Data Protection : Emergency Contacts
It is (perhaps) well known that schools need to be careful when sending out data on documents where (say) an address might be disclosed to the wrong person, say an estranged mother where there is a court order prohibiting contact etc. So we have become very careful (hopefully) about what data is displayed where and to whom.
So we are thinking about sending out data checking sheets to parents. The sheets would contain information on the named individual (parent/guardian) and the student(s). We record in our MIS information about 'emergency' contacts; who should we contact in the event of some mishap etc when we cannot contact the parents. This seems to throw up some potential Data Protection issues :
1. We would be disclosing data about an individual to another party without the permission of the data subject.
2. We have no way from the MIS alone of identifying the source of the data (so we can't even say we are only disclosing it back to the person who gave it to us).- although strictly that may not matter (just because you gave me data, doesn't necessarily absolve me of my duties as data controller.
3. We could potentially be falling foul of disclosure where court orders are in place (people do fall out with each other - sometimes that leads to strange things (for example a past neighbour is now the new partner of the mother and sending her contact details to the father would be something she might rightly object to).
Given that, I don't see that we can send out checking sheets populated with contact data. But, nor do I see how we can't! A parent has a right to know who the school thinks they can contact and potentially even allow to collect a child from school. The problem is we don't necessarily know that contacts have given a parent permission to give their details.
Is there a simple answer to this or some get-out-of-jail free clause in the DP act that I've not seen, that cuts through the issues to an easy yay or nay? Or is it more complex.