on official School reports
      • Records of significant achievements
      • Whether the student is exempt from studying Irish
      • Records of disciplinary issues/investigations and/or sanctions imposed
      • Other records e.g. records of any serious injuries/accidents.
      • Records of any reports the school may have made in respect of the student to State departments and/or other agencies under mandatory reporting legislation and/or child safeguarding guidelines (subject to the DES Child Protection Procedures).
    2. Purposes: The purposes for keeping student records are:
      • to enable each student to develop to their full potential
      • to comply with legislative or administrative requirements
      • to ensure that eligible students can benefit from the relevant additional teaching or financial supports
      • to enable parents/guardians to be contacted in the case of emergency or in the case of school closure or to inform parents of their child’s educational progress or to inform parents of school events etc.
      • to meet the educational, social, physical and emotional requirements of the student
      • photographs and recorded images of students are taken to celebrate school achievements, compile yearbooks, establish a school website, record school events, and to keep a record of the history of the school. Such records are taken and used in accordance with the school’s “Acceptable use” policy.
      • to ensure that the student meets the school’s admission criteria
      • to ensure that any student seeking an exemption from Irish meets the criteria in order to obtain such an exemption from the authorities
      • to furnish documentation/ information about the student to the Department of Education and Skills, the National Council for Special Education, TUSLA, and other Schools etc. in compliance with law and directions issued by government departments
      • to furnish, when requested by the student (or their parents/guardians in the case of a student under 18 years) documentation/information/ references to second -level educational institutions (after enrolment).
      • to allow third party educational service providers (for example, the ‘Manga High’ maths website) to provide an educational service to the pupil.  Before using a pupil’s data for this purpose, explicit additional consent, for each separate service provider, will be sought from parents/guardians.
    3. Location and Security:

      Employees are required to maintain the confidentiality of any data to which they have access.

      • All student records inc. Application/Enrolment Forms will be kept in secure, locked filing cabinets that only personnel who are authorised to use the data can access.
      • Student attendance records (currently in roll books) and PPS numbers will be maintained on the POD system from mid 2015 and will be maintained in line with DES Guidelines. Access will be by permission of the Príomh Oide or (when absent) Deputy PO, to authorised personnel only.
      • Student attendance records, standardised test results, and end of year reports are kept on the Aladdin System and only personnel who are authorised to use the data can access it.  Aladdin has in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information they manage on behalf of D7ET and the information they collect and manage on D7ET’s behalf.  For further information see Aladdin’s Privacy Policy.
  3. Board of management records

    Employees are required to maintain the confidentiality of any data to which they have access.

