(Drafted March 2026. Pending Governing Board Approval)
Data Protection & Privacy Policy
1. Purpose
This policy sets expectations for protecting Colearn Academy data throughout its lifecycle, with particular attention to student and staff information and other sensitive data.
2. Scope
This policy applies to all Colearn Academy data in any format (electronic or physical) and to all individuals who create, access, store, transmit, or dispose of such data in the course of their work with the School.
Operating context: Colearn Academy has no physical building and no school-owned hardware. Data is stored and accessed via cloud systems and on family- or user-owned devices.
3. Data Categories
3.1
Colearn Academy will define simple categories of data (for example, public, internal, confidential/sensitive) and provide examples of each to guide staff behavior.
3.2
Student records, staff personnel information, and other legally protected information will be treated as confidential or sensitive.
4. Handling and Storage
4.1
Staff will use school‑approved systems and accounts for storing and transmitting confidential or sensitive data where reasonably practical.
4.2
Confidential or sensitive data should not be stored on unmanaged personal devices unless specifically authorized and protected by appropriate safeguards.
5. Transmission and Sharing
5.1
Confidential or sensitive data should be transmitted using secure methods where feasible (for example, secure portals, encrypted channels, or password‑protected files, as supported by the School’s tools).
5.2
Data sharing with external parties must be consistent with applicable laws, contracts, and agreements.
6. Retention and Disposal
6.1
Data will be retained only as long as needed to meet educational, operational, legal, and regulatory requirements.
6.2
When data is no longer needed and is eligible for disposal, it should be destroyed or deleted in a manner that reduces the likelihood of unauthorized access (for example, secure deletion in systems under school control or following vendor‑provided guidance).
7. Privacy Considerations
7.1
The School will take reasonable steps to comply with applicable student and staff privacy requirements and will publish appropriate notices or statements describing how key categories of information are used and protected.
8. Review
This policy will be reviewed at least annually and updated as needed to reflect changes in law, regulation, technology, or school practices.