Quick Links

GDPR & Privacy Notice

Terms & Privacy / General Data Protection Regulation (GDPR)

How to Raise a Concern

We hope that the Executive Headteacher can resolve any query you raise about our use of your information in the first instance.

We have appointed a data protection officer (DPO) to oversee compliance with data protection and this privacy notice. If you have any questions about how we handle your personal information which cannot be resolve by the Executive Headteacher, then you can contact the DPO on the details below: -

Data Protection Details: Judicium Consulting Ltd, 72 Cannon Street, London, EC4N 6AE

Data Protection Email: dataservices @ judicium.com

You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.

Social Media Policy

Introduction

This policy applies to all School staff regardless of their employment status. It is to be read in conjunction with the School’s Electronic Communications Policy. This policy does not form part of the terms and conditions of employee’s employment with the School and is not intended to have contractual effect. It does however set out the School’s current practices and required standards of conduct and all staff are required to comply with its contents. Breach of the provisions of this policy will be treated as a disciplinary offence which may result in disciplinary action up to and including summary dismissal in accordance with the School’s Disciplinary Policy and Procedure.

This Policy may be amended from time to time and staff will be notified of any changes no later than one month from the date those changes are intended to take effect.

Purpose of this Policy

The School recognises that the internet provides unique opportunities to participate in interactive discussions and share information on particular topics using a wide variety of social media, such as Facebook, Twitter, LinkedIn, blogs and Wikipedia. However, staff use of social media can pose risks to the school’s confidential and proprietary information, its reputation and it can jeopardise our compliance with our legal obligations. To minimise these risks, avoid loss of productivity and to ensure that our IT resources and communications systems are used only for appropriate work related purposes, all School staff are required to comply with the provisions in this policy.

Who is covered by this policy?

This policy covers all individuals working at all levels and grades within the School, including senior managers, officers, governors, employees, consultants, contractors, trainees, homeworkers, part-time and fixed-term employees, casual and agency staff and volunteers (collectively referred to as Staff in this policy). Third parties who have access to our electronic communication systems and equipment are also required to comply with this policy.

Scope and Purpose of this Policy

This policy deals with the use of all forms of social media including Facebook, LinkedIn, Twitter, Wikipedia, all other social networking sites, and all other internet postings, including blogs.

It applies to the use of social media for both work and personal purposes, whether during work hours or otherwise. The policy applies regardless of whether the social media is accessed using our IT facilities and equipment or equipment belonging to members of staff.

Breach of this policy may result in disciplinary action up to and including dismissal.

Disciplinary action may be taken regardless of whether the breach is committed during working hours and regardless of whether the School’s equipment or facilities are used for the purpose of committing the breach. Any member of staff suspected of committing a breach of this policy will be required to co-operate with our investigation, which may involve handing over relevant passwords and login details. Staff may be required to remove internet postings which are deemed to constitute a breach of this policy. Failure to comply with such a request may in itself result in disciplinary action.

Personnel responsible for implementing the policy

The Board of Governors have overall responsibility for the effective operation of this policy, but have delegated day-to-day responsibility for its operation to the Head Teacher.

Responsibility for monitoring and reviewing the operation of this policy and making recommendations for change to minimise risks also lies with the Head Teacher in liaison with the IT Manager.

All senior School Staff have a specific responsibility for operating within the boundaries of this policy, ensuring that all staff understand the standards of behaviour expected of them and taking action when behaviour falls below its requirements.

All School Staff are responsible for the success of this policy and should ensure that they take the time to read and understand it. Any misuse of social media should be reported to the Head of School in the first instance. Questions regarding the content or application of this policy should be directed by email to the Head of School on office@stjosephs.southwark.sch.uk

Compliance with related policies and agreements

Social media should never be used in a way that breaches any of our other policies. If an internet post would breach any of our policies in another forum, it will also breach them in an online forum. For example, employees are prohibited from using social media to:

a) Breach our Electronic information and communications systems policy;

b) Breach our obligations with respect to the rules of relevant regulatory bodies;

c) Breach any obligations they may have relating to confidentiality;

d) Breach our Disciplinary Rules;

e) defame or disparage the School, its Staff, its pupils or parents, its affiliates, partners, suppliers, vendors or other stakeholders;

f) Harass or bully other Staff in any way or breach our Anti-harassment and bullying policy;

g) Unlawfully discriminate against other Staff or third parties or breach our Equal opportunities policy;

h) Breach our Data protection policy (for example, never disclose personal information about a colleague online);

i) Breach any other laws or ethical standards (for example, never use social media in a false or misleading way, such as by claiming to be someone other than yourself or by making misleading statements).

Staff should never provide references for other individuals on social or professional networking sites, as such references, positive and negative, can be attributed to the School and create legal liability for both the author of the reference and the organisation.

Staff who breach any of the above policies will be subject to disciplinary action up to and including termination of employment.

Personal use of social media

Personal use of social media is never permitted during working time or by means of our computers, networks and other IT resources and communications systems.

Staff should not use a work email address to sign up to any social media and any personal social media page should not make reference to their employment with the Trust (excluding LinkedIn, where prior permission is sought from the Head of School).

Staff must not take photos or posts from social media that belongs to the School for their own personal use.

Monitoring

The contents of our IT resources and communications systems are the School’s property. Therefore, staff should have no expectation of privacy in any message, files, data, document, facsimile, telephone conversation, social media post conversation or message, or any other kind of information or communications transmitted to, received or printed from, or stored or recorded on our electronic information and communications systems.

The School reserves the right to monitor, intercept and review, without further notice, staff activities using our IT resources and communications systems, including but not limited to social media postings and activities, to ensure that our rules are being complied with and for legitimate business purposes and you consent to such monitoring by your acknowledgement of this policy and your use of such resources and systems. This might include, without limitation, the monitoring, interception, accessing, recording, disclosing, inspecting, reviewing, retrieving and printing of transactions, messages, communications, postings, log-ins, recordings and other uses of the systems as well as keystroke capturing and other network monitoring technologies.

