Planned Environment Therapy Trust Archive and Study Centre
Processing Personal Data in Compliance with the General Data Protection Regulation and the Data Protection Act 2018, Policy and Guidance
[This replaces the 2009 document, "Archive and Study Centre Data Protection Policy: Access to Personal Files which may be held in the Planned Environment Therapy Trust Archive and Study Centre: Policy and Guidance".]
In this document we will refer to The Planned Environment Therapy Trust as "The Trust", and The Planned Environment Therapy Trust Archive and Study Centre as "The Archive". The Data Protection Act 2018 with its associated secondary legislation will be referred to as "DPA2018", and the European Union’s General Data Protection Regulation [(EU) 2016/679] will be referred to as "GDPR".
As well as the texts of DPA2018 and GDPR, this Policy draws on
- Published guidance from the Information Commissioner's Office, e.g.:
- "Guide to the General Data Protection Regulation (GDPR)" (22 March 2018) [Referred to as “ICO Guide to GDPR”]
- "Overview of the General Data Protection Regulation (GDPR)" (20 October 2017)
- "Guide to archiving personal data", The National Archives (Crown copyright, August 2018). [Referred to as "Guide to archiving personal data"]
- "Data protection for oral historians and organisations holding oral history interviews", Rob Perks, Oral History Society (May 2018)
- "Guide to the General Data Protection Regulation", Bird & Bird (May 2017) [referred to as Bird&Bird]
- "Justifying oral history sound recordings under GDPR - a worked example", Jonathan Fryer, Data Protection Officer, British Library (1 June 2018)
PART 1 THE TRUST and THE ARCHIVE
1.1 The Parent Organisation
1.1.1 The Planned Environment Therapy Trust (referred to in this document as "The Trust"), was founded in 1966. Its Registered Charity Number is 248633.
1.1.2 The Trust's charitable objects have been unchanged through its life, and are
"to investigate and study, publish results and expositions and train workers and eventually carry out in practice methods of treatment of: emotionally disturbed, maladjusted, or delinquent children: young persons, or adults, by means of planned environmental therapy, especially in association with specialised psychotherapy."
1.1.3 The Trust established The Archive in 1989 in order to meet and pursue these charitable objects.
1.2 The Archive
1.2.1 The Archive was established in 1989 by the Trustees of the Planned Environment Therapy Trust in order to acquire, preserve, appraise, arrange, describe, communicate, promote, disseminate and provide public access to records of enduring value relating to planned environment therapy and its related and cognate areas, including therapeutic community and progressive/alternative/democratic education, for the benefit of those with an involvement in these areas past and present, academic researchers, and for general public interest (see GDPR Recital 158). It is the only archive service in Britain devoted specifically to these areas.
1.2.2 The Archive was founded by The Trust to be an "engaged" archive, organised on planned environment therapy principles, as a demonstration in practice and in consequence as an exponent of planned environment therapy principles.1
1.3 The Archive's purpose
1.3.1 The Archive carries out archiving in the public interest, and for historical research purposes, in order "to support community identity, the maintenance of family relationships and personal identity, and understanding of the development of society at large." ("Guide to archiving personal data", Section 53, p. 23).2
1.3.2 Its aim is to assemble as complete a picture as possible of the individuals, groups, institutions and organisations which have and continue to make up The Archive's field of interest (1.2.1), in order to support research, and greater public understanding.
1.4 The Archive's Collections Policy
1.4.1 The Archive's collections policy supports the purposes of The Archive and the aims and objects of The Trust. It is grounded in the principles and practice of planned environment therapy, and is part of The Trust's work as a demonstration in practice and as an exponent of planned environment therapy principles.
1.4.2 As a research archive, the collections policy incorporates the needs and feedback of specialist researchers from a wide range of disciplines, as well as awareness of contemporary, evolving approaches and methods in research, especially computer-aided and large data set research.
1.4.3 As a multi-community archive, its collections policy is also based in the needs and understandings of the communities represented in the collections. Selection and appraisal are guided and informed by what the members of the communities represented in The Archive themselves regard as significant and meaningful.
1.4.4 From planned environment therapy and therapeutic community principles The Archive takes
18.104.22.168 a person-centred and relationship-based "whole person" approach to selection and appraisal, in which it is the whole person who is of interest, as a person, and not just a facet in relation to a particular institution, person, role, or time in their life;
22.214.171.124 a non-hierarchical and "whole community" approach, in which each individual within a group or community is regarded as equally of interest, whatever place they have in relation to the life of the therapeutic or educational group or community; and
126.96.36.199 a "whole institution" approach, in which every aspect of the institution or environment is regarded as having a potential explanatory or cultural meaning and significance in relation to group and individual identity, behaviour and dynamics.
1.4.5 From community members The Archive takes an appreciation of the importance of the integrity and inviolability of the records of a community taken as a whole, and as such; of the meaning which is contained in non-conventional records such as ephemera and the everyday objects of daily life; and of the importance to preserve what can appear to a person outside that community and its culture as small and inconsidered things.
1.4.6 From specialist researchers in disciplines as diverse as genealogy, theatre studies, art history, psychiatry, child care studies, anthropology, sociology, medical history and literature, among others, The Archive takes an appreciation of the value and importance of breadth as well as detail in collections; and from computer-aided large data set research, The Archive takes an understanding of the significance of granularity, integrity, depth and completeness of data within, and across, collections.
