Data Protection for Schools
Prior to October 2007, schools were required to register with the Data Protection Commissioner’s Office if they held sensitive personal information (e.g. information regarding racial/ethnic origin, religious or other beliefs or physical or mental health) on computer. However, this position has now changed and the Data Protection Commissioner’s Office has confirmed to us that there is no longer a requirement on schools to register with the Office.However, irrespective of registration, every data controller, including schools, is obliged to comply with the data protection rules set out in the Data Protection Acts, 1988 and 2003. In this regard, schools are still required to ensure that they comply with the provisions of the Data Protection legislation in terms of, for example, the accuracy, relevance, security and use of the information which they hold. They are also obliged to comply appropriately with any access request under the legislation.
Below is a link to the Registration Guidance Notes on the Data Protection Commissioner’s website for further information.