The School may store copies of such data or communications for a period of time after they are created, and may delete such copies from time to time without notice.

All Staff are advised not to use our IT resources and communications systems for any matter that he or she wishes to be kept private or confidential from the School.

Educational or Extra Curricular Use of Social Media

If your duties require you to speak on behalf of the School in a social media environment, you must follow the protocol outlined below.

The Head of School may require you to undergo training before you use social media on behalf of the School and impose certain requirements and restrictions with regard to your activities.

Likewise, if you are contacted for comments about the School for publication anywhere, including in any social media outlet, you must direct the inquiry to the Head Teacher and must not respond without advanced written approval.

Recruitment

The School may use internet searches to perform pre employment checks on candidates in the course of recruitment. Where the School does this, it will act in accordance with its data protection and equal opportunities obligations.

Responsible use of social media

The following sections of the policy provide staff with common-sense guidelines and recommendations for using social media responsibly and safely.

Photographs for use of Social Media

Any photos for social media posts may only be taken using school cameras/devices or devices that have been approved in advance by the Head of School. Where any device is used that does not belong to the School all photos must be deleted immediately from the device, once the photos have been uploaded to a device belonging to the School.

Staff Protocol for use of Social Media

Where any post is going to be made on the School’s own social media the following steps must be taken:

1. Ensure that permission from the child’s parent has been sought before information is used on social media (via Parent / Carer Social Media Agreement).

2. Ensure that there is no identifying information relating to a child/children in the post - for example any certificates in photos are blank/without names or the child’s name cannot be seen on the piece of work.

3. The post must be a positive and relevant post relating to the children, the good work of staff, the School or any achievements.

4. Social Media can also be used to issue updates or reminders to parents/guardians and the Head of School will have overall responsibility for this. Should you wish for any reminders to be issued you should contact the head of School by email to ensure that any post can be issued.

5. The proposed post must be presented to the Head of School for confirmation that the post can ‘go live’ before it is posted on any social media site.

6. The Head of School will post the information, but all staff have responsibility to ensure that the Social Media Policy has been adhered to.

Protecting our business reputation

Staff must not post disparaging or defamatory statements about:

i. The School;

ii. Current, past or prospective Staff as defined in this policy

iii. Current, past or prospective pupils

iv. Parents, carers or families of (iii)

v. The School’s suppliers and services providers; and

vi. Other affiliates and stakeholders.

Staff should also avoid social media communications that might be misconstrued in a way that could damage the School’s reputation, even indirectly.

If Staff are using social media they should make it clear in any social media postings that they are speaking on their own behalf. Staff should write in the first person and use a personal rather than School e-mail address when communicating via social media.

Staff are personally responsible for what they communicate in social media. Staff should remember that what they publish might be available to be read by the masses (including the School itself, future employers and social acquaintances) for a long time. Staff should keep this in mind before they post content. If Staff disclose whether directly or indirectly their affiliation to the School as a member of Staff whether past, current or prospective, they must also state that their views do not represent those of the School. Staff must ensure that their profile and any content posted are consistent with the professional image they are required to present to colleagues, pupils and parents.

Staff must avoid posting comments about confidential or sensitive School related topics. Even if Staff make it clear that their views on such topics do not represent those of the School, such comments could still damage the School’s reputation and incur potential liability.

If a member of Staff is uncertain or concerned about the appropriateness of any statement or posting, he or she should refrain from making the communication until he or she has discussed it with his Line Manager or Head of Department. If a member of Staff sees content in social media that disparages or reflects poorly on the School, it’s Staff, pupils, parents, service providers or stakeholders, he or she is required to report this in the first instance to the Executive Headteacher without unreasonable delay. All staff are responsible for protecting the School’s reputation.

Respecting intellectual property and confidential information

Staff should not do anything to jeopardise School confidential information and intellectual property through the use of social media.

In addition, Staff should avoid misappropriating or infringing the intellectual property of other School’s, organisations, companies and individuals, which can create liability for the School, as well as the individual author.

Staff must not use the School’s logos, brand names, slogans or other trademarks, or post any of our confidential or proprietary information without express prior written permission from the Executive Headteacher.

To protect yourself and the School against liability for copyright infringement, where appropriate, reference sources of particular information you post or upload and cite them accurately. If you have any questions about whether a particular post or upload might violate anyone's copyright or trademark, ask the Executive Headteacher in the first instance before making the communication.

Respecting colleagues, pupils, parents, clients, service providers and stakeholders

Staff must not post anything that their colleagues, the School’s past, current or prospective pupils, parents, service providers or stakeholders may find offensive, including discriminatory comments, insults or obscenity.

Staff must not post anything related to colleagues, the School’s past, current or prospective pupils, parents, service providers or stakeholders without their advanced written permission.

Monitoring and review of this policy

The Head of School together with the Executive Headteacher shall be responsible for reviewing this policy from time to time to ensure that it meets legal requirements and reflects best practice. The Board of Governors has responsibility for approving any amendments prior to implementation. The Head Teacher has responsibility for ensuring that any person who may be involved with administration or investigations carried out under this policy receives regular and appropriate training to assist them with these duties.

If Staff have any questions about this policy or suggestions for additions that they would like to be considered on review, they may do so by emailing the Head of School in the first instance.

Information Security

SOCIAL MEDIA POLICY

Introduction

This Policy may be amended from time to time and staff will be notified of any changes no later than one month from the date those changes are intended to take effect.

Purpose of this Policy

Who is covered by this policy?

Scope and Purpose of this Policy

This policy deals with the use of all forms of social media including Facebook, LinkedIn, Twitter, Wikipedia, all other social networking sites, and all other internet postings, including blogs.

Breach of this policy may result in disciplinary action up to and including dismissal.

