Requests for copies of Boards of Examiners minutes

This guidance is for information practitioners responsible for responding to information requests for their business areas. It tells you what to do if you receive a subject access request for Boards of Examiners minutes.

Background

The University holds Boards of Examiners minutes, which contain information relating to students as well as Board members including External Examiners.

Students (data subjects) are entitled, under data protection legislation, to make a subject access request for information about them in the minutes.

The University must respond to subject access requests within one month.

Step by step instructions for responding to a request

1. Confirm the identity of the applicant

Before disclosing any personal information, you must be satisfied of the identity of the data subject.

You may be satisfied of the data subject's identity because of your previous interactions with them. For example, they are a student in your School who is known to you.

You may also be able to verify their identity from their email address, for example they may have used their University email account to send the request or an email account they have previously used or notified the University about in their contact details in Euclid.

If you are unable to verify the data subject's identity, you may need to contact them for further information. For example, you could write to them and ask for a copy of their student card, driver's licence or passport.

2. Conduct a search and collate the relevant minutes

3. Identify the personal data about the applicant

Screen the information to identify the personal data about the data subject. Information about other students should not be disclosed.

Information about the data subject can be provided in one of two ways: in a redacted copy of the minutes or as an extract from the minutes. The latter may be preferable to providing a heavily redacted set of minutes.

In either case, relevant useful contextual information should be included such as the name of the Board, the date of the meeting and any relevant headings under which the data subject is discussed.

4. Information about Board members and external examiners

Depending on what the request asks for and the information held, providing information in response to the request may also disclose information about Board members including external examiners.

The following University documents include information about the disclosure of minutes and information about members and external examiners.

• Handbook for Boards of Examiners for Taught Courses and Programmes (sections 8.7-8.11)
• External Examiners for Taught Programmes Policy (sections 70-73)
• Taught Assessment Regulations (section 45)

These documents are available on the policies and regulations section of the University’s Academic Services website.

Policies and regulations

If you have concerns or are unsure about disclosure, please contact Information Compliance Servicesrfor advice. We may for example suggest that an external examiner is contacted to make them aware of any intended disclosure.

5. Reply to the request

Once you have decided what to disclose and in what form to disclose it (redacted copy of minutes or extract), write to the data subject enclosing copies of the information. If you have redacted information about third parties such as students or external examiners, this should be explained to the applicant. Responses to subject access requests should be sent securely.

6. Keep a record

You need to keep a record of your handling of the request for management purposes for five years from the date you respond to the request. After which the record should be deleted.

You should keep:

• Copies of the correspondence between yourself and the data subject, and between yourself and any other parties
• A record of your decisions and how you came to those decisions
• Copies of the information you sent to the data subject. For example, if the information was anonymised, keep a copy of the anonymised version that was sent to the data subject.