Are you concerned about the privacy of some of our most vulnerable children?

From January 2018, the Department for Education will collect teen pregnancy, health and young offender information from school children on a named basis, together with more detailed and invasive information about special needs and disability. It starts from January 2018 in the Alternative Provision Census.

The sensitive data record the reasons for transfers for children at an individual pupil-level, who move from mainstream school into alternative provision. See the AP Guide 1.4 for more background to the census.

Each pupil’s information will be sent to the Department and added to a growing national database of 23 million people, the National Pupil Database (NPD). The data are identifiable at pupil-level, not anonymous, but named records that are stored forever. The information can include name and address, date of birth, special educational needs, results across the educational lifetime from age 2-19 and more.

We are concerned because from here, these data are given out to third parties – over 1,000 times as of May 2017.

We think this policy needs to change, and change urgently. Because #LabelsLastaLifetime and every child has a right to confidentiality.

This is a highly significant new national data policy, affecting some of the most vulnerable children in England. It vastly increases risk of loss of privacy without any reason why knowledge could not be collected in a privacy-preserving method. We understand the reasons why it is important to understand these children’s life stories. We are concerned about how those data are collected, distributed, and never deleted.

Ludicrously, the Schools Minister claims it will not be any more of a privacy risk – despite the fact that these highly sensitive data will be added to a national, indefinite collection and given out to a whole new range of third parties, including commercial companies, the papers and charities, without being made anonymous. There has never been any privacy impact assessment or human rights assessment of the national pupil data collections. The Department refuses to do so. (PQ 108570)

Who exactly will access these new data? Why are they given out to third parties at pupil-level?

You can some more background and read about our concerns in Schools Week. Download our briefing for more facts.

Contact your MP as below, and get in touch with us if you want to support our work and raise awareness on this topic. We need all data to be made safe, fair and transparent.

Actions you can take

Post this link to Facebook or Twitter so your friends can help too. #labelslastalifetime

Use WriteToThem.com to contact your MP, and (politely) tell them why this is important to you and your family, ask your MP if they will ask a question – why are my sensitive data being given away without my consent? – and tell them what you want to change. You might want to use something from our suggested text below:

If the Department of Education cannot end the distribution of identifying data for indirect and commercial re-use purposes, and commit to children’s confidentiality; we believe the government should not collect the data at all

  • All children are vulnerable and their sensitive data must be safe.
  • Every researcher should come to the data, not data sent to them.
  • Stop giving out identifying, sensitive data without consent.
  • Every child should be told why their data are being collected.
  • Use of all data from the National Pupil Database must be transparent.
  • Every use of data must be clear to schools that submit it in the census.
  • Make sure your school is clear about this sensitive new collection, and that governors, parents and children are told how all data are used. Ask them to contact their union, and MPs, to get more information out to schools.

SUGGESTED TEMPLATE CONTENT TO WRITE TO THEM [follow link to find your MP]

[DOWNLOAD 11.7KB .DOCX]

[Date]

Dear [writetothem]

The Department for Education will soon start to collect highly sensitive information from school children, including pregnancy, young offender, and health data from January 2018 in the Alternative Provision Census.

I write to you to share my concerns about this new data collection from school children.

  • children’s confidentiality and safeguarding
  • security of the data
  • and the stigmatising effects it could have on children for life

Children’s identifying records are given away to companies from the National Pupil Database. That’s not right for this type of sensitive data. If the Department of Education cannot end the distribution of identifying data for indirect and commercial re-use purposes, and commit to children’s confidentiality; we believe the government should not collect the data at all.

Children are named at individual level with the reason for their transfer from mainstream school into alternative provision. Each pupil’s information will be sent by schools to the Department at national level and will be added to a growing database of 23 million people, the National Pupil Database. The data are not anonymous, but identifying, as stated in the Department’s User Guide.

Key concerns about the National Pupil Database:

  • The information are stored forever, on a named basis, and are never deleted.
  • Identifying, pupil-level data are given out to third-parties from the National Pupil Database, including highly sensitive data.
  • Data are handed out to researchers including name and address, date of birth, special educational needs, and attainment results across the educational lifetime age 2-19. Researchers include journalists, think tanks, charities and commercial companies.
  • National Pupil data are also used today across government in Troubled Families — without transparency in a programme that some academics see “any family could be made to fit”— and are given out to the National Citizen Service, without pupils’/parents’ knowledge, consent, self-verification for accuracy, or opportunity for correction.

To address privacy concerns around the use of nationality data in 2016, Lord Nash announced that the Department for Education will hold the “sensitive” new information separately from other data. Are these data not just as sensitive?