Personnel responsible for implementing the policy

The Board of Governors have overall responsibility for the effective operation of this policy, but have delegated day-to-day responsibility for its operation to the Head Teacher.

Responsibility for monitoring and reviewing the operation of this policy and making recommendations for change to minimise risks also lies with the Head Teacher in liaison with the IT Manager.

Compliance with related policies and agreements

a) Breach our Electronic information and communications systems policy;

b) Breach our obligations with respect to the rules of relevant regulatory bodies;

c) Breach any obligations they may have relating to confidentiality;

d) Breach our Disciplinary Rules;

e) defame or disparage the School, its Staff, its pupils or parents, its affiliates, partners, suppliers, vendors or other stakeholders;

f) Harass or bully other Staff in any way or breach our Anti-harassment and bullying policy;

g) Unlawfully discriminate against other Staff or third parties or breach our Equal opportunities policy;

h) Breach our Data protection policy (for example, never disclose personal information about a colleague online);

Staff who breach any of the above policies will be subject to disciplinary action up to and including termination of employment.

Personal use of social media

Personal use of social media is never permitted during working time or by means of our computers, networks and other IT resources and communications systems.

Staff must not take photos or posts from social media that belongs to the School for their own personal use.

Monitoring

The School may store copies of such data or communications for a period of time after they are created, and may delete such copies from time to time without notice.

All Staff are advised not to use our IT resources and communications systems for any matter that he or she wishes to be kept private or confidential from the School.

Educational or Extra Curricular Use of Social Media

If your duties require you to speak on behalf of the School in a social media environment, you must follow the protocol outlined below.

The Head of School may require you to undergo training before you use social media on behalf of the School and impose certain requirements and restrictions with regard to your activities.

Recruitment

Responsible use of social media

The following sections of the policy provide staff with common-sense guidelines and recommendations for using social media responsibly and safely.

Photographs for use of Social Media

Staff Protocol for use of Social Media

Where any post is going to be made on the School’s own social media the following steps must be taken:

1. Ensure that permission from the child’s parent has been sought before information is used on social media (via Parent / Carer Social Media Agreement).

3. The post must be a positive and relevant post relating to the children, the good work of staff, the School or any achievements.

5. The proposed post must be presented to the Head of School for confirmation that the post can ‘go live’ before it is posted on any social media site.

6. The Head of School will post the information, but all staff have responsibility to ensure that the Social Media Policy has been adhered to.

Protecting our business reputation

Staff must not post disparaging or defamatory statements about:

i. The School;

ii. Current, past or prospective Staff as defined in this policy

iii. Current, past or prospective pupils

iv. Parents, carers or families of (iii)

v. The School’s suppliers and services providers; and

vi. Other affiliates and stakeholders.

Staff should also avoid social media communications that might be misconstrued in a way that could damage the School’s reputation, even indirectly.

If a member of Staff is uncertain or concerned about the appropriateness of any statement or posting, he or she should refrain from making the communication until he or she has discussed it with his Line Manager or Head of Department. If a member of Staff sees content in social media that disparages or reflects poorly on the School, it’s Staff, pupils, parents, service providers or stakeholders, he or she is required to report this in the first instance to the Head Teacher without unreasonable delay. All staff are responsible for protecting the School’s reputation.

Respecting intellectual property and confidential information

Staff should not do anything to jeopardise School confidential information and intellectual property through the use of social media.

To protect yourself and the School against liability for copyright infringement, where appropriate, reference sources of particular information you post or upload and cite them accurately. If you have any questions about whether a particular post or upload might violate anyone's copyright or trademark, ask the Head Teacher in the first instance before making the communication.

Respecting colleagues, pupils, parents, clients, service providers and stakeholders

Staff must not post anything related to colleagues, the School’s past, current or prospective pupils, parents, service providers or stakeholders without their advanced written permission.

Monitoring and review of this policy

If Staff have any questions about this policy or suggestions for additions that they would like to be considered on review, they may do so by emailing the Head of School in the first instance.

Freedom of Information

FREEDOM OF INFORMATION POLICY

Introduction

The Freedom of Information Act 2000 gives individuals the right to access official information from public bodies. Under the Act, any person has a legal right to ask for access to information held by the school. They are entitled to be told whether the school holds the information, and to receive a copy, subject to certain exemptions. While the Act assumes openness, it recognises that certain information is sensitive. There are exemptions to protect this information.

Public Authorities should be clear and proactive about the information they will make public. For this reason, a publication scheme is available.

This policy does not form part of any individual’s terms and conditions of employment with the School and is not intended to have contractual effect.

This policy should be used in conjunction with the school’s Internet Use Policy and Data Protection Policy.

Requests

Requests under Freedom of Information should be made to the Executive Head Teacher. However the request can be addressed to anyone in the School; so all staff need to be aware of the process for dealing with requests.

Requests for information that are not data protection or environmental information requests will be covered by the Freedom of Information Act: -

Data Protection enquiries (or subject access requests) are requests where the enquirer asks to see what personal information the school holds about the enquirer. If the enquiry is a Data Protection request, the School’s Data Protection Policy should be followed.

Environmental Information Regulations enquiries are those which relate to air, water, land, natural sites, built environment, flora and fauna, and health, and any decisions and activities affecting any of these. These could therefore include enquiries about recycling, phone masts, school playing fields, car parking etc. If the enquiry is about environmental information, follow the guidance on the Department for Environment, Food and Rural Affairs (DEFRA) website.

Freedom of Information requests must be made in writing, (including email), and should include the enquirers name and correspondence address (email addresses are allowed), and state what information they require. There must be enough information in the request to be able to identify and locate the information. If this information is covered by one of the other pieces of legislation (as referred to above), they will be dealt with under the relevant policy/procedure related to that request.

