Handling Tricky Requests for Pupil Information

Slides:



Advertisements
Similar presentations
The Data Protection Act - an absolute right to ask but a qualified right to receive Maureen H Falconer Senior Policy Officer, ICO CELCIS, Scottish University.
Advertisements

Data Protection Information Management / Jody McKenzie.
Data Protection.
Safeguarding Hub Webinar Parental access to child protection records: protecting pupil disclosure Katie Michelon
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
1 OVERVIEW PRESENTATION FREEDOM OF INFORMATION (SCOTLAND) ACT 2002.
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
Privacy, Confidentiality and Duty to Warn in School Guidance Services March 2006 Disclaimer - While the information in these slides are designed to reflect.
Public rights of access to information Grisilda Ponniah, Corporate Information Governance Manager Mary Elliott, FOI Officer Legal & Democratic Services.
DATA PROTECTION OFFICE {PMO} “OVERVIEW OF THE FUNDAMENTAL ASPECTS OF THE RIGHT OF ACCESS“ Presented by The Commissioner Mrs D. Madhub To Mutual Aid Association.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Sharing Pupil Data North Yorkshire County Council Schools Conference Robert Beane and Louise Jackson.
OPEN UP! Introduction to handling Freedom of Information requests.
Session 8 Confidentiality and disclosure. 1 Contents Part 1: Introduction Part 2: The duty of confidentiality Part 3: The duty of disclosure Part 4: Confidentiality.
FERPA for the Financial Aid Office NCASFAA Fall Conference November 2012.
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
The Disclosure and Barring Service Taxi and PHV licensing conference Thursday 19 March 2015 Presented by:Ian Johnston - Director for Operations (Disclosure)
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Data Protection and Freedom of Information. Objectives Describe the main points of the Data Protection Act 1998 and Freedom of Information Act 2000 Illustrate.
Juvenile Legislative Update 2013 Confidentiality of Records and Interagency Sharing of Educational Records.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
General Data Protection Regulation (EU 2016/679)
Subject Access Request Webinar Friday 20 May 11am
Requests for Records: The Office of the Registrar
Kids' legal rights in medical care, your obligations and risk minimisation 27 April 2017.
Presentation to GTMC on GDPR
GDPR – What’s it all about???
General Data Protection Regulations: what you really need to know
General Data Protection Regulation
Data protection issues in regulatory investigations
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
Getting it right for every child and information sharing
Museums + Heritage webinar, 30 November 2017
GDPR Road map to Compliance.
Data Protection & Freedom of Information- An Introduction
General Data Protection Regulations
DP BILL: DIFFERENCES AND DEROGATIONS
GENERAL DATA PROTECTION REGULATION (GDPR)
General Data Protection Regulations
Introduction to GDPR 09/11/2018.
New Data Protection Legislation
GDPR and Health and Safety
Family Education Rights and Privacy Act
Appropriate Data Sharing in Health and Social Care
G.D.P.R General Data Protection Regulations
The new data protection rules
Data Protection and Running a Compliant Pub Watch SCHeme
General Data Protection Regulation
General Data Protection Regulation (GDPR)
Data Protection principles
Preparing for the GDPR - What do we need to do if we process children’s personal data? Data Protection Practitioners’ Conference 2018 #DPPC2018.
Information for Patients Please return to reception
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
General Data Protection Regulation (GDPR)
Mathew Norman, Policy & Public Affairs Officer, RLA Wales
How we use Your Health Records
How we’ll prepare for the General Data Protection Regulation (GDPR)
General Data Protection Regulations 2018
General Data Protection Regulations (GDPR) Training
FERPA For New Faculty Lawrence F. Glick Sr. Associate General Counsel
GDPR Consent Data Protection Practitioners’ Conference 2018 #DPPC2018.
Understanding Data Protection
GDPR Session
GDPR Workshop – Partnerships for Jewish Schools
GDPR Information and Consent
Confidentiality Training 2014
Getting Ready For GDPR Simon Marks Director
Presentation transcript:

Handling Tricky Requests for Pupil Information SCHOOLS NorthEast SBM Conference 22 June 2017 Emma Dewar, Associate To update date go to Insert menu then choose Header & Footer in text group

Tricky requests – what do I mean? A former pupil asks for copies of all information held about him on file. The father of a year 8 pupil comes in to the school office and asks for his son's academic and attendance records The school's CCTV cameras capture a pupil fight in the cafeteria at lunchtime. The mother of one of the pupils involved asks to see the footage. The police ask to see the attendance records of a Year 10 pupil 22 June 2017

MASSIVE Goal My Massive Goals for you from this session: Gain an awareness of the legal framework that applies to schools when handling requests for pupil information Know how to respond, or where to go for guidance 22 June 2017

Overview Requests from individuals – legal framework Data Protection Act 1998 Pupil Information Regulations (SI 2005/1437) Requests from authorities Changes on the horizon Any Questions? 22 June 2017

Requests from individuals

Legal framework Data Protection Act 1998 Imposes duties on schools to protect personal data Provides a legal right for individuals to request their own personal data Education (Pupil Information) (England) Regulations 2005/1437 Provides a legal right for parents to see their child's educational record (only applies to maintained schools and non-maintained special schools) 22 June 2017

Data Protection Act 1998 Imposes duties on schools to protect personal data Personal data includes any information which identifies a living individual (whether on its own or together with other information). Eg. pupil records,employee records, staff or pupil emails, CCTV footage, photos, videos etc  Special protection given to certain categories of sensitive personal data. Eg. health data, information about criminal offences or alleged offences, data on race and ethnicity  Schools must comply with the 8 Data Protection Principles Includes ensuring you handle (and share) personal data lawfully and fairly eg. with consent or where you have a legal obligation (eg court order or other strict obligation) to do so 22 June 2017

