Archive | Issue 67-Summer 2017 RSS feed for this section

Data Protection law to be strengthened in 2018: Impact on Schools

18 Apr

Complying with the requirements of the Data Protection Act (DPA) 1998 is daunting.   A problem area is managing sensitive personal data.  Data on ethnicity, religion, union membership, medical information, special educational needs and disability (SEND) status, looked-after children, assistance or bursary recipients and sexual orientation are classed as sensitive. A school must have an operational need and/or explicit consent to process this data otherwise it is in contravention to the DPA.  Only people who need to use sensitive data for professional purposes can access it.  Consequently, such data should be accessed only with a password.

A separate taxing issue is making available all the data the school holds on a person to that person when s/he requests it and do so within one month of the request – part of the Freedom for Information (FoI) Act 2000.

Non-compliance has not led to much trouble so far.  In the second half of 2016, only 40 data security incidents – vis-à-vis the education sector in England – were reported to the Information Commissioner’s Office (ICO).  However, very few school staff members are trained in how to comply with the DPA.  They will now need to be (trained) because the present system of managing data will change with the General Protection Data Regulations (GPDR) coming into force on 25 May 2018. This is a part of the European law which will take effect despite Brexit.

Continue reading