A wish list for the Data Strategy and Information Standards Lead
National Pupil Database pupil privacy / September 4, 2016
The Department for Education has announced it is recruiting for a Data Strategy and Information Standards Lead ahead of a change programme.
“The Data Modernisation Division is at the heart of realising this strategy. It is responsible for a range of exciting development projects which together are seeking to improve the way data and information is moved, stored, processed and released by the Department – to ensure that DfE’s data has maximum impact with the users who rely on it most.”
We’d like to add a wish list of three things to include in their role:
1. Collection.
While the role description focuses on the way data and information are moved, stored, processed and released by the Department anyone going into the Data Team must get to grips with how data are being collected before they understand the flow of data into and around the different databases.
Because without understanding collection, the different sources and routes from where confidential data come into the Department systems, and taking steps to ensure that works securely, transparently and improving the current communications and consent processes, you will run into problems and soon have no data or poor data to release.
If you don’t understand collection, you cannot understand if you are meeting required standards, laws and speaking a common language with the people who provide the data: pupils, parents, schools, LAs and others.
Communications on data collection fail
Here’s a few comments from just some of our recent research, on what young people, school staff and teachers think about the National Pupil Database, which no one knows exists at national level:
Catherine, 21, from Gloucestershire: “Parents and pupils should have access to their own data and should know who else has it. I don’t think anyone else should have access to the identifiable data without consent.”
John 30, from UK: “I’ve never heard of the National Pupil Database. I’m really surprised, it’s a bit weird. I don’t think anyone should have it unless it’s to do with my education. We should definitely be asked.”
Ruby 28, from Newcastle: “I’m surprised to hear my school data could be used outside schools without my consent. It’s a personal thing and can affect lives.”
Given the concerns building around the data collection expansion in the 2016-17 Census, and its future release to a wide range of third parties, and further concerns over using confidential data by other government departments in secret, this longstanding gap in adequate communication and fair processing is going to be a challenge.
We have informed the Department data teams and Ministers about public concerns since May (when school staff contacted us who had just been sent an email about it), unfortunately, the ministerial response has been rather disappointing. Carry on regardless! We might end up in rather a different type of Carry On situation rather soon if this attitude doesn’t change and the
Department accepts a more common-sensed solution.
On communications and consent many policy makers and parliamentarians are in consensus that there should have a regulatory framework that protects young people from the routine collection of their data, that is stored or sold in perpetuity without any recourse.
The House of Commons Science and Technology Committee 2014 in their report, Responsible Use of Data, said the Government has a clear responsibility to explain to the public how personal data is being used. Their Big Data Dilemma 2015-16 report, (p9) concluded:
“seeking to balance the potential benefits of processing data (some collected many years before and no longer with a clear consent trail) […] is unsatisfactory left unaddressed by Government and without a clear public-policy position.”
Data integrity
The Department has work to do to ensure collection continues to be stable and of good data integrity.
Data quality is already in question because the country-of-birth field is due to be a free text field, not using a register of standards.
Data integrity is a known issue for all sorts of fields, not least ethnicity.
2. Technical understanding of data standards.
“Technical” is open to interpretation however we hope that the wording that says understanding technical information standards is not required for this post, is merely in the wording of it.
After all, it’s in the title. “Data Strategy and Information Standards Lead.”
There has been too little work done on understanding or aligning policy with good modern data practice. Instead of safe data in safe settings and accredited users, the Department permits the direct release of data and has given away 20 million children’s identifiable, individual-level personal, confidential and sensitive data from the National Pupil Database to third parties since 2012, including commercial businesses, Fleet Street and television journalists, and charities.
Standards reading should include the Anonymisation Decision-making Framework. It will make sobering reading when you consider that the DfE doesn’t anonymise data on release. The privacy risk posed by DfE current practices is much higher.
Clear distinctions are vital to understand between what types of data are made available to others, whether closed, open or lie on the spectrum in between. After all, good data, running well in a secure infrastructure is important to improving knowledge for a better society.
“Data infrastructure is as vital to the digital revolution as our transport infrastructure was to the industrial revolution. When data infrastructure flourishes […] we will receive better services, and our environment, our economies and our societies will be improved.”
We all need to get this right. Safe data, using a safe infrastructure, by safe users, for all the right reasons, underpinned by consent and accountability.
3. And luck.
You’re going to need it. Moving to any modern system of data management takes time and very good resources. Both things that may be in short supply under austerity.