DWP managing customer records guide
Updated 22 October 2024
© Crown copyright 2024
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/dwp-information-management-policies/dwp-managing-customer-records-guide
This is version 6.2 and is effective from 1 4 October 2024.
1. Overview
1.1. Department for Work and Pensions (DWP) is legally required to manage its customer records to ensure it complies with data protection legislation, including the Data Protection Act (DPA) 2018 and General Data Protection Regulation (GDPR). The legislation requires that any personal data must be:
- processed lawfully, fairly and in a transparent manner
- collected for specified, explicit and legitimate purposes
- adequate, relevant and limited to what is necessary
- accurate and kept up to date
- kept for no longer than is necessary
- processed securely
2. Scope
2.1. Compliance with these instructions is the responsibility of all DWP staff.
3. Policy Statement
3.1. Classification of records
3.1.1. DWP has two classifications of customer records: Supporting Records or Non-supporting / Ephemeral Records. See Appendix 2.1 for definitions.
3.2. How long do I keep records?
3.2.1. Supporting records (see Appendix 2.1: Definitions): Standard retention is 24 months. See Appendix 2.2: Retention by line of business. Supporting records are retained for 24 months after DWP’s live interest in the claim has ended see 5.2 for a list of live interests.
3.2.2. Ephemeral records see (Appendix 2.1 Definitions): These should be retained locally for 4-weeks, and then electronic records should be deleted, and paper records must be destroyed via confidential waste.
3.3. Telephone call recording
3.3.1. Specific retention periods apply for telephone calls recorded in DWP operations. These are as follows:
3.3.2. Supporting calls: 24 months from date of call and then deleted.
3.3.3. All DWP staff must comply with the above guidelines.
3.3.4. If there is a need to retain telephony records for longer than the standard retention period a change request must be applied for.
3.4. SMS text messages
3.4.1. The full content of the SMS, including the mobile number to which the SMS was sent, to be retained for 90 days.
3.5. Destruction of benefit records
3.5.1. When destroying benefit documents / data, we are applying DWP Information Management Policy (IMP) and not the UK General Data Protection Act (UK GDPR). The UK GDPR does not specify retention periods.
3.6. Destruction embargoes
3.6.1. Destruction embargoes or easements to current retention periods may be applied to customer records from time to time based on business need. These can be applied to records irrespective of format.
3.7. Sending benefit records to Stores
3.7.1. Benefit documents must be recorded on RS Web before being sent to Remote Stores.
4. Accountabilities and Responsibilities – General retention principles
4.1. Users must
4.1.1. Only retain information required to support a claim by applying the principles of what is ‘supporting’ and what is ‘ephemeral’.
4.1.2. Apply retention periods to all claim documents or data whether the claim is successful or not.
4.1.3. Destroy all paper documents that are scanned into electronic systems within 4 weeks of being scanned.
4.1.4. Retain clerical benefits, including Armed Forces Independence Payment (AFIP) locally, apart from Industrial Injuries Disablement Benefit (IIDB) claims which should be sent to Remote Stores.
4.1.5. Photocopy documents identified as valuable. The original should be returned to the claimant and the photocopy sent to Remote Stores.
4.1.6. Save customer information in the right place for the right length of time.
4.2. Users must not
4.2.1. Print any documents relating to a benefit that are uploaded onto the Enterprise Content Management System (ECMS) unless they are required to support an appeal or prosecution where access to DRS is not available.
4.2.2. Print information stored on electronic systems, including Universal Credit Build (UCB) and Child Maintenance System (CMS) 2012 unless it is required to support an appeal or prosecution, and access to these systems is not available.
4.2.3. Retain duplicate information under any circumstances.
4.2.4. Retain customer records ‘just in case’ they may be needed at some point in the future.
4.2.5. Retain supporting records locally for longer than 4 weeks after they have been uploaded to ECMS/DRS. Once supporting documents have been uploaded to ECMS/DRS they can be destroyed.
4.2.6. Send non supporting/ephemeral records to Remote Stores under any circumstances.
4.2.7. Send Non-Associated Post (NAP) to Remote Stores if it does not have a parent file (a live original claim) there already.
