Best Practice Update

National child measurement programme

Updated operational guidance has been produced by Public Health England for local commissioners and schools on running the national child measurement programme (NCMP)

The NCMP information for schools and pre-measurement letter for headteachers have been revised and updated.  Full details and resources can be found here https://www.gov.uk/government/publications/national-child-measurement-programme-operational-guidance#163961_20190725095019 

All local authorities in England are required to collect information on the height and weight of Reception and Year 6 school children.

The General Data Protection Regulation (GDPR) and Data Protection Act 20184 (DPA2018) applies to the collection and processing of this data.

The statutory authority for processing the data collected in the NCMP is provided by:

  • The Local Authorities (Public Health Functions and Entry to Premises by Local Healthwatch Representatives) Regulations 20132
  • The Local Authority (Public Health, Health and Wellbeing Boards and Health Scrutiny) Regulations 20133.

Legal basis for processing 

There are 4 possible legal bases for the collection and processing of the data but Article 6 (1)(c) AND 9(2)(h) are considered to be the most appropriate for the processing of NCMP data;

  • Article 6(1)(c): the processing is necessary for compliance with a legal obligation to which the controller is subject
  • Article 6(1)(e): the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  • Article 9(2)(h): the processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services
  • Article 9(2)(i): the processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross- border threats to health or ensuring high standards 

The Key Message 

The key message from  Public Health England is that no change is needed to the ways in which children’s personal information is used and shared for the NCMP data collection to be lawful under the GDPR/DPA 2018. However, that does not mean that it should be an open door. Care must be taken and best practice exercised by schools.

Considerations for Schools 

Remember the guidance given in the best practice guidelines for working with the NHS in the best practice library.  

  • Are requests being made for the minimum amount of data required for the processing task?  If an excessive amount of data is being requested, the question why? must be asked. Under GDPR the sharing of data must only be that which is required to complete the required task.
  • How do they wish to receive data requested from you as a school to perform the NCHMP? Any personal data sent by you should be sent securely via encrypted mail. Remember data is most at risk when it is in transit, it is only secure if it is encrypted when it is sent.
  • Even with a lawful basis, security and data minimisation, data subjects still need to be informed and resources have been produced to help schools to do this in the updated guidance which can be found in the link above.

 

Search