Procedure for Taking Hardcopy Personal Records Offsite

This procedure covers the temporary and permanent removal of paper records containing personal information from council offices by member of Children and Young People’s Support and Safeguarding Services (CYPSSS)

This includes any hardcopy records containing personal information that are then taken off site, and the use of secure lockable plastic wallets. For example:

• Copy of child’s plan, assessment, etc for signature by client;
• Copy of paper records such as reports, assessments, case records, etc for meetings

This procedure does not cover:

• Social worker requests for temporary access from support to a paper record;
• Case Transfers between team;
• Any Information held electronically

Links with other East Riding policies, procedures and guidance:

• Handling Personal Data – Guidance;
• Data Protection Policy;
• ICT Security Policy:
  • Section 8.5 ICT Remote Working;
  • Section 8.6 ICT Removable Media.
• Filing and Magnum Procedure August 2012;
• Records Management Policy.

Before any hardcopy record is taken offsite an assessment must be made as to whether the information needs to be taken offsite at all.

The removal from site of any record, especially those of a sensitive or personal nature, must be kept to an absolute minimum and should not be removed unnecessarily.

The following precautions must be taken when going on an Offsite Visit:

• All records taken offsite must be transported in a secure lockable bag/plastic wallet and never loose leaf as this increases the risk of loss or theft;
• Secure plastic wallets are available from support staff on request;
• The secured documents must remain at all times in the possession of the member of staff transporting them and not be left unattended at any time;
• Records must not be left in a vehicle whilst it is unoccupied;
• Records must, whenever possible, be returned to base at the end of the working day. Any instance where records are not to be returned to the office on the same working day must be agreed in advance with the Team Manager or Senior Manager responsible for the relevant record/s;
• Records must be returned as soon as is practically possible;
• The responsible staff member should ensure when the documents have been returned to council premises, they have been filed appropriately;
• The Data Protection Co-ordinator should be immediately informed of any data protection breaches or potential breaches – staff should follow the Data Protection Breach Process Guidance.

Records should not normally be away from base for more than one working day. If for some reason the records can’t be returned, then Information Asset Owners/Managers must make appropriate arrangements for the records to be retrieved.