Getting to grips with the National Pupil Database; personal data in an Open Data world Phil Booth and Terri Dowty | Open Data Institute Friday Lunchtime Lectures |15 Feb 2013
Jan 27, 2015
Getting to grips with the National Pupil Database; personal data in an Open Data world
Phil Booth and Terri Dowty | Open Data Institute Friday Lunchtime Lectures |15 Feb 2013
personal data ≠ open data
NPD: legislative underpinning
• Education Act ‘96 power to collect ‘school level’ data
• Amended by Schedule 30 School Standards and Framework Act 1998
• Created statutory gateway to collect personal data about pupils
• Empowered secretary of state to define data in regulations
NPD: 2
• No consent required - head teachers under duty to supply information
• Data taken directly from school MIS• Initially parents/children unaware - FPNs
Function Creep
• Original school census annual ('PLASC')• Now taken each term• Includes pre-school providers• Incremental increase in personal data• Exclusions and attendance data, poverty
markers, mode of travel to school...
The gift that keeps on giving?
NPD data tables
NPD request and data flows
TIER 4Individual pupil level: identifiable, e.g. gender, attainment, absences
TIER 3Aggregate school level: identifiable and sensitive, could have single counts
TIER 2Individual pupil level: identifiable and sensitive, e.g. ‘recoded’ ethnicity, SEN, FSM
TIER 1Individual pupil level: identifying and/or identifiable and highly sensitive
DfE Data and Statistics
Division(DSD)
DfE Data Management
Advisory Panel(DMAP)
Diagram based on NPD user guide and protocol, July 2012
REQUEST
DATA
DfE consultation: ‘widen access’ to NPD
?“Data would only be released to organisations which had been through a robust approval process and in accordance with strict terms and conditions on data security, handling and use.”
“We will achieve this through making information from the National Pupil Database available to all (with appropriate safeguards in place so individual pupils cannot be identified), and developing a new School Performance Data Portal.”
the voluntary sector
political partiesand candidates
direct marketers
profit-drivenenterprises
bullies
people withgrudges
education publishers and developers
researchers
professional bodies
consultants
educators
the media
re-identification
• relatively easy outside urban areas when combined with ward-level stats
• e.g. ethnicity + sector postcode narrow down to handful of families (at most)
• + school year group can id individual child
‘anonymisation’
• de-identification• pseudonymisation• “effectively anonymised”?• aggregate data / statistics
• ‘Differential Privacy’…
identifying people
re-identifying people
NAFIS
IDENT1
NDNAD
GCSE + A LEVEL
• personal data ≠ open data• obfuscation vs. consent• (notification ≠ knowledge)• ‘anonymisation’ vs. utility