The Data Protection Act 1998 governs how all personal data is used, and what rights individuals have in relation to their personal data. It requires data controllers - that is anyone processing personal data, such as schools - to notify the Information Commissioner of the personal data they hold, and the purposes for which it is held.
All processing of data must comply with the 8 principles of data protection. In brief, personal data must be processed fairly and lawfully, and not used for any other purpose than that for which it was obtained. The data must be adequate, relevant, not excessive, accurate, up-to-date, and not kept any longer than necessary.
Anyone has a right of access to the personal data held about them. If anyone formally asks to see the data you hold on them, it is known as a "Subject Access Request". You must provide the requested data in accordance with the Act.
For help or guidance in dealing with requests for personal data, see Issue 3 of the Newsletters issued by the County Council's Information Governance team (Please note that your school will have to be signed up to the Information Governance Unit SLA to view the newsletters and logon details will be required). The Information Commissioner's Office has also recently published guidance on Access to pupils' information held by schools in England which you may find helpful.
You can also find information on data protection, particularly on Fair Processing Notices (also know within schools as Privacy Notices) and sharing data with Connexions, on the the Pupil Database Team web pages.
Guidelines for publishing images of children, and CCTV advice for schools are in Procedures under Information Legislation
Last Modified: 03 June 2010, 10:00
Page Last Modified:
Back to top