Casual workers are key to balancing fluctuating demands, especially during sporting seasons, and allow greater flexibility when delivering a rich and diverse curriculum. Although there is no obligation to offer or accept work when dealing with casual workers, exclusivity clauses in zero hours contracts (which prevent workers from working for anyone else) are now unlawful. It is therefore crucial that proper contractual arrangements are in place when using casual workers and other support staff to ensure that the workers are afforded (and schools are obliged to provide) the correct level of employment protection, especially at times of the year where falling demand dictates the need to reduce certain provision, particularly in the sports curriculum.
Data protection, historically a box-ticking exercise, is now a more onerous regime and this will only increase when the EU General Data Protection Regulation is implemented. It is crucial that schools and staff bodies have an awareness of their obligations under the Data Protection Act 1998 (DPA) when dealing with any personal data, be that relating to pupils, parents or colleagues.
The DPA applies to personal data (regular data, such as names and addresses) and sensitive personal data (medical information and ethnicity, for example). The onus is on each school and staff body to understand the extent of their obligations under the DPA.
As data controllers under the DPA, schools and staff bodies need to follow eight data protection principles (Principles) when processing personal and sensitive personal data. The Principles not only include ensuring that personal data is processed for specified purposes, but also allowing subject access (often to parents for their children’s data) and making sure that appropriate security steps are taken. These considerations are particularly pertinent where medical and emergency contact data are concerned, as well as in cases of overseas and away sports fixtures requiring transportation of data for safeguarding and health and safety purposes.
A well-drafted, relevant data protection policy, backed-up by compliance and awareness training, is a great starting point when ensuring compliance with your school’s data protection obligations.
The ICO has the power to impose monetary penalty notices of up to £500,000 for breaches of the DPA, as well as powers to prosecute and issue undertakings and enforcement notices. In the context of the forthcoming EU General Data Protection Regulation, safeguarding requirements and the often sensitive data obtained and retained by schools, data protection compliance is more important than ever.
The extremely fast pace of growth in social media has so many benefits for independent schools, being fantastic for raising profile, informing pupils, parents and colleagues about your school’s activities and successes and as an information portal.
That said, the pitfalls can be numerous and being alert to the possibility of something going wrong will ensure that your school’s reputation, staff and confidentiality are maintained. Your policies, code of conduct and parent contract should address how to deal with these eventualities and training on the effectiveness of social media, as well as how to look out for and deal with social media hazards, will provide the awareness needed for implementation.
If you would like any further information or advice relating to any of the issues discussed in this article, including employment, education, data protection and reputation management, please do not hesitate to get in touch with Clare or any of the education team at Hill Dickinson.