We spoke to our Head of Information Solutions, Daniel Gooding, to get his advice on what childcare settings can do to keep personal information they hold safe from loss and unauthorised access. The answers he gave might surprise you!
What’s the most secure way of keeping information in a childcare setting?
If possible, the most secure way of holding information is to not keep it on site at all, as computers and paper on site are vulnerable to various issues including, theft, loss, damage, flood, fire etc. If this is not possible and records need to be stored electronically, then password-protect those records (which only limited staff should have access to).
Files containing sensitive or confidential data should be locked away and access to the keys strictly controlled. Access to those records needs to be limited to people in named roles who either need to know about the information in those records and/or who manage the records/files.
Also, any sensitive information e.g. about concerns, allegations, and referrals should not be kept in a single ‘concern log’, with information relating to individuals being kept in separate files.
Who should be able to have access to the data that childcare settings keep?
All personal data needs to be kept safe and made available only to those who are authorised to access it. This will include, parents and carers and childcare setting staff members. Only parents/carers can have ready access to files and records of their own children – but not any other child.
Parents/carers can also request any confidential information on their child to remain within certain access groups. If information needs to be sent to a third party e.g. another nursery if the child is transferring or support services, then this must be with the parents’/carers’ permission. The Data Protection Act requires those who own the data (childcare setting) to ensure that measures are in place for its safety and integrity and that it is not used for any purpose other than that for what it was collected. It also requires this data to be destroyed when no longer required.
Do all types of data require the same level of confidentiality?
All personal data should be kept in accordance with the Data Protection Act. The Data Protection Principles state that data must be:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Kept no longer than necessary
- Processed in accordance with the data subject’s rights
How great is the emphasis on confidentiality in a childcare setting? Why is that?
There will always be a high amount of confidential information within a childcare setting due to the nature of the work and the sensitive issues that children carry. Childcare settings have a duty to the children they care for and to the parents/carers of those children, so it is important that any childcare setting does their best to reduce any concerns that parents/carers may have and comply with the Data Protection Act.
Find out more about how Abacus nursery management software can keep your data secure