If the request is ambiguous and/or the School require further information in order to deal with your request, the School will request this further information directly from the individual making the request. Please note that the School do not have to deal with the request until the further information is received. Therefore, the time limit starts from the date that the School receives all information required in order to deal with the request.

The requester does not have to mention the Act, nor do they have to say why they want the information. There is a duty to respond to all requests, telling the enquirer whether or not the information is held, and supplying any information that is held, except where exemptions apply. There is a time limit of 20 working days excluding school holidays for responding to the request.

Information

Provided all requirements are met for a valid request to be made, the School will provide the information that it holds (unless an exemption applies).

“Holding” information means information relating to the business of the school:

That the school has created; or
That the school has received from another body or person; or
Held by another body on the school’s behalf.

Information means both hard copy and digital information, including email.

If the information is held by another public authority, such as the Local Authority, first check with them they hold it, then transfer the request to them. If this applies, the School will notify the enquirer that they do not hold the information and to whom they have transferred the request. The School will continue to answer any parts of the enquiry in respect of information it does hold.

When the School does not hold the information, it has no duty to create or acquire it; just to answer the enquiry, although a reasonable search will be made before confirming whether the School has the information requested.

If the information requested is already in the public domain, for instance through the Publication Scheme or on the School’s website, the School will direct the enquirer to the information and explain how to access it.

The requester has the right to be told if the information requested is held by the School (subject to any of the exemptions). This obligation is known as the school’s “duty to confirm or deny” that it holds the information. However, the school does not have to confirm or deny if:-

The exemption is an absolute exemption; or
In the case of qualified exemptions, confirming or denying would itself disclose exempted information.

Vexatious Requests

There is no obligation on the School to comply with vexatious requests. A vexatious request is one which is designed to cause inconvenience, harassment or expense rather than to obtain information, and would require a substantial diversion of resources or would otherwise undermine the work of the school. This however does not provide an excuse for bad records management.

In addition, the School do not have to comply with repeated identical or substantially similar requests from the same applicant unless a “reasonable” interval has elapsed between requests.

Fees

The School may charge the requester a fee for providing the requested information. This will be dependent on whether the staffing costs in complying with the request exceeds the “threshold.” The threshold is currently £450 with staff costs calculated at a fixed rate of £25 per hour (therefore 18 hours’ work is required before the threshold is reached).

If a request would cost less than the threshold, then the school can only charge for the cost of informing the applicant whether the information is held, and communicating the information to the applicant (e.g. photocopying, printing and postage costs).

When calculating costs/threshold, the School can take account of the staff costs/time in determining whether the information is held by the School, locating and retrieving the information, and extracting the information from other documents. The School will not take account of the costs involved with considering whether information is exempt under the Act.

If a request would cost more than the appropriate limit, (£450) the school can turn the request down, answer and charge a fee or answer and waive the fee.

If the School are going to charge they will send the enquirer a fees notice. The School do not have to comply with the request until the fee has been paid. More details on fees can be found on the ICO website.

If planning to turn down a request for cost reasons, or charge a high fee, you should contact the applicant in advance to discuss whether they would prefer the scope of the request to be modified so that, for example, it would cost less than the appropriate limit.

Where two or more requests are made to the School by different people who appear to be acting together or as part of a campaign the estimated cost of complying with any of the requests may be taken to be the estimated total cost of complying with them all.

Time Limits

Compliance with a request must be prompt and within the time limit of 20 working days (excluding school holidays). Failure to comply could result in a complaint by the requester to the Information Commissioner. The response time starts from the time the request is received.

Where the School has asked the enquirer for more information to enable it to answer, the 20 working days start time begins when this further information has been received.

If some information is exempt this will be detailed in the School’s response.

If a qualified exemption applies and the School need more time to consider the public interest test, the School will reply in 20 working days stating that an exemption applies but include an estimate of the date by which a decision on the public interest test will be made. This should be within a “reasonable” time.

Where the School has notified the enquirer that a charge is to be made, the time period stops until payment is received.

Third Party Data

Consultation of third parties may be required if their interests could be affected by release of the information requested, and any such consultation may influence the decision.

Consultation will be necessary where:

Disclosure of information may affect the legal rights of a third party, such as the right to have certain information treated in confidence or rights under Article 8 of the European Convention on Human Rights;
The views of the third party may assist the School to determine if information is exempt from disclosure; or
he views of the third party may assist the School to determine the public interest test.

Personal information requested by third parties is also exempt under this policy where release of that information would breach the Data Protection Act. If a request is made for a document (e.g. Governing Body minutes) which contains personal information whose release to a third party would breach the Data Protection Act, the document may be issued by blanking out the relevant personal information as set out in the redaction procedure.

Exemptions

The presumption of the Freedom of Information Act is that the School will disclose information unless the Act provides a specific reason to withhold it. The Act recognises the need to preserve confidentiality and protect sensitive material in certain circumstances.

The School may refuse all/part of a request, if one of the following applies: -

There is an exemption to disclosure within the act;
The information sought is not held;
The request is considered vexatious or repeated; or
The cost of compliance exceeds the threshold.

A series of exemptions are set out in the Act which allow the withholding of information in relation to an enquiry. Some are very specialised in their application (such as national security) and would not usually be relevant to schools.

There are two general categories of exemptions:-

Absolute: where there is no requirement to confirm or deny that the information is held, disclose the information or consider the public interest; and
Qualified: where, even if an exemption applies, there is a duty to consider the public interest in disclosing information.

Absolute Exemptions

There are eight absolute exemptions set out in the Act. However the following are the only absolute exemptions which will apply to the School: -

Information accessible to the enquirer by other means (for example by way of the School’s Publication Scheme);
National Security/Court Records;
Personal information (i.e. information which would be covered by the Data Protection Act);
Information provided in confidence.

If an absolute exemption exists, it means that disclosure is not required by the Act. However, a decision could be taken to ignore the exemption and release the information taking into account all the facts of the case if it is felt necessary to do so.

