NUT Self-help materials are FAQs which address common employment issues affecting teachers and are entirely problem focused. They are not intended as a substitute for telephone or face-to-face advice, but are additional to the support provided by the NUT Adviceline, school/college reps, divisions and regional/Wales offices.
If you require more detailed advice, or are unable to find the answers you are looking for,
contact the NUT Adviceline (Telephone: 0203 006 6266); Email: email@example.com.
Members in Wales should call 029 2049 1818 or email firstname.lastname@example.org
Policy and legislation may differ between England and Wales. Each self-help document is marked as intended for teachers in England or Wales or both. If a particular issue is covered, but not for either England or Wales, please contact the NUT AdviceLine or the Wales Office, as appropriate.
Data protection: guidance for local officers
Prior to the GDPR coming into force on 25 May 2018 schools/colleges will be engaged in the process of mapping all the personal data they hold. Although staff data should form an important part of the mapping exercise, it is likely that headteachers and principals will be focused primarily on pupil/student data and the need to ensure that this data is processed in keeping with the requirements of the new legislation. Below is a summary of staff and local officer concerns which have been brought to the attention of Headquarters in previous years and which should receive consideration as part of your school’s/college’s mapping exercise:
Under the School Staffing Regulations 2009 in England and the Staffing of Maintained Schools Regulations 2006 in Wales schools are under an obligation to maintain a Single Central Record which requires them to record the dates on which they carry out checks on identity, qualifications, DBS and prohibition checks. Schools have also had to check all new appointees’ right to work in the UK. The Immigration (Restrictions on Employment) Order 2007 and the Education (Supply of Information About the School Workforce)(No.2)(England) Regulations 2007, or in Wales, the Education (Supply of Information about the School Workforce)(Wales) Regulations 2017, which run parallel with the requirements of the School Staffing Regulations, impose additional obligations on schools.
To establish an appointee’s identity, the employer is entitled to check their birth certificate, driving licence or passport, combined with evidence of address. In the past a number of schools and local authorities, quoting OFSTED as the justification, have demanded that Heads must photocopy the documents checked and retain them on file. It should be noted that the relevant regulations require original documents to be checked and for the checks to be recorded on a central record. There is no additional requirement to retain copies of the documents checked. As part of their mapping exercise, schools should ensure they do not hold the documents mentioned above unless they can identify a lawful reason for doing so.
The Union takes the view that confirmation by the DfE, through the Teacher Services’ database, that a person is qualified to work in a school is sufficient to meet the requirements of the relevant regulations. School staff should not be asked to provide certified copies of their qualifications where records exist at the DfE. Where qualifications cannot be verified by the DfE, schools are entitled to seek to verify purported qualifications by checking qualification certificates, but they should not retain copies on file unless they can satisfy one or more of the conditions that must be met before personal data may be processed lawfully (refer to Annex 4.1 of data protection: a toolkit for schools). Furthermore, the lengths to which individuals are expected to go to verify their qualifications should be proportionate.
Keeping Children safe in Education (September 2016) provides that “Schools and colleges do not have to keep copies of DBS certificates in order to fulfil the duty of maintaining the single central record. To help schools and colleges comply with the requirements of the Data Protection Act, when a school or college chooses to retain a copy, it should not be retained for longer than six months.”
As part of their mapping exercise schools should ensure they do not hold DBS certificates for longer than the DfE recommends unless they can satisfy one or more of the conditions that must be met before special category data (i.e. sensitive personal data) may be processed lawfully (refer to Annex 4.1 of data protection: a toolkit for schools).
Under the Immigration (Restrictions on Employment) Order 2007 employers must take all reasonable steps to check the validity of certain original documentation before employing school staff and also retain copies of the same on file for a period of not less than two years after the employment has come to an end. In the Union’s view employers are not required to hold passport and other details listed in the Order in respect of staff employed before 29 February 2008 unless they are subject to immigration control. In the past a number of schools and local authorities have demanded that Heads must photocopy the passports of all staff in post, regardless of when they were employed, and retain them on file.
We believe it is reasonable for schools and local authorities to seek to retrospectively ‘check’ the passports or other prescribed documents of staff employed prior to 28 February 2008 to ensure that their continued employment is lawful. However, it is not reasonable to copy and retain the documents on file in the absence of explicit consent or a statutory right to do so. Passports contain sensitive personal data which cannot be processed unless the conditions necessary to process it lawfully are met.
Overseas checks are normally carried out where job applicants who have worked mainly outside the UK apply to work at a school in England or Wales. The Union takes the view that such checks are necessary only where applicants have not lived and worked in the UK for a sufficient period (e.g. three years) for a DBS check to be sufficient.
In recent years a number of local authorities have demanded that Heads must conduct overseas criminal checks on anyone who has worked abroad for at least twelve months in the past ten years. They say it is a statutory requirement, but the requirement appears to apply only to visa applicants and therefore to workers subject to immigration control.
