Welcome Guest! The IOSH forums are a free resource to both members and non-members. Login or register to use them

Postings made by forum users are personal opinions. IOSH is not responsible for the content or accuracy of any of the information contained in forum postings. Please carefully consider any advice you receive.

Notification

Icon
Error

Options
Go to last post Go to first unread
tabatha  
#1 Posted : 03 August 2017 09:48:22(UTC)
Rank: New forum user
tabatha

Hi All

I havent been on this forum since 2009 so for give me if this ends up on the incorrect agenda somewhere.  However if this lands with somebody that can help me i will be very grateful.  I have been asked by our IT department to remove any old information including risk assessments and whatever i can basically that involve personal data due to the new Data Protection Regs being introduced in May 2018.  I have just read that any health information has to be kept for 40 years?  Somebody please tell me i have got this wrong, otherwise it will take me a year to complete article 30 data processing notifications.  Can i dispose of pregnancy risk assessments and any back to work risk assessments i have completed for staff or are these classed as Health Assessments?

Hsquared14  
#2 Posted : 03 August 2017 10:31:35(UTC)
Rank: Super forum user
Hsquared14

The 40 year requirement comes from the COSHH regulations so you need to check the information you keep against the record keeping requirements in the regulations but yes some information on chemical exposure, health screening and assessments will need to be kept for 40years.   I would keep the other information such as expectant and new mothers assessments and return to work assessments for five years from the date of generation. This allows a little extra time over and above the limitation for bringing a personal injury claim.  It would be interesting to hear how long other people keep this information for.

tabatha  
#3 Posted : 03 August 2017 10:43:28(UTC)
Rank: New forum user
tabatha

Thank you i really appreciate your speedy response.

chris42  
#4 Posted : 03 August 2017 12:04:40(UTC)
Rank: Super forum user
chris42

http://forum.iosh.co.uk/posts/t125229-Data-Protection-vs-RIDDOR

May be worth a look

A Kurdziel  
#5 Posted : 03 August 2017 12:31:28(UTC)
Rank: Super forum user
A Kurdziel

Some information should be kept longer than a few years. Upto 40 years in some cases. This would be information about long term risks such as exposure to certain substances and some pathogens (eg BSE agents). Under the Data Protection Act you are allowed to keep data if it is either a statutory requirement or there is good need for it.

Note if someone makes a claim for a work related  illness ( as oppose to an accident) then you will be grafeul for any documents that you have kept

johnmurray  
#6 Posted : 03 August 2017 13:24:01(UTC)
Rank: Super forum user
johnmurray

Stuart Smiles  
#7 Posted : 03 August 2017 21:48:21(UTC)
Rank: Forum user
Stuart Smiles

would take a think about old risk assessments, as when you get a claim for historic injury (noise or similar), you will likely need to go back to the paperwork. perhaps an archive could be provided for information access on a restricted basis, or passing to some sort of insurance group that can access a degree of historical information subject to specific rules. 

remember that the delete button won't work backwards after the period of time, and perhaps some form of archiving may be an appropriate answer, (risk assessed obviously), some claims i have seen for noise went back at least 10 years, and as has been said, medical records are 40 years for occ health - perhaps pass to the provider to address or store under their appropriate regulations rather than yours? 

however, when it comes to something like a claim for noise, havs etc, there will be so many things that you would have to rely on to support your claim it is going to be a bit difficult to deal with.

also consider that cctv is considered personally identifiable information too, so if you are storing images, video, recordings etc, you may need to seek clarity as to how you deal with that maze of identifiable information versus insurance, investigation, etc.

a joined up approach will be an objective, how you get on i think lots of others are going through similar pains at the same time.

chris42  
#8 Posted : 04 August 2017 08:05:22(UTC)
Rank: Super forum user
chris42

Extract from JohnMurray's link above

9(2)(f) – Processing is necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity

We keep this information for potential defence of legal claims, else we would lose every time. Tell IT the company needs it and buy a bigger server! I would keep historic RA, SWP's, training records etc. In a previous company I had a claim come through about HAV's from a person who claimed he could not pick up loose change or play the piano anymore, from almost 40 years previous (I would have been 6 at the time). He had worked for the company just under a year (We think). The company could only just work out that he actually worked for us, never lone what equipment he used and what he had been told. We were one of about twenty company's the claim was being made against (say£1k from each ! Kerr Ching).

So personally, I would request (nicely) that IT, HR or anyone else go away and read the legislation properly.

Chris

A Kurdziel  
#9 Posted : 04 August 2017 09:11:40(UTC)
Rank: Super forum user
A Kurdziel

Sorry I am suffering from wave of cynicism: could it be that your IT department is using Data Protection as an excuse to get you to clear out space on your servers?

Not that anyone would use H&S in such a cynical way!

Hsquared14  
#10 Posted : 07 August 2017 07:44:49(UTC)
Rank: Super forum user
Hsquared14

To back to the original point - I don't think you need to do Article 30 notifications because that should already be covered by the employee's contract of employment.

Users browsing this topic
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.