At the end of last month, the High Court handed down an important judgment in R(C) v Northumberland County Council (NCC) and Information Commissioner’s Office (Interested Party) on the retention period for child protection information.
This case involves an analysis of the tension between the need to protect children on the one hand and the right for respect for private and family life (under Article 8 of the ECHR and complemented by the relevant provisions in the Data Protection Act 1998) on the other.
The background to the case is that the claimant, C, brought a judicial review claim against Northumberland County Council on the basis that its policy of retaining child protection case files for 35 years following case closure was unlawful. C initially asked for the relevant personal data to be destroyed and when NCC did this, the claim focussed on the more abstract question of whether the policy of retaining records for 35 years was lawful.
The judgment discusses the reasons why retaining information in the child protection context is important:
- Future interventions and protecting other children - information relating to one child can be relevant to future interventions such as care proceedings relating to that child and to other children.
- Access by data subjects (the children, or the children when they grow up) - children may wish to access records containing their personal information later in life, for example to gain understanding, ‘closure’ or identity, or as otherwise important to a sense of emotional wellbeing.
- Investigations, inquiries and litigation – organisations should be mindful of the importance of having good records for subsequent litigation, police investigations and public inquiries.
The court was sympathetic about the difficult position organisations find themselves in - do you destroy child protection information as soon as the case is closed, and fear criticism (or worse) for failure to keep adequate records, or do you retain it, with the consequent risk of breach of the Data Protection Act or human rights laws? The fifth data protection principle, for example, says that personal data should not be kept for any longer than is necessary for the purposes for which it is processed.
The judge concluded that NCC’s retention policy of 35 years was justified and therefore rejected the judicial review claim for the following reasons:
- there is a need to keep records for a substantial period - 6 years (as had been argued by C and the ICO) is not long enough;
- whilst 35 years is not the only possible period for retention, it “falls within the bracket of legitimate periods of retention”;
- reviewing each file on a case-by-case basis at the end of a case or periodically (to decide whether to keep it for a long period or a short period) was a “disproportionate use of labour and unproductive use of resources” - you would need an experienced social worker to conduct such reviews, and his or her time would be better devoted to protecting children; and
- retaining information helps form the ‘long view’ on patterns and risks which can only be identified with the benefit of hindsight.
What should organisations do?
- Organisations who process information about child protection matters will need to think carefully about how that information should be stored and for how long it should be retained.
- The judgment does not, sadly, contain clear guidance on what the 'correct' period of retention would be – there is no 'magic number' of years. We can assume that the rejection of the ICO’s proposed approach (6 years and only if retained by a legal department for the purpose of defending litigation) suggests that 6 years (or less) may be too short.
- At the very least, organisations should ensure that their approach to the retention of child protection records is recorded in a written policy, in which a balance is struck, reflecting some of the advantages of retaining such information beyond the closure of a case.
- Organisations should also consider Justice Goddard's guidance on the retention/non-destruction of documents which was issued to relevant organisations in the context of the Independent Inquiry into Child Sexual Abuse (see link).
- Schools will be aware of separate guidance issued by the Information and Records Management Society which recommends that schools retain child protection files until the pupil whose information is contained in the file reaches the age of 25 (link).
If you require further information on anything covered in this briefing please contact Jeremy Isaacson (email@example.com; 020 3375 7513), Henry Sainty (firstname.lastname@example.org; 020 3375 7424) or your usual contact at the firm on 020 3375 7000. Further information can also be found on the Child Protection Unit page on our website.
This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.
© Farrer & Co LLP, August 2015
CPU Update - High Court Rules on Retention Period for Child Protection Information.pdf350kB