1.4.7 Given the purpose and aim of The Archive, and based in these principles, The Archive aims to collect a comprehensive, in-depth and granular record of the people, places, and organisations which have practiced, promoted, and been involved in planned environment therapy, therapeutic community, progressive/ alternative/ democratic education, and cognate and related therapeutic environments and group settings. It seeks out and processes a comprehensive range of library, archive, museum, oral history and audio-visual materials which carry and convey information and meaning in the terms and for the purposes set out above. The acquisitions include digital files; physical objects, including paintings, furniture, and psycho-diagnostic tools (these are examples of the range, and not a comprehensive listing); books and other published material, including grey and ephemeral literature; archivally unconventional items as selected and identified by community members; and the full range of conventional physical and digital records and carrier media, from paper diaries, logbooks, case files and correspondence to photographs and photographic negatives, film, video, audio, optical disks, and other formats (again, these are examples of the range, and not a comprehensive listing).
PART 2. GDPR OVERVIEW IN RELATION TO ARCHIVES, TERMS AND DEFINITIONS
- GDPR is intended to strengthen and unify data protection for individuals and address the security of transferring personal data overseas. There is a strengthened emphasis on accountability and on transparency: an organisation must not just take responsibility for, but must be able to demonstrate compliance with the six new data protection principles. These six principles (given below, in 2.2.1) define the main obligations for organisations which process personal information.
- Provided the right safeguards are in place, GDPR exempts archives from some of the restrictions and prohibitions on the processing of personal data which apply to other organisations. Without these exemptions, an archive can not legally function.
- The Trust is the data controller for collections whose ownership is transferred to The Archive, unless it has been explicitly agreed otherwise with the donor. ("Guide to archiving personal data", Section 59, p. 27). See also section 3.6 below.
2.2 Terms and Definitions
2.2.1 The Six Data Protection Principles
- Lawfulness, fairness and transparency (“processed lawfully, fairly and in a transparent manner in relation to individuals”).
- Purpose limitation (“collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes”)
- Data minimisation (“adequate, relevant and limited”)
- Accuracy (“accurate and, where necessary, kept up to date”)
- Storage limitations (“kept in a form which permits identification of data subjects for no longer than is necessary”)
- Integrity and confidentiality (“processed in a manner that ensures appropriate security of the personal data”)
2.2.2 Personal Data
Personal data is
"any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person." (GDPR Article 4: Definitions)
This is stated more succinctly by "The Guide to Archiving Personal Data" as:
"any information relating to an identifiable living person who can be directly or indirectly identified." (The Guide to Archiving Personal Data, Section 4 (p. 8).
"any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction." (GDPR Article 4 (2)).3
This is stated more succinctly by "The Guide to Archiving Personal Data":
" ‘Processing’ is the term used for virtually anything that can be done with or to recorded information, including acquisition, storage and destruction as well as active use." (The Guide to Archiving Personal Data, Section 15 (p. 12).
2.2.4 Sensitive Personal Data
GDPR introduces a new category of sensitive personal data, and places special restrictions on its processing. By its nature The Archive holds a significant amount of sensitive personal data. According to the “ICO Guide to GDPR” the categories of sensitive personal data are:
- ethnic origin;
- trade union membership;
- biometrics (where used for ID purposes);
- sex life; or
- sexual orientation.
These are stated in GDPR Article 9 (1) in this way:
"Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited." (Article 9(1)).
2.2.5 Applicability of the Regulations
The Regulations do not apply to the personal information of deceased persons (GDPR (27)), nor to unstructured manual (paper) data (GDPR (15)). However, where paper collections come into The Archive in an unstructured state, subsequent listing and cataloguing provides structure and therefore brings them into the terms of the Regulations. Catalogued collections are, by definition, structured file systems, and subject to the Regulations, as are searchable digital files.
PART 3. DEROGATIONS AND SAFEGUARDS: The basis on which the Archive legally operates
3.1 Lawful Basis of Processing
3.1.1 The processing of personal data by The Archive is governed by DPA2018 and GDPR, which came into effect on May 25, 2018, with specific reference to the safeguards and derogations set out for archiving purposes in GDPR Article 89, "Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes".
3.1.2 Materials acquired and processed by The Archive for archiving are non-current and are processed in the public interest, for the purposes of historical and statistical research. This is the lawful basis on which personal data is processed.
Where appropriate safeguards are met, archives are exempted from meeting some of the requirements of GDPR. The exemptions under the archiving in the public interest purpose are set out in DPA2018 Schedule 2 Part 6 Section 28:
The listed GDPR provisions do not apply to personal data processed for archiving purposes in the public interest to the extent that the application of those purposes would prevent or seriously impair the achievement of those purposes
Article 15(1) to (3) (confirmation of processing, access to data and safeguards for third country transfers);
Article 16 (right to rectification);
Article 18(1) (restriction of processing);
Article 19 (notification obligation regarding rectification or erasure of personal data or restriction of processing);
Article 20(1) (right to data portability); It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
Article 21(1) (objections to processing)
"Guide to archiving personal data" re-states this in terms of Adaptations to certain principles and Exemptions from certain rights:
- Adaptions to certain Principles.
- Purpose limitation. It provides for compatible further processing, beyond the purpose for which the data was originally collected; and
- Storage limitation. It allows the retention of personal data for longer periods than normally permitted under the storage limitation principle;
- Exemptions from certain rights;
- The right of erasure / the right to be forgotten;
- The right to be informed for indirectly collected personal data where it would be impossible or involve disproportionate effort; and
- Article 89 makes specific provision for exemptions from a number of data subject rights: access, rectification, restriction, notification, data portability and right to object, insofar as they are derogated for in member state law (The Data Protection Act 2018 in the UK).
