Title:
The Effective Sharing of Educational Indicators by Schools with Local Authorities.
Version:
Date – Version – Comments
Date of Enactment:
The date the agreement comes into force.
Renewal:
This Information Sharing Agreement shall be reviewed by all parties no less frequently than on an annual basis.
Author:
Name of Author
Partners:
Information Asset Owners of Education Data in Schools and Local Authorities.
Purpose Introduction:
This Information Sharing Agreement is designed to facilitate the lawful and proportionate sharing of information between the indicated partners to promote more effective working. This should be read in conjunction with the Data Privacy Impact Agreement, which will define the data sources and transfer methods that may not be appropriate for publication, for reasons of cyber-security.
Data Controllers:
A list of the Information Asset Owners or Data Controllers/Processors involved, including whether they are separate or joint, in accordance with https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/controllers-and-processors/controllers-and-processors/
Purpose Detail:
Local authorities must monitor the children who fall within their area that are of compulsory school age against a number of criteria, including attendance, exclusions, Special Educational Needs and Disabilities (SEND) and others. In order to do this, schools must supply data to the LA on a regular basis, most commonly using a synchronisation application between the school’s Management Information System (MIS) to the central LA system.
This will enable the Council to ensure that it is aware of Children Missing Education (CME/CMIS), exclusions and other key safeguarding concerns.
Consent Basis:
Consent is not gathered, however the use of data is clearly stated in the published Privacy Statements.
What is the Lawful Basis for Sharing under the UK General Data Protection Regulations 2018:
Sections 6(1)(c) Legal Obligation and 6(1)(e) Public Task for personal data.
Sections 9(2)(c) Vital Interests and 9(2)(g) Substantial Public Interest.
What statutory acts, instruments and guidance are used to give the LA the legal power for sharing the information as described in this ISA? Please state the relevant articles or sections:
- The Education Act 1996, Section 537A Duties on Educational Institutions to supply data to Local Education Authorities.
- The Education Act 1996, Section 14 Duties on Local Authorities to ensure all children of compulsory school age receive suitable education provision.
- The Education Act 1996, Section 436A Duties on Local Authorities to identify and monitor children missing education.
- The Education Act 1996, Section 444 Duties on Local Authorities to enforce attendance at schools.
- The Children’s Act 1989, Section 17, Provision of services for children and their families.
- The Children’s Act 1989, Section 47, Protection of Children.
- Learning and Skills Act (2000), Section 117 Supply of data to [contracted careers provider] to support children at risk of, or who are, disengaged from education including “the development of a comprehensive record system, which ensures that no young person becomes ‘missing’ and prompt action is taken if they cease to be involved in education or training” inline with their statutory duties.
- The Children Act 2004, Section 10, Co-operation to improve well-being.
- The Children Act 2004, Section 11, Arrangements to safeguard and promote welfare.
- The Education (Pupil Registration) (England) Regulations 2006 Regulation 12
- Education and Inspections Act 2006 Section 38
- The Education (Information About Individual Pupils) (England) Regulations 2013
- The Children’s and Families Act 2014, Section 28, Co-operating generally: local authority functions.
- School Discipline (Pupil Exclusions and Reviews)(England) Regulations 2012, Duties to notify the LA
- Special Educational Needs and Disability Regulations Act 2014, Part 2, Regulation 7(e), Matters to be taken into account in securing an EHC needs assessment.
- The UK General Data Protection Regulations 2017, Article 6(1)(e) Public Task and 9(2)(g) Substantial Public Interest, Part 1, Section 6 Statutory Purposes and Part 2, Section 18 Safeguarding of Children and Individuals at Risk.
Statutory Guidance
- Working Together to Safeguard Children 2018 (Statutory Guidance)
Who are the data subjects and what items of data will be shared. Indicate any that fall under the special categories by prefixing (SC):
The data subjects will be anyone in a state-funded nursery or in a maintained school or independent special school in Reception to Year 11.