Data Protection Act 1998 Provides a right for an individual to access his/her own personal data – Subject Access Right Applies to all schools Request must be in writing (but needn't refer to the Act) Deadline for response: 40 calendar days as standard Reduced to 15 school days if the request includes the educational record (NB. maintained & non-maintained special schools only) Fee can be charged (but school can waive) Can redact other peoples' personal data – can only disclose a 3rd party's data with their consent, or where you think it reasonable to disclose it without their consent 22 June 2017

Data Protection Act 1998 Subject Access Right – potential exemptions: the disclosure of health data is likely to cause serious harm to the physical or mental health of the pupil or another individual information is contained in adoption and parental order records examination scripts are requested examination marks are requested before they are officially announced disclosure would prejudice crime prevention and detection there are ongoing negotiations with the pupil and disclosure would prejudice those negotiations it relates to staff and management forecasts; it comprises of confidential references given by you (but not ones given to you) the information is covered by legal professional privilege Further info, see: ICO Subject Access Code of Practice - https://ico.org.uk/media/for- organisations/documents/2014223/subject-access-code-of-practice.pdf 22 June 2017

Case study 1 A former pupil asks for copies of all information held about him on file. 22 June 2017

Subject Access – Tricky issue 1 Verifying the identity of the requester If you are unfamiliar with the requester (eg a pupil who left 15 years ago, or parent the school has no contact with) don’t be afraid to ask them to bring in suitable ID If you need time to verify the identify of the requester, or to clarify what they are asking for, this 'stops the clock' for the purpose of the timescales, and it only re-starts when you have sufficient information to proceed. 22 June 2017

Subject Access – Tricky issue 2 Requests made on behalf of children Remember: the legal right belongs to the child Does the pupil have the capacity to make the request themselves? Consider: Their age (age 12 generally used as a guide) Their maturity and ability to understand their right if explained to them Any duty of confidence owed to the pupil The consequences of disclosing/not disclosing to their parent/solicitor If the pupil is capable, the school should ask for the pupil's written consent, or the pupil should make the request themselves. If the pupil is not capable, consider the suitability of the person making the request (eg. does the person have parental responsibility? Are there any relevant court orders?) 22 June 2017

Case study 2 The father of a year 8 pupil at an academy comes in to the school office and asks for his son's academic and attendance records. 22 June 2017

Pupil Information Regulations 2005 Parent's right to access their child's educational record A right that belongs to the parent Applies only to maintained and non-maintained special schools (i.e. does not apply to academies, free schools or independents) Entitles a parent to view their child's educational record (no fee) or to request a copy of it (can charge a fee) Educational record includes information relating to a pupil which comes from a teacher, other staff, the pupil or parent, processed by the school's governing body, education authority or a teacher except information solely for the teacher's own use. Deadline: 15 school days Exemptions may apply 22 June 2017

Case study 3 The father of a year 8 pupil comes in to the (maintained school) office and asks for his son's academic and attendance records 22 June 2017

Case study 4 The school's CCTV cameras capture a pupil fight in the cafeteria at lunchtime. The mother of one of the pupils involved asks to see the footage. 22 June 2017

Requests from authorities

Requests from authorities There is no general right of access to personal information by organisations. Unless the school has a legal obligation to provide the information (eg. a court order addressed to the school for this information), you are not legally compelled to provide it. The organisation (eg. police, local authority, other authority) may have a legitimate need to access to it, but it is up to them to demonstrate this to you. 22 June 2017

Requests from authorities (2) The DPA does not prevent you from providing information in appropriate circumstances. Examples: Section 29 DPA allows disclosures where these are required in connection with prevention/detection of crime or prosection of an offence. Action: ask the police for a 'section 29 form' in which they clearly identify why they need the information in connection with the prevention/detection of crime. Ask for this to be signed by a supervising officer. Section 35 DPA allows disclosures where these are necessary for a legal obligation, court order, legal proceedings or to obtain legal advice. Seek advice if you are unsure. 22 June 2017

Useful resources ICO Data Sharing Code of Practice ICO Subject Access Code of Practice https://ico.org.uk/media/for- organisations/documents/2014223/subje ct-access-code-of-practice.pdf ICO Helpline: 0303 123 1113  ICO Data Sharing Code of Practice https://ico.org.uk/media/for- organisations/documents/1068/data_s haring_code_of_practice.pdf 22 June 2017

Case study 5 The police ask to see the attendance records of a Year 10 pupil. 22 June 2017

Changes on the horizon General Data Protection Regulation (GDPR) New European data protection legislation will replace the Data Protection Act 1998 from 25 May 2018. Key changes for schools – Subject access right remains, but £10 fee to be abolished Current exemptions are likely to be reviewed and may be amended Consent – needs to specific, informed, freely given, unambiguous and capable of being withdrawn. Pre-ticked boxes will not suffice. If school offers certain social media services, it will need to obtain parental consent for children under 16 (UK may lower, no younger than 13). No need to notify annually to the ICO… …but need to keep own detailed records about what data you hold and what you do with it, and be able to demonstrate you comply with the GDPR Much larger fines for non-compliance – up to 4% turnover or EUR 20m 22 June 2017

Any Questions?

Set Your Goal Key points to remember:

Contact us Emma Dewar Associate 0191 230 8309 emma.dewar@bonddickinson.com 22 June 2017

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.