To qualify for exemptions, safeguards must be in place to minimise any adverse impact on living individuals. In particular, measures must be in place
a) "to ensure respect for the principle of data minimisation" (GDPR Article 89(1))
b) to ensure that processing is not "likely to cause substantial damage or substantial distress to a data subject", and
c) to ensure that processing is not ‘carried out for the purposes of measures or decisions with respect to a particular data subject...". (DPA2018 Section 19)
3.4 Data Minimisation
Materials acquired and processed by the Archive and Study Centre for archiving are non-current and are held in the public interest, for the purposes of historical and statistical research.
Processing is carried out in accordance with GDPR Article 89 "Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes", the full text of which is given in Appendix 2.
GDPR Article 89(1) States:
Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject. Those safeguards shall ensure that technical and organisational measures are in place in particular in order to ensure respect for the principle of data minimisation.
The principle of minimisation is defined in GDPR Article 5(1)(c):
- Personal data shall be:
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (data minimisation)”
The purposes for which personal data is processed by The Archive, and what is considered adequate, relevant and limited to those purposes, are set out in Part 1 of this document, and especially in sections 2 through 4.
3.5 Substantial damage or substantial distress to a data subject
3.5.1 The "Guide to archiving personal data" (section 16) states as a fundamental principle of any archive that processing personal data "should not cause substantial distress or substantial damage to the person whose data is being archived". The "Guide to archiving personal data" points out that GDPR and DPA2018 do not define what is meant by 'substantial damage' or 'substantial distress', and goes on to say that
However, in most cases:
- substantial damage would be financial loss or physical harm; and
- substantial distress would be a level of upset, or emotional or mental pain, that goes beyond annoyance or irritation, strong dislike, or a feeling that the processing is morally abhorrent.
3.5.2 The Archive approaches the minimisation of adverse impact on living individuals in two main ways. The first is the culture of the Archive itself, which is rooted in the principles and practice of planned environment therapy, and what Founding Trustee David Wills referred to as shared responsibility. It is characterised by an actively developed collegial relationship with researchers and other stakeholders, and in particular through close communication, engagement, consultation, involvement and participation of and with communities and individuals who are present directly and indirectly as data subjects in the collections. The resulting flow of information and understanding builds mutual trust and diminishes the potential for distress. It helps to ensure that The Archive is in touch with and made aware of issues and dynamics which can influence how data is better and more sensitively understood and processed by The Archive, and it helps to ensure that the necessary professional demands and boundaries of The Archive are trusted, understood and respected in turn. Given the sensitivities of much of the material in The Archive, and the very deep social, emotional and psychological vulnerabilities the collections evoke, contain and represent, this culture of mutual understanding, trust, knowledge and respect is an essential component in the task of mitigating data subject's distress and the potential for distress and damage for all involved, including The Archive itself.
3.5.3 The second component consists of the technical and organisational management of personal data, and the confidence this can instill in data subjects in respect of the security of their personal data, and the systems in place to minimise any risk of data loss and/or data breaches. This management covers the entire life cycle of data, from acquisition, through use, to de-acquisition from the collections.
1) Appraisal and acquisition. As part of appraisal and incorporation into the Collections, both structured and unstructured collections are assessed for personal and sensitive personal data content, and access restrictions applied appropriately. For a description of these see Appendix 5: "Notes for Potential Donors of Material to the Planned Environment Therapy Trust Archive and Study Centre".
2) Storage. Personal data is held securely, both physically and digitally.
Physical carriers of personal and sensitive personal data, including optical and floppy disks, film and tape, as well as paper, are held securely in a series of onsite locked store rooms. The main Archive public, work and storage areas are protected by an intruder alarm, and by a separate fire alarm system. There are two secure outstore rooms for library and non-sensitive materials.
Personal data and sensitive personal data contained in digital form are held on secure, password-protected in-house RAID systems, within the secure and alarmed onsite premises. Access is through password-protected staff computers. The primary RAID (Redundant Array of Independent Disks) system is configured for maximum safety in RAID Z3, which means that three of the eight hard drives which make up the RAID system can fail simultaneously without the loss of any data. A set of three replacement disks are on hand should that unlikely event occur. To further ensure against the loss of data, a second secure RAID system acts as a back-up. Off-site or cloud systems are not used for the storage of personal data.
Current as well as archived digital correspondence, catalogues, spreadsheets and other unredacted working documents containing personal data are held on the password-protected in-house RAID systems, and not directly on staff computers. Access is through password-protected staff computers.
Current paper correspondence, catalogues, spreadsheets and other unredacted working documents containing personal data are held in secure staff office space. Archived paper correspondence and other business and working papers of The Archive are held either in secure storage rooms, or in secure staff office space.
Current correspondence and other business and working documents of The Archive, both paper and digital, are regarded as essential to the future understanding and management of the collections, and of historical research value, and are archived as a matter of course as they cease to be current.
3) Processing by The Archive staff. Knowledge and understanding of the relevant regulations and guidance are a pre-requisite to employment in The Archive. Where necessary, Archive staff are given additional training in GDPR/DPA2018, and training forms part of the Continuing Professional Development supported by The Trust. Professional standards are expected of all Archive staff in all aspects of processing personal data.
4) Processing by Researchers. Before they are allowed to have access to a collection which contains or potentially contains personal data, researchers must provide proof of identity and bona fides, and must read, understand and sign a contract with The Archive in which they acknowledge and agree to meet the requirements of GDPR and DPA2018 in respect of living individuals. This contract makes them aware that they are responsible and liable under the Regulations for any processing of personal data (including publication) which they may record.
