Data Retention Policy

This policy is linked to Strive Higher’s Privacy Policy and is an important resource for everyone working at Strive Higher.

It outlines how Strive Higher expects anyone working with us to retain and dispose of information in line with our business objectives and legal obligations. It applies to all information – whether physical or digital – wherever it is stored. We have developed it with the following pieces of legislation in mind:

​

• Freedom of Information Act 2000

• The UK General Data Protection Regulations

• Data Protection Act 2018

The policy covers the following: 

• Your roles and responsibilities

• Retention periods

• Weeding

• Reviewing information

• Destruction of information

• Disposal of assets

• Permanent preservation

• Legal holds

• Strive Higher’s Retention and Disposal Schedule

Your roles and responsibilities

Everyone working with Strive Higher is responsible for managing the information they create and receive as part of their work with us and are expected to familiarise themselves with our records management processes and our Retention and Disposal Schedule. 

​

All Project Leads have ownership of the information accumulated throughout the course of a project/event/programme and are therefore responsible for its secure storage, and the decisions taken with all interested stakeholders on its retention and/or disposal at the end of a project. 

​

Retention periods

Strive Higher sets our retention periods according to our legal obligations and the business need agreed with our clients and/or key stakeholders.  If there is no legally defined retention period for corporate information, it is the responsibility of the Project Lead to determine an appropriate retention period with the client and/or key stakeholders and if the information could be anonymised in any way on closure of the project.  When agreeing the retention period with our clients, it is important to ensure the following:

​

• Retention triggers are clear and consistent

• Retention periods are not excessively long and are consistent with the rest of the schedule

Strive Higher has clearly defined retention periods for our information to ensure it is kept for the appropriate length of time. Each retention period has three elements:

• Trigger – the action which begins the retention period (e.g., ‘End of Financial Year’ or ‘End of Employment’)

• Retention period – the length of time the information will be kept

• Action – either ‘review’ or ‘destroy’. 

  • If the action is ‘review’ the information must be reviewed to ensure it is no longer required before destruction. Outcomes of a review may be – dispose, mark for permanent preservation, or temporary extension to review again at a future date.

  • If the action is ‘destroy’, this means the information can be destroyed

​

Retention and Disposal Schedule

Strive Higher’s Retention and Disposal Schedule sets out our retention periods for different types of data. Information should be kept for the length of time defined in the Schedule unless there is a legal requirement to destroy it sooner. The Schedule is arranged by function and this applies regardless of where it sits across Strive Higher’s business lines.   Any additions or changes to the Schedule should be recorded on it for future reference. 

​

The Schedule is reviewed on an annual basis by the Assistant Director, Operations with input from key stakeholders across the team e.g. Project Leads, the Digital Lead and Senior Project & Engagement Coordinators. 

​

Weeding

Not all information has value.  If information is either considered redundant, obsolete or trivial it should be weeded out as part of routine housekeeping.  Everyone working for Strive Higher has responsibility for carrying out a regular review of their records and deleting any information which falls into this category.  It does not require sign off by anyone else in the team. 

​

Weeding should be carried out for 2 reasons:

• To make sure we are making good use of available space whether physical or digital

• To make the process of reviewing or retrieving records easier

Some examples of information which would fall into this category are:

• Drafts: Draft documents may not be needed once a final version has been published. However, on some occasions where significant changes have been made, a draft may be retained to show how the final decision was made

• Emails: Outlook has an automated retention policy that retains emails for 12 months. It is important that information assets are saved to shared spaces, to provide evidence of decisions made or action taken. Once a conversation has reached a significant point, any earlier emails from this chain can be deleted

• Duplicates: We should not retain any duplications. Duplications can lead to multiple versions of information which can cause confusion

• Limited Long Term Operational Value: Some information may be of importance for only a short period of time and then become redundant. This information should be weeded as soon as it is no longer required e.g social or internal meeting attendance lists

Weeding should be done on a regular basis to ensure that clutter does not build up over time. Strive Higher has a six-monthly schedule for routine weeding. This exercise should cover all our stores, paper or digital, regardless of the system or asset it is held on.  This includes personal drives, mobiles and desktops.

