Teachwire Logo

Digital Records can have a Vital Role to Play in Evidencing Best Safeguarding Practice

Whether it’s in front of an Ofsted inspector or in a court of law, digital records can have a vital role to play in evidencing best safeguarding practice, explains Martin Baker

  • Digital Records can have a Vital Role to Play in Evidencing Best Safeguarding Practice

“I would be grateful if you could explain to the court….”

Having served from Constable to Chief Constable in five different police forces, I know only too well what it feels like to stand in the witness box and face this enquiry.

This open invitation, usually from a solicitor or barrister, to explain my role and what action I had (or hadn’t) taken was inevitably followed by a series of questions that, much like dismantling an onion, sought to delve deep, layer by layer, to get to what they were seeking to prove – my incompetence or negligence.

This was not always during a criminal trial, in the Magistrates’ or Crown Courts – the Family Court, Coroners Court, disciplinary hearings, inspections by HM Inspector all presented me with this ‘opportunity’ to explain my thinking and my actions, usually many months or years after the event.

I was also required to produce the records detailing my decisions and my rationale for making those decisions, which relied on me having recorded, at the time, what I knew and when I knew it.

And thank goodness I did!

It’s the increasing regularity with which safeguarding leads in schools and colleges and other staff members are being called to account in this way that caused us to look closely at the use of technology for the recording and management of safeguarding in education.

With our years of experience in safeguarding, and having examined the findings of literally hundreds of serious case reviews, it was obvious that digital records and technology could help to improve safeguarding and provide major support to reducing staff workload and stress.

However, before adopting any technology for recording anything that might later be required as ‘evidence’ there are several important considerations that are widely misunderstood, and a few ‘myths and legends’ that need to be unpicked.

Valid records

The first is that “digital records are not admissible in court; everything has to be written down on paper” (advice allegedly given by some safeguarding ‘experts’). I cannot politely describe what I think about this assertion, but it is entirely false.

It is true that any evidence can be excluded by a court for any number of reasons; but not simply because it was digitally recorded.

For example, High Street Banks no longer attend fraud trials with leather-bound ledgers written using a swan’s quill and Quink – they submit digital records; the police don’t take tonnes of cocaine into court – they produce the digital photograph.

As a Chief Constable my force used over 40 IT systems, many of which were evidential in nature and these records were regularly accepted in evidence by the courts.

Indeed, the records from MyConcern have been highly praised in the Family Court, Magistrates Courts and Crown Courts, not least because the records are extremely well organised, are date and time stamped and – unlike paper records – cannot be torn up, shredded, altered, deleted or substituted (beware any system that allows deletion or alteration of records).

Nevertheless, what is also true is that some paper records constitute primary evidence (eg the handwritten notes of a teacher recording a disclosure made by a child) that must be retained.

However, that in no way precludes the incident itself being recorded and case managed using a digital system.

Misleading guidance

A second myth circulating: when a pupil moves between schools and their safeguarding record is transferred to the new school any remaining records retained by the originating school must be destroyed.

Some local authorities formally issue such guidance, which is very concerning – not least because it is potentially unlawful.

The Department for Education’s data protection toolkit for schools makes it abundantly clear that schools (and/or Multi Academy Trusts) are data controllers in their own right and as such, they make the decision about data retention under the auspices of the Data Protection Act 2018, not the local authority.

Furthermore, the ongoing Independent Inquiry into Child Sexual Abuse (IICSA) has long since issued a direction that no child protection records are to be destroyed until further notice.

The DfE is currently working on data retention guidance for schools (including safeguarding records), while the Information Records Management Society Toolkit (v5), which many people see as the current definitive guidance, is also under review.

The main point is that no-one can tell a data controller to destroy records – it is their duty in law to make that decision (and they should record their rationale for that decision).

Judgement calls

A third myth relates to the sharing of information and a fear that information cannot ever be shared without the consent of a parent/carer or the data subject.

Again, the DfE toolkit makes it very clear that the Data Protection Act 2018 introduced ‘safeguarding’ as a reason to be able to process sensitive, personal information, even without consent (DPA, Part 2,18; Schedule 8, 4).

The Guidance states that, “All relevant information can be shared without consent if to gain consent would place a child at risk.

Fears about sharing information must not be allowed to stand in the way of promoting the welfare and protecting the safety of children.

As with all data sharing, appropriate organisational and technical safeguards should still be in place”.

The important thing for practitioners to know is when information can be shared without consent; the DfE Guidance is immensely helpful (we know because we helped write it!).

Having personally supported school safeguarding leads both before and after court appearances, we know their message about all of this would be clear: safeguarding will get serious, so prepare.

And begin with the end in mind.

Your digital safeguarding checklist

Investing in digital technology? Make sure you have answers to the following questions before you commit to a particular supplier…

  • Who hosts their software application (ie do they host it themselves or is it externally hosted? if so, where)?
  • Where will your data be hosted (the DfE requires all school data to be held in the EEA)?
  • What are the resilience arrangements (eg secure resilient data centres on separate sites)?
  • Has the supplier completed the DfE’s Cloud Services accreditation document?
  • Can the supplier demonstrate compliance with the National Cyber Security Centre’s ’14 Cloud Security Principles’?
  • Does the provider (not just their third-party data centre) hold ISO 27001:2013, the latest version of the externally assessed international standard for information security management?
  • Do they hold the Government-backed Cyber Essentials ‘Plus’ certification (the ‘Plus’ is important – because it’s the independent verification; the basic Cyber Essentials certificate is self-assessment only)?
  • Has their system been independently penetration tested? Will they disclose their pen-test certificate?
  • Is the application accessed by single factor authentication or two factor authentication?
  • Have you seen the provider’s GDPR Compliance Statement, Private Notice and Lawful Basis for Processing policy?

Martin Baker QPM is former Chief Constable of Dorset Police; a school governor; and one of three founding members of One Team Logic, the company behind MyConcern – the safe and secure software for managing safeguarding electronically. See Martin at BETT in Solutions Den 1 on Thursday 24 January at 1.40pm.

Get FREE weekly updates, lesson plans and resources sent to your inbox!