About

Complete the information sharing agreement form [https://forms.office.com/e/Qt918VkQJm].

This Data Sharing Agreement (“Agreement”) sets out how Personal Data will be shared (“Shared Personal Data”) between the Controllers as Data Controllers. It defines the principles and procedures the Controllers should adhere to and responsibilities to each other with regard to sharing personal data in accordance with the Data Protection Legislation as amended. Specifically, the purpose of this data sharing agreement is to enable the Council and academies/schools/trusts to share information, in compliance with relevant data protection legislation, in order to fulfil their statutory duties in regard to the education and welfare of all children/young people for whom they are responsible

1. Definition of Data Protection Legislation

means all applicable data protection and privacy legislation in force from time to time in the UK including the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR); the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended and the guidance and codes of practice issued by the Information Commissioner or other relevant regulatory authority and applicable to a Party.

2. Background

  • 1.1 This Data Sharing Agreement (“Agreement”) sets out how Personal Data will be shared (“Shared Personal Data”) between the Controllers as Data Controllers. It defines the principles and procedures the Controllers should adhere to and responsibilities to each other with regard to sharing personal data in accordance with the Data Protection Legislation as amended. Specifically, the purpose of this data sharing agreement is to enable the Council and academies/schools/trusts to share information, in compliance with relevant data protection legislation, in order to fulfil their statutory duties in regard to the education and welfare of all children/young people for whom they are responsible.

3. Controllers

This Data Sharing Agreement is between the following Controllers.

  • 3.1. Coventry City Council whose administrative office are at Council House, Earl Street,
  • Coventry CV1 5RR (‘the Council’)
  • 3.2. [Insert Education Provider name and address] (‘academies/schools/trusts’)

4. Purpose and Scope

The Agreement covers the sharing of personal data and special categories of data, about data subjects, as defined by the Data Protection Legislation, and non-personal information for the following reasons:

  • the statutory duty on the Council to ensure there are sufficient school places in their area, promote high education standards, ensure fair access to educational opportunity and promote the fulfilment of every child’s educational potential. The Council must also promote diversity and increased parental choice.
  • the Council has a duty to ensure all children of compulsory school age receive and attend suitable educational provision under Education Act 1996
  • academies/schools share information directly with each other relating to pupils who transfer from one setting to another, particularly in relation to attainment, attendance, SEND, health/wellbeing and safeguarding data. Data may also be shared where siblings attend different academies/schools to each other where necessary to ensure that safeguarding duties are carried out.
  • the Council and academies/schools/trusts have statutory duties in relation to the safeguarding of children/young people
  • the Council and academies/schools/trusts have statutory duties in relation to supporting children and young people who are eligible for SEND related
  • provision.
  • the Council and academies/schools/trusts have statutory duties in relation to the promoting the education, employment and training of young people which requires the exchange of data and the use of information not otherwise available to either organisation.
  • the Council and academies/schools/trusts share information to support processes relating to statutory school census, school workforce census, Early Years Foundation Stage, Phonics, and other key stage pupil attainment and progress data.
  • the Council uses data shared for pupil level and aggregated analysis to monitor pupil outcomes comprehensively at city level and associated aggregated spatial levels.
  • the Council uses data shared to identify where pupils have transferred so as to make the task of tracking vulnerable pupils more secure and also to ensure appropriate services are extended to pupils needing additional support e.g. for reasons of health, exclusions, attendance or transport.

The Agreement covers the sharing of information for any of the purposes listed in Section 3.3 of this agreement. It also covers any subsequent information sharing activities within scope of agreement, as defined in clause 5. It does not cover any processing of personal data where the Council is acting as the Data Processor for the academy/school/trust, usually for subscription (traded) services. There will be separate data processing clauses and schedules in agreements for these services compliant with data protection legislation.

