Data Protection Policy

Data Protection Policy 

Click here for PDF


CHANCERY EDUCATION TRUST

DAVIDSON PRIMARY ACADEMY

DATA PROTECTION POLICY

JUNE 2017

The Data Protection Act 1998 ensures a balance between an individual’s rights to privacy and the lawful processing of personal data undertaken by organisations in the course of their business. It aims to protect the rights of individuals about whom data is obtained, stored, processed or supplied and requires that organisations take appropriate security measures against unauthorised access, alteration, disclosure or destruction of personal data.

The academies within the Chancery Education Trust collects and holds personal information relating to its pupils, staff, governors and parents who come into contact with the academy. We may also receive information about our pupils from their previous academy/school, local authority and/or the Department for Education (DfE). We use this personal data to:

  • Support our pupils’ learning
  • Monitor and report on their progress
  • Provide appropriate pastoral care
  • Assess the quality of our services

This information will include their contact details, national curriculum assessment results, attendance information, any exclusion information, where they go after they leave us and personal characteristics such as their ethnic group, any special educational needs they may have as well as relevant medical information.

We will not give information about our pupils to anyone without your consent unless the law and our policies allow us to do so. If you want to receive a copy of the information about your child that we hold, please contact Mr Rampton, CEO, Chancery Education Trust.

We are required by law to pass some information about our pupils to the Department for Education (DfE). This information will in turn, be made available for use by the Local Authority.

The DfE may also share pupil level personal data that we supply to them, with third parties. This will only take place where legislation allows it to do so and it is in compliance with the Data Protection Act 1998. For more information about how the DfE collects and uses your information, please visit the DfE website at www.gov.uk/data-protection-how-we-collect-and-share-research-data

Davidson Primary Academy had a duty to be registered with the Information Commissioner’s Office (ICO): www.ico.gov.uk. Detailing the information held and its use. These details are available on the ICO’s website.

The Data Controller for Davidson Primary Academy is Mr Rampton, CEO, Chancery Education Trust.

Purpose

This policy is intended to ensure that personal information is dealt with correctly and securely and in accordance with the Data Protection Act 1998, and other related legislation. It will apply to information regardless of the way it is collected, used, recorded, stored and destroyed, and irrespective of whether it is held in paper files or electronically.

All staff involved with the collection, processing and disclosure of personal data will be aware of their duties and responsibilities by adhering to these guidelines.

What is Personal Information?

Personal information is any information that relates to a living individual who can be identified from the information. This includes any expression of opinion about an individual and intentions towards an individual. It also applies to personal data held visually in photographs or video clips (including CCTV) or as sound recordings.

Data Protection Principles

The Data Protection Act 1998 establishes eight enforceable principles that must be adhered to at all times:

  • Personal data shall be processed fairly and lawfully
  • Personal data shall be obtained only for one or more specified and lawful purposes
  • Personal data shall be adequate, relevant and not excessive
  • Personal data shall be accurate and where necessary, kept up to date
  • Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose or those purposes
  • Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998
  • Personal data shall be kept secure i.e. protected by an appropriate degree of security
  • Personal data shall not be transferred to a country or territory outside the European Economic Area (EEA), unless that country or territory ensures an adequate level of data protection.

General Statement

The academy is committed to maintaining the above principles at all times. Therefore the academy will:

  • Inform individuals why the information is being collected when it is collected
  • Check the quality and the accuracy of the information it holds
  • Ensure that information is not retained for longer than is necessary
  • Ensure that when obsolete information is destroyed that it is done so appropriately and securely
  • Ensure that clear and robust safeguards are in place to protect personal information from loss, theft and unauthorised disclosure, irrespective of the format in which it is recorded
  • Share information with others only when it is legally appropriate to do so
  • Set out procedures to ensure compliance with the duty to respond to requests for access to personal information, known as Subject Access Requests
  • Ensure our staff are aware of and understand our policies and procedures

Processing, Storing, Archiving and Deleting Data

  • Personal data and academy records about pupils are confidential to the child. The information can be shared appropriately within the professional working of the academy to enable the academy to make the best educational provision for the child. The law permits such information to be shared with other educational establishments when pupils change academies/schools
  • Academy records for a child should be kept for seven years after the child leaves the academy, or until the child reaches twenty five years of age (whichever is greater) and examination records the same
  • Personal data held about Governors is sensitive information and confidential to the individual, and is shared, where appropriate, at the discretion of the Principal and with the knowledge, and if possible the agreement of the Governor concerned
  • Data on staff is sensitive information and confidential to the individual, and is shared, where appropriate, at the discretion of the Principal and with the knowledge, and if possible the agreement of the staff member concerned. Staff should refer to the Staff Data Protection Policy.
  • All formal complaints made to the Trust/ academy will be kept for at least seven years in confidential files, with any documents on the outcome of such complaints. Individuals concerned in such complaints may have access to such files subject to data protection and to legal professional privilege in the event of a court case

Appendix 1

The Trust’s Procedures for responding to subject access requests made under the Data Protection Act 1998.

