Privacy Notices for use in Schools and Children’s Services

Guidance to schools and LAs with respect to fair processing of information under the Data Protection Act 1998

To meet the requirements of the Data Protection Act 1998 Children’s Services, schools and other service providers need to issue a privacy notice to staff, children and their families summarising the information collected about them, why it is held, and the third parties to whom it may be passed on.

Privacy Notices are needed as the Data Protection Act requires that data is only shared with the data subject (or their parents/carers in the case of children under 13) unless the data subject has given permission to share or where there are statutory requirements for that information to be shared. As the permissions needed and the statutory requirements often change according to the needs of the service, different Privacy Notices have been developed for each type of service and/or data collection.

For general information on privacy policies, please see the Information Commissioner's guidance

Schools

Schools are their own data controller in the eyes of the law; accordingly they need to develop their own policies and documentation to comply with the Data Protection Act. The documentation included here is designed to support schools in developing their own privacy notices.

When designing privacy notices, schools need to be aware of the information they collect and wish to share/use about staff, children and their parents outside of the normal reasons for collection. For example:

• Emailing electronic school newsletters

• Sharing contact details of parents within a class (to assist in arranging birthday parties etc for younger pupils)

• Sharing across the Local Children’s Partnership for more vulnerable children

• Sharing with the PTA when arranging unofficial school events, such as discos and fundraising activities

• Sharing across a school consortia

• Contact details for governors

There are also many statutory requirements for schools to exchange information about staff, parents and children; for example

• School workforce census

• Pupil Level censuses

• School Travel Surveys, Forces Children census etc

• Connexions service data exchange (in year 8)

• Information exchanged when moving between schools

• Exam entries and results

Apart from the standard reasons of protecting vulnerable individuals and those involving the prevention and detection of crime, which are mentioned in the Data Protection Act.

At a minimum schools should include copies of their privacy notices in enrolment documentation and include hyperlinks or signposts to their privacy policy (which includes the privacy notice) at the bottom of any forms collecting personal information. It is considered good practice to refresh peoples awareness of current privacy notices through the regular use of articles in newsletters, school website pages and notices in the reception area.

Many schools used to send out fair processing notices at the start of each academic year, often linked to the provision of an annual data collection to ensure that the information held about pupils is still correct. There is nothing to stop schools doing the same with privacy notices if they wish.

At the start of year 8, schools need to make parents and pupils aware of their right to opt out from the provision of information to the Connexions service under the Learning and Skills Act 2000. This can be done through the use of a privacy notice, a message in a school newsletter or other suitable means but schools should ensure that the message reaches both the pupils and their parents. Once a child attains the age of 12 they are assumed, for most purposes, to have rights over their own information so they need to be aware of privacy notices and their rights to see their own record.

To help schools two outline Privacy Notices have been created which schools may wish to personalise to their own requirements; one for staff and one for parents and older pupils.

The text in the outline privacy notice for parents/pupils that relates to the work of Connexions and the Learning Records Service is only necessary for secondary schools.

In addition to the privacy notice, schools need to ensure they have made details of any routine information sharing arrangements known to the individuals concerned. This can be achieved through the use of the school website, as part of the publication scheme or through advice to contact the school’s admin officer.

Early Education & Child Care

The EECU provides an outline privacy notice for nurseries and child minders which is updated every autumn and distributed as part of the census package. As most provision in this sector is delivered through private providers, many will wish to use the privacy notices belonging to their organisation. As with schools, the outline privacy notice is provided for advice only.

Social Care

For most people in contact with social care the leaflets Your Records and CR11 provide the privacy notices required. However the Department for Education has recently set up a new data collection which requires an additional privacy notice for all young people having a referral to social care as a Child in Need. This privacy notice is mandatory for use within Children’s Services and should be provided to the child (if deemed Fraser/Gillick competent, normally aged 12) and their family at the first suitable meeting with social care after the referral.

Connexions

At the initial meeting with their Personal Adviser young people should have the Connexions privacy policy explained to them and be given a copy of the leaflet providing written details of the Connexions privacy notice and collecting their consent to the sharing of information about themselves.

FAQs

For any other information about Privacy Notices Children’s Services staff should consult http://intranet.hants.gov.uk/childrens-services/departmental-ict/dataprotectionandinformationsharing.htm or contact the Data & Information Manager, Colin Payne on 01962 845700 or by email on Colin.Payne@hants.gov.uk

Information Sharing & Confidentiality

The Children’s Trust has published a policy document on Information Sharing and Confidentiality which can be downloaded from the Children’s Trust website at http://www3.hants.gov.uk/childrens-trust