Dudley Council
Dudley Skyline

The Education Investigation Service School Attendance Privacy Notice

This notice explains what personal data (information) we hold about you and your child/ren, how we collect the information and how we use and may share the information.

We are required to give you this information under data protection law.

This privacy notice applies to the Education Investigation Service’s (EIS) work in relation to school attendance, specifically:

  • Investigations and any subsequent action and/or legal action taken where offence/s under Section 444 (1) or (1) (a) Education Act 1996 are suspected
  • Investigations and any subsequent action and/or legal action taken in relation to applying for School Attendance Orders under Section 437 (3) Education Act 1996 or suspected failure to comply with a School Attendance Order under Section 443 Education Act 1996
  • Referrals for deletions from admission registers under Regulation 8 of the Education (Pupil Registration) (England) Regulations 2006 amended

NB – Separate privacy notices cover the work of the EIS Child Employment Officer, Child Missing Education Officer and Elective Home Education and Gypsy Roma Traveller Services Officer

Who we are

Dudley MBC (DMBC) collects, uses and is responsible for certain personal information. When we do so we are regulated under the General Data Protection Regulation and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

EIS is our statutory service for the enforcement of school attendance and other education related legal interventions for children in employment, children in entertainment and elective home education.

Our work in relation to school attendance is initiated on receipt of referrals from schools within the Dudley borough.

What we do

Education Investigation Officers (EIOs) carry out statutory legal intervention work alongside service managers and administrative support staff. Our investigations can result in the issuing of warning notices, fixed penalty notices, school attendance orders, court prosecutions, authorised deletions from school registers and referrals being made to other internal and external agencies.

We process personal data about parents, children and young people for investigation and enforcement purposes.

Reasons we can collect and use your personal information

We collect and use your personal information to comply with our legal obligations and while in the course of our enquirers relating to the commission and/or suspected commission of criminal offences.

If we need to collect special category (sensitive) personal information, we rely upon reasons of substantial public interest (safeguarding of children and of individuals at risk, and equality of opportunity or treatment), and for the establishment, exercise or defence of legal claims whenever Courts are acting in their judicial capacity.

Processing is necessary for compliance with our legal obligations underpinned by acts of legislation, regulation and guidance that dictate what actions can and should be taken by local authorities, including but not limited to:

  • The Human Rights Act 1998;
  • The Equality Act 2010, which prohibits discrimination on the basis of a person’s age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage, civil partnership, pregnancy and maternity;
  • The GDPR and the Data Protection Act 2018;
  • The Children Act 1989;
  • The Crime and Disorder Act 1998;
  • The Criminal Proceedings and Investigations Act 1996;
  • The Police and Criminal Evidence Act 1984; and
  • The Education Act 1996
  • The Department for Education ‘School Attendance – Guidance for maintained schools, academies, independent schools and local authorities’ (latest version)
  • The Department for Education ‘Children Missing Education – Statutory guidance for local authorities’ (latest version)

What personal information do we collect to deliver this service?

While carrying out investigations, we collect the following information:

  • school pupil information records (personal identifiers and contacts such as name, unique pupil number, contact details and address)
  • characteristics (such as ethnicity, language, and free school meal eligibility)
  • safeguarding information (such as court orders and professional involvement)
  • special educational needs (including the needs and ranking)
  • attendance summaries (such as sessions attended, number of absences, absence reasons and any previous schools attended)
  • assessment and attainment (such as phonics results, Key Stage 1 and 2 results, KS post 16 courses enrolled for and any relevant results)
  • behavioural information (such as exclusions and any relevant alternative provision placements put in place)
  • school communication logs and letters
  • meeting notes (including those held with school staff and other agencies)
  • pupil records from other agencies (for example, the Education Psychology Service)
  • family records from Early Help and/or Social Care services
  • Witness statements
  • Statements made by those interviewed under caution
  • Special category information, such as the pupil’s health and medical conditions
  • Criminal offence information relating to convictions for the offences listed above only

How do we collect this information?

Information is primarily collected from schools. Documentation is submitted via our secure EIS or EIO email addresses, virtual meetings and/or interviews or in person through meetings and/or interviews.

Information is also collected in the same manner internally from other DMBC services and also from external agencies where necessary.

How do we use this personal information?

The EIS process, manage, maintain and protect all information according to legislation, policies and good practice.

All information is stored, processed and communicated in a secure manner making it readily available to authorised users.

How is your personal information stored and kept secure?

DMBC have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way.