The data shared will be as follows:
Student Data (including Leavers)
Names
Legal First Name
Chosen First Name
Middle Name(s)
Legal Last Name
Chosen Last Name
Demographics
Gender
[SC] Ethnicity
[SC] Religion
[SC] Nationality
English as an Additional Language (EAL) Flag
Date of Birth
Place of Birth
Student Custody Details
[SC] Student Permanent Residence Status
Identifiers
UPN
Former UPN
ULN
Current Academic Year
Admission at School Details
Part Time Timetable Status
Boarding Status
Date of Admission
Date of Leaving
Destination after Leaving
(Reason for Leaving – to come when available in Wonde)
Vulnerability Factors
Free School Meals (FSM) Flag
Free School Meals (FSM) Ever 6 Flag
Pupil Premium (PP) Flag (Including PP Notes)
Service Student Flag
CIC Flag
Ever CIC Flag
Child Protection Plan (CP) Flag
SEND Details
SEND COP Stage (E/K/N/Blank)
SEND Primary Need (Category Code, Description, Type)
SEND Needs with Rank
SEND Description
SEND Start and End Dates
Siblings At Same School
Sibling Name
Sibling Date of Birth
Attendance
Student Session Attendance (Date, Attendance Codes)
Summary Attendance:
Possible Marks
Authorised Absences
Unauthorised Absences
Late Before Register Closes
Late After Register Closes
Approved Educational Activity
Attendance Not Required|
Missing Marks
Exclusions
Exclusion Type Code and Description
Exclusion Reason
Exclusions Start Date
Exclusion End Date
Exclusion Sessions
Exclusion Appeal Received
Exclusion Appeal Result
Exclusion Appeal Result Date
Exclusion Appeal Reinstatement Date
Contacts with Parental Responsibility, including Special Guardianship Orders and Foster Parents
Contact Title
Contact First Name
Contact Last Name
Contact eMail (Primary Only)
Contact Mobile
Contact Address
Student Lives at this Address
Contact Parental Responsibility Flag – This is used to strip out all contacts without PR
Contact Relationship Type
Contact Court Order Flag – This is used to strip out contacts with a Court Order preventing contact
Doctors – This is used to confirm data we get from practitioners, including Health and Social Care
Student Registered at Surgery
Registered GP Name
Medical conditions
How will data be matched between systems?:
Data tables will be matched using the following criteria in order of reliability:
(1) UPN
(2) ULN
(3) A concatenation of Date of Birth as a text string with the Legal Last Name and the first three letters of the Legal First Name
(4) A concatenation of Home Post Code as a text string with the Legal Last Name and the first three letters of the Legal First Name
(5) Other methodology identified by the LA IT Services Team
Where no link is found, data will not be imported from the school MIS. Schools will be alerted where matches do not exist too ascertain whether the person is a new arrival in the LA or this is their first educational setting.
For personal identifiable health and social care data for planning and / or research purposes, has the National Data Opt-Out been applied?:
Yes / No / Not Applicable
What Data Retention Policies will be put in place?:
Education data will be held until the subjects’ 25th birthday, for safeguarding referrals, six years after the report, for Child Protection documents, 40 years and for looked after children, 75 years. For other Social Care and Health data, retention will be according to the NHS Records Management Code of Practice 2021 available at https://www.gov.uk/government/publications/records-management-code-of-practice-for-health-and-social-care .
How will the data be securely transferred and stored?:
Data will be transferred via the [data synchronisation tool]. [Insert Encryption Details]. Where the Microsoft Azure platform is used, the servers are located in Western Europe and where Microsoft PowerBI is used, the data is stored in Northern Europe.
What security measures will be put in place to mitigate risk of data breaches?:
Only defined users will have access to the education dataset and will have user-level access to the minimum data required to achieve their function.
Data will never be printed, nor stored on removable media. If exported from the data dashboard, it must be stored in password-protected XLSX files, only made available to users who have access to the whole system. Where used for planning purposes, exported data must be pseudonymised. Data may only be used for the purposes included within this ISA.
All partners should work to the NHS Data Security and Protection Toolkit, or the requirements of ISO/IEC 27001:2005 (ISO/IEC 17799:2005) or their equivalent.