5. Accountabilities and Responsibilities – Guidance for specific customer records
5.1. General records
5.1.1. Retention for all lines of business can be found at Appendix 2.2: Retention by line of business.
5.1.2. Applicable retention periods are applied to customer records, whether they are, telephony, paper based or uploaded onto ECMS/DRS.
5.1.3. If the case has the following DWP interest, the customer or benefit record must be retained until end of interest, then the normal retention period applies. DWP Interest is defined in 5.2.
5.2. Ongoing action
5.2.1. Debt Management including: overpayments, Compensation Recovery (CRU), civil proceedings and Recovery from Estates.
5.2.2. Appeals including: Mandatory Reconsiderations.
5.2.3. Customer feedback or complaints being dealt with by Independent Case Examiner (ICE) cases and Parliamentary Health and Service Ombudsman (PHSO) Cases only.
5.2.4. Criminal Cases Review Commission cases.
5.2.5. Cases subject to a Performance Measurement check.
6. Compliance
6.1. Compliance with this policy is the responsibility of all DWP staff, contractors, third parties and suppliers working on the DWP estate.
6.2. Line managers are responsible for ensuring that all DWP staff, contractors, third parties and suppliers working on the DWP estate understand their responsibilities as defined in this policy and that they continue to meet its requirements for the duration of their employment within DWP. It is a line manager’s responsibility to take appropriate action if individuals fail to comply with this policy.
6.3. The DWP Security and Data Protection Team will regularly assess compliance with this Policy and may inspect technology systems, paper holdings, design, processes, people and physical locations to facilitate this. All staff, contractors, third parties and suppliers, who create, handle or store information on the DWP estate are required to facilitate, support, and when necessary participate in these inspection requests.
6.4. Employees are responsible for ensuring that they understand their responsibilities as defined in this policy and the Acceptable Use Policy.
6.5. Once this document has been read and understood by a member of staff, they should record the information in line with the Security Responsibilities Checklist.
Appendix 2.1 Definitions
| Term | Definition |
|---|---|
| Customer records | include any piece of information that relates to our claimants or customers regardless of its content and format (i.e., the retention policy is ‘format neutral’) |
| What is a Customer Record? | A customer record is the personal data created, received, processed and/or maintained by DWP, regardless of format, including but not limited to that which is essential to fulfil the DWP’s legal obligation to administer pension, welfare and Child Maintenance cases on behalf of customers, and for the prevention and detection of fraud. |
| Handling of Lists Containing Personal Data | Personal data about an individual/group of individuals held solely to manage workflow and caseload, (e.g. lists or spreadsheets for reports, trackers etc….) and which contains details of multiple customers is not a ‘customer record’. These lists are information assets. |
| Supporting records | documents or data that support a benefit or child maintenance outcome decision, and contains information on how that decision was made. It is generally information that would be supplied in the event of an appeal or fraud investigation, or that affects the amount of benefit paid or child maintenance assessment. See Appendix 2.2: Retention by line of business for the standard retention of customer documents. |
| Non-supporting or Ephemeral records | documents or data that do not fit into the definition of supporting documents. These are of a general nature and do not affect the claim in any way. For example, general enquiries, internal templates, front cover sheets. |
| End of live interest | The retention period is ‘triggered’ when a case is closed or at the end of DWP interest. DWP interest includes: • fraud investigation has ended, • overpayment has been repaid |
Appendix 2.2 - Retention by Line of Business
If any case has the following interests, they must be retained until the end of that interest. At the end of the interest the retention periods detailed below then apply.
Interests
- Fraud
- Overpayments including: civil proceedings and Recovery from Estates
- Debt Management including: Compensation Recovery
- Appeals including: Mandatory Reconsiderations
- Customer feedback or complaints being dealt with by Independent Case Examiner (ICE) cases and Parliamentary Health and Service Ombudsman (PHSO) Cases only.
- Criminal Cases Review Commission cases
- Child Maintenance Group
- Cases subject to a Performance Measurement check
For documents stored on ECMS/DRS, the retention periods below apply.
Access to Work
Benefit line retention and specific documents
Cases with payments in DISC: AtW element(s) awarded and have had a reimbursement payment from payment creation.
Non-standard retention policy
84 Months.
Business justification for retention period
Finance payment audit requirements.
Benefit line retention and specific documents
Cases without payments in DISC: Customers that have had an AtW element(s) awarded but no payment – case creation.
