Record keeping in schools:

Navigating the minefield

Record keeping in schools is a veritable minefield, David Griffiths, Managing Director, CompliSpace, writes. With a complex array of legal and duty of care obligations, combined with multiple data management systems, it is little wonder that many schools struggle to implement effective policies and practices for the management and retention of information.

Why do we keep records?

Proper information governance is becoming more of a priority than ever, especially with the increased focus on schools and their duty of care obligations. But aside from these obligations, schools must also keep records to remain compliant with a suite of other legal and non legal requirements, including those that arise from:

• Privacy Act 1998 (Cth) (Privacy Act) and Australian Privacy Principles (APPs)

• Crimes Acts in each state and territory

• contractual obligations

• canon law, and

• regulators.

Proper information governance is becoming more of a priority than ever, especially with the increased focus on schools and their duty of care obligations.

Proper record keeping ensures that schools:

  • meet the obligations of state and territory record keeping laws
  • meet their legal and regulatory compliance obligations
  • have information in the event of litigation and legal proceedings
  • undertake reputational risk management, and
  • retain information for alumni and marketing communication.
  • What records are kept?

    The Australian Privacy Principles (APPs) (see the CompliSpace whitepaper The New Privacy Laws & Australian Privacy Principles for more information) are applicable to non government schools and prescribe a framework for the collection, management and disposal of personal information (ie information about an identified individual or an individual who is readily identifiable). If information is not ‘personal information’ it doesn’t matter how a school collects it. To be captured by the APPs, personal information must be contained on a ‘record’ (eg written down, on a database, in a photograph or video etc). The types of records schools collect include:

  • academic, attendance and enrolment
  • staff/volunteer records
  • child protection/Working WithChildren’s Check (WWCC), and
  • complaints handling.
  • Such records generally contain personal information and consequently, non government schools must consider how the APPs apply to them and their record keeping practices. While the APPs do not apply to government schools, their record keeping practices are regulated by state and territory laws and regulatory guidance.

    Child protection

    Comprehensive records must be kept where there is an allegation of child abuse within the school. In 2016, the Royal Commission into Institutional Responses to Child Sexual Abuse (Royal Commission) published a paper entitled Records and Record Keeping Practices (Consultation Paper). Of concern is the Consultation Paper’s finding that “there is no single unified approach to record keeping and archiving embracing government and non government sectors”.

    Consequently, the Royal Commission proposed five high level principles which are intended to complement existing law and practice, promote and guide institutional best practice and inform future policy development and law reform. The principles are:

  • Creating and keeping accurate records is in the best interest of children.
  • Accurate records must be created about all decisions and incidents affecting child protection.
  • Records relevant to child sexual abuse must be appropriately maintained.
  • Records relevant to child sexual abuse must only be disposed of subject to law or policy.
  • Individuals’ rights to access and amend records about them can only be restricted in accordance with law.
  • In its investigations the Royal Commission found that many important records were not kept. Not only did these failures affect the schools themselves, it also meant that victims of historical or current child abuse offences were placed at a significant disadvantage when pressing charges against perpetrators. Consequently, schools must ensure they have record keeping policies and procedures for incidents of child abuse. This is particularly important as past child abuse actions can come to light decades following the incident itself, with the Royal Commission’s Interim Report citing 22 years as the average period of time between an offence and the resulting claim.

    School registration and accreditation

    The school registration and accreditation guidelines and standards of every state and territory emphasise the importance of proper records management in schools. Indeed, in the 2017 Western Australian Guide to the Registration Standards and Other Requirements for Non-Government Schools the requirement to keep records appears 62 times.

    Records: How do we keep them?

    Good record keeping practices can be summarised in four key steps:

    1. Capture the information

    Schools are firstly advised to categorise different types of records in order to readily identify the purpose of the information and establish protocols for use. Important record types include:

  • governance
  • compliance
  • administration, and
  • student services.
  • 2. Location

    Schools should adopt a clear framework for the storage of records. These include:

  • digital storage facilities for electronic records, and/or
  • physical storage facilities for paper/print records.
  • Regardless of the system, schools should make sure that records can be indexed in a logical manner that facilitates easy location, retrieval and association of related information.

    3. Retention

    Schools should develop a guide to retention as part of their records management system. This may include:

  • permanent retention: records the school is required to keep by law
  • records of archival interest: records that are not essential for legal or accountability purposes but are important to the school’s ‘story’ and are of interest or important to the school, and
  • not archived: this applies to records containing no personal information, which are of no importance to the school and are not legally required to be maintained.
  • 4. Destruction

    If a school determines that records are no longer needed, any copies that have been archived or held as back ups should be destroyed or the personal information de-identified.

    What not to do

    The consultation paper provides some examples of poor record management. According to research, records were lost or damaged in various ways including:

  • loss of hard copy records
  • records being lost due to the use of multiple or convoluted indexing systems, and
  • records being stored inappropriately for example, in employees’ homes.
  • Poor record keeping has hindered disciplinary action, criminal and civil proceedings, and prevented identification of risks and incidents of child sexual abuse.

    Key takeaways

    In this day and age, there is no excuse for not keeping records, whether it be incidents, investigations, determinations etc. When implementing record keeping policies and procedures, schools should remember:

  • not all records need to be maintained, differentiate between the ‘musts’ and the ‘shoulds’
  • records management requirements are in a state of change
  • records management does not operate in a vacuum
  • understand the what, when, why, how and who of records management in your school
  • the use of technology is not a ‘nice to have’, it’s a ‘must have’, and
  • if you want to make it work you cannot simply rely on having a program or policy in place – you must also train staff in all record management policies and procedures in order to influence their actions and behaviour.

  • David Griffiths is a Managing Director and cofounder of CompliSpace. He is a governance professional with over 20 years’ experience in law and management. His principal areas of expertise are in corporate governance, compliance and workplace relations. David has extensive experience in governance, risk and compliance from both sides of the regulatory fence. David is a regular presenter on behalf of the Governance Institute of Australia and other industry bodies on issues relating to governance, risk management and compliance.