  • 4.1. The Controllers agree to only process Shared Personal Data, as described in clause 5.
  • 4.2. The Controllers consider this Agreement necessary as for the purpose of :
    • Safeguarding Children within the Local Authority Area
    • Offering SEND Support Services
    • Identifying children who have been absent from school, tracking Children Missing in Education and support to enforce the attendance of those children of compulsory school age in a suitable education provision Providing Education and Health Care Plans
    • Supporting integration of children into educational provision e.g. excluded pupils, children requiring behaviour support, SEND support and children with medical conditions.
    • Providing Virtual School Support for children in care
    • Providing an Alternative Provision Service
    • Providing Admissions and Appeals services for Education Providers
    • Providing Attendance and Inclusion Support Services
    • Supporting Education Providers in the Exclusion Process
    • Providing a Needs Assessment for pupils/students and assisting pupils/students with SEN
    • Provide Coventry Music Services
    • Providing Free School Provider Meals
    • Education Minority Achievement Service (EMAS)
    • Troubled Families Services
    • Providing Social Care and Education
    • Providing Services such as the Local Authority Designated Officer
    • Assisting with Work-Related Learning Programmes
    • Data can be shared with third parties when the academy/trust/school wishes the Council to pass on data on its behalf for specific programmes set up under the partnership working arrangements for example:
      • 1 to 1 tuition programmes
      • Alternative Provision and Work-Related Learning Programmes
      • NHS health programmes e.g. vaccinations, National Child Weight Measurement
      • Attainment and progress analysis and aggregated statistical and performance profiles obtained from the academy/school/trust, DfE, FFT Education and NCER Nexus as agreed between partners (see Appendix C)
    • Information to promote the participation in Employment Education and Training of young people under Education and Skills Act (Secondary Schools).
    • Providing Newly Qualified Teacher Support Services
    • Fulfilling statutory obligations to share as part of the DfE School Census
    • Daily exchange of FFT Aspire Assessment and Attendance data provided securely by FFT Aspire to both partners with agreements in place EYF Stage Profile KS1, 2, 4 and Post 16 pupil level results and FFT Aspire pupil level estimates uploaded and shared to the Council. Where assessment data items within FFT Aspire are not part of the statutory data sets, the LA will not amend/delete/edit/use this for any purpose unless explicitly agreed with the school.
    • Information the Council or academy/school/trust require to support planning and monitoring of education provision and services for children during public health emergencies.
    • Information required to monitor the use of part-time timetables for children in education to ensure children have suitable education provision.
    • Sharing pupil starters and leavers information at non-standard transition points (i.e. in year), via DfE School to School (S2S) secure portal and Coventry City Council Data Locker secure portal, using CMJ and CML files or shared directly from the pupils’ current school/academy to the receiving school/academy under Education (Pupil Registration) (England) Regulations 2006 (8 and 12) as amended in 2016. Services Provided by the Local Authority under SLA (please amend accordingly using the Microsoft Form):
    • Providing HR Advisory Services
    • Providing Outdoor Education Services
    • Schools and Library Services
    • Providing Occupational Health Services
    • Providing Legal Services
    • Providing Health and Safety Services
    • Providing Outdoor Education Services
    • Providing Work-Related Learning Services
    • Providing Attendance and Inclusion Services
    • Providing Data Team Services – People Directorate
    • Providing the Data Protection Officer Service (the “Agreed Purpose”).
  • 4.3. The Controllers agree that this Agreement formalises a lawful transfer of Personal Data between the Controllers and presents no new or additional privacy concerns.
  • 4.4. The Controllers shall not process Shared Personal Data in a way that is incompatible with the Agreed Purposes.
  • 4.5. Both parties will store personal data shared between both partners on secure systems which can only be accessed by a restricted number of appropriate staff with appropriate security safeguards.
  • 4.6. Both parties will use the data supplied for the purposes stated and will not pass such data to third party organisations outside the remit of specified partners in agreement without prior consent.
  • 4.7. The academy/school/trust will ensure that up to date Privacy Notices are made available to every parent/guardian/carer, or the child/young person if appropriate.
  • 4.8. The Council will ensure it has up to date Privacy Notices available on its website at www.coventry.gov.uk

5. Lawfulness

  • 5.1 Data Protection legislation (General Data Protection Regulation (GDPR) and Data Protection Act 2018) requires that there should be a lawful condition for sharing Personal Data. Where special category data or criminal offence data is shared, additional requirements are necessary.
  • 5.2 For the purposes of the Agreed Purposes as listed in clause 3.1 of this Agreement, each Controller shall ensure that it processes Shared Personal Data on the basis of one of the following legal grounds:
  • 5.3 The lawful bases relied upon are:
    • Article 6 (1) (a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
    • Article 6 (1) (b) processing is necessary for the performance of a contract to which the data subject is Controller or in order to take steps at the request of the data subject prior to entering into a contract;
    • Article 6 (1) (c) processing is necessary for compliance with a legal obligation to which the controller is subject;
    • Article 6 (1) (d) processing is necessary to protect the vital interests of the data subject or of another natural person;
    • Article 6 (1) (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    • Article 6 (1) (f) processing is necessary for the performance of a task carried out for the purposes of the legitimate interests pursued by the controller except where the processing is carried out by a public authority in the performance of their public duties;
    • Article 9 (2) (a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes;
    • Article 9 (2) (b) processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law;
    • Article (9) (2) (c) processing is necessary for compliance with a legal obligation to which the controller is subject;
    • Article 9 (2) (g) processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject (where reliance on this ground is sought, Schedule 1 of the Data Protection Act 2018 shall apply and both Controllers will have the appropriate policy document in place – with respect to safeguarding it is anticipated that schools will mostly rely on Part 1, s6, statutory purposes (e.g. KCSIE) and Part 2, s18 Safeguarding of children and of individuals at risk);
    • Article 9 (2) (h) processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional;
    • Article 9 (2) (j) Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistics purposes in accordance with Article 89(1) based on Union or member state law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
    • Where personal data relating to criminal convictions and offences is processed this is under Article 6.1(e) and the additional safeguard at GDPR Article 10 that such processing shall be: “carried out only under the control of official authority or when the processing is authorised by Union or Member State law providing for appropriate safeguards for the rights and freedoms of data subjects.”
  • 5.4 Human Rights Act 1998, Crime and Disorder Act 1998, public interest in common law, the Children Act 1989 and 2004 and Data Protection Act 2018 (DPA), the UK General Data Protection Regulation, as amended, European Union (Withdrawal Act) 2018, Freedom of Information Act 2000, the duties of LEAs and Governing Bodies in relation to welfare of children duty at s175 Education Act 2002 and any other similar legislation.
  • 5.5 Any amendments to the UK General Data Protection Regulation will supersede the provisions referenced herein.

