Isle of Man SCB Logo

Top of page

Size: View this website with small text View this website with medium text View this website with large text View this website with high visibility

1.7 Principles of Case Recording


This guidance is taken from the NSPCC publication: Guidance on Child Protection Records Retention and Storage (England and Wales) November 2007.

This briefing provides guidelines for the retention and storage of child protection records. It is not comprehensive and does not constitute legal advice.


  1. Context
  2. Recording Concerns
  3. Sample Incident Report Form
  4. Guiding Principles to Record Retention Periods
  5. Guidance on Retention Periods
  6. Storage of Records
  7. Destruction of Records
  8. References

1. Context

As part of developing a safeguarding policy and procedures organisations must consider and develop clear guidelines for the retention, storage and destruction of their records where these relate to child welfare concerns or concerns about possible risk posed by employees (either paid or unpaid). Whilst guidelines exist for statutory and regulated organisations it is often less clear what organisations in the voluntary, community or private sectors should do. This guidance has been developed to assist them.

2. Recording Concerns

If an organisation has concerns about the welfare or safety of a child or young person (e.g. concern about a physical injury or neglect at home) or concerns about the behaviour of an employee or volunteer (e.g. if they hurt a child, breach the code of conduct or do something considered to be poor practice) it is vitally important to record all relevant details, regardless of whether or not the concerns are shared with either the police or Children’s Social Care. An accurate record should be kept of:

  • Date and time of incident/disclosure;
  • Parties who were involved, including any witnesses to an event;
  • What was said or done and by whom;
  • Any action taken by the organisation to look into the matter;
  • Any further action taken;
  • Where relevant, the reasons why a decision was taken not to refer those concerns to a statutory agency;
  • Any interpretation/inference drawn from what was observed, said or alleged any interpretation/inference drawn from what was observed, said or alleged should be clearly recorded as such;
  • Name of person reporting on the concern, name and designation of the person to whom the concern was reported, date and time and their contact details;
  • The record should be signed.

3. Sample Incident Report Form

Once an organisation has created a record about a child or adult it needs to have a policy/ procedures in place regarding the retention and storage of that information.

If you are creating records about the children or people that use your services or activities, it is best practice to advise them at the outset about the fact that you hold such records and their purpose.

4. Guiding Principles to Record Retention Periods

In order to determine how long records should be kept there are a number of guiding principles:

The Data Protection Act 1998 requires that personal information should be:

  • Adequate, relevant and not excessive for the purposes(s) for which they are held (third principle);
  • Accurate and where necessary kept up to date (sixth principle);
  • Not kept for longer than is necessary for its purpose(s) (fifth principle);
  • The implication of these principles is that organisations need to have procedures to cover the review of personal/sensitive information held on files. Essentially it means that organisations must assess how long they need to keep the information for, the purpose for which they are holding it and when it will be destroyed;
  • Guidance contained within Data Protection Act 1998: Guidance to Social Services (2000) is a useful point of reference for organisations to consider as it represents what can be regarded as best practice. This guidance states that:
    • Exists, the authority will need to establish its own retention periods. Normally personal information should not be held for longer than 6 years after the subject’s last contact with the authority. Exceptions to the 6 year period will occur when records:
    • Need to be retained because the information in them is relevant to legal action that has been started;
    • Are required to be kept longer by law;
    • Are archived for historical purposes (e.g. where the organisation was party to legal proceedings or involved in proceedings brought by a local authority). Where there are legal proceedings it is best to seek legal advice about the retention period of your records;
    • Consist of a sample of records maintained for the purposes of research;
    • Relate to individuals and providers of services who have, or whose staff, have been judged unsatisfactory;
    • Are held in order to provide, for the subject, aspects of his/her personal history (e.g. where the child might seek access to the file at a later date and the information would not be available elsewhere).”

When records are being kept for more than the 6-year period, files need to be clearly marked and the reasons for the extension period clearly identified.

Note: Some records are subject to statutory requirements, i.e. there is a defined retention period. Examples include: records relating to children who have been Looked After by the local authority or adopted, records relating to registered foster carers, records in children’s homes, residential homes and registered nursing homes.

Criminal Records Bureau disclosure certificates should not be stored for more than 6 months unless specific consent has been given to store them for longer (for example permission has been given to do this by the body that regulates your organisation).

Whilst the disclosure certificate should normally be destroyed after 6 months, it is permissible to keep a record of the date the check was completed, the reference number of the disclosure certificate and the decision made as to whether the person was employed. Child protection concerns may also arise from the behaviour of adults who are working with children where they have behaved in a way that has harmed, or may have harmed, a child; possibly committed a criminal offence against, or related to, a child; or behaved towards a child in a way that indicates s/he is unsuitable to work with children.

