News / National Pupil Database

National Pupil Database – using named data from the School Census

David Cameron announced in 2011, the government would be “opening up access to anonymised data from the National Pupil Database […].
At the time of writing the third party release register [1] is now one year out of date. It shows only releases up to and including December 31st 2014.

All 466 requests made between April 2012 and December 2014, are of identifiable data and all but 11 were at individual level.  [2] (NPD Guide see pages 19-20)

  1. 163 Tier 1 requests – identifiable and highly sensitive (2 rejected)
  2. 177 Tier 2 requests – identifiable and sensitive (1 rejected)
  3. 11 Tier 3 requests – identifiable, sensitive and aggregated (but may be identifying in small numbers)
  4. 53 Tier 4 requests – identifiable  (1 rejected)
  5. 60 requests are unclassified (include sensitive and identifiable data) including 5 that were rejected.

The “identity of a pupil will not be discovered using anonymised data in isolation”, but when they give away named data it’s not anonymised. Even unnamed identifiable data are not anonymous. Anything but the ‘anonymised data’ of publicly announced plans presented in 2011, yet precisely what the change in law to broaden the range of users in the Prescribed Persons Act 2009 permitted , and the expansion of purposes in the amended Education (Individual Pupil Information)(Prescribed Persons) Regulations introduced in June 2013.

The law was changed so that, individual pupil level data, and pupil names are extracted, stored and have also been released at national level.


Why are school staff not told about these purposes? Or pupils, or parents?

These interventions with individuals at a national database level were not outlined anywhere in David Cameron’s announcement in 2011. In all the school census documentation and video guides for schools is there no mention that named or identifiable data are released to third parties purposes at national level. To the Cabinet Office. To researchers. And to charities and press.

There is no mention at all of commercial third party data sharing.

Since schools are not informed of these purposes it is not surprising pupils are not either.

Why do schools not know exactly what happens to the data they extract from pupils and send to DfE? [3]

After all it is school staff who are responsible for its collection and sending it four times a year to the Department for Education through the COLLECT system. In the brief 2012 consultation which brought these changes in, only a handful of teachers replied. And there appeared “to have been no concerted effort to bring the consultation or the NPD initiative to the attention of parents or pupils (i.e. the data subjects themselves).”


The Department for Education assumes full responsibility

Don’t worry, says the Department for Education video [4] to schools about the data collection on the DfE website, which expressly tells schools they are not required to collect consent and that “they are protected from legal challenge over a breach of confidence.” [at 0:30]

Surprising then that the video fails to mention the UK requirements of data protection law, the common law of confidentiality, and Human Rights Act right to privacy.

The legislation they do mention, section 29 of the Education Act, refers only to the requirement schools have to send data to the Department. The statutory gateway. But even this does not preclude the duty to ensure informed people before data sharing between public bodies.

The Department for Education, one would assume, understand the law. Even their very own Department of Education guide [5] to legal issues on datasharing from 2009 says:

“Having express or implied statutory powers in any particular case does not mean that the Human Rights Act 1998, the common law duty of confidentiality, and the Data Protection Act 1998 can be disregarded. Where a statutory gateway explicitly removes the need to consider confidentiality, then confidential information can be shared however this will be rare and in limited circumstances.”

Are these regular census extractions, and subsequent 466 releases, “rare and limited” circumstances? Would they meet parents, pupils and schools’ expectations of confidentiality?


So schools aren’t told about any purposes of the school census?

In fact while in the 2015-16 Census Guide [6] for schools document and videos there is no onward sharing outlined to non-government users; there is a ‘how is the data used’ explanation of purposes on the video [at 2:18] – they mention funding calculations, underpinning performance tables and national statistical publications. All are educational processing tasks that sound very legitimate – so why do they not mention commercial third parties or named data releases?

census_uses

This lack of completeness is misleading.

