The Data Protection Act 1998 states that anyone processing personal data must comply with the eight enforceable principles of good practice. These state that data must be:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in accordance with the data subject’s rights secure
- Not transferred to other countries without adequate protection
The Freedom of Information Act 2000 deals with access to official information, giving individual and organisations the right to request information held by a public authority. The Act requires public authorities to have an approved publication scheme, dealing with the specific information they hold and how this can be accessed. The public authority must normally supply a copy of requested information within 20 days, in an appropriate format.
Both of these areas of legislation cover certain issues which will apply to schools. Schools need to understand the roles of those involved in processing and storing data about pupils, understand the concepts of ‘obtaining’, ‘holding’ and ‘disclosing’ information.
The information Commissioner’s Office (ICO) is ‘the UK’s independent authority set up to promote access to official information and to protect personal information’. The ICO website contains specific information and guidance for schools and education, including a number of good practice notes and model publication schemes. Areas covered include:
- Accessing pupils’ information (Outlining criteria additional to the requirements of the Freedom of Information Act)
- Accessing of official information
- Individuals’ rights of access to examination records
- Disclosing pupils’ exam results to the media
- Taking photos in schools
- Use of biometrics in schools
Schools should consider the issues, and reflect them in their own local policies, practices and procedures.
In school all teaching staff have been issued with an encrypted data key. All pupil information should be transferred on these keys only. Where possible data should not be stored on the key for long periods of time.
Personal files about children sent by email are password protected.
Please click on the links below for further information:
Go back to > Non-Curriculum Policies and Information