Guidance as to how long these records should be retained is as follows:

“It is important that employers keep a clear and comprehensive summary of any allegations made, details of how the allegations were followed up and resolved, and of any action taken and decisions reached. These should be kept in a person’s confidential personnel file and a copy should be given to the individual. Such information should be retained on file, including for people who leave the organisation, at least until the person reaches normal retirement age, or for 10 years if that is longer. The purpose of the record is to enable accurate information to be given in response to any future request for a reference. It will provide clarification in cases where a future DBS disclosure reveals information from the police that an allegation was made but did not result in a prosecution or a conviction. It will also prevent unnecessary re-investigation if, as sometimes happens, allegations resurface after a period of time”. (Working Together to Safeguard Children (2006) p.241)

5. Guidance on Retention Periods

Type of Record Retention

Child welfare concerns that your organisation refers on to Children’s Social Care or the police.

For example this would include concerns about physical, sexual, emotional or neglect of a child, disclosures from a child about being abused or information from a third party which might suggest a child is being abused; concerns about a parent or another adult that uses your organisation, or a young person who has been abused by another young person.

The referral should be acknowledged in writing by Children’s Social Care and your organisation keeps this on file.

Records should be kept for 6 years after the last contact with the service user unless any of the exemptions apply (listed above) or if your organisation is required to comply with any other statutory requirements.

Child welfare concerns that your organisation decide, after consultation, do not necessitate a referral to Children’s Social Care or the police. In such circumstances the organisation should make a record of the concern and the outcome. For example where a child has been bullied, overly pushy parents or a very distressed child where the distress is unrelated to child abuse. Destroy the record a year after the child/adult concerned ceases to use the service unless the child or adult are continuing to use your organisation.
Concerns about people (paid and unpaid) who work with children and young people, for example, allegations, convictions, disciplinary action, inappropriate behaviour towards children and young people. For example where an employee has breached the code of conduct, a record of the behaviour, the action taken and outcome should be recorded.

Personnel files and training records (including disciplinary records and working time records) - retain for 6 years after employment ceases. However the records should be retained for a longer period if any of the following apply:

There were concerns about the behaviour of an adult who was working with children where s/he behaved in a way that has harmed, or may have harmed, a child;

The adult possibly committed a criminal offence against, or related The adult possibly committed a criminal offence against, or related to, a child;

The adult behaved towards a child in a way that indicates s/he is unsuitable to work with children. In such circumstances records should be retained at least until the adult reaches normal retirement age, or for 10 years if that is longer.

Criminal Records Bureau disclosures obtained as part of the vetting process. The actual disclosure form must be destroyed after 6 months. However it is advisable that organisations keep a record of the date of the check, the reference number, the decision about vetting and the outcome.

6. Storage of Records

Some pointers to good practice:

  • Information about concerns, allegations, and referrals should not be kept in one ‘concern log’ rather information or items relating to individuals need to be kept in separate files;
  • Compile and label files carefully;
  • Files containing sensitive or confidential data should be locked away and access to the keys strictly controlled;
  • Keep a key log so that it is possible to see who has accessed the cabinet, when, and the titles of the files they have used;
  • Access to those records needs to be limited to people in named roles who either need to know about the information in those records and/or who manage the records/files e.g. Lead Child Protection Officer/Case Management Group members;
  • If files are to be stored long term then arrangements need to be made for the keys to be passed from outgoing staff to their successors;
  • If records are stored electronically then password-protect those records, which only limited staff should have access to;
  • Where a local service/activity is closed, arrangements must be in place for ongoing management of the records relating to that service/activity, including the review and disposal of records.

7. Destruction of Records

Records should be incinerated or shredded in the presence of a member of the organisation or entrusted to a firm specialising in the destruction of confidential material. This action must be taken at the same time as the electronic record is purged. If not shredded immediately, all confidential records must be held in a secured plastic bag, labelled as confidential and locked in a cupboard or other secure place.

When a part of an organisation (e.g. a club, team, project etc.) is closed down, the organisation must make arrangements for ongoing management of records relating to that club/team/project including the review, retention and disposal of records.

Key questions for organisations to consider in developing their retention and storage policy:

  • What records will we retain and for what purpose?
  • Is our record keeping in line with data protection principles?
  • How long should we retain records for?
  • Do any statutory requirements apply to our records in terms of their retention?
  • What is the format of the record?
  • Does our regulatory/inspection body (if applicable) lay down any minimum expectations about record keeping, retention and destruction?
  • How will the records be stored and who will have access to them?
  • What arrangements will we need to review records?
  • What arrangements do we need to destroy them?
  • Does our insurer stipulate anything about record retention periods?
  • Does our local safeguarding children board (LSCB) provide guidance on record retention and destruction that we are expected to follow?

8. References

Retention of Personnel and Other Related Records, CIPD

Department of Health (2000) Data Protection Act 1998: Guidance to Social Services