Advice and guidance on information sharing, including information sharing agreements and privacy notices.
Information sharing agreements
Following a review of our data sharing arrangements, we asked all Derbyshire schools and academies to sign a local Information sharing agreement under the Derbyshire Partnership Forum Information Sharing Protocol. This agreement will be reviewed on a regular basis.
The Information Commissioners Office (ICO) guidance on information sharing agreements, which it refers to as 'data sharing agreements or protocols', is as follows.
Data sharing agreements - sometimes known as 'data sharing protocols' - set out a common set of rules to be adopted by the various organisations involved in a data sharing operation. These could well form part of a contract between organisations. It is good practice to have a data sharing agreement in place, and to review it regularly, particularly where information is to be shared on a large scale, or on a regular basis.
A data sharing agreement should, at least, document the following issues:
- the purpose/s of the sharing
- the potential recipients or types of recipient and the circumstances in which they will have access
- the data to be shared
- data quality – accuracy, relevance, usability
- data security
- retention of shared data
- individuals’ rights – procedures for dealing with access requests, queries and complaints
- review of effectiveness/termination of the sharing agreement
- sanctions for failure to comply with the agreement or breaches by individual staff
For more information see the ICO data sharing code of practice Information Commissioners Office (ICO) guidance on information sharing agreements
Secure document transfer portals
To share confidential data securely and comply with statutory regulations in regard to the sharing of personal information, schools can access various secure data transfer systems.
Perspective Lite secure area
The Perspective Lite secure area provides secure two way communication between the local authority and schools. It is used to transfer confidential documents containing pupil details and/or staffing details.
Only a limited number of staff in schools will have permission to see this area and access to it must be authorised by the headteacher.
Department for Education (DfE) school to school website
This system allows schools to securely share pupil files with other schools, the DfE's missing pupil database and the Local Authority. It is normally used to share common transfer files relating to pupils transferring schools.
The Data Protection Act (DPA) requires that personal data be processed fairly. This means that people should generally be aware of which organisations are sharing their personal data and what it is being used for.
The DfE recommends as 'good practice' data controllers at all schools and academies issue parent or carers, pupils and staff a privacy notice which explains why personal information is being held and who it is being shared with.
They can be issued to new learners or staff by your school at the same time as other communications. For example, a pupil might receive the privacy notice as part of a school brochure or induction pack. For staff, a privacy notice might be included as part of a contract or induction pack, and/or posted on the staff notice board. The staff privacy notice should mention the data sharing requirement of the 'School Workforce Census'.
It is also good practice to publish your privacy notice on your schools website.
It is recommended you review and update your privacy notices on an annual basis and reissue updated versions.
For further information, see the DfE Guidance on data protection and privacy notices and data sharing code of practice which is attached to this page.