Cases with a referral to AtW contracted provision case creation.
Non-standard retention policy
36 or 84 months.
Business justification for retention period
Access to Work awards are made in three-year periods.
Finance payment audit requirements.
Benefit line retention and specific documents
Customers that applied to Access to Work but did not have an element awarded are removed 36 months after the case was created.
Non-standard retention policy
36 months.
Business justification for retention period
Access to Work awards are made in three-year periods.
Appeals
Benefit line retention
24 months.
Business justification for retention period
To ensure documentation is available for audit requirements.
Attendance Allowance
Benefit line retention
24 months.
Business justification for retention period
To ensure documentation is available for audit requirements.
Benefit Cap
Benefit line retention
24 months.
Business justification for retention period
To ensure documentation is available for audit requirements.
Bereavement benefits (including, Widow’s Benefit, Widow’s Pension, Widowed Parent’s Allowance, Widowed Mother’s Allowance)
Benefit line retention
24 months.
Business justification for retention period
To ensure documentation is available for audit requirements.
Carer’s Allowance
Benefit line retention
24 months.
Business justification for retention period
To ensure documentation is available for audit requirements.
Child Maintenance Group
Benefit line retention
24 months.
Specific documents
All supporting documents.
Non-standard retention period
24 months for all supporting documents.
Business justification for retention period
To ensure documentation is available for audit requirements.
Claimant Commitments
Benefit line retention
4 weeks after live interest.
Non-standard retention period
4 weeks after end of claim, unless sanction, fraud, appeal, debt, or Performance Management interest.
Business justification for retention period
These are ‘supporting’ when the claim is live but are ‘ephemeral’ once the claim or DWP interest has ended.
Complaints
Benefit line retention
24 months.
Non-standard retention period
e-Case.
Business justification for retention period
To ensure documentation is available for audit requirements.
Debt Management (including Compensation Recovery Unit (CRU), arrears and enforcements)
Benefit line retention
CRU 24 months.
Debt Management (Citizen Debt) documents 24 months.
Specific documents
Benefit lines must keep overpayment decision and a copy of the letter informing the claimant of the overpayment decision.
Debt Management (citizen debt) any relevant debt documents needed for audit purposes.
Non-standard retention period
24 months after debt interest closes.
Business justification for retention period
To ensure documentation is available for audit requirements.
Benefit line retention
Debt Systems and any finance or payments documents.
Non-standard retention period
Debt Management – DMS and CRU systems and any finance or payment documents.
Non-standard retention period
7 years after debt interest closes for payment related data (ledger).
Business justification for retention period
Financial Audit Requirements.
Disability Living Allowance (DLA Child, DLA Working Age Adult and DLA 65+)
Benefit line retention
24 months.
Business justification for retention period
To ensure documentation is available for audit requirements.
Employment and Support Allowance
Benefit line retention
24 months.
Non-standard retention period
JSAPs stores information for 4 years HMRC (requirement). To comply with Regulation 97 of the the Income Tax (Pay As You Earn) Regulations 2003.
Business justification for retention period
To ensure documentation is available for audit requirements.
European Social Fund (England) 2007-2013
ESFD paper records held in remote storage pertaining to the ESF 2007-2013 Programme have now been destroyed. All electronic records are being retained until 1 June 2026 in order to evidence any State Aid in accordance with Article 60 (f) of Commission Regulation 1083/2006.
This is covered in Action Note 107/07-13: ESF 2007 to 2013 England Programme Closure - Retention of key Documents.
European Social Fund (England) 2014-2020
For ESF research and evaluation see guidance for research reports.
Minimum 10 years after final payment has been made.
All data must be retained for a minimum of 10 years following the last project activity, expectation June 2024. Each project’s data retention period is established after their final ESF claim is paid by the ESF Managing Authority.
European Social Fund (Wales) 2007-2013
2007-13 Programmes – Please follow this link for the confirmed document retention dates for these Programmes - EU Structural Funds 2007 to 2013: document retention periods (Gov.Wales). You will note that the document retention dates for both European Social Fund programmes, in Wales, have now passed. 10 years from the date of award.