      1. Categories of board of management data: These may include:
        • Name, address and contact details of each member of the board of management (including former members of the board of management)
        • Records in relation to appointments to the Board
        • Minutes of Board of Management meetings and correspondence to the Board which may include references to particular individuals.
      2. Purposes:
        • To enable the Board of Management to operate in accordance with the Education Act 1998 and other applicable legislation and to maintain a record of board appointments and decisions.
      3. Location and Security:
        • In a secure, locked filing cabinet and on the school computer system. It is protected by passwords known to the principal and Chairperson BOM (as Data Controller). Only personnel who are authorised by the Chairperson or principal to use the data, can access it.
  4. Other records:
    • Records relating to contacts with outside agencies such as patron bodies /insurance companies/legal advisors/ etc. will be securely maintained in the manner appropriate to its origins e.g. paper correspondence or email as appropriate.
    • The school will hold other records relating to individuals. The format in which these records will be kept are manual record (personal file within a relevant filing system), and/or computer record (database) as appropriate.
  5. Creditors
    1. Categories of data: the school may hold some or all of the following information about creditors (some of whom are self-employed individuals):
      • name
      • address
      • contact details
      • PPS number
      • tax details
      • bank details and
      • amount paid.
    2. Purposes: This information is required for routine management and administration of the school’s financial affairs, including the payment of invoices, the compiling of annual financial accounts and complying with audits and investigations by the Revenue Commissioners.
    3. Location and Security: As with BoM records.
  6. Charity tax-back forms
    1. (a) Categories of data: the school may hold the following data in relation to donors who have made charitable donations to the school:
      • name
      • address
      • telephone number
      • PPS number
      • tax rate
      • signature and
      • the gross amount of the donation.
    2. Purposes: Schools are entitled to avail of the scheme of tax relief for donations of money they receive. To claim the relief, the donor must complete a certificate (CHY2) and forward it to the school to allow it to claim the grossed up amount of tax associated with the donation. The information requested on the appropriate certificate is the parent’s name, address, PPS number, tax rate, telephone number, signature and the gross amount of the donation. This is retained by the School in the case of audit by the Revenue Commissioners.
    3. Location: In a secure, locked filing cabinet in the secretary’s office that only personnel who are authorised to use the data can access.
    4. Security: The secretary, principal, chairperson (As Data Controller) and Treasurer of BoM only will have access to these records as appropriate.
  7. CCTV images/recordings
    1. Categories: CCTV is installed at the front of the school, in the foyer, the corridors, at the back entrance, and in the car park. This CCTV system may record images of staff, students and members of the public who visit the premises.
    2. Purposes: Safety and security of staff, students and visitors and to safeguard school property and equipment.
    3. Location: Cameras are located as detailed above. Recording equipment is located in a locked cabinet in the downstairs corridor.
    4. Security: Access to images/recordings is restricted to Chairperson of BoM, as Data Controller, the principal & deputy principal (in the absence of the principal) and the caretaker. Tapes, DVDs, hard disk recordings are retained for 28 days, except if required for the investigation of an incident. Images/recordings may be viewed or made available to An Garda Síochána pursuant to section 8 Data Protection Acts 1988 and 2003.
  8. Test results
    1. Categories: The school will hold data comprising test results in respect of its students. These include class, mid-term, annual, continuous assessment.
    2. Purposes: The main purpose for which these examination results and other records are held is to monitor a student’s progress and to provide a sound basis for advising them and their parents or guardians about subject choices and levels. The data may also be aggregated for statistical/reporting purposes, such as to compile results tables. The data may be transferred to the Department of Education and Skills, the National Council for Curriculum and Assessment and such other similar bodies.
    3. Location and Security: As with student details; In a secure, locked filing cabinet that only personnel who are authorised to use the data can access. Employees are required to maintain the confidentiality of any data to which they have access.
  9. Parent/Guardian email addresses
    1. ‚ÄčCategories of data: The email address optionally provided by a parent or guardian or staff member.
    2. Purposes: In order that the school can send that parent/guardian/staff member the school newsletter, and administrative communications in connection with the newsletter, via email.  The subscriber can unsubscribe at any time, at which point their data will be purged from the newsletter distribution system.
    3. Location: Original paper form on which the parent/guardian/staff member provided the personal data is stored in a secure, locked filing cabinet in the secretary’s office that only personnel who are authorised to use the data can access.  Electronic copy of the email addresses may be processed by a Data Processor, strictly for purposes in accordance with this section; if so, this will be via a suitable Data Processing Agreement, ensuring secure handling of the personal data.
    4. Security: Both physical and electronic copies of the email address only accessible by authorised school personnel, and suitably authorised personnel of a Data Processor (if used) operating under an appropriate Data Processing Agreement.  Email addresses are completely removed from the email distribution system at the end of the academic year; parents/guardians whose child/ren will be returning to the school the following academic year will be given the opportunity to re-subscribe, in line with this policy.

Data Breach Handling

We have in place best-practice security measures to safeguard personal data.  Where data is processed by an external Data Processor, contractual clauses are in place obliging the Data Processor to have in place appropriate technical and organisation security measures.  Nonetheless, we cannot entirely rule out the possibility of a data breach.  Therefore, this section of our Data Protection Policy exists to describe procedure to be followed in such an event.
 
Definition: A ‘breach’ is a situation or event which allows unintentional access to personal data by an unauthorised person.
 
Identification and classification: On becoming aware of a potential breach, a staff member should make a report to the Principal.  Any potentially relevant details must be included in the report.  For example: date/time; which systems were involved; any error messages.
 
Containment and recovery: In the event of a breach, the Principal should appoint a person to investigate the breach.  Any immediate measures should be taken without delay.  For example: conduct a thorough search for a lost device; isolate a system suspected to harbour malware; change locks.
 
Risk assessment: In order to effectively communicate with data subjects (see ‘Notification’), an assessment should be made of the potential adverse consequences for data subjects.  This will involve assessing, for example: what type of data is involved; what could be learnt by an unauthorised person with access to the data; the sensitivity of the data; whether there are security mechanisms rendering access to the data essentially impossible (e.g.,. a lost laptop with strong encryption); number of data subjects affected.
 
Notification: The Principal will inform data subjects without delay.  The notification will include a description of the breach, and the conclusions of the risk assessment as outlined above.  The Principal will also notify the Data Protection Commissioner without delay, except where such notification is not required according to the criteria of section 6 of the DPC’s Personal Data Security Breach Code of Practice.
 
