Another decent, live example.

 

Amidst a complaint raised, a parent has asked for all information about them and their child (who is 16). Part of the information held about the child includes information about home life and incidents that have been confidentially shared. The parent is aware of their side of the incident, but may not have all the information from their child.

 

The school was going to seek consent from the child on the whole SAR (based on the idea they had about this was the age of competence set out by DPA18 … we have had a conversation about that now, though S208 for Scotland makes it interesting … must ask ICO and DfE about that for England!) but are now going to review information that could cause harm (Designated Safeguarding Lead to review and appraise), discuss with the child and see if there is any objection to specific sets of information.

 

Based on the age of the child, not being able to tie down what the child truly understands about their digital footprint within the school (and wider), that there may be information that could cause harm or distress to the child (it is exam period … they are stressed out as it is and there are other things in the background too), I can’t see of anything else that the school can do.

 

I’ve gone through the previous conversations about sharing data with parents and whilst an earlier conversation talked about consent with students with FE (re Jon Baines’ reference to UNCRC), but has the view of any others changed on this?

 

-- 

Tony Sheppard CIPP/E

Head of Services

GDPR in Schools

 

The information in this email and any attachment(s) is confidential and intended solely for the use of the addressee. If you are neither the addressee nor an authorised recipient for the addressee, please notify the sender and delete the email from your system immediately. Unauthorised use, dissemination, distribution, publication or copying of this communication or attachments is prohibited and may be unlawful. Our messages are checked for viruses but please note that we do not accept liability for any viruses which may be transmitted in or with this message. Views expressed by an individual in this email do not necessarily reflect the views of GDPR in Schools Ltd.

GDPR in Schools Ltd is a private limited company registered in England and Wales. 
Registered office: 11 Kingsley Lodge 13 New Cavendish Street, London, United Kingdom, W1G 9UG.
Company registration number: 10699302.
ICO registration number: ZA248932.

All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html

Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):

All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html and are sent in the body of an otherwise blank email to [log in to unmask]

Any queries about sending or receiving messages please send to the list owner [log in to unmask]

(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)