European Social Fund (Wales) 2014-2020
2014-20 Programmes – retention dates are set at the level of the operation and are dependent on when the final project expenditure is included in the annual accounts that WEFO submits to the EC. WEFO will write out individually to beneficiaries to confirm these dates once they are available. You can find more detail on this at section 5.1.4.1 of the WEFO Eligibility Rules and at question 1 of Programme Closure frequently asked questions (FAQ) document (EU Structural Funds 2014 to 2020: project closure FAQs (GOV.WALES).
EU Structural Funds 2014 to 2020: compliance and eligibility guidance (GOV.WALES).
Finance
Benefit line retention
See Managing Finance and Procurement Records.
Specific documents
Financial checks, payments, journals, Flexible Support Fund, New Enterprise Allowance, FF100 and Special Payments.
Fraud
See Fraud Retention Guidance.
General Matching Service (GMS)
Benefit line retention
18 months after GMS action ends.
Specific documents
A cross department system which matches customer data for over/under payments.
Non-standard retention period
18 months after GMS action ends.
Business justification for retention period
18 months to feed into end of year reporting.
Incapacity Benefit
Benefit line retention
24 months.
Specific documents
IB55 referral files for live claims.
Non-standard retention period
120 months from date of decision.
Business justification for retention period
This is to ensure that the last two Personal Capability Assessments on form IB85 are retained.
Income Support
Benefit line retention
24 months.
Specific documents
All supporting documents.
Non-standard retention period
Income Support Computer System (ISCS) is used to administer both Income Support and Pension Credit cases.
Data on ISCS is held for 18 months after the claim closure date, last activity, or date of last adjudication on the live system before being moved and placed into the archive system. Once archived data is held for 5 years.
Business justification for retention period
System retention is 18 months (5 years archived). Clerical and ECMS supporting paper to be held for 24 months following end of DWP Interest/Case closure.
Independent Case Examiner (ICE) cases
Benefit line retention
24 months.
Specific documents
For data recorded on Respond.
Non-standard retention period
24 months after ICE case closure.
Business justification for retention period
Retaining electronic data for 24 months allows sufficient time for a complainant to consider the outcome of ICE examination of their complaint and exercise their right to approach the relevant Parliamentary Ombudsman. For complaints with a live PHSO interest, the retention period is the latter of 24 months or one month after end of interest.
Industrial Injuries Disablement Benefit (IIDB)
Benefit line retention
14 months
Business justification for retention period
Retention period in place to support response to any mandatory reconsideration.
Information provided to support safeguarding adult reviews and domestic homicide reviews
Benefit line retention
6 years as involves a customer death.
Specific documents
Initial request and any supplementary requests.
All information provided including legal clearance.
Non-standard retention period
6 years.
Business justification for retention period
Reflects potential time period of these external reviews.
Internal process review documents
Benefit line retention
6 years from completion of IPR investigation.
Non-standard retention period
6 years.
Business justification for retention period
To enable responses to requests from FOI’s, DWP Select committee and DWP Security of State.
Jobseekers Allowance
Benefit line retention
24 months.
Non-standard retention period
JSAPs stores information for 4 years HMRC (requirement). To comply with Regulation 97 of the The Income Tax (Pay As You Earn) Regulations 2003.
Business justification for retention period
To ensure documentation is available for audit requirements.
Multi Agency Public Protection Agency (Jobcentre) MAPPA J Forms
Non-standard retention period
Should be retained locally for the period that the restrictions apply.
When the restrictions no longer apply the MAPPA forms should be destroyed immediately, in the same way as any other sensitive information.
Business justification for retention period
Required to identify which offenders are MAPPA eligible and the related risk management. See MAPPA guidance for further details.
National schemes for the 1979 Pneumoconiosis Worker Compensation Act 1979 and the 2008 Mesothelioma Scheme
Benefit line retention
Compensation payment made retention 8 years from the date of the last decision.
No award for compensation standard retention period of 2 years from the date of the last decision.
Specific documents
System records (customer details; system payments).
In DRS the application form and supporting documents will be retained.
Business justification for retention period
To allow DWP to make recovery of National Schemes Compensation Act from civil compensation awards.
National Insurance number (NINo) allocation
Benefit line retention
3 years from the date of creation.
Specific documents
NINo Allocation; successful. NINo applications; the digital NINo application form and associated documents are held on the Apply for a NINo Service.
