Helping you comply with your responsibilities to information rights in schools, colleges, and universities.
Last updated 14 March 2017: Sections on fundraising and marketing and surveillance in education organisations added.
Fundraising and marketing in education organisations
If you're planning a fundraising or marketing campaign, it is essential that it is undertaken in line with the Data Protection Act and Privacy and Electronic Communication Regulation (PECR). The ICO has produced a number of resources that offer guidance about how organisations can ensure the activities undertaken are compliant with the law.
In the event that an education organisation decides to use surveillance technology, ie CCTV and body worn video it needs to be done in line with the Data Protection Act. Advice about these technologies is provided in our CCTV code of practice.
It is important to make sure that any images are only used for the purpose you have specified. Individuals have to be made aware they may be recorded and appropriate measures must be put in place to keep the recorded images secure.
We recommend that schools always undertake a privacy impact assessment (PIA) before deciding whether or not to use surveillance technology.
Information rights video for schools
Aimed at head teachers, managers and governors, this video focuses on the areas we think are most relevant.
Helping children understand the value and importance of their personal information, how to look after it, and the obligations organisations have.
Data protection – looking after the information you hold
Your pupils and students have rights to see their personal information. They can make a subject access request to see the personal information you hold about them. They – and their parents – also have the right to see their educational records.
Our subject access requests webinar offers advice and guidance about best practice.
The Protection of Freedoms Act 2012 places controls on the use of biometric systems in schools, for example for cashless catering or borrowing library books.
If you intend to publish exam results in the media, you must inform your pupils and students first.
Taking photos in schools
The Data Protection Act does not prevent parents and teachers from taking photos of events such as the Christmas play or sports day. Asking permission to take photos is normally enough to ensure compliance.
Bring your own device (BYOD) guidance
Guidance for organisations who want to allow staff to use personal devices to process personal data that they are responsible for.
The Department for Education have also provided guidance on data protection for schools considering cloud software services.
Guidance on the use of cloud computing
This guidance covers how the security requirements of the DPA apply to personal data processed in the cloud.
Advice based on the experiences of schools
Our report, indicating areas of good practice, areas for improvement and practical advice, is based on the results of a questionnaire of over 400 schools across nine different local authorities in England and Wales.
Freedom of information - making public information available
If the educational establishment you work in is a public authority, the Freedom of Information Act means you must produce a publication scheme, which outlines the information you will routinely make available to the public - such as minutes of meetings, annual reports or financial information.
Our definition documents explain the detail of what you need to publish: