How we use children and young person's information.
Merton Council is the data controller for the personal information you provide.
The categories of information that we collect, process, hold and share include:
- personal information (such as name, unique pupil number and address)
- characteristics (such as ethnicity, language, disability and free school meal eligibility)
- relevant medical information
- special educational needs information
- assessment information
- exclusions / behavioural information
- attendance information (such as sessions attended, number of absences and absence reasons)
- social care involvement (such as children in need or looked after by the local authority)
- contextual safeguarding information (including peer groups, education settings or locations that present a safeguarding risk to a child or young person )
- anti-social behaviour (such as involvements with police, courts, probation and violence in the home and community/locations)
- aspects relating to your employment
Why we collect and use this information
- We use children and young person's data to:
- promote welfare, safeguarding, health and wellbeing for children and young people
- support children and monitor their progress
- provide appropriate support and pastoral care
- assess performance and to set targets for schools
- enable us to carry out specific functions and statutory returns for which we are responsible
- derive statistics which inform decisions such as the funding of schools and assess how well the Local Authority services as a whole is doing.
The lawful basis on which we use this information
Pupil-level information is processed in compliance with Article 6 (c) of the GDPR/DPA 2018, necessary for compliance with a legal obligation to which the controller is subject and carried out in the public interest/performance of a task.
Special Category Personal data such as ethnic origin is processed in compliance with Article 9 (g) of the GDPR/DPA 2018, under reasons of public interest with the appropriate safeguards.
Special Category Personal data such as social care, assessment or contextual safeguarding information is processed in compliance with Article 9(2)(h) of the GDPR/DPA 2018, under reasons of the provision of social care treatment or the management of social care systems and services.
Collecting this information
Whilst the majority of children and young person's information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the data protection legislation, we will inform you whether you are required to provide certain information to us or if you have a choice in this.
Storing this information
The information will be held securely by the council as both manual records and electronic files and we will securely delete any personal data when no longer needed in accordance with our published retention schedule.
Who we share this information with
We routinely share children and young person's information with:
This list is not exhaustive however we will only share information proportionally and will only ever do this lawfully, in line with data protection legislation.
- The Department for Education (DfE)
- Youth support Services
- Public agencies (such as the NHS and health organisations, Department of Work and pensions, the Police, fire and rescue services the Ministry of Justice, probation services, schools, other local authorities, the Youth Offending Team, the Department of Communities and Local Government and Office of National Statistics for the National Impact Study.)
- Commissioned services (such as children's centres, health and specialist services).
- Within the council, where there is a lawful basis to do so. This is to help government and local service providers to provide support to children and families, evaluate effectiveness and improve services over time and to help improve the service your family and other families receive in the future.
Education and training
We hold information about young people living in our area, including about their education and training history. This is to support the provision of their education up to the age of 20 (and beyond this age for those with a special educational need or disability). Under parts 1 and 2 of the Education and Skills Act 2008, education institutions and other public bodies (including the Department for Education (DfE), police, probation and health services) may pass information to us to help us to support these provisions.
Pupils aged 16+
We will also share relevant information about pupils not in education; training or employment (such as their contact details) aged 16+ with the providers of education or training of 13-19 year olds, and post 16 Merton providers. The information will also be shared as part of the 'Learning Offer' Process which is a statutory obligation for Children Services to ensure that all young people are offered appropriate learning opportunities. This includes sharing data with other local authorities where young people travel across local authority borders.
This enables them to provide the following services:
- post-16 education and training
- youth support services
- careers advice
Why we share this information
We share children and young person's data with the Department for Education (DfE) on a statutory basis under section 3 of The Education (Information about Individual Pupils) (England) Regulations 2013. This data sharing underpins school funding, educational attainment policy and monitoring and enables them to; produce statistics, assess our performance, determine the destinations of young people after they have left school or college and to evaluate Government funded programmes. We also share information to promote the welfare, health and wellbeing of children and young people to fulfil our obligations under Section 507B of the Education Act 1996
We do not share information about children and young people without consent unless the law allows us to do so or there are safeguarding concerns.
Data collection requirements
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
The law requires us to provide information about our pupils to the DfE as part of statutory data collections. Some of this information is then stored in the national pupil database (NPD). The legislation that requires this is the Education (Information about Individual Pupils) (England) Regulations 2013.
To find out more about the NPD, go to
The Department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
- conducting research or analysis
- producing statistics
- providing information, advice or guidance
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested: and
- the arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department's data sharing process, please visit
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website:
To contact DfE:
CP-IS (Child Protection Information Sharing) System.
This is a national system introduced in 2015.
If your child is subject to a child protection plan or a child in care this will be flagged on the CP-IS system. This system can be accessed by health providers in hospital emergency departments and health providers to let them know your child in on a child protection plan or in care. Your social worker will also receive an automatic notification that your child has been admitted to hospital.
School / Early Years Settings Privacy Notices
All schools and early years' settings, as data controllers should have privacy notices in place. These should be available on their websites.
Requesting access to your personal data
Under data protection legislation, parents / carers and children / young people have the right to request access to information about them that we hold. To make a request in relation to children's you should request this, preferably in writing and you may need to provide proof of identity – you can find further information here
How to request your information. To access a school record you will need to contact the school or education provider direct. You will need to be as specific as you can about the information you seek as this helps us to find it as quickly as possible.
Your information choice and rights
For further information about your rights in respect to the information we hold about you please see the relevant section of the Corporate Privacy Notice.