Level 3 Teaching Assistant

UNIT 301
Consider the role of a learning support professional in a school. Outline the considerations for someone in that role when dealing with confidential information.
All information held on pupils comes under data protection guild lines. It can include our address, phone number, birth date, employment history or other personal information. It may also include information about our past or present health and development. Individuals have the right to keep information of this type private.
Personal data- This includes names and addresses, medical or health records, dates of birth, etc. It needs to be kept secure.
Confidential information- This consists of any professional recommendations or reports that should be shared only between parents or carers and professionals working with the pupil.
Sensitive personal data- This may be to do with issues such as suspected child abuse or cases that may be going to court.
The main legal framework relating to the protection of personal information is
Set out in:
• The Human Rights Act 1998, which incorporates Article 8 of the European
Convention on Human Rights (ECHR), including the right to a private and
Family life.
• The common law duty of confidentiality
• The Data Protection Act 1998: covering protection of personal information.
Article 8 of the European Convention on Human Rights was incorporated into UK law by the Human Rights Act 1998 and recognises a right to respect private and family life:
Parents can be asked for relevant information about their children to be kept on the school records, for example medical or health information or records regarding special educational needs. All information such as this is confidential and must only be used for the purpose it was obtained for. If the information needs to be passed on to another person, parental consent must be obtained first. The school has a Confidentiality Policy, which all staff need to be aware of, which sets out the school’s aims and objectives relating confidentiality and gives guidelines on how to handle confidential information. The Data Protection Act 1998 states that any organisation holding confidential information should be registered with the Data Protection Commission. The Act gives eight principles of practice that govern the use of personal information. Such information must be:-
Processed fairly and lawfully only used for the purpose for which is gathered
Adequate, relevant and not excessive
Accurate and kept up to date where necessary Kept for no longer than necessary
Processed in line with the individual’s rights Kept secure
Not transferred outside the European Union without adequate protection.

Any staff who obtain information about any children they are working with should ensure these principles are followed, and that any information obtained is only shared with people who have a right to the information, for example the class teacher or SENCo.
As teaching assistant we always use the approach of whether or not it is something that is necessary for that person to know. For example, we wouldn’t give a parent other families' addresses for something like sending out birthday invitations and we are always careful when discussing a student's behaviour or abilities. While the teacher and student's parent obviously need this information, another parent nearby would not so we are always aware of the surroundings when discussing personal information. Sometimes in our setting teachers and any staff who work with that student need to know in detail information about them for example if there was a food allergy concern then the staff who prepare the meals would need this information, as would any staff who might interact with them. But when informing other parents that a student has a food allergy, the parents do not need to know the child’s name.

When sharing personal information, we must ensure the recipient of the information understands: the purpose for which the information is being shared; and any limits to consent given, i.e., what information may or may not be shared and the circumstances under which it may or may not be shared with other agencies; and the need to ensure that any further handling of the information is fair and secure.

Sharing personal information securely by telephone
Verify the name, job title, department and organisation of the person requesting the information and the reason for the request.
Take a contact telephone number, preferably a main switchboard number. Try to avoid a direct line or mobile telephone number wherever possible. If you are in any doubt, confirm the requestor’s identity with their organisation.
Consider whether the information requested can be provided in response to a telephone request and in a telephone conversation. If in doubt, tell the enquirer you will call them back later.
Ensure that your conversation cannot be overheard by anyone who should not hear it.
Provide information only to the person who has requested it (do not leave information as a message or share with another).

Transporting personal information securely by hand (only where completely necessary)
Only where completely necessary, should personal information be taken off site by hand.
Record when you are taking any personal information off site, the reason(s) for doing so and the date when the information was returned, if appropriate.
Paper based information should be transported in a sealed file or envelope.
Electronic information must be protected by appropriate security measures (see section below on using removable electronic devices).
Information should be kept safe and close to hand. Never leave information unattended unless properly secured.
When transferring information by car, ensure it is placed in the boot and is kept locked.
Return the information to your site as soon as possible and file or dispose of it securely.

Sharing personal information securely by post
Confirm the name, department and address of the recipient.
Seal the information in a double envelope, ensuring the packaging is sufficient to protect the contents during transit.
Mark the inner envelope ‘Private and Confidential – To be opened by Addressee only’.

Recording the information sharing
No matter how we share the information, we must ensure that we record the date and time, the reason for sharing, what type of information we shared, if appropriate who authorised it, how we shared the information and the recipient’s name, job title, organisation and telephone number..