The length of time that you keep student data for will depend on two factors: the first is good records management practice, and the second is compliance with the Data Protection Act 1998. With regards to records management, a good source of information and suggested retention periods for specific records is the
Business Classification Scheme and Records Retention Schedules developed published by JISC InfoNet. There are specific sections for HE and FE, and within those subsections on student administration and student records which detail the types of record and the suggested retention period. However, some institutions may have their own particular retention schedule and differing requirements, for example, as a result of audit, quality control or reporting requirements from funders or partners, so this would need to be checked.
Second, insofar as the information kept is personal information (as it is likely to be), care has to be taken that what you hold is held in accordance with the Data Protection Act 1998 and the eight data protection principles. These include the requirements that the data is adequate, relevant and not excessive in respect to your purposes for holding it (
principle 3) and that data should be held no longer than is necessary (
principle 5) and compliance with these will be incorporated into your institution's data protection and records management procedures and policy. JISC Legal has published a detailed
Data Protection Code of Practice for FE and HE, and further information is available from the
data protection and
information governance sections of the JISC Legal website. With regards to further use of the data for quality improvement or reporting purposes, it should be noted that if the data is anonymised such that it cannot be related back to specific individuals, no data protection issue will arise.