Qualified Exemptions

If one of the below exemptions apply (i.e. a qualified disclosure), there is also a duty to consider the public interest in confirming or denying that the information exists and in disclosing information.

The qualified exemptions under the Act which would be applicable to the School are: -

Information requested is intended for future publication (and it is reasonable in all the circumstances for the requester to wait until such time that the information is actually published);
Reasons of National Security;
Government/International Relations;
Release of the information is likely to prejudice any actual or potential legal action or formal investigation involving the School;
Law enforcement (i.e. if disclosure would prejudice the prevention or detection of crime, the prosecution of offenders or the administration of justice);
Release of the information would prejudice the ability of the School to carry out an effective audit of its accounts, resources and functions;
For Health and Safety purposes;
Information requested is Environmental information;
Information requested is subject to Legal professional privilege; and
For “Commercial Interest” reasons.

Where the potential exemption is a qualified exemption, the School will consider the public interest test to identify if the public interest in applying the exemption outweighs the public interest in disclosing it.

In all cases, before writing to the enquirer, the person given responsibility by the School for dealing with the request will need to ensure that the case has been properly considered, and that the reasons for refusal, or public interest test refusal, are sound.

Refusal

If it is decided to refuse a request, the School will send a refusals notice, which must contain

The fact that the responsible person cannot provide the information asked for;
Which exemption(s) apply;
Why the exemption(s) apply to this enquiry (if it is not self-evident);
Reasons for refusal; and
The School’s complaints procedure.

For monitoring purposes and in case of an appeal against a decision not to release the information or an investigation by the Information Commissioner, the responsible person must keep a record of all enquiries where all or part of the requested information is withheld and exemptions are claimed. The record must include the reasons for the decision to withhold the information.

Complaints/Appeals

Any written (including email) expression of dissatisfaction should be handled through the School’s existing complaints procedure. Wherever practicable the review should be handled by someone not involved in the original decision.

The Governing Body should set and publish a target time for determining complaints and information on the success rate in meeting the target. The school should maintain records of all complaints and their outcome.

If the outcome is that the School’s original decision or action is upheld, then the applicant can appeal to the Information Commissioner. The appeal can be made via their website or in writing to:

Customer Contact
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF

Electronic Information and Communications Systems Policy

Introduction

The School’s electronic communications systems and equipment are intended to promote effective communication and working practices throughout the business and are critical to the success of our provision of excellent service.

This policy does not form part of any employee’s terms and conditions of employment and is not intended to have contractual effect. It is provided for guidance to all members of staff at the School who are required to familiarise themselves and comply with its contents. The School reserves the right to amend its content at any time.

This policy outlines the standards that the School requires all users of these systems to observe, the circumstances in which the School will monitor use of these systems and the action the School will take in respect of any breaches of these standards.

The use by staff and monitoring by the School of its electronic communications systems is likely to involve the processing of personal data and is therefore regulated by the General Data Protection Regulation (GDPR) and all data protection laws and guidance in force.

Staff are referred to the School’s Data Protection Policy for further information. The School is also required to comply with the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 and the principles of the European Convention on Human Rights incorporated into U.K. law by the Human Rights Act 1998.

All members of staff are required to comply with the provisions set out in this policy at all times to protect the School’s electronic systems from unauthorised access or harm. Breach of this policy will be regarded as a disciplinary offence and dealt with under the School’s disciplinary procedure and in serious cases may be treated as gross misconduct leading to summary dismissal.

The School has the right to monitor all aspects of its systems, including data which is stored under the School’s computer systems in compliance with the GDPR.

This policy mainly deals with the use (or misuse) of computer equipment, e-mail, internet connection, telephones, iPads (and other mobile device tablets), Blackberries, personal digital assistants (PDAs) and voicemail, but it applies equally to the use of fax machines, copiers, scanners, and the like.

Equipment Security and passwords

All members of staff are responsible for the security of the equipment allocated to or used by them and must not allow it to be used by anyone other than in accordance with this policy.

Passwords are unique to each user and staff are required to select a password that cannot be easily broken and which contains at least 6 characters including both numbers and letters.

Passwords must be kept confidential and must not be made available to anyone else unless authorised by a member of the Senior Leadership Group who will liaise with the IT Consultant as appropriate and necessary. Any member of staff who discloses his or her password to another employee in the absence of express authorisation will be liable to disciplinary action under the School’s Disciplinary Policy and Procedure. Any member of staff who logs on to a computer using another member of staff’s password will be liable to disciplinary action up to and including summary dismissal for gross misconduct.

If given access to the School e-mail system or to the internet, staff are responsible for the security of their terminals. Staff are required to log off when they are leaving the terminal unattended or when leaving the office to prevent unauthorised users accessing the system in their absence. The Senior Leadership Group and/or the IT Consultant may do spot checks from time to time to ensure compliance with this requirement.

Staff should be aware that if they fail to log off and leave their terminals unattended they may be held responsible for another user’s activities on their terminal in breach of this policy, the School’s Data Protection Policy and/or the requirement for confidentiality in respect of certain information.

Logging off prevents another member of staff accessing the system in the user’s absence and may help demonstrate in the event of a breach in the user’s absence that he or she was not the party responsible.

Staff without authorisation should only be allowed to use terminals under supervision. Desktop PCs and cabling for telephones or computer equipment should not be moved or tampered with without first consulting and obtaining the express approval of the IT Consultant.

On the termination of employment for any reason, staff are required to provide a full handover detailing the drives, folders and files where their work can be located and accessed. The School reserves the right to require employees to hand over all School data held in computer useable format.

Members of staff who have been issued with a laptop, iPad (or other mobile device tablet), PDA or Blackberry must ensure that it is kept secure at all times, especially when travelling. Passwords must be used to secure access to data kept on such equipment to ensure that confidential data is protected in the event that the machine is lost or stolen. Staff should also observe basic safety rules when using such equipment e.g. ensuring that they do not use or display such equipment in isolated or dangerous areas. Staff should also be fully aware that if using equipment on public transport documents can be easily read by other passengers.

