Retention and Destruction

Each category of information has a retention period. This is usually based on regulatory or legislative requirements, but it can also be for accountability or operational purposes.

The retention period for each information asset should be recorded on the information asset register, and this allows information asset owners to know when individual records are due for destruction.

An information asset may have conflicting retentions within it due to different document types, so it may be useful to use the information asset register as a guide, e.g. 2-6 years, however you should always refer to your retention schedule which specifies document type rather than the asset as a whole.

Remember, you should never retain personal information for any longer than necessary – ‘just in case’ is never an acceptable reason.

By regular monitoring, asset owners can ensure that information is destroyed at the appropriate time and that this is recorded on a destruction log (there is a template for this on the Veritau Schools Portal) – this allows schools to demonstrate compliance with the 5th data protection principle – storage limitation.