In particular, where sensitive, restricted or closed records are concerned, they must contractually agree not to record or convey in any way to any third parties outside The Archive any information which would make it possible to identify living individuals concerned in the records, and must agree to allow The Archive staff to review any notes to ensure any such information has not been recorded, and if it has, to delete it. Where personal data has been recorded, the researcher agrees to show any proposed publication to The Archive for review, and to send a copy of their published work for reference to The Archive.
The contracts signed by researchers are retained as part of The Archive's business records, and constitute an audit trail of The Archive's and researchers' compliance with GDPR and DPA2018.
5) Processing by Volunteers. Volunteers are a valuable asset, and carry out a number of important tasks within The Archive, including cataloguing and minor conservation work, and other forms of processing. Volunteers are alerted to the nature of personal data and the requirements of GDPR in relation to personal data, and are given appropriate instruction in GDPR by Archive staff before carrying out any work. To become volunteers they are required to complete a contract which outlines their legal responsibilities under the Regulations to maintain confidentiality and the privacy rights of data subjects. This contract includes an explicit agreement not to record nor to convey to anyone apart from Archive staff any sensitive personal data which they might encounter, and which might make it possible to identify a living individual about whom information is held in the collections.
To minimise the potential for inappropriate contact with and processing of personal data, proposed tasks are assessed and audited by members of The Archive team in advance. Given the nature of The Archive's holdings, however, there is a recognition, as evidenced in the volunteer contract, that a volunteer might encounter personal data whose nature might be protected. Where this occurs or where there is uncertainty, volunteers are instructed to inform The Archive staff, to make an assessment.
The signed volunteer contracts are retained as part of The Archive's business records, and constitute an audit trail of The Archive's and volunteers' compliance with GDPR and DPA2018.
6) Public access computers. There are generally one or more computers in the search room which are made available for public access and use. These are password-protected, as a safeguard against unauthorised access, but this password does not give public access to the separate, password-protected in-house RAID system. Where digital files are transferred for research purposes onto these computers, those files are deleted from the computer once they have been consulted. Where volunteers create digital files or catalogues using these computers, once that work is completed the files created are transferred to the secure, password-protected in-house RAID system, and are deleted from the public-access computers.
7) Oral History. The Archive records, supports the recording of, and takes in oral history recordings for the purpose of archiving in the public interest, and for historical research purposes. Oral history interviews may well contain personal data, and sensitive personal data.
Persons interviewed by The Archive must be fully informed about, consent to participate in, and be able to withdraw from an interview. To insure compliance with the requirements of the Regulations, oral history interviewees will be asked to complete an interview participation agreement form prior to interview. Where appropriate, and where it differs from the interview recording agreement, this agreement includes:
- information about the aims and objectives of The Archive, the project, and/or the interviewer if acting on behalf of The Archive;
- what realms of personal data are likely to be recorded;
- where it will be stored;
- how it will be used;
- the legal basis for its use, as an archival document for research purposes;
- and how the interviewee can contact The Archive to access their data.
Once the interview has been completed, interviewees will be asked to complete an interview recording agreement which documents ownership of copyright, and specifies the interviewee's wishes in relation to the access and use of the interview. To minimise the potential for distress and to ensure data subject control over their information, The Archive does not ask for this agreement to be signed at the end of an interview. Instead, the Archive provides a copy of the recording, so that the interviewee can hear what they said before making a decision on access and use. Where resources permit, The Archive also provides a transcript, so that the interviewee can see what a transcriber thinks they have said. Through this process of hearing and seeing, correction, amendments, and informed decisions on access and use can be made.
Recorded interviews are regarded as confidential until an assessment has been made by The Archive of their contents, and decisions taken about any restrictions or actions required in relation to personal data or sensitive personal data. To minimise the risk of data breaches and distress, the recordings are not made available to third parties unless and until the interviewee has agreed otherwise, in writing, having had time to hear their interview and consider what they said during it. Where The Archive is uncertain about the nature or sensitivity of personal data contained in the interview, the interviewee will be consulted to gain a better understanding. If there is material which is sensitive, there are various tools and mechanisms available to ensure that any material made available to the public will not breach GDPR, or cause serious damage or distress. These tools include, among others, outright closure of the recording and/or transcript, and the production of a redacted or safely anonymised listening or reading copy. Please see The Archive's oral history copyright form and accompanying information for interviewees.
8) De-accessioning, Return, and Destruction. Within the detailed remit of the Collections Policy (1.4), including the importance attached to certain materials and types of non-conventional as well as conventional archival objects as identified by community members and other stakeholders, some materials will nevertheless come into The Archive which belong in another archive or heritage institution. In consultation with the donor, and ensuring there is no serious distress attached to the transfer, this material will be de-accessioned and transferred to the appropriate institution.
Where material does not fall within the collections policy, and is not to be transferred to another institution, it will be returned to the original donor or their heirs or assigns, in full consultation with them, having explained why the material is being returned, and ensuring that processing in this way does not cause serious damage or distress.
The Archive understands the depths of vulnerabilities and traumatic experience that can be contained and represented in conventional and non-conventional archive materials, and understands that destruction and the prospect of destruction in itself can be a cause of serious distress. However, there are some instances where destruction is appropriate, and can be agreed in advance with donors, or in consultation with them. This can include among other things duplicates, empty containers, advertising, waste, blank sheets, and accidentals with no connection to the core of the collection.