Providing Admissions Services

  1. Education Providers are required to co-ordinate admissions with the Local Authority at either First Time Admissions or Secondary Transfer stages. The School Admissions Code of Practice outlines the need for data sharing if a Local Authority is the relevant Admissions Authority for the Education Provider.

Working together to improve school attendance

The School Attendance (Pupil Registration) (England) Regulations 2024, came into force on the 19th August 2024.

This new guidance is statutory, and schools, trusts, governing bodies, and local authorities must have regard to it as part of their efforts to maintain high levels of school attendance.

The guidance is for:

  • All school and academy trust staff, headteachers, governors, academy trustees, and alternative provision providers
  • Local authority attendance staff, early help lead practitioners, social workers, and virtual school heads
  • Statutory safeguarding (including police and integrated care boards) and other local partners

Successfully treating the root causes of absence and removing barriers to attendance, at home, in school or more broadly, requires schools and local partners to work collaboratively in partnership with and not against families. All partners should work together to:

Expect - Aspire to high standards of attendance from all pupils and parents and build a culture where all can, and want to, be in school and ready to learn by prioritising attendance improvement across the school.

Monitor - Rigorously use attendance data to identify patterns of poor attendance (at individual and cohort level) as soon as possible so all parties can work together to resolve them before they become entrenched.

Listen and understand - When a pattern is spotted, discuss with pupils and parents to listen to and understand barriers to attendance and agree how all partners can work together to resolve them.

Facilitate support - Remove barriers in school and help pupils and parents to access the support they need to overcome the barriers outside of school. This might include an early help or whole family plan where absence is a symptom of wider issues.

Formalise support - Where absence persists and voluntary support is not working or not being engaged with, partners should work together to explain the consequences clearly and ensure support is also in place to enable families to respond. Depending on the circumstances this may include formalising support through an attendance contract or education supervision order.

Enforce - Where all other avenues have been exhausted and support is not working or not being engaged with, enforce attendance through statutory intervention: a penalty notice in line with the National Framework or prosecution to protect the pupil’s right to an education.

Providing SEND and Social Care and Education Services:

  1. Section 14 of the Education Act 1996 requires local authorities to provide sufficient schools and equipment for pupils of all different ages, abilities and aptitudes and for the different periods for which they may be expected to stay at Education Provider. Provision must include practical instruction and training appropriate to the pupils’ different needs and must secure diversity in the provision of Education Providers and to increase opportunities for parental choice.
  2. Section 436A of the Education Act 1996 imposes a duty on the LA to identify and monitor children missing in education.
  3. Section 444 of the Education Act 1996 places responsibilities on the LA to enforce attendance at Schools.
  4. Section 10 of the Education & Skills Act 2008 requires local authorities in England must ensure that its functions are exercised to promote the effective participation in education or training of persons belonging to its area.
  5. Section 10 of the Children Act 2004 requires Children’s Service Authorities and their relevant partners to cooperate in order to improve the well-being of children and young people in relation to the following:
    • physical and mental health and emotional well-being
    • protection from harm and neglect
    • education, training and recreation
    • the contribution made by them to society
    • social and economic well-being
  6. Section 11 of the Children Act 2004 Duty on key persons and bodies to make arrangements to ensure their functions are discharged with regard to the need to safeguard and promote the welfare of children.
  7. Section 47 Children Act 1989 Section 47 places a duty on local authorities to make enquiries where they have reasonable cause to suspect that a child in their area may be at risk of suffering significant harm. Local authorities shall make, or cause to be made, such enquiries as they consider necessary to enable them to decide whether they should take any action to safeguard or promote the child's welfare.
  8. Section 17 Children Act 1989 Local authorities have duties to safeguard and promote the welfare of children within their area who are in need and so far as is consistent with that duty, to promote the upbringing of such children by their families by providing a range and level of services appropriate to those children's needs.
  9. Working Together to Safeguard Children (as updated from time to time) and Keeping Children Safe in Education (as updated from time to time) statutory guidance sets out how inter-agency organisations and individuals should work together to safeguard and promote the welfare of children.
  10. Section 28 Children and Families Act 2014
  11. Where reliance on a substantial public interest is sought, Schedule 1 of the Data Protection Act 2018 shall apply and both Controllers will have the appropriate policy document in place.
  12. Section 35 Digital Economy Act 2017 allows for the sharing of personal data in relation to Early Help Intervention and Troubled Families Programme.

