Thank you for contacting us regarding the latest Department for Education (DfE) external data shares outlining requests from third party organisations wishing to access information in the National Pupil Database (NPD).
As per our previous correspondence, you may well be aware that we are in regular communication with both the DfE and the Information Commissioner’s Office (ICO) regarding the privacy and confidentiality issues. We shared your concerns at our most recent meeting with them.
The DfE reported that they had made significant progress with moving to the Office for National Statistics (ONS) Secure Research Service (SRS) as the default data sharing platform, although there are, and will continue to be, cases where this does not meet needs and a data transfer will be necessary. In these cases, strict processes are followed to ensure that organisations receiving data directly have secure systems and mechanisms in place to control who can access the data.
From our perspective, it is clear that DfE have put in place a range of measures to support appropriate access to and use of the NPD. Please see the attached annex which sets out how these measures relate to the Data Governance (T6) practices in the Code of Practice for Statistics. Our judgement is that DfE’s measures are consistent with these practices in the Code.
To further increase transparency, DfE agreed at our most recent meeting that it would focus on:
- Making clearer the reasons why some organisations obtain the data directly and others access it via ONS.
- Making more information available about what is done to safeguard data once shared, and to publicise this more.
- Routinely publishing relevant information from Data Protection Impact Assessments.
We will continue to meet with DfE and ICO regularly and will follow up on these improvements with them.
Director General for Regulation
See PDF for Annex
Ed Humpherson to Jen Persson (October 2018)