As part of their mapping exercise schools should ensure they do not hold documentation relating to overseas criminal checks unless they can satisfy one or more of the conditions that must be met before special category data (i.e. sensitive personal data) may be processed lawfully (refer to Annex 4.1 of data protection: a toolkit for schools).
Sickness absence insurance provides the employer with cover for the cost of employing a replacement when an insured member of staff is absent from work due to accident or sickness. The insurance policy may also cover absences for other insured reasons, such as bereavement. Where absences qualify for insurance cover, employers may be asked to submit a form detailing:
As part of the their mapping exercise schools should ensure they do not transfer health related information to insurers unless they can satisfy one or more of the conditions that must be met before special category data (i.e. sensitive personal data) may be processed lawfully (refer to Annex 4.1 of data protection: a toolkit for schools).
For advice on the rights of staff to object to processing go to www.teachers.org.uk/help-and-advice/self-help/m/making-work-fit.
In recent years there has been a growing use of fingerprint technology in schools for low-level purposes (e.g. cashless canteens, registration, restricting access to parts of the school etc.). Members have raised concerns in the past about pressure to submit to biometric systems without consultation and sometimes in the absence of explicit consent. The DfE guidance ‘Data protection: a toolkit for schools’ provides a model biometric data policy for schools (page 22). The policy ensures the following safeguards for staff:
“Where staff members or other adults use the school’s biometric system(s), the school will also obtain their consent before they first take part in it and provide alternative means of accessing the relevant service if they object. Staff and other adults can also withdraw consent at any time and the school will delete any relevant data already captured.”
As part of their mapping exercise schools should ensure they do not hold biometric data belonging to individual members of staff unless they can satisfy one or more of the conditions that must be met before special category data (i.e. sensitive personal data) may be processed lawfully. They should also ensure that biometric data is not held for longer than is necessary (e.g. after a member of staff has left the school).
In recent years a growing number of local officers have encountered problems in persuading local authorities and schools to provide NQT and establishment lists in accordance with the arrangements detailed in the Burgundy Book (Appendix III, section 7(b) and (c)). The local authorities and governing bodies cite the Data Protection Act 1998 as the reason for their refusal. This is despite the fact that the Act precedes the current arrangements under the Burgundy Book.
Division secretaries are asked to remind local authorities and governing bodies that the GDPR does not prevent them from disclosing “non-sensitive” data where it is necessary to do so for the purposes oflegitimate interests pursued by a third party (i.e. the Union). The Union believes that the principles of collective representation and bargaining are entirely legitimate interests of trade unions for the purposes of the GDPR. The regulations do not present an obstacle to disclosure of the fact that the staff members whose names, roles and schools appear on a list have been recruited to the MAT’s, governing body’s or local authority’s employment.
Disclosure for this purpose does not require the consent of individuals whose names appear on the list, but if the MATs, governing bodies or local authorities prefer to ensure that their newly recruited and existing staff know that their names, roles and school addresses may be disclosed to the teacher organisations, they have the opportunity to draw their attention to this in the fair processing notice they issue to staff, and indeed, if they prefer, to withdraw from the list the name of any staff member who objects.
Local officers may refer to the model letter contained at www.teachers.org.uk/paytoolkit/pay-progression-2016-making-data-requests where a MAT, governing body, headteacher or local authority refuses to provide NQT and establishment lists for data protection reasons.
There are occasions when the Union seeks equality monitoring data relating to the school workforce either for negotiating or bargaining purposes or to support individual casework and collective action. For example, the Union may seek details of the protected characteristics of
The Union has been denied such information in the past on the basis that disclosure may lead to the identification of an individual. However, the GDPR permits the disclosure of information which may identify an individual where
A model letter of authority is available at www.teachers.org.uk/help-and-advice/self-help/d/data-protection for those occasions when the headteacher, Trust, school governing body, or local authority will not disclose equality monitoring data without the explicit consent of the person(s) they believe may be identified from the information disclosed.
To ensure that equality monitoring data is disclosed to the Union as a matter of course, lay officers are advised to negotiate workplace policies which contain an obligation on employers to monitor the equality impact of their policies on staff and to share the results with the staff unions. A model equality statement and checklist for bargaining purposes may be found in the closed website at www.teachers.org.uk/pay-pensions-conditions/academies/bargaining-support.
What local officers can do to protect members
The steps outlined below may ensure that some of the concerns that have arisen in the past are brought to the employer’s attention for consideration and action. You may:
Below are model letters and other materials to assist local officers and workplace reps:
Model letter for raising staff concerns with school/college leaders.
Model letter of authority to obtain the consent of staff to the disclosure of their equality data
GDPR Video a short (22 minute) video which seeks to address some of the data protection issues raised by reps, caseworkers and organisers. The video may be accessed here.
Summary of staff and local officer concerns