What Is the Impact of the Data Protection Act 1998

What is the impact of the data protection act 1998?

The Data Protection Act 1998 (DPA), states that anyone processing personal data must comply with the eight enforceable principles of good practice. They say that data must be:  fairly and lawfully processed;  processed for limited purposes;  adequate, relevant and not excessive;  accurate;  not kept longer than necessary;  processed in accordance with the data subject's rights;  secure;  not transferred to countries without adequate protection. This applies to schools. Personal data includes both facts and opinions about the individual. Schools need to understand the roles of those involved in processing and storing data about pupils. This information can be found on the Data Protection Act web site. Schools need to understand the concepts of 'obtaining', holding' and 'disclosing' information. The new Data Protection Act 1998 (DPA) came into force on 1 March 2000. This ended the previous requirement for two separate registrations from a headteacher and a governing body. The fee for notification is now 35 for one year. The governing body or headteacher will receive the appropriate forms prior to the expiry of their registered entry. An application for notification can be made either via the Commissioner's web site or by telephoning the Notification Department (01625 5457400).

Copies of pupil reports now form part of the pupil's educational record. A school is required to compile a curricular record for each pupil and it must be updated at least once a year. This is a formal record of academic achievements, other skills and abilities, and progress in school. Additional records may be kept; for example, a detail of behaviour and family background, but this is not compulsory. This material, together with copies of a pupil's report, makes up the pupil's educational record.

Any communications between head teachers and teachers at a school, the LEA, other employees at the school, or those contracted by the governing body, form part of a pupil's educational record. Communications from parents, another pupil or a member of the local community, which refer to a pupil, do not form part of that pupil's educational record. Under the DPA, all pupils are entitled to request a copy of their educational records, free of charge, within 15 school days of making a written request. Previously this only applied to pupils over the age of 16. If a young pupil seeks access to his or her records the school should establish whether the pupil understands the nature of the request. If the school thinks the pupil does not understand, owing to youth or immaturity, then the request can be denied. If in doubt, a school should seek guidance from the Office of the Information Commissioner.

Parents can request a copy of their child's educational record. The request should be made in writing, and the school should supply the documentation within 15 school days, free of charge or at no greater cost than that of supplying it. Where a child asks for a copy of his or her educational record, any charge must be no higher than the cost of supply or the cost allowed under the DPA, whichever is the lesser.

The DPA prevents disclosure of the following:  material whose disclosure would be likely to cause serious harm to the physical or mental health or emotional condition of the pupil or someone else;  material concerning actual or suspected child abuse;

D:\Docs\2018-04-15\02028c265de8e091e1a34dec274e2173.doc 1 / 2  references supplied to potential employers of the pupil, any national body concerned with student admissions, another school, an institution of further or higher education, or any other place of education and training;  reports by a school to a juvenile court.

The DPA allows for this information to be transferred to another educational establishment. The DPA also allows, in some cases, for a record about a pupil from a third party, such as a letter from a parent, another pupil or a member of the local community, to be disclosed if it does not identify the third party. If it does identify the third party it may still be disclosed if consent is given or, in the circumstances, it is reasonable to allow disclosure without seeking that consent.

For schools, the most important changes of the new act include:  what comprises a pupil record  what does not need to be disclosed  the roles of those involved in entering, processing and storing personal data on pupils. The seventh principle, relating to security, states that "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data". Guidance on what constitutes adequate security can be found in the legal guidance to the Data Protection Act 1998 available on the website address. An explanation of the seventh principle is available on page 27.

The use of the Internet and e-mail raises issues when organisations wish to monitor its use by individuals. Essentially, an organisation has a right and even a duty to monitor the use of the Internet and e-mail systems to prevent it being used for unlawful purposes or to distribute offensive material. However, an individual has a right to privacy. It is the duty of any organisation that provides access to e-mail and the Internet to balance these two separate rights.

The first data protection principle states that data should be processed fairly and lawfully. Therefore, an organisation should be open on the subject of monitoring and also establish a code giving guidelines on the use of e-mail and the Internet and when individuals may use such systems for private communications.

With regard to e-mail, a school’s stated policy could be to limit or prohibit the use of e-mail for private purposes. A school could then monitor the use of e-mail to ensure this was being adhered to. However, a school should, wherever possible, limit monitoring to traffic data rather than the contents of the communications. It should also undertake spot checks rather than initiate a policy of continuous monitoring. In this way, the school could monitor the use of e-mail for private purposes but the actual content of the e-mails could remain private.

The main reason usually cited by organisations wishing to monitor Internet access is to prevent time-wasting and its use for pornographic purposes. Of course, a school has a right to prevent pupils from using the Internet in this way. Again, however, any monitoring must be proportionate to the risk and designed to prevent rather than detect misuse. A clear policy stating that certain monitoring will be carried out would hopefully dissuade pupils from abusing the privilege of Internet use and meet the fairness requirements of the first principle.

Links:  Data Protection Act [http://www.dataprotection.gov.uk/principl.htm]  Commissioner's web site [http://www.dataprotection.gov.uk/]  Office of the Information Commissioner [http://www.dataprotection.gov.uk/]

D:\Docs\2018-04-15\02028c265de8e091e1a34dec274e2173.doc 2 / 2