LinkBack URL
About LinkBacks
Reply With QuoteWildebeaste (3rd February 2009)
I have a data protection question for y'all.
A member of staff wants to publish a spreadsheet containing the academic performance of individual students in his subject. This information will be available to all (staff and pupils) via a shared drive.
My somewhat limited knowledge of the DPA suggests that this is not allowed, that personally identifiable information such as this cannot be published to all and sundry.
Am I correct?
Thanks
Yes!
And more than that, allowing all pupils to see each others results is not something I'd want to see. It sounds to me like an invite for bullying and victimisation.
Not only that, there's nothing to stop one of the pupils deciding to save it and take it home.
I'd say you should stamp on this quickly, and make sure all staff know that its innappropriate. If that means going via SLT then go for it.
Wildebeaste (3rd February 2009)
Sharing data with other staff is a reasonable thing to do but certainly not with students.
Absolutely! This is what the DPA is all about - just try getting the SLT and teachers to understand it - they always without fail come up with the ".. I need it to teach..." comment. I always ask how they would feel if I published their exam results and see what they say
The difficulty isn't helped any by the yearly publishing of students GCSE / A Level results in the local papers.
Parents and students (remembering that the students are actually the owners of their own data as soon as they are 12 years and one day old) may agree to this publication and it would be worth the school putting this out as a request to parents.
I am not sure whether it would have to be an opt in rather than an opt out ... I think it really should be an opt in.
Wildebeaste (9th February 2009)
Each student should only be able to view their own data and not that of anybody else.Originally Posted by Wildebeaste
As far as staff are concerned, the teachers should only be able to see the data on a 'need to know' basis. So a deputy head, or department head for the subject may be able to see data for all students, but the SENCo may only be able to see data for some of the students.
If the teachers wants to demonstrate the strength of results, the data needs to be anonymised in some way. Simply removing names is not enough as anyone with a reasonable grip of alphabetical order can probably work out who is who. We had to do this with some 'valued added' data, we sorted the data by date of birth and then removed names and dates of birth.
Wildebeaste (9th February 2009)
I had a little chat with someone on the Information Commissioner's helpdesk.
They suggested that the data should be treated like exam results, or if students give their permission then it's okay to publish. This I understand but I would expect restricted access so the whole school couldn't see it. There would still be no protection for the data, a lovely Excel file sitting on a shared drive. It could be copied willy-nilly.
The school still thinks that their end is being covered by their standard Data Protection application, that data can be published anywhere in school to staff and pupils for 'educational purposes'.
Ho hum. I think I should buy myself a paper copy of the DPA, roll it up and use it to beat people with!
Are students under 16 old enough to give consent for their data to be published??? shouldn't that type of consent come from parents??
Personally, I'd point them in the direction of SIMS Assessment Manager - that's the secure gadget for the job, I'd suggest.
Technically students can be in control of their own data as soon as they are 12 years and 1 day. However, schools can take the view that sole ownership and control is too risky in the hands of students, so parents must have some control too.
I know this has been raised with ICO but I don't know what the response was to be honest ... I can bat it around again to see what response it gets.
At the moment though ... don't forget that student needs to be remember when making sure permission is given about things like this though.
There's a good summary of the DPA principles on the ICO web site.
If you've never read it then it's really worth reading. In essence, if a data subject is told that the data is going to be used in a particular way and that way can be reasonably justified then it's probably legal. For example, it's perfectly legal for a company to say "we will sell your personal details to all and sundry if you tick this box" (although they're not normally quite so blunt!)
Playing devil's advocate a bit, what would your attitude be if a teacher wanted to publish a league table for sports results (not just for teams but individuals - times over 100m, for example)? Would you let kids opt out from having the results published?
I don't think this is a particularly good idea but kids tend to find out what the others in the class got in any piece of work. I'd say it's extremely common as well for teachers to say things like "that was really good, one of the best in the class" or "that was a disaster; you really need to do better". Is it so different to do this in electronic form?
I'd let them opt out from taking part. I'm not going to force some kid who takes four minutes to run the 100m be subject to the humiliation of the whole school knowing how unathletic they are.
And yes, even if they were forced to take part I'd make sure they were given the option of not having their times published.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