3.6 Measures or decisions with respect to a particular data subject.
The Archive holds a significant body of both personal data and special category personal data, the nature of which may require the data to be processed for the purposes of carrying out measures or decisions with respect to a particular data subject. GDPR sets out conditions in which this is lawful.
3.6.1 General: Processing sensitive personal data for archiving purposes
The nature of The Archive and its holdings means that a significant body of material within the collections contains sensitive, special category personal data. Processing this data is necessary for archiving purposes in the public interest for historical research in accordance with GDPR Article 9(2)(j), and DPA2018 Schedule 1 Part 1.
GDPR Article 9(2)(j): where
processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
DPA2018, Schedule 1 Part 1, stipulates the condition for processing for
4 This condition is met if the processing -
(a) is necessary for archiving purposes, scientific or historical research purposes or statistical purposes,
(b) is carried out in accordance with Article 89(1) of the GDPR (as supplemented by section 18), and
(c) is in the public interest.
3.6.2 Processing for donor institutions' legal and pastoral purposes
There may be instances in which an institution which has donated records to The Archive requires access to non-current files which contain sensitive personal data, in order to exercise legal or pastoral responsibilities. In these instances the donor institution is the Data Controller, and The Archive acts under the donor institution's aegis as the Data Processor. The derogations that may apply are set out in DPA2018 Schedule 1 Part 1, (1) Employment, social security and social protection, and/or (2) Health or social care purposes (see Appendix 3).
3.6.3 Processing in support of police and social services investigations
Where The Archive is asked to process data in support of police or social services investigations, the basis on which this is done is in DPA2018 Schedule 1 Part 2, Sections 10 and 12:
DPA2018 Schedule 1 Part 2 "Substantial Public Interest Conditions", 'Preventing or detecting unlawful acts':
10 (1) This condition is met if the processing—
(a) is necessary for the purposes of the prevention or detection of an unlawful act,
(b) must be carried out without the consent of the data subject so as not to prejudice those purposes, and
(c) is necessary for reasons of substantial public interest.
(2) If the processing consists of the disclosure of personal data to a competent authority, or is carried out in preparation for such disclosure, the condition in sub-paragraph (1) is met even if, when the processing is carried out, the controller does not have an appropriate policy document in place (see paragraph 5 of this Schedule).
(3) In this paragraph—
“act” includes a failure to act;
“competent authority” has the same meaning as in Part 3 of this Act (see section 30).
DPA2018 Schedule 1 Part 2 "Substantial Public Interest Conditions", 'Regulatory requirements relating to unlawful acts and dishonesty etc':
12 (1) This condition is met if—
(a) the processing is necessary for the purposes of complying with, or assisting other persons to comply with, a regulatory requirement which involves a person taking steps to establish whether another person has—
(i) committed an unlawful act, or
(ii) been involved in dishonesty, malpractice or other seriously improper conduct,
(b) in the circumstances, the controller cannot reasonably be expected to obtain the consent of the data subject to the processing, and
- the processing is necessary for reasons of substantial public interest.
(2) In this paragraph—
“act” includes a failure to act;
“regulatory requirement” means—
(a) a requirement imposed by legislation or by a person in exercise of a function conferred by legislation, or
(b) a requirement forming part of generally accepted principles of good practice relating to a type of body or an activity.
PART 4. SUBJECT ACCESS REQUESTS: Accessing personal data
It is The Archive's policy to work in partnership with donating institutions, organisations and individuals to ensure appropriate access to historical records by stakeholders who have a legal and legitimate interest in them, including former children and young people in care.
The Archive also agrees as a fundamental principle with the European Court's statement that former children "have a vital interest...in receiving the information necessary to know and to understand their childhood and early development"; that “everyone should be able to establish details of their identity as individual human beings"; and that their files and other archival material "provided a substitute record for the memories and experience of the parents of the child who is not in care" (European Court of Human Rights, S. 39, Case 2/1988/146/200, Gaskin vs, The United Kingdom, Strasbourg, 07 July 1989). This would be true as well for records relating to adults.
It is The Trust's and the The Archive's policy to provide data subjects access to files and materials relating to them in a supportive environment, with contextualising information and supportive advice if necessary. The Archive operates a minimal redaction policy, in order to provide information as fully as possible within the limits of GDPR/DPA2018.
We do ask individuals for proof of identity, to ensure they have a right to the material they are requesting. We may ask whether any relatives or other third parties who may appear in the records are deceased, and potentially ask for proof. This is to help with decision-making in terms of redaction, and the goal of minimising redaction. We will also ask individuals for written permission before we read through any files relating to them. We will be reading files for the purposes of redacting protected third party information as required by GDPR, and not to acquire information, and we will not share any information with third parties (except as set out in 3.6).
While information within files can not be changed, The Archive welcomes additions and corrections, which can be attached to the files.
To consult records relating to them, individuals should contact the archivist directly, providing information which will help the archivist to identify the correct records. The Archive aims to make a first response within 48 hours, and to provide access within 30 days. We will arrange times for visiting so that, as far as possible, the visit can be at the convenience of the individual.
A reasonable charge can be made for providing scanned copies; but it is Archive policy to ensure that The Archive itself places no cost barrier in the way of individuals' accessing material relating to them.
Appendix 1. "Overview" document, governing the 2010-2011 Heritage Lottery Funded "Therapeutic Living With Other People's Children" project (selection).