Evaluation and response: Following the breach, a review of the incident and its handling should be conducted.  Such a review may bring to light areas of the response requiring improvement; in some such cases an update to this policy will be considered


Links to Other Policies

To ensure that our school policies are consistent with one another, within the framework of the overall School Plan, relevant school policies already in place or being developed or reviewed, shall be examined with reference to the data protection policy and any implications which it has for them shall be addressed.

The following policies may be among those considered: 

Processing in line with data subject’s rights 

Data in Dublin7 Educate Together N.S., will be processed in line with the data subjects’ rights. Data subjects are the students/pupils, parents/guardians, employees and BoM members and all others whose records are covered by this policy.

Data subjects have a right to: 

  • Request access to any data held about them by a data controller
  • Prevent the processing of their data for direct-marketing purposes
  • Ask to have inaccurate data amended
  • Prevent processing that is likely to cause damage or distress to themselves or anyone else. 

Dealing with a data access requests 

Section 3 access request

Under Section 3 of the Data Protection Acts, an individual has the right to be informed whether the school holds data/information about them and to be given a description of the data together with details of the purposes for which their data is being kept. The individual must make this request in writing and the data controller will accede to the request within 21 days.

The right under Section 3 must be distinguished from the much broader right contained in Section 4, where individuals are entitled to a copy of their data.

Section 4 access request

Individuals are entitled to a copy of their personal data on written request. 

  • The individual is entitled to a copy of their personal data (subject to some exemptions and prohibitions set down in Section 5 of the Data Protection Act)
  • Request must be responded to within 40 days
  • No fee will apply in Dublin 7 Educate Together N.S.
  • Where a subsequent or similar request is made soon after a request has just been dealt with, it is at the discretion of the school data controller to comply with the second request (no time limit but reasonable interval from the date of compliance with the last access request.) This will be determined on a case-by-case basis.
  • No personal data will be supplied relating to another individual unless that third party has consented to the disclosure of their data to the applicant. Data will be carefully redacted to omit references to any other individual. Only where it has not been possible to redact the data, to ensure that the third party is not identifiable, would the school refuse to furnish the data to the applicant. 

Providing information over the phone 

In Dublin 7 Educate Together N.S. any employee dealing with telephone enquiries will be careful about disclosing any personal information held by the school over the phone. In particular the employee should:

  • Check the identity of the caller to ensure that information is only given to a person who is entitled to that information
  • Suggest that the caller put their request in writing if the employee is not sure about the identity of the caller and in circumstances where the identity of the caller cannot be verified
  • Refer the request to the Data Controller/Principal for assistance in difficult situations. No employee should feel forced into disclosing personal information.
  • Retention of Data

Data will be retained/destroyed as per the Data Retention Schedule on www.dataprotectionschools.ie, which is appended to this policy. 

Implementation arrangements, roles and responsibilities 

In Dublin 7 Educate Together the Chairperson of the BOM, on behalf of the BoM is the data controller, and the principal is assigned the role of co-ordinating implementation of this Data Protection Policy and for ensuring that staff who handle or have access to Personal Data are familiar with their data protection responsibilities.

The following personnel have responsibility for implementing the Data Protection Policy:

Name:

Responsibility

Chairperson BoM:

Data Controller

Principal:

Implementation of Policy

Teaching personnel:

Awareness of responsibilities

Administrative personnel:

Security, confidentiality

IT personnel:

Security, encryption, confidentiality

 Ratification & Communication

This Data Protection Policy is dated the 20th January 2015 for implementation from 1st May 2015. It shall be placed on the school website from May 2015 following consultation with the Parents Council and Teaching and administrative staff. All relevant personnel will be made aware of their responsibilities under the policy by the BOM and the Principal.

All concerned will be made aware of any changes implied in recording information on students, staff and others in the school community.

Parents/guardians and students are informed of the Data Protection Policy from the time of enrolment of the student by including reference to the Data Protection Policy as part of the Enrolment Pack, and by providing copies on request from the Secretary’s office. 

Monitoring the implementation of the policy 

The implementation of the policy shall be monitored by the principal and a sub-committee of the board of management consisting of a Parent/guardian nominee and patron’s nominee.

At least one annual report will be issued to the BOM by the Chairperson to confirm that the actions/measures set down under the policy are being implemented. 

Reviewing and evaluating the policy

The current version of this policy was ratified at a meeting of D7ETNS Board of Management on 27 June 2017.  It is due for review by the end of June 2018.

Review may commence earlier in the light of guidelines (e.g. from the Data Protection Commissioner, Department of Education and Skills or the NEWB), legislation and feedback from parents/guardians, students, school staff and others

Signed: …………………………………………………….

For and on behalf of BOM: ……………………………………