Handling confidential information in schools: key lessons from a recent case
A recent judicial review brought by a headteacher sacked for sharing sensitive information, has underlined the importance of maintaining confidentiality in schools.
Background
In the case of Aquilina v Secretary of State for Education, Mrs Aquilina (the appellant) is a former headteacher who was dismissed for sharing sensitive information about pupils and their families with her husband, Canon Aquilina. Canon Aquilina was not an employee of the school but he had an adjacent pastoral role which connected him to some of the families within the school community.
Following an internal investigation, the appellant was suspended and eventually dismissed. The case was referred to the Teaching Regulation Agency and a professional conduct panel (PCP) examined the extent and nature of the appellant's breaches. The PCP found that the appellant's actions did not amount to unacceptable professional misconduct since the information was shared only with Canon Aquilina, who had some involvement with school matters, and not with a wider audience. However, the PCP also concluded that the appellant's actions could nevertheless bring the teaching profession into disrepute. The PCP declined to make a recommendation for the Secretary of State to issue a prohibition order in respect of the appellant. The Secretary of State accepted the recommendation and considered that publishing the PCP's findings was sufficient to address the appellant's misconduct.
Legal challenge and interpretation of misconduct
The appellant brought a judicial review to challenge the PCP's finding that her conduct may have brought the teaching profession into disrepute. Mrs Aquilina argued that as her conduct had been found not to be unacceptable professional conduct, it followed that it could not therefore be classified as conduct that may bring the profession into disrepute.
This was rejected by the High Court who found that the TRA's remit was to consider whether the individual in question has committed unacceptable professional conduct or conduct that may bring the profession into disrepute. The statutory framework is intentionally broad in order to capture a wide range of conduct. The PCP was correct to determine where the line was to be drawn in this case.
Key takeaways for school leaders
This case emphasises the importance of confidentiality and data protection in schools. Schools are made up of close communities and information is often shared with the best of intentions but without due regard given to the status of those with whom it is being shared, and on what basis. It is a timely reminder that Schools must have robust policies and training in place to ensure that school personal data is not shared externally unless this is compliant with data protection law. To guard against the scenario in this case, we recommend that schools have guidance for staff on information security that includes an explicit prohibition on using non-school email addresses to send or receive school personal data. Even if information is shared with a limited audience or with good intentions, breaches of confidentiality and/or data protection law can have significant consequences.
To assist schools with compliance in this area, we have developed data protection and information security eLearning and a suite of data protection documents. Please get in touch if these are of interest.