The "Overview" document provided the basis on which consultation on proposals for the "Therapeutic Living With Other People's Children" project was conducted. It was put together by Archive staff, Trustees, former children, and former staff of therapeutic communities and environments. In its final form, quoted here, it formed part of the governance documents for the project. Although the project was directed towards work with children and young people, its statements relating to children and young people can equally be applied to adults whose data is held or referred to in the collections. The full "Overview" document is available as an Appendix in "Final Report to the Heritage Lottery Fund Covering the period January 2010 – October 2011", available online at https://www.webarchive.org.uk/wayback/archive/20121115100057/http://www.otherpeopleschildren.org.uk/documents/HG-08-16728FinalReport3rdEditionweb.pdf. The sections given here present one of the key purposes of The Archive.
- This is an immensely influential and fundamentally important area of the nation's heritage, but it mirrors, in relation to the national heritage, the marginalisation and social exclusion often suffered by the children and young people themselves. It is characterised by the invisibility, by the inaccessibility, and by the destruction and loss of records, of memory, and of objects of memory relating to the children and the places and people who looked after them, as well as of the wider work itself. It has, in a sense, fallen out of the national heritage.
- This absence, loss and destruction of memory and heritage is reflected in the lives and memories of many of those children and young people themselves, who, as adults - and however creative and productive their lives may have become - retain a part of themselves which does not belong to the mainstream community around them, or have a safe and valued place in the wider heritage. In the absence of memory by, about, and for them, their personal histories remain hidden, or protected, or simply unspoken, unknown and unarticulated; but in any event detached from the mainstream history and heritage of the community.
- It goes beyond this, however, and here the project can play a particular role. For many former children and young people the loss, invisibility, and inaccessibility of records about them, of people who remember them, and of significant places in which they lived, translates into a corresponding lack of personal foundation and certainty about themselves and who they are. In the absence of being remembered, and enjoying an ongoing dialogue with familiar objects, places and people from key stages in childhood, they have a lack, to some degree and at some level, of a coherent and connected understanding of their own place within the scheme of things, or even a firm understanding and knowledge that they have such a place. Once again, through lack of certainty and belief in their own personal heritage and its value, and the ability or opportunity to experience, articulate and share it, they are effectively excluded and estranged from full and confident membership in the heritage of the nation as a whole; and whatever they may have given back in their lives, it remains difficult for them to feel entirely as if they belong, and as if the riches of the nation's heritage truly belong to them as they do to others.
Appendix 2. GDPR Article 89 (full text)
Article 89 "Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes"
- Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, shall be subject to appropriate safeguards, in accordance with this Regulation, for the rights and freedoms of the data subject. Those safeguards shall ensure that technical and organisational measures are in place in particular in order to ensure respect for the principle of data minimisation. Those measures may include pseudonymisation provided that those purposes can be fulfilled in that manner. Where those purposes can be fulfilled by further processing which does not permit or no longer permits the identification of data subjects, those purposes shall be fulfilled in that manner.
- Where personal data are processed for scientific or historical research purposes or statistical purposes, Union or Member State law may provide for derogations from the rights referred to in Articles 15, 16, 18 and 21 subject to the conditions and safeguards referred to in paragraph 1 of this Article in so far as such rights are likely to render impossible or seriously impair the achievement of the specific purposes, and such derogations are necessary for the fulfilment of those purposes.
- Where personal data are processed for archiving purposes in the public interest, Union or Member State law may provide for derogations from the rights referred to in Articles 15, 16, 18, 19, 20 and 21 subject to the conditions and safeguards referred to in paragraph 1 of this Article in so far as such rights are likely to render impossible or seriously impair the achievement of the specific purposes, and such derogations are necessary for the fulfilment of those purposes.
- Where processing referred to in paragraphs 2 and 3 serves at the same time another purpose, the derogations shall apply only to processing for the purposes referred to in those paragraphs.
Appendix 3. DPA2018 Schedule 1 Part 1, (1) Employment, social security and social protection, and (2) Health or social care purposes (full text).
Employment, social security and social protection
1 (1) This condition is met if—
- (a) the processing is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller or the data subject in connection with employment, social security or social protection, and
- (b) when the processing is carried out, the controller has an appropriate policy document in place (see paragraph 39 in Part 4 of this Schedule).
(2) See also the additional safeguards in Part 4 of this Schedule.
(3) In this paragraph— “social security” includes any of the branches of social security listed in
Article 3(1) of Regulation (EC) No. 883/2004 of the European Parliament and of the Council on the co-ordination of social security systems (as amended from time to time);
“social protection” includes an intervention described in Article 2(b) of Regulation (EC) 458/2007 of the European Parliament and of the Council of 25 April 2007 on the European system of integrated social protection statistics (ESSPROS) (as amended from time to time).
Health or social care purposes
2 (1) This condition is met if the processing is necessary for health or social care purposes.
(2) In this paragraph “health or social care purposes” means the purposes of—
- (a) preventive or occupational medicine,
- (b) the assessment of the working capacity of an employee,
- (c) medical diagnosis,
- (d) the provision of health care or treatment,
- (e) the provision of social care, or
- (f) the management of health care systems or services or social care systems or services.
Appendix 4 DPA2018 PART 6
DEROGATIONS ETC BASED ON ARTICLE 89 FOR RESEARCH, STATISTICS AND ARCHIVING
Archiving in the public interest
28 (1) The listed GDPR provisions do not apply to personal data processed for archiving purposes in the public interest to the extent that the application of those provisions would prevent or seriously impair the achievement of those purposes.
This is subject to sub-paragraph (3).
