Jon,
I would start by rewriting to avoid language like data subject and data-processor arrangements. Just tell them what they need to know.
For example "We need consent from students because once they reach a certain age, they can make these decisions for themselves. Under the law, we are required to make the following records available (cite relevant legislation and refer to ICO guidance on what needs to be disclosed). Anything extra to this will need consent from the student. If they come from a new school, we will need to consider the previous arrangements. However, we need to make sure that the student has been consulted and given consent before we share information in this way"
I am sure this can be improved on as it is a rough and ready way to reducing the danger of legalese.
I hope this helps.
Best,
Lawrence
Principal Information Management Officer
Durham County Council
Room 4/140
County Hall
County Durham
DH1 5UF
0191-372-8371
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Dunster, Jon
Sent: 06 January 2011 12:49
To: [log in to unmask]
Subject: [data-protection] Parental access to student information (again!)
Hi there,
We are an FE college dealing mostly with students of 16+ though there are a number of 14-16 students sent here by schools.
There is a cunning plan to allow remote parental access to students' academic records and there seems to be an assumption that we can do this without any further consent from the students. I've disagreed and taken the following stance:
"The data subject (the student) will be required to give consent before a parent may access their records since there is no exclusion by which we could disclose this data to a third party (the parent) without it. This applies to any student over the age of 12 (the age by which the ICO says a child becomes independent).
Note that in a school environment (only) the Education (Pupil Information) (England) Regulations 2005 come into play which give a parent the right of access whilst the child is in school.
If a student is sent to us from school then we will likely be in a data-processor arrangement for the personal data (educational record) held by the school. If a parent wants access to that data then it must be made through the school and we must not disclose the data directly."
Can anyone please comment as to whether this position stands up to scrutiny?
Best wishes,
Jon
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|