When parents give their consent for a school to use their child’s personal data and share it with the DfE are they really expected to believe that also means identifiable data are shared with Fleet Street and television journalists, Think-tanks, charities and “one-man shows” and that their children’s names will be released to third parties without their consent for secondary uses of data? [5]

In 2012 before the database was opened up many people shared concerns about the opening risking jeopardising children’s confidentiality. Including the Office of the Children’s Commissioner. These concerns have been entirely justified.

Before the next census collection on January 21st 2016 and its upload by February 17th 2016, the Department for Education should answer:

Why are our children’s identifiable, sensitive, and named data being given away to third parties without schools and pupils being informed or asked for consent?

*******
[1] Third party releases https://www.gov.uk/government/publications/national-pupil-database-requests-received
[2] The NPD User Guide: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/472700/NPD_user_guide.pdf
[3] Our research to date with 50 schools shows to date none is aware of the National Pupil Database onward sharing of data, one even replied “we’ve never heard of it.” And a state run sixth form said, “doesn’t apply to us I don’t think.”
[4] video https://registration.livegroup.co.uk/efa/ContentTabs/Embed.aspx?dfid=12620
[5] http://webarchive.nationalarchives.gov.uk/20130401151715/http://www.education.gov.uk/publications/eOrderingDownload/Info-Sharing_legal-issues.pdf
[6] 2015-16 school census guidance https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/483081/2015_2016_school_census_guide_v2.0.pdf
[7] The Education (Individual Pupil Information) (Prescribed Persons) (England) (Amendment) Regulations 2013: http://www.legislation.gov.uk/uksi/2013/1193/made
[8] European requirement for fair processing before data sharing between public bodies: http://curia.europa.eu/jcms/upload/docs/application/pdf/2015-10/cp150110en.pdf
****

Further detail of individual data use in practice:

The examples that follow showing named-data case studies are selected not to show harm, (it is hard to estimate if data are always used properly be recipients, kept too long or shared and re-used with others, since there has never been any database-wide privacy impact assessment or post data audit recipients release) but these cases demonstrate the database is not used as a purely statistical or anonymous database. The National Pupil Database is used as a population wide source of named individuals who may be contacted for surveys, have their behaviour reviewed as results of intervention or used as control groups.

While the published work from users of the data are intended not to reveal the pupil name, the Department for Education appears to overlook that it is their own release that breaches the pupil expectation of common law duty of confidentiality when they release identifiable data to the third party.

Whether the NPD gives the third party the name, or enough information to match it to the name the third party already holds, gives the same result for the individual – a third party to whom they did not give consent, has a whole lot of additional data stored against their name:  “This will involve matching the KS2 data to information on examination performance held within AQA’ databases, using a candidates name and date of birth. Again, the data will be reported at the overall cohort level so no individuals will be identifiable.”

NPD data are given to charities: for example the NPD was used to give additional information on individuals to the Prince’s Trust as well as similar groups (the ‘control’ group). Names, date of birth and postcode were used. The Trust “hoped to send DfE a list of young people, and for DfE to return a list of their data (FSM, SEN, absences, exclusions, behaviours, attainment (at KS3 and KS4), alongside an equivalent control group.”

NPD data are used in surveys: a named survey What About Youth was created by extracting named pupil data and matching it with HSCIC held data in 2014 for an intensely detailed questionnaire social survey mailshot to the homes of 15 year old pupils. Almost 300,000 of them according to the published report.
Similarly the IoE used it to get all Year 7 pupils’ data and send them named tests for completion in 2014. [6]

Or consider the behavioural change targeting of children using data from the NPD. These are very explicit in their goal of individual interventions. Parents in a random controlled trial were selected to receive additional text messages about their child’s attainment and children measured for behavioural attainment impact, or read about the Behavioural Insights research using the children’s attainment data from the NPD in ongoing surveillance with extensive other data sources, in a longer term project, in which interventions will be evaluated for their effect on social action. We wonder how they measure any negative impact?

The further identifiable and sensitive or highly sensitive data released to Fleet Street papers, think-tanks, “one-man-shows” and charities may not have had name,  but all releases were classified as identifiable and at individual level.