What sensitive data do the papers get and why have they not destroyed it?
National Pupil Database / December 1, 2015
Time for a playground joke: What’s black and white and red all over? A newspaper! Everyone knows the answer to the joke, but it seems not everyone knows the answer to what’s happened to our children’s sensitive, personal data.
In 2012 the Telegraph newspaper applied to get sensitive and identifying individual level pupil data. They got some in February 2013.
What kind of data were these?
The original application was clearly a fishing exercise by the Telegraph to see what they could get, because they applied for everything. Every. Single. Record. Every variable. Of every child aged 5-19. They requested a copy of the sensitive and identifiable data of every child in England including names and date of birth.
It could seem to either indicate ignorance, incompetence or mischievous intent to claim they didn’t know what they were asking for. They actively checked ‘names’ and ‘date of birth’ on the request form, hardly misunderstood field names.
This letter indicates the items that were excluded from the original request, but that their “cast iron assurances” that no child woud be identified, means they would not publish identifying data.
They received identifiable Tier 2 data.
The journalists were given SEN status indicator, Free School Meals indicator, Language, Ethnicity.
Those sensitive data, plus, one can only presume everything else they had asked for originally that were not sensitive and identifiable items; the rest of the attainment and school locator and other variables per child the NPD holds.
“Identifiable/sensitive variables which cannot be aggregated–these variables can be supplied to researchers, but when requesting these data items a Business Case must be completed, and each request is assessed by the Head of Profession for Statistics. Only after the business case has been approved is the data released.”
It sounds safe. We just don’t think in practice it has been.
We don’t think much of the ‘case’ outlined on the application form, so we’ve asked if they actually did complete a business case.
And we’ve asked for the legal basis that met schedule three of the Data Protection Act for releasing SEN status to the journalists.
How many records was this for?
Key stages 2, 4 and 5 datasets matched to the school census data. Five years worth of data, 2008 – 2012.
When asked, the Department declined to give us an actual number.
So we’ve done the maths, on a conservative basis. And estimated 600K children  per year. The journalists were given Key Stage 2 through and including Key Stage 5 data. That’s 11 years of schooling. And every year of the 5, another 600K* were added as new intake. A level students were around 800,000  according to Guardian held data tables. There’s only about half of all eighteen year olds do A-levels. So where the extras come in, we’re not sure – this is ball park.
600,000 x 9
300,000 x 2
New intake = 5 x 600,000
We may be too conservative in our count, but we think upwards of 9 million pupils.
What are the papers playing at? What is the Department for Education doing?
Why are over nine million children’s sensitive data being handed out to journalists seemingly with as much regard as jelly tots in the playground?
And if they’re not handing it out for free, did the Telegraph pay for it? Is it like health, actually shared with commercial organisations, on a ‘cost recovery basis’? If so, what are ten million children’s digital identities worth? We should find out soon.
And this is only one case study. The Times, FT, BBC have all received individual level identifying data since 2012. Why are pupils and parents the last to know?
They should have kept the data for one year and then followed stringent destruction rules, in February 2014. But in November 2015 they had still not confirmed in writing as required by the Department for Education process that it had done so.
This destruction notice was never received by the Department for Education. Not from any of the ten journalists? That’s err, surprising?
Q: did the Telegraph ever destroy the sensitive data as required?
Our verdict: we think it’s unlikely but we don’t know what the Telegraph did. Neither it looks like, does the DfE.
On November 25, 2015 in response to a Freedom of Information request, ¹ the Department for Education confirmed that it has failed to have any follow up to comply with its own destruction requirement stated in its data release process.
“Before July 2015, we did not have the data destruction notice in place and so do not currently hold this notice for the Daily Telegraph request in question. However, we have received verbal confirmation that this data was deleted and are expecting the data destruction form to be returned to us shortly.”
The 2013 DfE email about the Telegraph application approval² states The Telegraph could have data for 12 months. Almost three years later had those children’s data actually been destroyed by the Telegraph or did they still hold them?
From their reply it appears likely no extension was given, the Department simply didn’t ask and the Telegraph didn’t confirm they destroyed it. We think parents should find out how often that happens. So we’ve asked.³
NPD security and governance seem simply totally inappropriate for the scale and sensitivity of the millions of children’s records it holds. This should make the news. For obvious reasons, it probably won’t.
Notes to editors:
Further we have concerns that further obligations are not met in application of the legislation to the NPD. The obligations from which a database held strictly for research and statistical purposes would normally be exempt, include compliance with several principles. We want a review of the law as applied in practice.