A recent question asked, “Can a student over 12 stop parental access to online reports by using the Data Protection Act?”

Our research shows that the answer is, no a student cannot prevent their parent viewing data about them held by a school.

The booklet (click the link to view or download) Access to pupil information is a very good starting point produced by the Information Commissioner’s Office (ICO). Under the Data Protection Act a child, at age 12, will have a ‘right of subject access’. However, when a child cannot act for themselves or the child gives permission, parents will be able to access this information on their behalf. Also, this document is the ICO Guidance – young people – education requests regarding access to their data by young people.

Independently, parents have a right of access to their child’s educational record – this acces is covered by separate education regulations. Therefore, a child cannot prevent their parents accessing their educational record.

Data Protection Act

The Data Protection Act can be viewed here.

Under Part II of the Act data subjects (you and me) have rights. Amongst other things they include the right of access, the right to prevent processing likely to cause damage or distress but there is no apparent right of control over access. Hence the separate regulations to cover parent access to educational records of their child(ren).

Secure Data Handling Guidelines

These are relevant to Parental engagement because Jim Knight stated that SEN information would be available as part of Online Reporting.

In May 2009, the gudiance relation to secure data handling was updated specifically for schools. Contained within the guidance is reference to Impact Levels – broadly speaking Impact level 1 is very low and likely to associated with a single data item out of context. Impact level 4 however is applied to a combination of data items that shoudl e treated confidentially and with limited access.

In the document Information Handling Impact Levels there is very clear guidance about data relating to indivuals in schools and its transport. I recommend the whole document is read to develop a context for the table in Appendix A – Impact Levels for Portected Data. Within this table it describes some SEN data attracts an Impact level of 3 or 4 which has implications in terms of security of access. It is not clear from the guidance which SEN data items are intended to be IL4 and which are IL3 – perhaps this is a matter for the Information Access Officer or Data Controller within the school.

It is worth considering the table below when determining which Impact Level data falls into:

Impact Level DescriptorsIt is unlikely that SEN data associated with an individual will be IL4 because it is unlikely to affect many citizens or organisations.

The guidance suggests to suppliers of Parental Engagement that some form of marking may be necessary for those data items considered to be at IL3 and this should be an expectation of schools.

SchoolsICT

The Parental Engagement model being developed by SchoolsICT will incorporate appropriate measures concerning the security of data being transported to ensure that as far as practible security is maintained at the highest levels and in accordance with the above guidance.