How and when we share the pupil, child and workforce data we collect.
Data we collect
The Department for Education has legal powers to collect the pupil, child and workforce data that schools, local authorities and awarding bodies hold.
For more information on the legislation which allows this, see:
- section 114 of the Education Act 2005
- section 537A of the Education Act 1996
- section 83 of the Children Act 1989
This data forms a significant part of our evidence base. We use it:
- in school performance tables
- in adoption scorecards
- in statistical first releases
- to evaluate and inform educational policy
- to assess funding to local authorities and schools
We hold pupil-level data in the National Pupil Database (NPD).
Schools and local authorities must provide privacy notices to staff, parents and pupils to explain how their personal data will be collected and used.
How we share data
Data sharing must meet legal requirements
The law allows us to share pupils’ personal data with certain third parties, including:
- local authorities
- organisations who make products connected with promoting the education or wellbeing of children in England
- other government departments and agencies
Other regulations allow us to share workforce data with a number of third parties.
Anyone who wants to use Department for Education data must comply with:
- strict confidentiality and security rules
- the Data Protection Act 2018
- the General Data Protection Regulations (GDPR)
How we meet privacy and data protection standards in data sharing
We use the Office for National Statistics (ONS) “Five Safes” data protection framework to make sure that the data, people, projects, settings and outputs are safe.
We only share our data with people we trust to use it safely and responsibly.
To receive data directly from DfE, you have to:
- provide a copy of a ‘basic disclosure’ certificate that is no more than 2 years old
- sign an individual declaration form to confirm that you abide by DfE data sharing agreements
- complete recognised data protection and information security training
We are working with the ONS to provide access to DfE data using ONS physical and virtual datalabs, known as the Secure Research Service (SRS). To access DfE data through these datalabs, you have to:
- be approved by DfE
- complete the ONS approved researcher scheme
DfE has a senior board, the Data Sharing Approval Panel (DSAP), which makes sure all external requests for personal data are:
The board includes senior internal and external data and legal experts who meet regularly to consider cases and approve or reject requests for DfE.
Formerly the Data Management Advisory Panel (DMAP), DSAP covers requests for all DfE’s data, rather than just national pupil database data. The board will also make sure they are consistent with ONS Secure Research Service standards.
From September 2018 we will provide access to DfE data for research purposes through the ONS Secure Research Service physical and virtual datalabs. This is a safer way to access data compared with the transfer of data files to individual organisations.
It’s not always suitable to get data through the Secure Research Service. If you’re receiving data directly from DfE, we make sure that data is only provided to your organisation and held in a safe settings by checking:
- your organisation’s IT and building security
- you don’t keep the data for longer than allowed
When applying to receive our data, you have to make it clear how you intend to use the data and follow the relevant agreement and schedule for the data share.
When working through the SRS, if you want to use the results from your analysis outside of service these will be checked by ONS. They will make sure the outputs protect data confidentiality and can’t be used to identify any specific individuals or organisations.
We now classify all of data leaving DfE against 2 scales, rather than using ‘tiers’:
- how sensitive the data item is
- the level of risk that an individual could be identified
This makes it easier for us to be transparent about what kind of data we share with third parties, and our decision making. These new classifications will describe the data in DfE external data shares from November 2018.
Who has requested data from us
You can view:
- data sharing requests approved through the former DMAP, covering pupil level data (data sharing requests approved by the DSAP will be published from November 2018)
- national pupil database (NPD) third-party requests - these are NPD data shares which are either approved or pending a decision (this gives a wider view of all requests received into the NPD request process)
- external organisation data shares - our overview of ongoing personal level data sharing delivered via memorandums of understanding, data sharing agreements and service level agreements, including an update on police, Home Office and Family Court Order use of limited parts of our data when they have clear evidence of a criminal activity