Bullying: the data protection implications

A survey finds bullying is parents’ big fear as children start secondary school – but what are the data protection implications of bullying?

An article on Sunday, 20 October 2013 highlighted that the prospect of their child being bullied as they entered secondary school topped parents’ list of concerns, with 33% citing it as their biggest worry.

Many will either remember being bullied, or will have witnessed the bullying of others. I was lucky enough to have the sort of bullying that I know happening very occasionally, and that did not have any lasting effect (as far as I can tell).

But for some children, parents and guardians bullying can become a part of school life and can trigger incidents. These will involve lots of personal information: of the victim; the actions of the alleged bully; teacher and other pupil views on what did (or did not) happen; parents comments. Sometimes this could include sensitive personal data – for example, if there is the need for medical treatment or the intervention of the police.

Those involved can want to know what was recorded. Their motives are normally clear: they have heard via the “playground grapevine” a version of events that does not sit well with them, and what to see “who said what” about their little Johnny or Joanne.

Such requests can cause the uninitiated many an hour agonising – can Parent A see what was recorded about their child, even though some of the information came from Parent B and includes reference to Children 1 and 2? How can I balance openness with confidentiality?

In its own (clunky) way, the Data Protection Act does accommodate for this, for Subject Access Requests which involve the personal data of others (i.e. which involve “third party” personal data).

In a nutshell:

  • Where personal information has been recorded by one person (say, a teacher) about an incident involving others (say, the alleged victim and the alleged bully) this information relates to all three – they are ‘inextricably linked’ to the information.
  • The expectations of those involved, and the circumstances in which the personal information was recorded and/or provided are key to making decisions about what should be released and what, if anything, should be withheld.
  • These will often be specific to the particular circumstances. Generally, where there are genuine expectations of confidentiality (for example, in a bullying case, a pupil is providing information about their difficult family life as background information / mitigation for their actions) these expectations should be met; where someone is talking about their version of events that others were involved in, or that others witnessed, there should be little or no expectation of confidentially should those involved what to see what is being said about the incident and their alleged role in it.

Some initial steps to consider:

  • Raise awareness amongst all staff that what they record can, in most cases, be viewed by the pupil and (where appropriate) their parent or guardian.
  • Balance this with reassurance that the accurate, thorough recording of personal information is encouraged; highlight that it is key to record enough information to enable the reader to fully understand what is meant (for example, is a comment fact or opinion; about the current incident or historic events; can you support what you are saying)?
  • Promote a culture of openness and transparency, balanced with reassurance that genuinely private and confidential personal information will remain just that. For example, pupils and parents should receive a clear message from all staff that they have a right of access to their personal information – rather than confusion (“I don’t know if you can see what was recorded”) red tape (“You need to speak to X, and fill in forms 2A, 2B and 3G”) or blanket secrecy (“You definitely cannot see any of that.”)
  • Inform those involved from the outset – via a policy, and explicitly before the recording personal information – what your expectations are (e.g. “I will share this with X, and might need to share it with Y”) and what options exist (e.g. “If you have genuinely confidential information, this will be protected”).