Systems Use and Data Security

Members of staff should not delete, destroy or modify any of the School’s existing systems, programs, information or data which could have the effect of harming or exposing to risk or harm the School’s, its staff, students, or any other party.

All members of staff are prohibited from downloading, installing or running software from external sources without obtaining prior authorisation from the IT Consultant who will consider bona fide requests for work purposes. Please note that this includes instant messaging programs, screen savers, photos, video clips, games, music files and opening any documents or communications from unknown origins.

Where consent is given all files and data should always be virus checked before they are downloaded onto the School’s systems. If in doubt, the employee should seek advice from the IT Consultant or a member of the Senior Leadership Group.

The following must never be accessed from the network because of their potential to overload the system or to introduce viruses:

Audio and video streaming;
Instant messaging;
Chat rooms;
Social networking sites; and
Web mail (such as Hotmail or Yahoo).

No device or equipment should be attached to our systems without the prior approval of the IT Consultant or Senior Leadership Group. This includes, but is not limited to, any PDA or telephone, iPad (or other mobile device tablet), USB device, i-pod, digital camera, MP3 player, infra red connection device or any other device.

The School monitors all e-mails passing through its systems for viruses. Staff should be cautious when opening e-mails from unknown external sources or where for any reason an e-mail appears suspicious (such as ending in ‘.exe’). The IT Consultant should be informed immediately if a suspected virus is received. The School reserves the right to block access to attachments to e-mail for the purpose of effective use of the system and compliance with this policy. The School also reserves the right not to transmit any e-mail message.

Staff should not attempt to gain access to restricted areas of the network or to any password-protected information unless they are specifically authorised to do so.

Misuse of the School’s computer systems may result in disciplinary action up to and including summary dismissal. For further guidance on what constitutes misuse please see the section entitled Inappropriate Use of the School’s Systems and guidance under “E-mail etiquette and content” below.

E-mail etiquette and content

E-mail is a vital business tool, but often lapses inappropriately into an informal means of communication and should therefore be used with great care and discipline.

The School’s e-mail facility is intended to promote effective communication within the business on matters relating to the School’s business activities and access to the School’s e-mail facility is provided for work purposes only.

Staff are permitted to make occasional personal use of the School’s e-mail facility provided such use is in strict accordance with this policy (see Personal Use below). Excessive or inappropriate personal use of the School’s email facility will be treated as a disciplinary offence resulting in disciplinary action up to and including summary dismissal depending on the seriousness of the offence.

Staff should always consider if e-mail is the appropriate medium for a particular communication. The School encourages all members of staff to make direct contact with individuals rather than communicate by e-mail wherever possible to maintain and enhance good working relationships.

Messages sent on the e-mail system should be written as professionally as a letter or fax message and should be concise and directed only to relevant individuals on a need to know basis. The content and language used in the message must be consistent with the School’s best practice.

E-mails should never be sent in the heat of the moment or without first checking the content and language and considering how the message is likely to be received. Staff are encouraged wherever practicable to write a draft e-mail first, print it out and review it carefully before finalising and sending. As a rule of thumb if a member of staff would not be happy for the e-mail to be read out in public or subjected to scrutiny then it should not be sent. Hard copies of e-mails should be retained on the appropriate file.

All members of staff should remember that e-mails can be the subject of legal action for example in claims for breach of contract, confidentiality, defamation, discrimination, harassment etc. against both the member of staff who sent them and the School. Staff should take care with the content of e-mail messages, as incorrect or improper statements can give rise to personal liability of staff and to liability of the School in the same way as the contents of letters or faxes.

E-mail messages may of course be disclosed in legal proceedings in the same way as paper documents. Deletion from a user’s inbox or archives does not mean that an e-mail is obliterated and all e-mail messages should be treated as potentially retrievable, either from the main server or using specialist software. This should be borne in mind when considering whether e-mail is an appropriate forum of communication in the circumstances of the case and if so the content and language used.

Staff should assume that e-mail messages may be read by others and not include in them anything which would offend or embarrass any reader, or themselves, if it found its way into the public domain. The School standard disclaimer should always be used on every e-mail.

Staff should ensure that they access their e-mails at least once every working day, stay in touch by remote access when travelling or working out of the office and should use an out of office response when away from the office for more than a day. Staff should endeavour to respond to e-mails marked ‘high priority’ as soon as is reasonably practicable.

Members of staff are strictly forbidden from sending abusive, obscene, discriminatory, racist, harassing, derogatory or defamatory messages. If such messages are received, they should not be forwarded and should be reported to a member of the Senior Leadership Group immediately. If a recipient asks you to stop sending them personal messages then always stop immediately. Where appropriate, the sender of the e-mail should be referred to this policy and asked to stop sending such material.

If you feel that you have been harassed or bullied, or are offended by material sent to you by a colleague via e-mail, you should inform The Head of School who will usually seek to resolve the matter informally. You should refer to our Equal Opportunities and Diversity Policy and the Anti-Harassment and Bullying Policy for further information and guidance.

If an informal procedure is unsuccessful, you may pursue the matter formally under the School’s formal grievance procedure. (Further information is contained in the School’s Equal Opportunities and Diversity Policy, Anti-Harassment and Bullying Policy and Grievance Policy and Procedure.)

