Data Protection in Schools Slides are aimed at providing a 15-20 minute overview of Data Protection Under new regulations schools have greater accountability and improved processes © eLIM 2018

What is personal data? Anything that identifies a living individual! Think of 5 items of data held about learners? What data should be kept secret? Ask them to think if 5 items of personal data held about learners. Ask for ideas and get them to state who should see that item of data.

New Data Protection Bill Principles processing be lawful and fair purposes of processing be specified, explicit and legitimate adequate, relevant and not excessive accurate and kept up to date kept for no longer than is necessary processed in a secure manner Data belongs to the person – not the school We all have the right to see the data stored about ourselves Go through these slowly explaining each one Personal data shall be processed fairly and lawfully – we have to process data according to the laws and smile about it Personal data shall be obtained only for one or more specified and lawful purposes – we must have a reason to process the data and tell people what we are doing Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. Personal data shall be accurate and, where necessary, kept up to date – quite difficult but we must all try to make sure that everyones data is up to date Personal data shall not be kept for longer than is necessary – think about your old mark books and photos Processed in a secure manner – not just the hardware but all the actions that go on around it. Think about the way in which we issue the Data Collection sheets Then click to reveal that data belongs to the person (data subject) which gives them the right to see the information held about them https://publications.parliament.uk/pa/bills/lbill/2017-2019/0066/lbill_2017-20190066_en_3.htm

Where is there personal data in schools? Paper files Information on servers/hard drives emails Little discussion about which of these can be seen as disclosable – what can be seen by the data subject. Most of these are disclosable. Temporary notes do not have to be kept once the information has been recorded properly. Lesson plans should be disclosed if they hold personal information. Notes made by a teacher for only their use do not have to disclosed – but if they are used in a meeting or for report writing then they should be (Why would you take notes if you are not going to use them or record them somewhere else!). Notebooks ‘Temporary’ notes Online Services and apps

Disclosure – Subject Access Request SEN information and evaluation Bullying incident Playground fight Safeguarding issue Incident with a teacher Long term disagreements with school Estranged parent 15 school days to provide an educational record SAFEGUARDING ALWAYS TAKES PRECEDENT What could be redacted redacted or exempt? Everything recorded should be professional in nature! Schools only get asked to disclose information when there is an issue. In general everything has to be disclosed – only safeguarding and if a crime could be committed do things get withheld. What could be withheld in a document? Other children’s names You only have 15 school days to release the information!!!!

New processes Respond to request for personal data as soon as you can We only have 15 days! Any new use of personal data in a webservice or App Fill in a Privacy Impact Form and discuss Data Breach Let the Data Protection Lead know as soon as possible We need to also have a couple more things to help us in our efforts to be secure If you want to use a new service then fill in a PIA form and then discuss with DPL If you lose data then let the DPL know as soon as possible, © eLIM 2018