This document details the data handling policy for Groupcall Limited when working with live school data including students, parents and staff. It covers movement and storage of data provided by Xporter and Emerge, and data solicited directly from MIS APIs.
- Live school data should be protected as if it were your own personal identity
- Testing data must always be used in preference of live data, and especially for activities such as the following: extract development, resolution of extract issues, demonstrations
- Whenever possible, through use of remote access and diagnostics, personally identifiable data should not be copied onto Groupcall systems.
Consent to transfer live data
Prior to transmission the following conditions must be met in writing by the school data owner.
- The purpose of the transfer
- Why that purpose cannot be fulfilled via remote access
- How long the data will be retained
- How it will be deleted
- That the school consents to the transfer
- Who at Groupcall holds responsibility for the safeguarding of the data
- Where else the data may be transmitted
Working with Cloud-MIS API access
When working with live data from cloud-based MIS products the same care must be taken as for Xporter data above, including use of encrypted devices. Data retrieved from the MIS must be purged as soon as work is completed. When such transfers occur in a browser window Private mode must be used to ensure that credentials and data are not retained in the browser itself.