Children Missing Education Process – Privacy Notice

Why do we collect and use this information?

Hampshire County Council is the Data Controller for the purpose of sharing with, as well as collecting and using information from other parents/carers, other local authorities, educational establishments, health professionals, Youth Offending Teams and the police; in order to carry out our legal duty to make arrangements to establish the identities of children in our area who are not registered pupils at a school and are not receiving suitable education otherwise. For those children identified as not receiving suitable education actions need to be taken to ensure they are returned to full time education either at a school or in alternative provision.

We collect information about children (including unborn children) and young people who have become categorised as CME as well as information about their parents/carers, as well as parents/carers and statutory partners who assist us with this process. We hold this personal data securely and use it to:

  • effectively track pupils of statutory school age and enquire about their current situation
  • consult and communicate with parent/carers when establishing whether their child is receiving suitable education
  • contribute to the core education record of pupils within Hampshire
  • undertake statistical forecasting and planning
  • undertake regular reviews and evaluate our policies and procedures to ensure that these continue to be fit for purpose in identifying children missing education in our area
  • refer this information to Hampshire County Council’s Children’s Social Care where there is concern for a child’s welfare
  • make a referral to the appropriate constabulary if there is reason to suspect a crime has been committed
  • share with other County Council services where their duties and powers support our work on CME
  • ensure compliance with our obligations under the accuracy principle of the UK General Data Protection Regulation (Article (5)(1)(d)), making sure our records about you and your family are up to date

CAPITA plc is a data processor for this information acting on our instructions for the purpose of delivering a contract to the County Council around the hosting and supporting of the CAPITA One system, which the County Council uses to store the information provided to us, as identified under this privacy notice. This includes accessing the CAPITA One system to fix any technical issues to ensure the system is fit for use.

The following sections provide further detail around the information we process setting out what allows us to do this (lawful basis), who we may share it with, how long we keep it for (the retention period), alongside identifying any rights you may have and who to contact if you think we’re not handling your information in the right way.

The categories of information that we collect, hold and share

The following personal and special category information is processed:

  • the child’s personal information (full name, Date of Birth, Full address including postcode, Gender) and information about the Health Establishment(s) they are registered with
  • the parent/carer’s personal information for parent/carer currently living with and if applicable who they are going to be living with (full name, address, telephone number, date the pupil is expected to start living there, if applicable)
  • the name of pupil’s destination school and the pupil’s expected start date there, if applicable
  • the grounds in regulation 8 under which the pupil’s name is to be removed from the admission register

The lawful basis on which we use this information

We collect and use the information ensuring that we comply with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA2018) requirements for processing through:

  • Article 6(1)(e) – the processing is necessary to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law
  • Article 9(2) (g) – Necessary for reasons of substantial public interest on the basis of Union or Member State law which is proportionate to the aim pursued and which contains appropriate safeguarding measures
  • Sch.1, Pt.2, 1 – Substantial public interest conditions, for processing under the DPA2018

These articles under the UK GDPR and the DPA2018 are supported by the following specific legislation:

  • Section 10 of the Children Act 2004
  • Section 436A of the Education Act 1996 (added by section 4 of the Education and Inspections Act 2006)
  • Education Act 1996 (section 7, 8, 14 and 19)
  • Education and Inspections Act 2006 (section 4 and 38)
  • Education (Pupil Registration) (England) Regulations 2006
  • Education (Pupil Registration) (Amendment) (England) Regulations 2016

Under this lawful basis we do not require your consent to process this information but we are required, through this privacy notice, to ensure you are fully informed of why we are collecting this information and what we will do with it.

Please note that no automated decision making (decisions taken without a person involved) occurs for any parts of these activities controlled by the County Council. The County Council does use profiling but only on the basis of identifying and supporting this group as established under statutory guidance.

Storing and securing data

The information provided to us will be held within the County Council’s CAPITA One system, which we use to provide our CME service case management system. The information held within CAPITA One will be kept in line with our retention schedule and then disposed of as appropriate. The County Council’s CAPITA One system is hosted by CAPITA plc in secure data centres based in the UK. Information is encrypted when in transit between County Council users of the system and the data centre the information is hosted within.

Any paper based correspondence will be scanned to create and electronic record and stored within the County Council’s Document Management System (DMS), with the paper version being destroyed in line with our retention schedule. If submitted electronically, the electronic record will be used and added to our DMS. The file will be linked to the record created in CAPITA One for reference. The information held within the County Council’s DMS will be kept in line with our retention schedule and then disposed of as appropriate. The County Council’s DMS is hosted by the County Council in secure UK based data centres, which are on site.

The County Council takes its data security responsibilities seriously and has policies and procedures in place to ensure the personal data held is:

  • prevented from being accidentally or deliberately compromised
  • accessed, altered, disclosed or deleted only by those authorised to do so
  • accurate and complete in relation to why we are processing it
  • continually accessible and usable with daily backups
  • protected by levels of security ‘appropriate’ to the risks presented by our processing

The County Council also ensures its IT Department is certified to the internationally recognised standard for information security management, ISO27001.

Who do we share information with?

We do not share information with anyone unless there is a lawful basis that allows us to do so.

We are required under the public task lawful basis set out above, to share information with School leaders, school staff and governing bodies in all maintained schools and academies, independent schools; Health professionals; Youth Offending Teams; other local authorities (particularly if a child has moved out of area); and the police, for the purpose of tracking and making enquiries about children of statutory school age who are not registered pupils at a school and are not receiving suitable education otherwise. We may also share information through the County Council’s role in the Hampshire Safeguarding Children Partnership (HSCP) to comply with their statutory duties.

When sharing information with other Local Authorities for checking, tracking and making enquiries, we may post the child’s details to the Department for Education’s (DfE’s) S2S secure system.

Depending on the individual circumstances of each situation, we may have to share this information with other teams within the County Council to fulfil other duties and powers to support our work on CME. These might include:

  • our Education Inclusion Service, in order to arrange suitable full-time education for permanently excluded pupils from the sixth school day of exclusion and to notify them when a parent advises that they are Electively Home Educating their child
  • our Children’s Social Care Teams in order to safeguarding children’s welfare, and to meet our duty to cooperate with other agencies in improving children’s well-being, including protection from harm and neglect
  • our Legal Intervention Court Officers in order to:
    • serve notice on parents requiring them to satisfy the County Council that the child is receiving suitable education, when it comes to the County Council’s attention that a child might not be receiving such education
    • issue School Attendance Orders (SAOs) to parents who fail to satisfy the County Council that their child is receiving suitable education, if deemed appropriate that the child should attend school
    • if it is required, prosecute parents who do not comply with an SAO
    • prosecute or issue penalty notices to parents who fail to ensure their school-registered child attends school regularly
    • apply to court for an Education Supervision Order for a child to support them to go to school

Requesting access to your personal data and your rights

Under data protection legislation, individuals have the right to request access to information about them that we hold. To make a request for your personal information, or someone you have responsibility for, please contact the Children’s Services Department’s Subject Access Request (SAR) Team.

You also have the right to:

  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by solely automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
  • claim compensation for damages caused by a breach of the Data Protection regulations

Please note that under the UK GDPR, there is also a right to erasure but the right to erasure does not provide an absolute ‘right to be forgotten’. Where the data being processed is for the purpose of ‘performing a task in the public interest or for our official functions, and the task or function has a clear basis in law’ (Article 6(1)(e)), this right does not automatically apply.

Further information

You have some legal rights in respect of the personal information we collect from you. See our Data Protection page for further details.

You can contact the County Council’s Data Protection Officer by email data.protection@hants.gov.uk.

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office.