DATA RETENTION POLICY

St Margaret’s Church of Scotland: Edinburgh, SC004779 (the “Congregation”)

 

DATA RETENTION POLICY

  1. Introduction
    1. Church of Scotland congregations gather personal information from individuals and external organisations as well as generating a wide range of personal data, all of which is recorded in documents and records, both in hard copy and electronic form.
    2.  Examples of the types of information accumulated and generated are set out in Appendix 1 of this policy and include but are not limited to minutes of Kirk Session meetings; membership rolls; baptismal information; employment records; newsletters and other communications such as letters and emails.
    3.  In certain circumstances it will be necessary to retain documents to meet legal requirements and for operational needs.  Document retention is also required to evidence agreements or events and to preserve information.
    4.  It is however not practical or appropriate for congregations to retain all records.  Additionally, data protection principles require information to be as up to date and accurate as possible.  It is therefore important that congregations have in place systems for the timely and secure disposal of documents that are no longer required.
    5.  This Data Retention Policy was adopted by the Kirk Session on [insert date] and will be implemented on a day to day basis.
  2. Roles and Responsibilities
    1.  Congregational office bearers and those involved with safeguarding will adopt the retention and disposal guidance at Appendix 1 of this policy and strive to keep records up to date.
    2.  Advice will be obtained from the Law Department or Safeguarding Department of the Church Office at 121 George Street if there is uncertainty about retention periods.
  3. Retention and Disposal Policy

    Decisions relating to the retention and disposal of data should be guided by:-

    1.  Appendix 1 – Document Retention Schedule – Guidance on the recommended and statutory minimum retention periods for specific types of documents and records.
    2.  Appendix 2 – Quick Guide to document retention.
    3.  In circumstances where the retention period for a specific document or category   of documents has expired, a review should be carried out prior to disposal and consideration should be given to the method of disposal.
  4. Disposal
    1.  Documents containing confidential or personal information should be disposed of either by shredding or by using confidential waste bins or sacks.  Such documentation is likely to include financial details, contact lists with names and addresses and pastoral information.
    2.  Documents other than those containing confidential or personal information may be disposed of by recycling or binning.
    3.  Electronic communications including email, Facebook pages, twitter accounts etc and all information stored digitally should also be reviewed and if no longer required, closed and/or deleted so as to be put beyond use. This should not be done simply by archiving, which is not the same as deletion.  It will often be sufficient simply to delete the information, with no intention of ever using or accessing it again, despite the fact that it may still exist in the electronic ether. Information will be deemed to be put beyond use if the Congregation is not able, or will not attempt, to use it to inform any decision in respect of any individual or in a manner that affects the individual in any way and does not give any other organisation access to it.
    4. Deletion can also be effected by using one of the following methods of disposal:-
  • Using secure deletion software which can overwrite data;
  • Using the function of “restore to factory settings” (where information is not stored in a removeable format);
  • Sending the device to a specialist who will securely delete the data.

 

Appendix 1

Illustrative Data Retention Schedule

 

This Schedule is provided as a guide to common types of documents but is not exhaustive.

NOTE: There may be an historic interest in the Congregation’s records.  Kirk Session minutes are archived after 50 years.  If you think that archiving other records is preferable to destruction, you should be in touch with the Department of the General Assembly, which will organise archiving where appropriate.

Avoid retaining information if there is no reason for doing so.  Consult with the Law Department if you are unsure.

 

RECORD

RETENTION PERIOD

Minutes of meetings

6 years

Kirk Session meetings

50 years

Pre-employment enquiries/applications/notes/letters/references

6 months after completion of recruitment  (unless data to be retained for a future similar opportunity, in which case 1 year)

Safeguarding Service confirmation of advice, emails, letters

100 years

Confidentiality Agreements

100 years

Covenants of Responsibility (managing those who pose a risk)

100 years

Safeguarding Service Risk Assessments

100 years

Complaints concerning people

100 years

Congregational Register

100 years

Safeguarding Audit for Congregations and Presbyteries

100 years

Transfer Forms

100 years

Employee records including: contracts, time records etc

Duration of employment + 6 years

Volunteer records

Duration of placement + 6 years

Databases for mailing lists/distribution

Reviewed annually, delete out of date information

Miscellaneous contact information

Delete once there is no longer a requirement to hold such information

Arranged accommodation/placements (e.g. overseas visitors)

3 years following end of event/placement

Documents relating to litigation or potential litigation

Until matter is concluded plus 6 years

Hazardous material exposures

30 years

Injury and Illness Incident Reports (RIDDOR)

5 years

Pension plans and retirement records

Permanent

Salary schedules; ranges for each job description

2 years

Payroll Records

Minimum, 6 years.  No maximum

Contracts

6 years following expiration

Construction documents

Permanent

Fixed Asset Records

Permanent

Application for charitable and/or tax-exempt status

Permanent

Sales and purchase records

5 years

Resolutions

Permanent

Audit and review workpapers

5 years from the end of the period in which the audit or review was concluded

OSCR filings

5 years from date of filing

Records of financial donations

6 years

Accounts Payable and Receivables ledgers and schedules

6 years

Annual audit reports and financial statements

Permanent

Annual plans and budgets

2 years

Bank statements, cancelled cheques, deposit slips

Minimum of 6 years

Business expense records

6 years

Cash receipts

3 years

Cheque registers

Permanent

Electronic fund transfer documents

6 years

Employee expense reports

6 years

General ledgers

Permanent

Journal entries

6 years

Invoices

6 years

Petty cash vouchers

3 years

Tax records

Minimum 6 years

Filings of fees paid to professionals

6 years

Environmental studies

Permanent

Insurance claims/ applications

Permanent

Insurance disbursements and denials

Permanent

Insurance contracts and policies (Directors and Officers, General Liability, Property, Workers' Compensation)

Permanent

Leases

6 years after expiration

Real estate documents (including loan and mortgage contracts, title deeds)

Permanent

Warranties

Duration of warranty + 6 years

Records relating to potential, or actual, legal proceedings

Conclusion of any tribunal or litigation proceedings + 6 years

 

 Appendix 2

General guidance for documents NOTincluded in the retention schedule.

On-going business use is subjective, but generally refers to documents still required for on-going projects, or documents that may still need to be referred to for on-going activities.

Yes

Yes

Yes

No

No

No

Retain the document securely and confidentially until it is no longer relevant to business

Is the document an internal email?

Is the document required for current or ongoing business use?

Is the email required for ongoing or current business?

Confidentially destroy the document

Save email in a folder

Delete the email

GET IN TOUCH