NCER would like to clarify the position for members who are considering (or already) making use of exports from Nexus to populate external analysis and particularly Visualisation/Analytics software like Power Bi and Tableau.
In the text that follows ‘Internal’ refers to analysis visible solely to LA officers (and commissioned partners governed by contracts including data usage and protection clauses) and ‘external’ refers to analysis visible to schools, 3rd parties or the public.
In terms of INTERNAL Analysis and visibility of data to LA officers, members may export and re-use data from Nexus without restriction whether that is lists of pupils, visualisations or analytics (even where it drills down to individual pupils.) Governance for LA officers is the responsibility of the member LA with permissions to view such data decided by the LA and with users subject to their local sign on, data governance agreements, terms and conditions of employment and confidentiality requirements. This covers data the LA has collected for itself from schools or where the DfE has made that data available to the LA.
Where a member LA wishes to make analysis or data available EXTERNALLY via any means (other than Perspective (Lite)) the LA must consider all relevant data handling agreements - including any agreement with their own schools - to avoid making personal data available inadvertently. If the LA exports NPD (National Pupil Database) data out of Nexus then they should be aware of - and give regard to - the special permissions in place that permit NCER to not suppress individual data when used within Nexus. Once exported and utilised outside of Nexus, that special permission does not apply. LA developing their own reporting solutions must also give regard to the primary and secondary suppression rules required by the DfE if using this data outside of NCER systems or Perspective (Lite) and apply the same rules. This understanding and compliance is fundamental to NCER’s access to DfE data and is a requirement for a member LA’s use of Nexus. In the event of a breach of these rules this could threaten access to the NPD data for one or all of the members of NCER.
NCER recommend that members ensure compliance by investigating this with their DPO and as part of that process make the DPO aware of the special permissions and rules required by the DfE.
Comments
0 comments
Please sign in to leave a comment.