This is a highly significant new national data policy, affecting some of the most vulnerable children in England. It vastly increases risk of loss of privacy compared with keeping data at local level. The policy was made possible via Statutory Instrument in the summer holidays and parliamentary recess 2017.

Ofsted’s Report on Local area SEND inspections and a recent report by think Tank IPRR Making the Difference shows the importance of understanding these information. But that should not be at  the expense of the lifetime privacy of the children affected.

The Department has never carried out any privacy impact assessment (PIA) of the National Pupil Database, or this collection. It appears to have no intention to tell schools to inform parents and children about the details of this data collection, and wildly underestimates the risks.

January 18, 2018 is very soon. The Department needs to act with urgency or pause this collection.

This collection should not go ahead until assurances have been made how and when

  • the data will be safe
  • children’s confidentiality will be respected
  • children and parents will be told and any use beyond statistics will be consent based

Recommendations

1. The Department must commit to starting a new model of distribution of data access through “safe settings” under research conditions, and stop identifying data distribution through other channels.
2. SEN, all exclusion reasons, and the new AP transfer reasons, should only be available at individual pupil-level to external third-parties for secondary uses on a consent basis.
3. Exclusion reasons such as abuse, theft, violence, akin to criminal records, and new AP transfer reasons, should be filtered from distribution for research purposes, and expunged after a standard time period, aligned with the timeframes of the Rehabilitation of Offenders Act 1974.
4. A review of all data collected, to assess its continued necessity and proportionality including retention periods for all sensitive or identifying pupil data. This task is supported by ICO recommendations for General Data Protection Regulation and UK Data Protection Act 2018.
5. All pupils past and present need told about national pupil data use.
6. Communications and data protection scrutiny must be built into any future change of census collections.
7. Subject Access requests should be met, to show what data are held, and how they are used, and ensure rectification of mistakes to improve data quality and reduce intervention error rate.
8. Consultations on all future data expansions, to make plans open to transparent scrutiny.
9. Privacy Impact Assessments must be standard practice for every expansion or change.

 

Sincerely,


Background: How data are used today

Based on current 2016 numbers, the new collection would affect around 22,000 children each year, but all 23 million records in the NPD are compromised each year. The Department appears to have no intention to tell providers or the local authority how to inform parents and children about the details of this expansion of the data collection. This is despite the Data Protection requirement to explain it with clear reasons to the pupils, when the information are collected.

Identifying and sensitive reasons for exclusion and SEN data (eg including profound & multiple learning difficulty, hearing and visual impairment and Autism) are already given away today to third parties from the school census collections once every term. Will pregnancy and youth offending data be on offer for commercial re-use to third parties too?

Data from the National Pupil Database, including sensitive special needs data (SEN) has already been passed on since 2012 to commercial companies, charities, think tanks, newspaper and TV journalists at an individual pupil level for millions of pupils at a time, without any suppression of small numbers. The Department doesn’t even know how many children’s records it gives away each time. (PQ109113)

Relying on journalists not publishing the pupil-level data, as the Telegraph “assured” the DfE in 2013 for about 9 million records, handed out without hiding small numbers, is an utterly inadequate level of protection for pupils’ sensitive data.

This year only one release of data from between January 2017 and May 2017 was not at pupil level. National Pupil data are also used today across government in Troubled Families — a risk without transparency in a programme that some academics see “any family could be made to fit”— , and are given to the National Citizen Service, and stored forever; without pupils’/parents’ knowledge, or self-verification for accuracy or correction. Pupil data from the school census are also used by the Home Office.

Requests to use national pupil data have also included for research for operational predictive policing.

Children and families are refused subject access requests, so there is no safety check if these data are accurate or need corrected before use, or for people to find out how their data were used.

source: The Difference


Principles

1. All children are vulnerable and their sensitive data must be safe.
2. Use of all data from the National Pupil Database must be transparent.
3. Stop giving out identifying, sensitive data without consent.
4. Every child should be told why their data are being collected. That includes the 15 million people in the database who have left school.
5. Every researcher should come to the data, stop sending data to them.
6. Every use of data must be clear to schools that submit it in the census.

No consultation has taken place

When making arrangements about early childhood services, a local authority must have regard to such information about the views of children as is available and appears to them to be relevant to the discharge of those duties (section 3(5) Childcare Act 2006).The local authority is also required to consult such children as it considers appropriate when undertaking a childcare sufficiency assessment under section 11. So why is there no consultation on use of their personal data?