​

Reviewing Information

When information has reached the end of its retention period it may need to be reviewed to ensure that it is no longer required. Information that has an action of ‘destroy’ on the Schedule can be disposed of securely without a review or approval. Where a review is required, the Assistant Director, Operations and the Project/Product Lead should consider the relevant information and decide whether it can be destroyed. If a large volume of information is being reviewed at once then this should be conducted at a macro level, i.e., not document by document. If information is marked for permanent preservation or subject to a legal hold it may be necessary to review every document. Information should only be retained beyond its retention period in limited circumstances.

​

When conducting a review, the following factors should be taken into account:

• Is the information required to fulfil statutory or regulatory requirements?

• Is the information relevant to ongoing litigation / subject to a legal hold?

• Is the information the subject of an information request or relate to information recently disclosed in a response?

• Is retention required to evidence events in the case of a dispute?

• Does the information fall under the selection criteria for permanent preservation and transfer to The National Archives (TNA)?

• Is the information required for a Public Inquiry?

• Is there another demonstrable business need for retaining the information?

If the information is deemed to still be required, an extension of two years is given, the information needs to be reviewed again at the end of the extension. The only exception to this is where the information has been marked for permanent preservation

​

The retention period must not be extended indefinitely. You should contact the Assistant Director, Operations if you still intend to keep the information after applying the two-year extension period.

​

Destruction

When records are no longer required by the organisation and do not have archival value they should be securely destroyed. If the action on the retention schedule is ‘review’, destruction of records should not proceed without approval from the Assistant Director, Operations and the Project/Product Lead.

​

A record containing what has been destroyed, when it was destroyed and the individual who authorised the destruction should be made on the Retention and Disposal Schedule.

​

Records should be destroyed with the level of security required by the confidentiality of their contents. For example, if records containing special category data or protectively marked papers have been shredded, the shredded paper should be handled securely and not dumped. Records awaiting destruction must be stored securely. Paper records should be placed into the confidential waste bins and documents stored on electronic systems should be deleted, including back-ups. Deletions should be carried out by someone with appropriate access to the system from which they are being deleted. Digital documents should be deleted and not overwritten.

When information is destroyed, all copies of the information should be destroyed at the same time (both digital and physical). Information cannot be considered to have been completely destroyed unless all copies have been destroyed as well.

Disposal of assets

In line with the 7th principle of the DPA (‘appropriate technical and organisational measures shall be taken against accidental loss or destruction of, or damage to, personal data’), Strive Higher has set up a process to manage the destruction and recycling of our assets i.e. our laptops, phones, USB sticks, and tablets. 

Strive Higher is keen to minimise its environmental impact so our policy is to recycle where we can. For this reason, we do not seek to destroy any assets but would cleanse them by reverting them to factory settings according to the guidance laid out by the National Cyber Security Centre (Guidance for buying & selling second-hand devices - NCSC.GOV.UK)

​

Who is responsible?

The Assistant Director, Operations is responsible for maintaining the inventory of Strive Higher assets and managing the cleansing of data at the end of their life and reverting them to factory settings. 

Permanent Preservation

Documents should only be selected for permanent preservation if they meet the criteria below:

• Cases attracting significant media attention

• Cases relating to a public figure that generated significant contemporary interest or controversy

• Cases that led to a change in the interpretation of the law

Any information which is selected for preservation should be clearly marked to ensure it is not destroyed accidentally.

​

Legal Holds

It is important we retain any information under a legal hold.  A legal hold is the process of preserving all forms of information relevant to legal proceedings. If a legal hold is in place there is a freeze on the destruction of any relevant material held by the organisation.

A legal hold might be required if information relates to a Public Inquiry or if it pertains to any litigation that Strive Higher is involved with, such as an FOI Complaint which is subject to appeal. If you are unsure whether information in your possession falls under a legal hold, contact the Information Management Service for advice.

When information falls under a legal hold it should be clearly marked as such so it is not accidentally included in any scheduled destruction.​