Rights of access to information

There are two distinct rights of access to information held by an Academy about pupils:

  1. Under the Data Protection Act 1998 any individual has the right to make a request to access the personal information held about them
  2. The right of those entitled to have access to curricular and educational records as defined within the Education Pupil Information (England) Regulations 2005

These procedures relate to subject access requests made under the Data Protection Act 1998.

Actioning a Subject Access Request

Any data subject who wishes to obtain the above information must notify the Chancery Education Trust in writing of his or her request. This is known as a Data Subject Access Request.

  1. Requests for information must be made in writing; which includes email, and be addressed to the Mr Rampton, CEO, Chancery Education Trust. If the initial request does not clearly identify the information required, then further enquiries will be made
  2. The identity of the requestor must be established before the disclosure of any information, and checks should also be carried out regarding proof of relationship to the child. Evidence of identity can be established by requesting production of:
  3. Passport
  4. Driving licence
  5. Utility bills with the current address
  6. Birth / Marriage certificate
  7. P45/P60
  8. Credit Card or Mortgage statement

(This list is not exhaustive.)

  1. Any individual has the right of access to information held about them. However, with children, this is dependent upon their capacity to understand (normally age 12 or above) and the nature of the request. The Principal should discuss the request with the child and take their views into account when making a decision. A child with competency to understand can refuse to consent to the request for their records. Where the child is not deemed to be competent an individual with parental responsibility or guardian shall make the decision on behalf of the child
  2. The academy may make a charge for the provision of information, dependent upon the following:
    1. Should the information requested contain the educational record then the amount charged will be dependent upon the number of pages provided
    2. Should the information requested be personal information that does not include any information contained within educational records that an academy can charge up to £10 to provide it
    3. If the information requested is only the educational record viewing will be free, but a charge not exceeding the cost of copying the information can be made by the Trust’s Director of Finance and Personnel
  3. The response time for subject access requests, once officially received, is 40 calendar days, however the 40 days will only commence after receipt of fees or clarification of information sought
  4. The Data Protection Act 1998 allows exemptions as to the provision of some information; therefore all information will be reviewed prior to disclosure
  5. Third party information is that which has been provided by another, such as the Police, Local Authority, Health Care professional or another academy. Before disclosing third party information consent should normally be obtained. There is still a need to adhere to the 40 day statutory timescale
  6. Any information which may cause serious harm to the physical or mental health or emotional condition of the pupil or another should not be disclosed, nor should information that would reveal that the child is at risk of abuse, or information relating to court proceedings. If there are concerns over the disclosure of information then additional advice should be sought
  7. Where redaction (information blacked out/removed) has taken place then a full copy of the information provided should be retained in order to establish, if a complaint is made, what was redacted and why
  • Information disclosed should be clear, thus any codes or technical terms will need to be clarified and explained. If information contained within the disclosure is difficult to read or illegible, then it should be retyped
  • Information can be provided at the academy with a member of staff on hand to help and explain matters if requested. The views of the applicant should be taken into account when considering the method of delivery. If postal systems have to be used then registered/recorded mail must be used

Complaints

Complaints will be dealt with in accordance with the academy’s complaints policy. Complaints relating to information handling may be referred to the Information Commissioner (the statutory regulator).

If you have a complaint about how information is processed, email office@chanceryeducation.com in the first instance or refer to the Academy’s published Complaints Policy For Parent/Carer.

Supporting Policies and Procedures

  • Parent Complaints Policy
  • Electronic Information and Communications Systems Policy
  • Freedom of Information Policy
  • Staff Data Protection Policy
  • ICO helpline: Tel- 0303 123 1113

Monitoring and Implementation Policy

The policy is reviewed annually, although the academy may vary or amend it periodically to ensure that we fulfil our obligation around Data Protection. All proposed changes to this policy would be made following the approval from the Finance Committee.

 

Name

Date

Policy written by

Barbara Rutherford

June 2017

Agreed by Committee

Finance Committee

16 June 2017

Adopted by Governing Board

Full Governing Board

4 July 2017

To be reviewed annually

Review by

 

June 2018

Review by Committee

 

 

Adopted by Governing Body

 

 

 

Translate »