Providing Occupational Health, Health and Safety Services and Human Resources Services:

  1. Employments Right Act 1986
  2. Health and Safety Legislation and The Equality Act 2010
  3. The Education Provider Staffing (England) Regulations 2009
  4. When relying on Article 10 Processing personal data relating to criminal convictions and offences reliance on Data Protection Act, Schedule 1 of the Data Protection Act 2018 shall apply and both Controllers will have the appropriate policy document in place.
  5. Where reliance on a substantial public interest is sought, Schedule 1 of the Data Protection Act 2018 shall apply and both Controllers will have the appropriate policy document in place.

Providing Coventry Music Services:

  1. Children (Performances) Regulations (1968),
  2. Children (Performances) (Miscellaneous Amendments) Regulations (1998) [Children and Young Persons Act]

Other Legislation

  1. Academies Act 2010
  2. Learning and Skills Act 2000
  3. Equality Act 2010
  4. Education and Inspections Act 2006
  5. Education and Skills Act 2008
  6. Education Act 2011
  7. the School Discipline (Pupil Exclusions and Reviews) (England) Regulations 2012
  8. the Education (Provision of Full-Time Education for Excluded Pupils) (England) Regulations 2007, as amended by the Education (Provision of Full-Time Education for Excluded Pupils) (England) (Amendment) Regulations 2014
  9. Health and Safety Act 1974
  10. Managing Health and Safety at Work Act 1999
  11. The Coronavirus Act 2020 and subsequent regulations

6. Information shared

6.1 Personal Data will only be shared to meet the stated objectives of the Controllers involved as outlined in this agreement.
6.2 Only the minimum data required will be shared and where appropriate anonymisation or pseudonymisation should be considered.
6.3 Information shared as part of this Agreement will be in line with satisfying the Agreed Purpose.
6.4 For details of the Personal Data will be shared as part of this Agreement see Appendix A.
6.5 Personal Information will be shared:
a. electronically with the appropriate security measures in place to ensure the safe transfer of personal data such as the use of Capita One, DataLocker and/or secure email such as Microsoft TLS (encrypted/password-protect document); and/or
b. Hard copy by post with the appropriate security measures in place such as tracked or special delivery or by bonded courier. Hard copy data sent by post should include a return address and label the packaging ‘For Addressee Only’.

7. Fairness and Transparency

7.1 Data Protection Legislation requires that in order for processing to be fair and transparent the Controllers must make certain information available to the individuals. This includes:

  • The identity of the organisation(s) processing the information
  • Contact details of the Data Protection Officer
  • Why the information is being collected and how it will be used including lawful basis
  • Any other organisation the information will be shared with
  • Source of the information if not directly obtained from the individuals
  • How individuals can exercise their rights

7.2 Coventry City Council provide privacy notice for all service areas on their website
7.3 The academy/school/trust provides the main privacy notice on their website or provides this to appropriate individuals before data processing takes place.
7.4 Where a processor software provider is used for sharing between the Controllers, these will be governed by a data protection compliant contract outlining the appropriate safeguards in place whilst any personal data is processed.