(2) For the purposes of this paragraph, the listed GDPR provisions are the following provisions of the GDPR (the rights in which may be derogated from by virtue of Article 89(3) of the GDPR)—
(a) Article 15(1) to (3) (confirmation of processing, access to data and safeguards for third country transfers);
(b) Article 16 (right to rectification);
(c) Article 18(1) (restriction of processing);
(d) Article 19 (notification obligation regarding rectification or erasure of personal data or restriction of processing);
(e) Article 20(1) (right to data portability);
(f) Article 21(1) (objections to processing).
(3) The exemption in sub-paragraph (1) is available only where the personal data is processed in accordance with Article 89(1) of the GDPR (as supplemented by section 19).
Notes for Potential Donors of Material to the Planned Environment Therapy Trust Archive and Study Centre
INTRODUCTION TO THE TRUST
AND THE ARCHIVE AND STUDY CENTRE
The Planned Environment Therapy Trust was founded in 1966 by Dr. Marjorie Franklin, a psychiatrist and psychoanalyst who had been exploring and developing the therapeutic community approach with children and young people, as well as adults, since the inter-war period. Her co-founding trustees were David Wills, a Quaker and one of the well-known pioneers of therapeutic community work with children and young people, and Arthur Barron, an Anna Freud-trained child psychoanalyst who, as a young man, had worked with David Wills at Hawkspur Camp just before the war, Marjorie Franklin being Hon. Secretary of the Q Camps organization which ran it. The PETT is effectively the successor organization of Q Camps, and also of Children’s Social Adjustment Ltd., an organization Marjorie Franklin founded after the war to run Alresford Place School for maladjusted children.
The Archive and Study Centre was founded by the Trust in 1989, based on a bequest from the late David and Elizabeth Wills. In 2002 extended storage and work facilities became available, with a two-story purpose-built archive store. At the same time a new accommodation block, additional meeting spaces, a dining room, and kitchen opened, adding opportunities for meetings and events, and adding value to the work and collections of the Archive and Study Centre.
The Archive now holds over 400 individual archive collections, made up of several hundred individual accessions ranging from single items to many square meters of shelving. The research library has over 8000 volumes. There is an active oral history and contemporary documentation programme which, to date, has generated and gathered well over two thousand audio and video recordings. Queries are handled from all over the world, and researchers have come from as far away as Japan and North America, as well as Europe and Britain, and have included students, practitioners, artist/filmakers, academics, authors, and police and social services.
The Archive and Study Centre staff currently consists of the Archivist, Dr. Craig Fees, RMARA (Registered Member of the Archives and Records Association), and the Assistant Archivist, Jennifer Galloway, a qualified archivist. Both are part-time.
From its inception the Archive and Study Centre has aimed to achieve the highest possible standards in archival care and management, within the resources of a relatively small charity. The storage areas are secure – there are locked doors between the archive collections and the public; the overall archive area is alarmed, and the building as a whole is separately alarmed. The archive storage areas are environmentally controlled. Where financial resources allow, physical materials are stored in specialist archive sleeves, boxes and so on as appropriate. Digital materials are stored in a multi-terrabyte digital storage system with redundancies and automated back-ups built in as failsafe mechanisms, to ensure the security and integrity of the files. Material is accessioned, listed and catalogued based on standards developed by our former assistant archivist in association with the Gloucestershire Record Office (now Gloucestershire Archives). All material is treated as confidential until it has been processed, and a key part of that process is assessing the sensitivity or otherwise of the material; we don’t make material available to researchers until the levels of confidentiality or conditions of access have been agreed with the donor. Our capacity to catalogue and process materials increasingly depends on external grants and support, often from those placing material in the Archive.
KEY ISSUES OF TRANSFER
In looking at the transfer of archive material there are four key issues. The first is Ownership, the second and third are Copyright and Confidentiality (or Level and Conditions of Access), and the fourth is Cost. The Data Protection Act 1998 and other legislation and guidance form a background to questions of Confidentiality and Access.
Generally speaking, archives and museums prefer outright transfer of ownership. There are a number of reasons, not least the need to protect the investment which processing, looking after, and managing archives demands; it is very difficult, for example, to get grants to help with conservation or cataloguing of materials which the institution does not itself own. However, it is also important to protect the interests of the donor, and in preparing the transfer agreement, issues such as rights to access and use need to be considered. This, of course, also gets into areas of Copyright, Confidentiality and Costs.
Ownership of material does not in itself confer ownership of copyright. Copyright becomes a concrete issue when, for example, it comes to a request from a researcher or (say) a television documentary team to copy or to publish or broadcast something from the archives. It is clearly easiest administratively for the archive and the archivist if copyright held by the donor is formally transferred to the archive; but it is imperative that there is a clear understanding of where ownership in copyright resides, and what the position is in relation to any fees which might be charged or received from use. A classic problem - to avoid at all costs - is the second-or-third generation phenomenon. After two or three generations it may no longer be clear who precisely owns copyright, although someone will!, and it can be extremely difficult to find out. When this happens, and the copyright holder can not be located, a collection can become virtually useless.
As we process material, we make a note of what we think the appropriate level of access, or confidentiality, might be. Once the initial listing or cataloguing of the material is completed, we send the list or catalogue with these suggestions to the donor, to agree access levels and conditions. Cataloguing, of course, depends on the resources available to carry it out (see Section 4, 'Costs'). Until this agreement has been completed, the material is treated as Closed – it will not be made available to anyone apart from the donor or a person designated by the donor. In other words, all material entering the Archive is treated as confidential unless or until the donor formally agrees otherwise.
No researcher is allowed access to any archive material until they have signed a form agreeing to certain basic conditions, a copy of which is attached. After that, we have four designated levels of Access.