See the NINO Allocation Guide.
Non-standard retention period
3 years from the date of creation.
Business justification for retention period
3 years is required prevent Fraud or identity theft, and to prevent re-applications and to allow cross reference.
Parliamentary Health and Service Ombudsman (PHSO) cases
Benefit line retention
24 months.
Specific documents
For data recorded on eCase.
Business justification for retention period
Retaining electronic data for 24 months allows sufficient time for PHSO to exam and investigate complaints to conclusion.
Pension Credit
Benefit line retention
24 months.
Non-standard retention period
Income Support Computer System (ISCS) is used to administer both Income Support and Pension Credit cases.
Data on ISCS is held for 18 months after the claim closure date, last activity, or date of last adjudication on the live system before being moved and placed into the archive system. Once archived data is held for 5 years.
Business justification for retention period
To ensure documentation is available for audit requirements.
Pension sharing on divorce documents
Benefit line retention
Until State Pension claimed then 24 month retention period applies.
Non-standard retention period
Until State Pension claimed then standard retention period applies.
Business justification for retention period
The calculations provide a snapshot of National Insurance which cannot be redone and include details of pension share.
Performance measurement
Benefit line retention
24 Months.
Specific documents
DRS/ECMS Supporting Documentation.
Business justification for retention period
To ensure documentation is available for audit requirements.
Specific documents
Fraud and Error Measurement and Accuracy (FEMA).
Non-standard retention period
36 Months.
Business justification for retention period
To enable the publication of statistical data.
Personal Independence Payments (PIPCS)
Benefit line retention
24 months.
Business justification for retention period
To ensure documentation is available for audit requirements.
Relationship Validation Unit (RVU) Type B Cases
Benefit line retention
5 Years.
Specific documents
All supporting documents.
Non-standard retention period
5 years from date of decision.
Business justification for retention period
These are complex cases that likely to be appealed. It would be costly or not possible for the department or claimant to collect this information again.
Social Fund
Benefit line retention
24 months.
Business justification for retention period
To ensure documentation is available for audit requirements.
State Pension
Benefit line retention
24 months.
Business justification for retention period
To ensure documentation is available for audit requirements.
State Pension Deferred Lump Sum Payments
Benefit line retention
6 years.
Specific documents
The completed DL66 and DL67 and any evidence to support subsequent changes to this decision.
Non-standard retention period
72 months (6 years) after the financial year the payment is made
Business justification for retention period
HMRC, The National Archives (TNA) and National Audit Office (NAO) requirements
Suicide and self-harm documents
Benefit line retention
Retain for 6 years following the date on which the incident occurred, or the declaration of intention was made.
Specific documents
All documents relating to suicide and self-harm.
Non-standard retention period
Retain for 6 years following the date on which the incident occurred, or the declaration of intention was made.
Business justification for retention period
Health and Safety Retention Document Customer Self-Harm.
Support for Mortgage Interest (SMI) loan documents
Benefit line retention
14 months DRS.
2 finance documents 6 years.
Specific documents
SMI charge form / loan agreement.
Non-standard retention period
6 years after recovery / write-off of the SMI loan.
Business justification for retention period
Documents should be held until the expiry of the limitation period on loan agreements.
Universal Credit build
Benefit line retention
24 months.
Business justification for retention period
To ensure documentation is available for audit requirements.
Warm Home Discount
Specific documents
Data from suppliers – stored electronically.
Non-standard retention period
18 months from date of receipt.
Business justification for retention period
Required for data matching in response to customer or Energy Supplier enquiries to check why eligibility was not granted in the previous scheme year. This retention ‘carry over’ has been agreed with Energy Suppliers.
Winter Fuel Service (WFS)
Benefit line retention
24 months after the annual exercise completes (31 March).
Specific documents
A system identifying all Winter Fuel Payments, any offline applications should be uploaded into WFS.
Non-standard retention period
24 months after the annual exercise completes (31 March).
Business justification for retention period
To meet NAO requirements.
Working Health Programme (WHP)
Benefit line retention
5 years following the closure of the claim/PA.
Specific documents
WHP records.
Non-standard retention period
5 years.
Business justification for retention period
Information needed so that the Programme can effectively manage the referral and re-referral process.