A recent online discussion on a childminding forum has indicated that a number of childminders believe they must destroy all photos of the children they previously looked after or risk being in breach of the Data Protection Act.
One childminder said she had been told by the Information Commissioner's Office (ICO) that she must shred all images she holds of previously minded children.
All 'data controllers' - this includes childminders and nurseries - must register with the ICO if processing personal information electronically for the provision of childcare, including taking photos of children in their care using a digital camera. Annual membership of the ICO for childminders costs £35.
Other early years professionals said they knew of childminders who require parents to give written consent for them to keep any photos of their children once they have left the setting.
The ICO has confirmed that under the Data Protection Act, childminders can keep photos of previously minded children for business purposes, such as advertising, if parents are happy and aware of where and how they will be used and for what time period. Childminders must also be sensible about the use of the photos and not include the children's names.
Victoria Cetinkaya, ICO senior policy officer, said, 'Childminders need to check they are following the eight principles of the Data Protection Act 1998 (see box) and decide whether they should be retaining data/records, including photos, and for how long.
'The key element of data protection is ensuring that what childminders do with a child's data is well within the reasonable expectations of parents. It is therefore really important for them to be told what information will be held and why, and if parents object, that this is respected where appropriate.'
Information about retaining personal data is covered under Principle 5 of the Data Protection Act. It states that, 'Personal data will need to be retained for longer in some cases than in others. How long you retain different categories of personal data should be based on individual business needs.
'How long you should keep personal data depends on the purpose for which it was obtained and its nature.
'There may often be good grounds for keeping personal data for historical, statistical or research purposes.
'The Data Protection Act provides that personal data held for these purposes may be kept indefinitely as long as it is not used in connection with decisions affecting particular individuals, or in a way that is likely to cause damage or distress. This does not mean that the information may be kept forever - it should be deleted when no longer needed.'
According to Ms Cetinkaya, outside of business use, childminders can keep photos of children they used to look after if they are kept in the home - such as in a photo album - and parents have given their consent. She added that if childminders do breach the Data Protection Act and their actions cause 'substantial damage or distress' they could be fined.
Ms Cetinkaya advised that childminders talk about record keeping with parents in their first meeting. She said, 'It is important childminders have a retention policy that states how long photos will be kept for, and that they will be kept safely and securely.'
Similarly, Bea Heath, director of Independent Childminders Social Enterprise (ICM-SE), added that childminders should clearly state that they may keep some photos for commercial reasons, but will seek permission from the child's parent/carer to use them publicly.
Childminder Sarah Neville of Knutsford Childminding said the confusion may stem from poor communication. 'Local authorities were slow to inform childminders, and now because we receive so little support messages are not being communicated,' she said.
Ms Heath echoed this, saying that the 'postcode lottery of local authority support is perhaps why there is some confusion on the part of childminders.' She added, 'There is certainly a case for more detailed information about photographs on the ICO website, and it is something ICM-SE will follow up.'
Theresa Johnson, development lead for PACEY, said, 'I am not aware of any specific queries relating to retention of photographs. PACEY has a member factsheet, "Registering with the Information Commissioner's Office", which explains that childminders are required to register if they keep more extensive records, or information of a more sensitive nature, for example, about a child's health, on a computer, or if they are going to be taking digital photographs on a camera or with any other digital device such as a mobile phone, of the children in their care.'
- For queries relating to processing personal information electronically, call the ICO helpline on 0303 123 1113 or 01625 545745.
DATA PROTECTION ACT PRINCIPLES
The eight principles of the Data Protection Act require personal data to be:
Principle 1 - processed fairly and lawfully;
Principle 2 - processed if there is a legitimate basis for doing so;
Principle 3 - collected for the purposes specified and sufficient for the purpose it was collected for;
Principle 4 - accurate and kept up-to-date;
Principle 5 - kept no longer than is necessary for the purpose you obtained it for;
Principle 6 - processed in accordance with the rights of individuals that it refers to;
Principle 7 - held securely to prevent it from being accidentally or deliberately compromised;
Principle 8 - not transferred to a country or territory outside the EEA (European Economic Area) unless that country or territory ensures an adequate level of protection.