We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Personal information relating to EIS investigations is stored electronically on Dudley MBCs secure network. Some paper records are held during the course of an investigation. These are kept in locked, secure office storage and when paper records are transported out of the office, it is done so in line with DMBCs Information Protection Policy.

How long your personal information is held for?

Personal data will not be retained for longer than necessary in relation to the purposes for which it was collected. There is usually a legal reason for keeping your personal information for a set period of time. This ranges from months for some records to decades for more sensitive records.

If you require more information about our retention schedule please contact us at information.governance@dudley.gov.uk 

What is the legal basis for the collection and use of your personal information?

Our lawful bases for processing personal data are:

  • For the processing of personal data –
    • Compliance with our legal obligations
  • And, for the processing of Special Category data including information relating to religious beliefs, health information and ‘Criminal Offence’ information –
    • Tasks carried out in the public interest and/or in the exercise of official authority

A special policy has been put in place to ensure appropriate processing of Special Category and Criminal Offence information.

Who we may share your information with

We do not share information about our children or young people with anyone without consent unless the law and our policies allow us to do so. We may share your information with a range of agencies and services including but not limited to:

Internal agencies and services:

  • The Multi-Agency Safeguarding Hub (MASH)
  • Children and Adult Social Care services
  • CART (Child and Adolescent Response Team)
  • Early Help services
  • Virtual school
  • Safeguarding and review
  • Other DMBC teams so they can carry out their statutory roles and support our service (e.g. youth support services, legal services, housing, education, revenue and benefits, complaints, Business Intelligence, corporate finance, Quality Assurance)

External agencies and services:

  • Other local authorities and/or schools e.g. during the course of our Regulation 8 work
  • Government departments e.g. Department for Education, Department of Health
  • Youth support services
  • GPs / NHS Trusts / NHS England / School Nurse & Health Visitor services / Clinical Commissioning Groups (CCGs)
  • Police
  • Benefit agencies
  • Housing agencies
  • Education providers (e.g. academies, maintained schools, pupil referral units, independent schools and independent specialist providers, FE and sixth-form colleges)
  • Early years providers in the maintained, private, voluntary and independent sectors that are funded by Dudley Council
  • Child and Adolescent Mental Health Services (CAMHS)
  • Youth Offending Services / Probation Services
  • HM Courts & Tribunals Service
  • Education, employment and training (NEET) Support Services
  • National Anti-Fraud Network (NAFN)
  • Contracted services including those provided by voluntary organisations and community groups working with young people
  • Commissioned social care and/or health services
  • Your legal representative or another advocate (if you have instructed one)
  • Independent education support services (e.g. companies commissioned by schools to carry attendance services)
  • Staff in each area will only access the personal information that is essential to carry out their work and statutory functions but may share data between the respective teams where this is necessary to provide you with services.

All organisations we pass your information to will have an information-sharing agreement with us to ensure they meet the standards of the GDPR and the Data Protection Act 2018, and will be covered by a legal basis allowing them to collect, use and share your personal information.

For further information on sharing, please also our main Privacy Notice

What are your rights?

You have the right to request Dudley Council to stop processing your personal data in relation to any council service. See our Corporate Privacy Notice 

Requesting access to your personal data

Under GDPR and the Data Protection Act 2018, parents, carers and young people have the right to request access to information we hold about them. To make a request for your (or your child’s) personal information, contact the Council’s Corporate Information Governance Team: By email using information.governance@dudley.gov.uk or by calling 0300 555 2345 and asking to speak to the Corporate Information Governance Team.

Depending on the lawful basis, you may also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed: and a right to seek redress, either through the ICO, or through the
    courts

Withdrawal of consent and the right to lodge a complaint

Where we are processing your personal data with your consent, you have the right to withdraw that consent. If you change your mind, or you are unhappy with our use of your personal data, please let us know by contacting our Data Protection Officer Lewis Bourne at information.governance@dudley.gov.uk or by calling 0300 555 2345 and asking to speak to the Corporate Information Governance Team.

Further Information

The GDPR and the Data Protection Act 2018 give you a number of rights to control what personal information is used by us and how it is used by us. Information about your data rights is listed in the Council’s Corporate Privacy Notice on the Council’s website at the link referenced above.

If you have any questions or concerns about the way we collect, store or use your personal information, please contact by email in the first instance:
information.governance@dudley.gov.uk.
For independent advice about data protection issues, you can contact the Information Commissioner’s Office (ICO) at www.ico.org.uk.

Privacy Notice Amendments

We reserve the right to amend this Privacy Notice at any time and will keep it under review. If we do make any changes, we will post the current version to our website