As general guidance, staff must not:

Send any e-mail, including resending and forwarding, containing sexually explicit or otherwise offensive material either internally or externally;

Send any e-mail communication which may be regarded as harassing or insulting. Complaints about the performance or service of other departments or individuals must be made on a face-to-face basis in accordance with normal and courteous practice;
Send or forward private e-mails at work which they would not want a third party to read;
Send or forward chain mail, junk mail, cartoons, jokes or gossip either within or outside the School;
Contribute to system congestion by sending trivial messages or unnecessarily copying or forwarding e-mails to those who do not have a real need to receive them;
Sell or advertise using the systems or broadcast messages about lost property, sponsorship or charitable appeals.
Agree to terms, enter into contractual commitments or make representations by e-mail unless the appropriate authority has been obtained. A name typed at the end of an e-mail is a signature in the same way as a name written in ink at the end of a letter;
Download or e-mail text, music and other content on the internet subject to copyright protection, unless it is clear that the owner of such works allows this;
Send messages containing any reference to other individuals or any other business that may be construed as libellous;
Send messages from another worker’s computer or under an assumed name unless specifically authorised;
Send confidential messages via e-mail or the internet, or by other means of external communication which are known not to be secure;
E-mail may normally only be used to communicate internally with colleagues and students (where appropriate and necessary) and externally to parents, suppliers and third parties on academic/service related issues. Urgent or important messages to family and friends are permitted, but must be of a serious nature;

The School recognises that it is not always possible to control incoming mail. Any material which would be considered as inappropriate or unprofessional, sexually explicit or offensive should be deleted at once. Any member of staff who finds that they are receiving such communications from known sources is responsible for contacting that source in order to request that such communication is not repeated.

Staff who receive an e-mail which has been wrongly delivered should return it to the sender of the message. If the e-mail contains confidential information or inappropriate material (as described above) it should not be disclosed or forwarded to another member of staff or used in any way. The Executive Head Teacher should be informed as soon as reasonably practicable.

Use of the web and the internet

When a website is visited, devices such as cookies, tags or web beacons may be employed to enable the site owner to identify and monitor visitors. If the website is an inappropriate one such a marker could be a source of embarrassment to the School, especially if a member of staff has accessed, downloaded, stored or forwarded inappropriate material from the website. Staff may even be committing a criminal offence if, for example, the material is pornographic in nature.

Staff must not therefore access from the School’s system any web page or any files (whether documents, images or other) downloaded from the web which, on the widest meaning of those terms, could be regarded as illegal, offensive, in bad taste or immoral. While content may be legal in the UK it may be in sufficient bad taste to fall within this prohibition.

As a general rule, if any person within the School (whether intending to view the page or not) might be offended by the contents of a page, or if the fact that the School’s software has accessed the page or file might be a source of embarrassment if made public, then viewing it will be a breach of this policy.

Staff should not under any circumstances use School systems to participate in any internet chat room, post messages on any internet message board or set up or log text or information even in their own time.

Remember also that text, music and other content on the internet are copyright works. Staff should not download or e-mail such content to others unless certain that the owner of such works allows this.

The School’s website may be found at www.stjosephs.southwark.sch.uk. This website is intended to convey our core values and excellence in the educational sector. All members of staff are encouraged to give feedback concerning the site and new ideas and inclusions are welcome. All such input should be submitted to the Senior Leadership Group in the first instance. Only expressly authorised and designated members of staff are permitted to make changes to the website.

Staff should be aware that any personal use of the systems may also be monitored (see below) and, where breaches of this policy are found, action may be taken under our Disciplinary Policy and Procedure. Personal use of the School’s email facility will be treated as a disciplinary offence resulting in disciplinary action up to and including summary dismissal depending on the seriousness of the offence.

Inappropriate use of equipment and systems

Misuse or abuse of our telephone or e-mail system or inappropriate use of the internet in breach of this policy will be dealt with in accordance with the School’s Disciplinary Policy and Procedure.

Misuse of the internet may, in certain circumstances, constitute a criminal offence. In particular, misuse of the e-mail system or inappropriate use of the internet by viewing, accessing, transmitting or downloading any of the following material, or using any of the following facilities, will amount to gross misconduct (this list is not exhaustive):

Accessing pornographic material (that is writings, pictures, films, video clips of a sexually explicit or arousing nature), racist or other inappropriate or unlawful materials;
Transmitting a false and/or defamatory statement about any person or organisation;
Sending, receiving, downloading displaying or disseminating material which is discriminatory, offensive derogatory or may cause offence and embarrassment or harass others;
Transmitting confidential information about the School and any of its staff, students or associated third parties;
Transmitting any other statement which is likely to create any liability (whether criminal or civil, and whether for the employee or for the School;
Downloading or disseminating material in breach of copyright;
Copying, downloading, storing or running any software without the express prior authorisation of the IT Consultant;
Engaging in on line chat rooms, instant messaging, social networking sites and on line gambling;
Forwarding electronic chain letters and other materials;
Accessing, downloading, storing, transmitting or running any material that presents or could present a risk of harm to a child.

Any such action will be treated very seriously and may result in disciplinary action up to and including summary dismissal.

Where evidence of misuse is found the School may undertake a more detailed investigation in accordance with our Disciplinary Policy and Procedure, involving the examination and disclosure of monitoring records to those nominated to undertake the investigation and any witnesses or members of management involved in the disciplinary procedure.

If necessary such information may be handed to the police in connection with a criminal investigation.

Data Retention Policy

The School has a responsibility to maintain its records and record keeping systems. When doing this, the School will take account of the following factors: -

The most efficient and effective way of storing records and information;
The confidential nature of the records and information stored;
The security of the record systems used;
Privacy and disclosure; and
Their accessibility.

This policy does not form part of any employee's contract of employment and is not intended to have contractual effect. It does, however, reflect the School’s current practice, the requirements of current legislation and best practice and guidance. It may be amended by the School from time to time and any changes will be notified to employees within one month of the date on which the change is intended to take effect. The School may also vary any parts of this procedure, including any time limits, as appropriate in any case.

Data Protection

This policy sets out how long employment-related and pupil data will normally be held by us and when that information will be confidentially destroyed in compliance with the terms of the General Data Protection Regulation (GDPR) and the Freedom of Information Act 2000.