8. Individuals Rights and Controller Obligations

  • 8.1. Individuals should also be informed of their rights which include:
    • How to gain access to their information
    • How to rectify incorrect information
    • How to ask for their information to be erased if no longer needed
    • If applicable, how to restrict how their information is used or object to it being used
    • How to withdraw consent where this has been relied upon
    • How to lodge a complaint with the ICO
  • 8.2. Both the Education Provider and the LA must ensure that they support individual rights when sharing personal data. An example of this is notifying one another of inaccuracies or discrepancies in the data.
  • 8.3. If a Controller receives a request under the subject access provisions of the Data Protection Legislation and/or Freedom of Information Act 2000, and the data is identified as belonging to another Controller, the receiving Controller will contact the other Controller to determine if the latter wishes to claim an exemption.
  • 8.4. Each Controller shall have policies and procedures in place to respond to requests and handle complaints relating to an individual’s inability to exercise their rights. Individuals must be provided with information about these policies and procedures where appropriate. Complaints relating to shared information under this agreement will be the responsibility of the Controller receiving the complaint if it relates to information they have shared.
  • 8.5. All Controllers shall provide each other with full co-operation and assistance in relation to any complaint or request made, including, without limitation:
  • Providing full details to the other Controllers (as appropriate) of the complaint or request.
  • Complying with subject access requests within the relevant timescales
  • Providing the other Controllers (as appropriate) with any information that may help in responding to or resolving the complaint or request.
  • 8.6 The Local Authority will provide advice and guidance to support the data transfer process.
  • 8.7 Both Controllers agree to provide information to one another and work in respect of achieving the Agreed Purposes.
  • 8.8 The key contact in each organisation will be responsible for coordinating requests, complaints and information security incidents.

9. Data Security and Access

  • 9.1. Controllers to this Agreement will have appropriate organisational and technical measures in place to safeguard all information shared as part of this agreement against accidental loss, destruction, damage, alteration or disclosure. This includes but is not limited to staff training, data protection policies, records of processing activities and access controls.
  • 9.2. Signatory parties are expected to train their relevant staff and promote awareness of the major requirements of information sharing, including responsibilities in confidentiality and data protection.
  • 9.3. Access to information subject to this agreement will only be granted to those professionals who ‘need to know’ to effectively discharge their duties.
  • 9.4. The information to be shared under this Agreement is personal data and is classified as ‘OFFICIAL – Sensitive’ under the Government Security Classifications Scheme April 2014.
  • 9.5. Controllers shall immediately notify each other of any security breach in relation to the information being obtained or shared as part of this Agreement and shall keep a record of such breaches. Where there is a risk to individuals, the notification should be within 24 hours of becoming aware of the breach.
  • 9.6. The Controller where the breach has occurred should do its best to contain the breach and shall conduct a full investigation of the breach and the findings of the investigation will be shared with the other Controllers.
  • 9.7. All Controllers shall co-operate fully in any investigation that another Controller considers necessary to undertake as a result of any breach.
  • 9.8. The Education provider’s Senior Leadership Team under the guidance of their Data Protection Officer will take responsibility for notifying the Local Authority of any breach of the LA’s personal data where this is appropriate.
  • 9.9. The Local Authority’s Information Governance Team under the guidance of their Data Protection Officer will take responsibility for notifying the Education Provider of any breach of the Education Provider’s personal data where this is appropriate.
  • 9.10 The Controllers will discuss (within 48 hours of recognising the breach) who will take responsibility for informing the ICO, where appropriate and the data subject,
  • where appropriate, of the breach.
  • 9.11 When using ‘Data Locker’ the Senior Leadership Team is responsible for ensuring that only authorised staff within the school/academy/trust have access to the documents containing sensitive data shared via the portal.
  • 9.12. The academy/trust/school should have procedures in place for reviewing who has access to the portal and ensuring staff that leave or change roles in the schools/academy/trust have their access rescinded.

10. Data Quality and Retention

  • 10.1 Controllers shall agree that different retention schedules apply and these will be available on their individual websites.
  • 10.2 Parties will ensure that all information shared under this agreement, regardless of format, will be securely retained, managed, stored and securely destroyed in accordance with their own local policies and procedures to ensure compliance with the Data Protection Act 2018 and any subsequent relevant legislation.
  • 10.3. When information is no longer needed either at the end of the retention period or when the agreement is terminated, the Controller providing the information must be informed that the information has been securely disposed of or deleted or returned to the original Controller.
  • 10.4. Each Controller is responsible for ensuring that the Personal Data they share is accurate and up to date. In so far as is possible, the Controllers will inform one another of a validly received request for rectification or where data is discovered to be inaccurate, out of date or inadequate for the purpose. The relevant Data Controller responsible for notifying all other recipients of the information who must also ensure the correction is made.
  • 10.5. The quality and accuracy of personal data will be managed in accordance with each Controllers Data Protection Policy.

11. Review

  • 11.1. This Agreement will be reviewed annually or at any time when there is a need to vary it due to changes in its requirements or Controllers to the agreement.

