Dept. For Education Guidelines

The request was partially successful.

Dear Department for Education,

I am aware of a school that uses what it refers to as "our interpretation" of the Protection Of Freedoms Act 2012. Its interpretation is very debatable and nothing like the Department For Education Guidelines.

1 Should all schools adhere to Dept. For Education Guidelines on the POF Act 2012?

2 Can schools legitimately ignore the Dept. For Education guidelines and make up their own interpretation of the POF Act 2012?

3 Assuming that the Dept. For Education took legal advice upon which it based the Guidelines, if the answer to 2 is yes, can schools legitimately make up their own alternative interpretation of the POF Act 2012 without basing that interpretation on professional written legal advice?

Yours faithfully,

mr j garlits

Department for Education

Dear Ms Britt

Thank you for your recent enquiry. A reply will be sent to you as soon as possible. For information; the departmental standard for correspondence received is that responses should be sent within 20 working days as you are requesting information under the Freedom of Information Act 2000. Your correspondence has been allocated reference number 2013/0070064

Thank you

Department for Education
Ministerial and Public Communications Division
Tel: 0370 000 2288

show quoted sections

Department for Education

Dear Mr Garlits,
Thank you for your email dated 8 October 2013 regarding the Protection of
Freedoms Act 2012.
I should first start by confirming that the department’s advice on the
Protection of Biometric Information of Children in Schools is
non-statutory. Schools are not required to follow the advice but it
explains the legal duties they are subject to if they wish to use
biometric information about pupils and how schools comply with those
duties. The key message of the advice is that there are no circumstances
in which a school or college can lawfully process a pupil’s biometric data
without having: a) notified each parent; and b) received the necessary
consent. Where pupils were already enrolled in a biometric system before
the new duties came into force on 1 September 2013, schools wishing to
continue processing biometric information must have obtained consent
before that date.


The advice mentioned above sets out clearly for schools what their
responsibilities are with regards to collecting and storing biometric
information. Schools can then draft their own policies or guidance with
regards to this, although there is no statutory requirement to do so.


If you have concerns about a school’s collection and use of biometric
data, you should first complain to the school using the formal complaints
process. Each school in England is required by law to have a complaints
procedure and to publicise that procedure. If, having exhausted the full
complaints process (including appealing), you are not happy with the
outcome of your complaint, then two further options are available to you:


1)  If the school has failed to comply with its duties under the
Protection of Freedoms Act (e.g. failing to notify each parent of a child
of the school’s intention to use the child’s biometric data), and the
school concerned is a maintained school, the Secretary of State may
consider and investigate the complaint directly with the school’s
governing body.


2)  If the school has failed to comply with the Data Protection Act (e.g.
processing or handling the data inappropriately), the Information
Commissioner’s Office (ICO) may investigate the complaint. During the
course of their investigation the ICO has the power to:


·         serve Information Notices to request specified information to be
provided to the ICO in a set time period;

·         issue undertakings which commit organisations to taking steps to
improve data protection practices;

·         serve enforcement notices - 'stop now' orders - to require
organisations where there has been a breach to take steps to come into
compliance with the law;

·         conduct assessments/audits to assess the practices of
organisations, both voluntarily and compulsorily (for data protection

·         issue monetary penalty notices (up to £500,000 for serious
breaches), as of 2010;

·         prosecute criminal offences; and

·         report to parliament matters of concern.


However I should stress that we would expect that any issues concerning
the collection of data would be resolved through the school complaints

Your correspondence has been allocated reference number 2013/0070072. If
you need to respond to us, please visit:
[1], and quote your reference number.

Yours sincerely,

Greg Wilde
Teachers' Pensions & Deregulation Division

show quoted sections

Communications via the GSi may be automatically logged, monitored and/or
recorded for legal purposes.


Visible links