Data will be stored and processed to allow for the efficient operation of the School. The School’s Data Protection Policy outlines its duties and obligations under the GDPR.

RETENTION SCHEDULE

Information (hard copy and electronic) will be retained for at least the period specified in the attached retention schedule. When managing records, the School will adhere to the standard retention times listed within that schedule.

Paper records will be regularly monitored by The School Business Manager.

Electronic records will be regularly monitored by The School Business Manager.

The schedule is a relatively lengthy document listing the many types of records used by the school and the applicable retention periods for each record type. The retention periods are based on business needs and legal requirements.

Destruction of Records

Where records have been identified for destruction they should be disposed of in an appropriate way. All information must be reviewed before destruction to determine whether there are special factors that mean destruction should be delayed, such as potential litigation, complaints or grievances.

All paper records containing personal information, or sensitive policy information should be shredded before disposal where possible. All other paper records should be disposed of by an appropriate waste paper merchant. All electronic information will be deleted.

The School maintains a database of records which have been destroyed and who authorised their destruction. When destroying documents, the appropriate staff member should record in this list at least: -

File reference (or other unique identifier);
File title/description;
Number of files; and
Name of the authorising officer.

ARCHIVING

Where records have been identified as being worthy of preservation over the longer term, arrangements should be made to transfer the records to the archives. A database of the records sent to the archives is maintained by The School Business manager. The appropriate staff member, when archiving documents should record in this list the following information: -

File reference (or other unique identifier);
File title/description;
Number of files; and
Name of the authorising officer.

TRANSFERRING INFORMATION TO OTHER MEDIA

Where lengthy retention periods have been allocated to records, members of staff may wish to consider converting paper records to other media such as digital media or virtual storage centres (such as cloud storage). The lifespan of the media and the ability to migrate data where necessary should always be considered.

RESPONSIBILITY AND MONITORING

The School Business Manager has primary and day-to-day responsibility for implementing this Policy. The Data Protection Officer, in conjunction with the School is responsible for monitoring its use and effectiveness and dealing with any queries on its interpretation. The data protection officer will consider the suitability and adequacy of this policy and report improvements directly to management.

Internal control systems and procedures will be subject to regular audits to provide assurance that they are effective in creating, maintaining and removing records.

Management at all levels are responsible for ensuring those reporting to them are made aware of and understand this Policy and are given adequate and regular training on it.

RETENTION SCHEDULE

FILE DESCRIPTION	RETENTION PERIOD
Employment Records
Job applications and interview records of unsuccessful candidates	Six months after notifying unsuccessful candidates, unless the school has applicants’ consent to keep their CVs for future reference. In this case, application forms will give applicants the opportunity to object to their details being retained
Job applications and interview records of successful candidates	6 years after employment ceases
Written particulars of employment, contracts of employment and changes to terms and conditions	6 years after employment ceases
Right to work documentation including identification documents	2 years after employment ceases
Immigration checks	Two years after the termination of employment
DBS checks and disclosures of criminal records forms	As soon as practicable after the check has been completed and the outcome recorded (i.e. whether it is satisfactory or not) unless in exceptional circumstances (for example to allow for consideration and resolution of any disputes or complaints) in which case, for no longer than 6 months.
Change of personal details notifications	No longer than 6 months after receiving this notification
Emergency contact details	Destroyed on termination
Personnel and training records	While employment continues and up to six years after employment ceases
Annual leave records	Six years after the end of tax year they relate to or possibly longer if leave can be carried over from year to year
Consents for the processing of personal and sensitive data	For as long as the data is being processed and up to 6 years afterwards
Working Time Regulations: · Opt out forms · Records of compliance with WTR	· Two years from the date on which they were entered into · Two years after the relevant period
Disciplinary and training records	6 years after employment ceases

Allegations of a child protection nature against a member of staff including where the allegation is founded		10 years from the date of the allegation or the person’s normal retirement age (whichever is longer). This should be kept under review. Malicious allegations should be removed.
Financial and Payroll Records
Pension records	12 years
Retirement benefits schemes – notifiable events (for example, relating to incapacity)	6 years from the end of the scheme year in which the event took place
Payroll and wage records	6 years after end of tax year they relate to
Maternity/Adoption/Paternity Leave records	3 years after end of tax year they relate to
Statutory Sick Pay	3 years after the end of the tax year they relate to
Current bank details	No longer than necessary
Agreements and Administration Paperwork
Collective workforce agreements and past agreements that could affect present employees	Permanently
Trade union agreements	10 years after ceasing to be effective
School Development Plans	3 years from the life of the plan
Professional Development Plans	6 years from the life of the plan
Visitors Book and Signing In Sheets	6 years
Newsletters and circulars to staff, parents and pupils	1 year
Health and Safety Records
Health and Safety consultations	Permanently
Health and Safety Risk Assessments	3 years from the life of the risk assessment
Any reportable accident, death or injury in connection with work	For at least twelve years from the date the report was made
Accident reporting	Adults – 6 years from the date of the incident Children – when the child attains 25 years of age.
Fire precaution log books	6 years

Medical records and details of: - · control of lead at work · employees exposed to asbestos dust · records specified by the Control of Substances Hazardous to Health Regulations (COSHH)	40 years from the date of the last entry made in the record
Records of tests and examinations of control systems and protection equipment under COSHH	5 years from the date on which the record was made
Temporary and Casual Workers
Records relating to hours worked and payments made to workers	3 years
Pupil Records
Admissions records	1 year from the date of admission
Admissions register	Entries to be preserved for three years from date of entry
School Meals Registers	3 years
Free School Meals Registers	6 years
Pupil Record	7 years from the date of entry
Attendance Registers	3 years from the date of entry
Special Educational Needs files, reviews and individual education plans (this includes any statement and all advice and information shared regarding educational needs)	Until the child turns 25.
Emails
	2 Years
Other Records