However, we also decided to take this as an opportunity to examine the data that we require from students, how we store it, and how long we store it for.Data We Require
First, we should make a distinction between the two kinds of people we work with:
1) Our students
2) Everyone else
We require quite a bit of information from our students, so that we can provide the best possible service for those students. All the information we request is either for us to use to help students, or to provide to one of our service partners (accommodation provider, internship provider, etc.). We try not to ask for any information that we don’t use.
From everyone else (i.e. people who aren’t yet our students), we don’t require any information at all. We use Google Analytics on our website, to track how many visitors we have and what they do on our site, but this data is only used in aggregate, not to track individuals. We’ve set Analytics so that user data is anonymized. Basically, we don’t need to know much information about anyone who isn’t a customer, and because having personal data is a potential problem, we’d prefer not to have that data!
(For the record, we also don’t sell anyone’s data.)
How We Store Data (And How Long For)
In 2018, we (finally!) switched over to using a full-featured school management software system, which has the added benefit of storing student data very securely. We’ve never had a data breach, and with our new system, the odds of ever having one are even lower.
When we switched over to our new system, we purged all old student data, with the exception of names and study periods for former students (so that we can give discounts to returning students, and send transcripts when required). For new data, we plan to keep student data in our system for two years after study is finished, then to delete all data except names and study periods. There’s one exception: the Japanese government requires us to keep detailed records for everyone who applies for a student visa through us for 3 years from date of application.
Basically, we only want the minimum data possible to provide the best services possible, and we want to keep that data for as little time as possible. We take our responsibility with customer data very seriously.