12. Other Data Protection Legislation Requirements

  • 12.1. Where appropriate, explicit and informed consent must be sought and freely given. Controllers must ensure that consent is appropriately and clearly documented.
  • 12.2. Where the need to complete a Data Privacy Impact Assessment (DPIA) is identified before sharing of any Personal Data, the process will be undertaken by the Data Controller(s) of the information. In addition to providing robust justification for the sharing of personal data for specified purposes, DPIAs will evidence compliance with the principles of the Data Protection Legislation and any other relevant legislation including Caldicott Principles where applicable.
  • 12.3. Each Controller will be responsible for its own compliance with the current Data Protection Legislation and all relevant associated legislation. This includes ensuring that it has the appropriate local policy and process frameworks in place to underpin best practice.

13. Termination

  • 13.1. Where applicable, any Controller may terminate this Agreement by giving one month’s [can be varied to 3 months based on the amount of data shared] notice in writing to other Controllers unless the data is required to be shared in order to comply with a legal obligation. Any information disclosed to the Controller should be securely returned following the agreed termination date. Obligations of confidentiality imposed on the Controllers by this agreement shall continue in full force and effect after the expiry or termination of this agreement.

14. Statement of Compliance

  • 14.1. In signing this Agreement all Controllers accept that they will follow the procedures within it when sharing information in a manner compliant with statutory and legal requirements.
  • 14.2. Each Controller shall not knowingly or negligently process Shared Personal Data in such a way that it places any Controller in breach, or potential breach, of the Data Protection Legislation or any relevant associated legislation.
  • 14.3. Controllers will comply with any specific requirements specified by the Data Controller(s) regarding the processing of personal information which the Data Controller(s) share(s) through this agreement.
  • 14.4. Controllers will only disclose Shared Personal Data with it through this Agreement where permission for that disclosure has first been agreed by the Data Controller which provided the information unless the Controller considers that there is a clear legal obligation for disclosure without the Data Controller’s consent.
  • 14.5. Compliance with the Agreement will be monitored by each Controller in accordance with their own policies and procedures.
  • 14.6. Controllers will keep all other Controllers fully indemnified against any and all costs, expenses and claims arising out of any breach of this agreement incurred as a result of the Controller’s failure to comply with the requirements of the Data Protection Legislation or any relevant legislation.

15. Commencement

This agreement shall take effect from the date that the Parties sign the agreement and shall continue in force until this agreement is terminated under one of the conditions stated in clause 12 above.

16. Dissemination of the Agreement

All Parties will disseminate copies of this Agreement to all relevant staff and, on request, to the data subjects of the Agreement process and will ensure that appropriate training is provided to all relevant staff.

Signatories

These will be senior management of each Controller committing to comply with the terms of this agreement.

Signatories
Organisation Name and Role Signature and Date
Coventry City Council Director of Children’s Services 03/10/2024
Education Provider
(academy/trust/school)
See webform held by CCC Data
Team

 

Document History
Version Status Date Authors Summary Changes
V1 Complete 25.04.2019 Jessica Sweet
Sarah Harriott
Kevin Coughlan
N/A
V2 Complete 23.12.2020
16.02.2021
01.03.2021
Jessica Sweet
Sarah Harriott
Kevin Coughlan
Reviewed and included
statutory return and pupil
destination in Appendix B and
onward data sharing in
Appendix C
V3 Complete 06/10/2023 Sarah Harriott
Kevin Coughlan
Appendix A – replaced “Gender” with “Sex”
Section 4 and Appendix C,
edited references to FFT Education
V4 Complete 03/10/2024

Syeda Ahmed

Kevin Coughlan

References to The School Attendance (Pupil Registration) (England) Regulations 2024,

that came into force August 19th 2024.

 

 

Reviewers
Name Role
Kevin Coughlan Performance Manager; Education
Syeda Ahmed Barrister, Legal Services
Relevant Service Areas

Management Approval

As above.

Distribution

  • Controllers to the Agreement
  • Coventry City Council
  • Academies/schools/trusts

Appendix A

Personal data to be shared
Data Item Statutory/Legal Reason & Purpose
Pupil
Address
Date of Birth
EAL
Ethnic Source
Ethnicity
First Language
Forename
Former UPN
FSM Eligible/Date
Sex
Guardians
Medical Flag
Middle Names
Mode of Travel
NCY
Preferred Forename
Preferred Surname
Religion
Service Family
Surname
Traveller Family
UPN
Youth Support Services Agreement Indicator
School History
Boarder
End Date
Enrolment Status
LA Number
Part Time
Registration Group
School Name
School Number
Start Date
Attendance
Attendance Mark
Absence Reason
SEN
SEN History
SEN Need
SEN Status/Date
Exclusions
Category
End Date
Reason
Start Date

To support the LA Statutory Function in many areas. Examples
below:

Admissions & Entitlements

DfE Statutory guidance on Home to School Transport and associated legislation; SCC Home to School Travel Policy including discretionary transport section
but excluding SEN transport entitlement; Section 19 Education Act 1996 as amended by section 3A of the Children, Schools and Families Act 2010; DfE Statutory guidance Exclusion from
maintained schools, academies and pupil referral units in England and associated legislation; DfE Statutory guidance Alternative provision; DfE Statutory guidance on School Admissions Code 2014, School Admissions Appeal Code 2012 and associated legislation; Eligibility checking service for free school meals for all schools with the exception of academies; Eligibility checking of funding for 2-year-old Entitlement and Early Years Pupil Premium.

