School, children and young people’s data privacy notice

The Business Intelligence Service is part of the Corporate Development Directorate.

 We support the intelligence, data and performance information needs of the Council, in particular, the Families Directorate and the corporate leadership team. We are also responsible for preparing and submitting statutory data returns to the government on behalf of the Council.

This Privacy Notice covers specific responsibilities and work of the Business Intelligence Service relating to the school and pupil data; which is collected from schools via their local management information systems, and/or through specific mandatory data collections (e.g. School Census and annual assessment and attainment data collections); and data relating to Children’s Social Care, Early Help and other services concerned with safeguarding children and young people.

EDU.Performance@walthamforest.gov.uk

CSCPerformance@walthamforest.gov.uk

The child and young person’s data that we hold includes:

• personal identifiers and contacts (such as name, unique pupil number, contact details and address)
• characteristics (such as ethnicity, language, and free school meal eligibility)
• safeguarding information (such as court orders and professional involvement)
• special educational needs (including the needs and ranking, details of health conditions or disabilities)
• attendance (such as sessions attended, number of absences & absence reason, details of fair access panels and other interventions for improving attendance)
• assessment and attainment (such as key stage 1 and phonics results, post 16 courses enrolled for and any relevant results)
• behavioural information (such as exclusions and any relevant alternative provision placements put in place)
• school attendance penalty notices (including details of the notices issued and payments received)
• details of children and parents receiving services through our children & families centres (including sessions attended).

We collect child and young person’s information from Schools via our electronic ‘B2B: Student’ system, Common Transfer Files (CTF) which are shared weekly, and information provided to us by maintained schools for the purpose of School Census and Alternative Provision Census. We also receive information from the Department for Education (DfE) which is collated by them from the School Census and similar data collections. In addition, we collect data from children, young people and their families, as recorded on database systems by the professionals involved with them.

Children and young person’s data is essential for the local authority’s operational use. Whilst the majority of personal information we collect is for a mandatory purpose, some of it is requested on a voluntary basis. In order to comply with the data protection legislation, you will be informed at the point of collection whether you are required to provide certain personal information to us or if you have a choice in this.

We collect and use child and young person’s data in order to:

• enable us to carry out specific functions for which the Business Intelligence service and wider Council are responsible. These include (but are not limited to):
  • school admissions
  • assessing needs and providing support for children with special educational needs and disabilities
  • making all reasonable efforts to enable children missing education or missing from education to have access to a good education;
  • safeguarding children and young people who have suffered or are likely to suffer significant harm
  • providing services for children in need in the local area
  • fulfil government statutory requirements to provide data relating to children and young people
  • derive statistics that inform decisions such as the funding of schools or service delivery, including through School Census and School Workforce Census
  • assess performance and set targets for schools, council services and other organisations providing service for children, young people and their families
  • identify the changing needs of the population.

Any sharing of personal data is always made:

• on a case-by-case basis;
• using the minimum personal data necessary;
• with the appropriate security controls in place;
• in line with legislation.

We routinely share children’s information with:

• youth support services (pupils aged 13+);
• the Department for Education (DfE) and Ofsted;
• Safeguarding partners as set out in the Child Safeguarding Practice Review and Relevant Agency (England) Regulations 2018. Other organisations with whom we work closely to provide services for and safeguard children, young people and their families.

We only pass on information to people in these organisations if they have a real need for it and we always do it in line with the law. This is usually to assist them in providing the right service, to help us to plan and improve our services, and to look into any concerns raised about the safety and wellbeing of a child or young person, or about the services you receive. We do not share information about children or young people with anyone without consent unless the law and our policies allow us to do so. We may also share information if it is needed to protect someone from harm.

Education and training

We hold information about young people living in our area, including about their education and training history. This is to support the provision of their education up to the age of 20 (and beyond this age for those with a special educational need or disability).  Under parts 1 and 2 of the Education and Skills Act 2008, education institutions and other public bodies (including the Department for Education (DfE), police, probation and health services) may pass information to us to help us to support these provisions.

Youth support services pupils aged 13+

Once a pupil reaches the age of 13, we also pass pupil information to the provider of youth support services as they have responsibilities in relation to the education or training of 13-19 year olds under section 507B of the Education Act 1996. This enables them to provide services as follows:

• youth support services;
• careers advisers;
• post-16 education and training providers (pupils aged 16+).

The information shared is limited to the child’s name, address and date of birth. However, where a parent or guardian provides their consent, other information relevant to the provision of youth support services will be shared. This right is transferred to the child / pupil once he/she reaches the age 16.

Data is securely transferred to the youth support service via a secure file transfer and is stored on the YSS database and held according to statutory retention periods.

Department for Education and Ofsted

The state is required to collect information on vulnerable children to fulfil its international obligations under the 1989 Convention on the Rights of the Child.

The Department for Education (DfE) collects personal data from educational settings and local authorities via various statutory data collections. We are required to share information about our children and young people with the Department for Education (DfE) for the purpose of those data collections.

Ofsted has a legally defined role to inspect and regulate Local Authority children’s social care services and a range of organisations, settings and functions connected with providing care of children and young people and education and skills for learners of all ages.

We are required to share information about our children and young people with Ofsted as directed.

The legislation that underpins this sharing of data includes legislation listed in the ‘lawful basis for the processing’ section of this document and also;

• The Education (Information About Individual Pupils) (England) Regulations 2013;
• The Care Standards Act 2000;
• The Fostering Services (England) Regulations 2011;
• The Care Standards Act (Registration)(England) Regulations 2010;
• Fostering services: national minimum standards.

All data is transferred securely and held by DfE/Ofsted under a combination of software and hardware controls that meet the current government security policy framework.

For more information about how Department for Education and Ofsted may use the data shared with them, please see:

• Gov.uk website: how we collect and share research data 
• Gov.uk website: Ofstead privacy notices

Safeguarding Partners

Some of the organisations we may share your information with include:

• Schools, academies and other education/pre-school/alternative provision providers;
• The Department of Health, NHS England, GPs and other Health settings and agencies;
• Other local government organisations;
• Cafcass, young offender institutes, youth offending teams, Probation Service and other organisations working within the criminal justice sphere;
• The Metropolitan Police, other Police forces/ authorities and organisations discharging functions under the Borders Citizenship and Immigration Act 2009;
• Fostering Agencies, Children’s Homes and other providers of social care services covered by legislation including the Care Standards Act 2000 and the Residential Holiday Schemes for Disabled Children (England) Regulations 2013;
• Research organisations such as NCER;
• Others, such as charities, religious organisations, sport or leisure providers.

In most cases, the reason for sharing information with these partners will be to protect someone from harm. It will always be in line with the law or government guidance.

We hold data securely for the amount of time required by legislation or otherwise as prescribed by the Department for Education and other government departments or as set out in the Council’s data retention schedule. Generally, where data retention is not covered by legislation, in line with guidance, personal information will not be held for longer than 6 years after the subject’s last contact with the authority.