The latest news and information

Data Protection Ezine October 2014

October 3, 2014

Data protection is an ever present consideration for everyone, in particular for those of us involved in working with children, their families and staff teams,  it is not always easy to keep up to date with best practice.   Every time we ask parents for information, every time we take a photo or image as part of our curriculum, every time we upload to information on a computer system we have to be alert and responsible in how we use, manage and store data.

It seems a good time of year to revisit the topic of ‘data protection’ as it has been highlighted in the media a lot recently over the water charges debate so it is a timely topic for the October ezine. All Early Childhood Education services need to be aware of data protection and their responsibilities. Some of the areas which fall under date protection are CCTV cameras, collecting and asking for PPS numbers and information collected as an employer.


What is Data Protection?

The main Irish law is the Data Protection (Amendment) Act 2003. Any organisation that collects or holds information about any living person, known as personal data, must comply with the Act. This information or data may be in the form of video footage or written information (including information on a computer). There are a set of guidelines all organisations must follow when requesting or holding onto personal data.


Top 4 Queries from members:


1.    CCTV

There are a number of issues to consider if you are thinking about installing CCTV both inside and outside your service. As an owner or manager you must think about the ethics of installing cameras from the perspective of children, parents and staff, as well as bearing in mind implications when it comes to data protection.
Basically, when recording images of a living person you must have a legitimate reason for doing so. There may be a justifiable security reason to put CCTV on the perimeters of your property. However, if installing CCTV in the rooms you must show a clear evidence-based purpose as to why you need it inside your building. Recording staff and children on a constant basis in highly intrusive, so there are a few points to think about before installing:

  • Have a justifiable evidence based reason for the installation of CCTV (this is very important as it is required in the Data Protection Act)
  • The recordings can only be used for the proposed purpose
  • The recordings can only be kept for a maximum of 28 days (unless a clear reason for a longer time)
  • Location of the cameras also must be justifiable
  • Meet with your staff team to discuss the proposed instalment
  • Permission may be needed from staff, families and possibly children
  • Remember everyone has the right to request a copy of any data collected of them


2.    PPS Number

With the introduction of the free preschool year, all participating services are required to ask parents to complete a registration form which asks for their child’s PPS number. Under the Data Protection Act services need to be mindful of their responsibilities:

  • PPS numbers can only be obtained legally for a specific purpose (in the case of the free preschool year it is used to verify the child’s entitlement to their place by ensuring the name, date of birth and PPS number match)
  • While the PPS number is on the service premises they must be kept safe and secure
  • The child’s PPS number must only be retained for as long as necessary
  • Once no longer needed, the information must be sent to the appropriate personnel or destroyed.


3.    Photographs

It is normal practice for early years services to take photographs of the children to share with families, demonstrate good practice and to document the child’s learning. Similarly the same guidelines apply here:


  • Permission must be sought to take photographs (sample in the child record cards)
  • The pictures can only be used for the purposes they were sought
  • The images should not be held for any longer than needed
  • Everyone has a right to request a copy of the data collected of them


Camera phones can be a delicate issue when it comes to data protection. With new and smart technology it is potentially very easy for anyone within your service to access images held on a mobile phone devise and use them for other purposes. It is good practice not allow the use of camera phones by staff members or visitors to diminish the chances of this happening. If hosting concerts or events, all parents will use their phones to take photographs think about having a disclaimer around these events or asking for additional permission.

Social media is a common communication tool used in both your personal and professional life, but you need to think about data protection if you are using FaceBook, Twitter or others forms of Social Media in your service. Information, data or photographs can only be published on social media sites if you have permission- i.e, you have outlined a specific reason for taking the pictures, and the staff and families agree. If you have generic permission for the use of photographs, the uses must be outlined, otherwise you will be in breach of data protection. Always get permission and make sure the purpose is noted on the permission document.


4.    Records

Keeping records is important and required under lots of legislation and the length of time you need to keep them can vary. Under the Data Protection Act, the golden rule is that you only keep information for a specific purpose and retain it no longer than necessary. Therefore when no longer needed you can safely and appropriately dispose of some records. 



Here are the general guidelines to follow when it comes to data protection:

These responsibilities may be summarised in terms of eight “Rules”
You must…


1. Obtain and process the information fairly

2. Keep it only for one or more specified and lawful purposes
3. Process it only in ways compatible with the purposes for which it was given to you initially
4. Keep it safe and secure
5. Keep it accurate and up-to-date
6. Ensure that it is adequate, relevant and not excessive
7. Retain it no longer than is necessary for the specified purpose or purposes
8. Give a copy of his/her personal data to any individual, on request.





Share share share share
Site maintained and developed by Cloud Nine