0 – Open. No restrictions. Material can be made available to any bona fide researcher who has signed the basic User’s Agreement.
1 – Restricted. Material which is sensitive, and which will only be made available to a researcher who agrees in writing to certain specific conditions. Typically, this might include a prohibition on noting down or conveying to any other person in any way any details which would make it possible to identify children or staff mentioned in files or logbooks, along with a clause allowing the archivist to inspect any notes and to see material before it is submitted for publication, and to require changes deemed necessary to protect the identity and confidentiality of children and staff.
2 – Closed, with exceptions. Material in this category is not made available to anyone for a set period, generally 65 years, after which its sensitivity is reassessed, and normally would be Restricted for a further 35 years. There are defined exceptions, and/or mechanisms for making exceptions: For example, a therapeutic unit with an ongoing duty of care would wish specified staff to have access to certain files; and a university might wish to conduct significant research in which the identities of individual children would not be a factor and would not be noted or revealed. If it’s to be allowed, provision must be made for a decision-making process, and protections built in both for the archive in making the material available, and the donor.
3 – Closed, without exceptions. Material in this category is simply not made available to any researcher for any reason for a specified period. Under normal circumstances this would initially be 65 years, after which its sensitivity would be reassessed and it would either continue as Closed for a further period or re-designated 2 Closed with exceptions for a further 35 years, at which point its sensitivity would be assessed again. This seals off the material, and should be considered only after considerable thought.
GENERAL DATA PROTECTION REGULATIONS (GDPR)/DATA PROTECTION ACT 2018
The processing of personal data by The Archive is governed by DPA2018 and GDPR, with specific reference to the safeguards and derogations set out for archiving purposes in GDPR Article 89, "Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes".
Materials acquired and processed by The Archive for archiving are non-current and are processed in the public interest, for the purposes of historical and statistical research. This is the lawful basis on which the Archive processes. personal data.
However, client files in particular are additionally governed by clauses related to sensitive personal data. For fuller information, please ask for a copy of the Planned Environment Therapy Trust's
"Processing Personal Data in Compliance with the General Data Protection Regulation and the Data Protection Act 2018, Policy and Guidance".
It is Archive and Study Centre policy to work in partnership with donating institutions, organisations and individuals to ensure appropriate access to historical records by stakeholders who have a legal and legitimate interest in them, including former children and young people in care. This can raise resource issues for the Archive and Study Centre, and requires clear agreements and lines of ongoing communication with donors of material.
Archives are expensive, labour-intensive organisations, requiring specialist storage conditions and storage materials.
Each collection is different, and because of these differences and the different demands made on collections once they have been taken in, it is difficult to estimate in advance, with full confidence, the true costs involved in their processing, management and storage.
However, among the costs to be considered are:
- Assessment, prior to agreement being reached
- Transport, to get agreed material to the archive
- Archivist's time involved in sorting, cataloguing and processing the collection.
- Cataloguing the collection and entering its details into the archive database is essential if any future research is to be done or use is to be made of them. It ultimately saves researchers and other users time, because the cataloguer will effectively go through and in some way indicate the nature of each item in the collection, whether or not it can be accessed by the public, and - very importantly - where in the archive store it can be found. Once fully catalogued and in the database, a specific item can be called for and retrieved usually within a matter of ten to fifteen minutes.
- Storage materials.
- There are a range of archive storage materials which, by definition, tend to be expensive. Specialist archive boxes are acid free, have a water-repellant membrane, and in our preferred but more expensive cases have a layer of carbon to absorb the gases which are a natural product of the inevitable decay of the materials within the box. By absorbing the gasses, which would otherwise further attack the materials, the decay process is significantly slowed down. Specialist inert sleeves are used to protect photographs and photographic materials. And so on.
- Storage space and shelving.
- Archives are a perpetual physical reality, even when they are digital. Indeed, digital files present problems and difficulties which physical archives don't.
- Every time the collection is accessed it generates associated costs.
- Conservation and preservation.
- Appropriate storage materials and conditions will help to slow down the decay processes which are inevitable in anything which is likely to come into an archive, but over the decades and possibly centuries in which the material is stored and used, conservation and preservation work will have to take place at regular intervials. With born-digital or digitised material, there is an ongoing struggle to migrate and maintain usability as the original formats and technologies become obsolete. All of which, of course, requires time and resources.
1 What this means in practice was articulated in part in the "Overview" document governing the 2010-2011 "Therapeutic Living With Other People's Children" project. See Appendix 1.
2 "Guide to archiving personal data", Section 49, p. 22: "Archiving is processing to secure the permanent availability of recorded memory, i.e. evidence and information, for a wide range of current and potential future purposes, including:
- Enabling research and investigation of all kinds, from academic to genealogical research;
- Enabling long-term accountability, such as public inquiries and other official investigations like cold case murder investigations;
- Enabling the discovery and availability of personal, community and corporate identity, memory, culture and history;
- Enabling the establishment and maintenance of rights and obligations and of precedent decisions;
- Enabling educational use; and
- Enabling commercial and non-commercial re-use.
3 The DPA2018 (DPA2018 Part 1(3)(4)) definition of "processing" :
“Processing”, in relation to information, means an operation or set of operations which is performed on information, or on sets of information, such as—
(a) collection, recording, organisation, structuring or storage,
(b) adaptation or alteration,
(c) retrieval, consultation or use,
(d) disclosure by transmission, dissemination or otherwise making available,
(e) alignment or combination, or
(f) restriction, erasure or destruction.