National pupil data switches to Secure Research Access model
National Pupil Database pupil privacy School census / October 12, 2018
What has changed?
As Schools Week reports today, the Department for Education has stopped the policy it began in 2012 under then Secretary of State for Education, Michael Gove, ending the mass distribution of pupil level personal confidential data to commercial third parties, press, and many others.
The Department and the Office for National Statistics (ONS) have started to enable access to individual level data for research, from the National Pupil Database (NPD), School Workforce, Individualised Learner Record and Higher Education Statistics Agency in a new way.
What does it mean?
It’s good news. For most data user applications, DfE controlled data will now be provided though the ONS Secure Research Service.
Anyone who needs to access the Secure Research Service will also need to be accredited under the ONS approved researcher scheme.
This is a huge step forward towards making data safe access for all pupil, and learner, and workforce data. It has been our key ask since we were founded, central to our work and our top line change required, in the State of Data Report 2018 earlier this year.
However there are still plenty of exceptions and caveats.
1. Access to the Secure Research Service may not apply if the request meets one or more of the following conditions:
- data are being processed to fulfil an essential public task (the data used is essential to run education and children’s services)
- you’re doing research funded by, commissioned by, or contracted to the DfE or other government departments and the Secure Research Service is not suitable
- you have approval from DfE before 1 June 2018, with agreement you would receive an extract, and the Secure Research Service is ‘not suitable’
- you want to re-use data already held by your requesting organisation and within the existing licence period
2. There are plenty of other data sharing agreements between the Department and third parties still in place, including six who have entire copies or large volumes of identifying, including named pupil data, in their own settings for benchmarking and commercial repackaging.
3. Researchers who won’t accept a ‘no’ or more secure settings from the Department, will work around the safeguards. Local Authorities are a back-door to access children’s personal data in bulk without schools’ or families’ knowledge. Just this week, these researchers have published a report for which they ignored the reasons why the data was not added to the National Pupil Database, and ignored the DfE refusal of their request for the data. They went ahead and got access anyway for pupils’ identifying data, for a report focused on but not exclusive to new EAL data collected under the controversial new 2016 regulation. It’s especially disappointing given that Ministers made promises these newly added data (from SI 808/2016 in which this EAL data was bundled with nationality and country-of-birth) would not be released.
The data listed at the end of the report [and an extract is copied here below] are at individual pupil level, for all pupils, in six local authorities in England. Where schools provided their URN, the pupil level data and its richness of unique exam combinations and results, FSM, ethnicity, and EAL, would make identification quite easy, though the researcher contests this. If the data were not identifying, and there is no risk of identification, the data could of course be published, but they cannot be. They are kept under secure conditions and only accessible with data sharing agreements, and terms and conditions.
The drawbacks of this workaround route? The same risks of loss, theft, hacking, and misuse persist, and there is no audit trail or clear register of data distribution or way for people to know where their data have gone, who is using it, and why.
What’s still to come?
DfE intended future developments include:
- an online application process
- more readily available standard extracts, based on the most requested data
- publicly available synthetic data to help test and plan research.
While these caveats need fixed, we recognise the efforts and work of the Data Modernisation Team and ONS and many others behind this. Policy remains squarely with the Department for Education, and data remain (in the main) significantly more safe.
Now, we still need DfE to get some meaningful fairness and transparency into the process, so pupils and parents know where their data go.
And while all eyes have been on data distribution, much more light needs shone on the Data Exchange programme, which remains far too hidden about changes in collection, five years on. Any pull rather than a push system, while sounding convenient, increases certain data risks for schools, and the people in them. Strong safeguards and oversight is needed and we’d like to know what they are. The DPIA we have seen so far is very poor, and missing any privacy impact completed. Lots still to be done.
And let’s not forget, we are still calling on DfE to delete the nationality data, to stop sharing confidential pupil information for the purposes of the Hostile Enviornment, and to repeal the law which allows these questions to be asked in the first place.
We still welcome help and volunteers, so please do get in touch.
For more information, see guidance on DfE’s webpage, “How to access Department for Education (DfE) data extracts.”