Parallel processes will not work for pupil data
National Pupil Database / April 11, 2016
The Department of Education will need to answer how its current practices sit with the outcome of two-years of Cabinet Office data sharing discussions and current consultation and a non-commercial, public interest centred approach.
We will be asking questions how multiple approaches to using the same data can be used in parallel and remain truthful and transparent to the public whose data they are.
How will education data be used at all by wider public bodies saying it is for “non-commercial purposes”, “public interest” and “will not be sold” when pupil and student data are already being used commercially and sold by the DfE and HESA respectively?
Will we see new steps on the path towards:
- secure pupil and student data handling
- information and consent for pupils, parents and schools,
- and for transparency in policy and practice?
Real improvement to benefit our 20 million+ children will only come if the DfE fix their broken bits of bad datasharing policy:
- safe, secure pupil data handling, not distribution of sensitive, identifiable data “into the wild” to third parties
- clear information for pupils, parents and schools and
- respect for their rights to privacy, reinstating the choice that has been taken from pupils and parents without their knowledge, the choice NOT to have to share personal data with commercial parties and press: consent
We’ve recently been sent a copy of a typical school consent form, for new pupils starting September 2016 with its usual mention ‘we are required to share some informaton with the DfE’ and still no mention of who the DfE then pass that personal data on to.
Pupils/guardians in the country today must consent, usually on an annual form, to the use of their identifiable pupil data in schools. But the Ministry keeps its own onward sharing with commercial third-parties effectively secret from staff and children, by not transparently communicating what happens after data collection.
Our research shows there is a systemic failure to ask for consent to these uses. Not because schools avoid it, but because they don’t know about it. There is a consent process already, but it is incomplete.
Data protection changes will restate the need for affermative and clear consent to these secondary and commercial uses by the Department for Education, if schools are to meet both the current and upcoming legislation. Particularly with special considerations given for children.
Current practices are incompatible with the principles of non-commercial and secure setting research in the current Cabinet Office datasharing consultation of all public data.
Saying that the government champions good practice for wider use of secure pupil data in research and tailored public services, is meaningless regards children’s confidential data if current poor practices continue to release it from the National Pupil Database as done today.
We will shortly publish some questions that will need to be answered for future the expansion of datasharing practices regards schools’ personal and education data.
 The DMAP Terms of Reference, published only on whatdotheyknow.com https://www.whatdotheyknow.com/request/282101/response/695996/attach/3/Annex%20B%20Data%20Management%20Advisory%20Panel%20DMAP%20Terms%20of%20Reference.docx