Medical Information

Section 100 of Children and Families Act 2014 The appropriate authority for a school must make arrangements for supporting pupils at the school with medical conditions.

Education Inclusion and Attendance Service

To ensure education providers have safeguarding high on their daily work and that an education voice is available in all such discussions, meeting the needs of Working Together 2015 & Keeping Children Safe in Education 2016; Children Act 2004, sections 13. (Sections 14 - 16 refer to the functions, procedure and funding of Local Safeguarding Children Boards). Secondary - Local Safeguarding Children Boards Regulations
2006, SI 2006/90. The Local Safeguarding Children Boards (Amendment) Regulations 2010 - SI 2010/622 (under Children and Young Persons Act 2009).

Ethnic Minority Achievement Service

Statutory duty to promote the educational achievement of vulnerable and disadvantaged groups; Statutory duty under the Equality Act 2010 for LA, schools and academies to have due regard for the need to eliminate harassment and discrimination, advance equality of opportunity, foster good relations and tackle prejudice; LA, schools and academy Statutory duty to set specific and measurable equality objectives and publish
information.

The Education Act 1996; Children’s Act 2004 – allows Education Providers to inform the LA of Attendance in a timely manner. Safeguarding purposes.

The Education Act 1996; Children’s Act 2004 – allows Education Providers to inform the LA of Attendance in a timely manner. Safeguarding purposes.

The SEND Code of Practice provides Statutory guidance on duties, policies and procedures relating to Part 3 of the Children and Families Act 2014 and associated regulations. It relates to children and young people with Special Educational Needs (SEN).

School Standards & Framework Act 1998; Education Act 2002; Education & Inspections Act 2006; DfE Guidance 2012 – allows Education Providers to inform the LA of Exclusions in a timely manner. Safeguarding purposes.

Pupils
Parents/Guardians
  • Names of pupils, their siblings, parents and guardians
  • Contact details (phone numbers, email addresses, address)
  • Dates of birth
  • Class including year group and teacher;
  • Parental contact details such as address and telephone (holders of parental responsibility);
  • Sex of pupils;
  • Language spoken by pupils, parents/guardians
  • Attendance information of pupils;
  • Appeals and exclusion data
  • Where relevant, details of key professionals linked with the pupil, parents/guardians or employees acting in their professional capacity;
  • Information that could compromise the health and safety of Council or Education Provider Employees (e.g. behavioural issues/challenging circumstances/violence and aggression);
  • Safeguarding issues that have a direct impact on the delivery of the services provided.
  • The following Special Category Data and/or criminal data will be shared as part of this Agreement:
  • Where necessary medical information of pupils and parents/guardians will be shared;
  • Ethnicity;
  • Pupils who have completed procedures/treatment or will complete treatment where applicable
  • Criminal data
Employees
  • Names of employees of the Education Provider employees where relevant and those acting in their capacity as an educational worker, social worker or health professional.
  • Names of emergency contact details
  • Contact details (phone numbers email addresses, address)
  • Dates of birth
  • Salary information
  • Sex of employees;
  • Language spoken by pupils, parents/guardians and employees
  • Attendance information of pupils;
  • Performance and review of employees
  • Risk assessments/ additional assistance requirements
  • Disciplinary information
  • Appraisal information
  • Where relevant, key professionals linked with the employee acting in their professional capacity;
  • Information that could compromise the health and safety of Council or Education Provider Employees (e.g. behavioural issues/challenging circumstances/violence and aggression);
  • Disclosure and Barring Certificate
  • Safeguarding issues that have a direct impact on the delivery of the services provided.
  • The following Special Category Data and/or criminal data will be shared as part of this Agreement:
  • Where necessary medical information of employees will be shared from the Education Provider to council;
  • Ethnicity;
  • Employees who have completed procedures/treatment or will complete treatment where applicable
  • Trade Union membership
  • Criminal data

Appendix B

Intended Education Employment and Training (EET) Destinations of Y11 pupils
Partners involved
in Information
Sharing Activity
Coventry City Council
Coventry Schools
(Including Academies and Multi Academy Trusts)
Reason of
information to be
shared
To support statutory duty of schools and Council to promote
education employment and training of young people and
statutory returns to the DfE
Legal basis and
Statute of
information to be
shared
Legal Obligation
Art 6(1)c - Processing is necessary for compliance with a legal
obligation to which the controller is subject
Education and Skills Act 2008 (in particular s. 2)
Information to
be Shared

CORE+ YP ID
School
Forename
Surname
DOB
Still in Cohort
School Moved
To
Intended Destination
Establishment Intending to
Attend Intended Course Level
STEM Course
Occupational
Preference
Notes
Statutory returns specifically:
CORE+ YP ID
School
Forename
Surname
DOB
Still in Cohort (from Intended Destination Survey)
School Moved To (from Intended Destination Survey)
Intended Destination (from Intended Destination Survey)
Key stage 4 examination results
Establishment Intending to Attend (from Intended Destination
Survey) Intended Course Level (from Intended Destination Survey)
STEM Course (from Intended Destination Survey)
Occupational Preference (from Intended Destination Survey)
September Offer Type Offer
Destination
Home Telephone Number
Notes

How will Data Subjects be made aware of data sharing process and their rights Privacy Notices of partner organisations
Format of Information to be Shared Pre-formatted MS Excel Spreadsheet
Data Minimisation Control Information to be shared reviewed on annual basis by Data Team
Data Quality Controls Partner organisations will comply with terms of current Information Sharing Agreement between Coventry City Council and Coventry Schools.
Security Controls on Information Sharing Information will be shared via [insert] and in accordance with terms of current Information Sharing Agreement between Coventry City Council and Coventry Schools (Including Academies and Multi Academy Trusts)
Retention and Disposal Controls Partner organisations will comply with terms of current Information Sharing Agreement between Information Sharing Agreement between Coventry City Council and Coventry Schools
(Including Academies and Multi Academy Trusts)
Timing and Frequency of Data Sharing Data collected from schools once every year in March Statutory returns: collected from schools once every year between July-September
Contact Details of Partners Coventry City Council data team service will maintain list of school/academy/trust contacts for this process. Contact e mail address for data team: Datateam.pd@coventry.gov.uk [mailto:Datateam.pd@coventry.gov.uk]

Appendix C

Additional Data Sharing – Information for Schools/Academies/Trusts processes
Number Data
Description
Purpose From To Statutory/Support Timescales Mechanism
1 Student Core Data (as per above) Supports Statutory Duties Education
Providers
Local
Authority
Supports LA Statutory
Function
Daily/Weekly/Termly/Annually B2B from school MIS systems via third-party provider
2 School Census Statutory Requirement
from DfE for LA
Education Providers
Education
Providers
Local
Authority
Statutory/Supports LA
Statutory function
Termly School MIS (file export or B2B) / DfE via
COLLECT /DataLocker
3 Early Years Foundation
Stage (EYFS)
Statutory Requirement
from DfE
Education
Providers
Local
Authority
Statutory Annually School MIS (file export or B2B) / DfE via
COLLECT /
DataLocker
5 Y6-Y7 Transfer
Data
Statutory
Requirement
from DfE
Education
Providers
Local
Authority
Statutory Annually School MIS (file export or B2B)/ DfE via
COLLECT /DataLocker
6 Phonics
Screening
Check
Statutory
Requirement
from DfE
Education
Providers
Local Authority Statutory Annually School MIS (file export or B2B)/ DfE via COLLECT /DataLocker
7 Key Stage 1
(KS1)
Statutory
Requirement
from DfE
Education
Providers
Local Authority Statutory Annually School MIS (file export or B2B)/ DfE via COLLECT/DataLocker
8 Key Stage 2
(KS2)
Supports
Reporting to LA
and Education Providers
DfE Local Authority Supports LA
Statutory
Function
Annually DfE via Primary Assessment Gateway
9 Key Stage 4
(KS4)
Supports
Reporting to LA
and Education
Providers
DfE Local Authority Supports LA
Statutory
Function
Annually DfE via EPAS Online, NCER, Key to Success
10 Key Stage 5
(KS5)
Supports
Reporting to LA
and Education
Providers
DfE Local Authority Supports LA
Statutory
Function
Annually DfE via EPAS Online, NCER, Key to Success
11 FFT Aspire Supports Target
Setting & Self
Evaluation in
Education
Providers
FFT Education LA/Education Providers Supports LA
Statutory
Function
Updated
Throughout Year
FFT Aspire Online Portal and is through school level access within FFT Aspire itself for LA officers 
12 NCER NEXUS/ Perspective Lite Supports
Reporting to LA
and Education
Providers
NCER
NEXU
S
LA/Education Providers Supports LA
Statutory
Function
Updated
Throughout Year
NEXUS online Portal