FAQs data protection
Does your PTA use email and text messages to communicate
with parents? How diligent are you about looking after their
details? Dawn Monaghan, from the Information Commissioner's Office
provides advice on data protection.
We want to send out a letter to parents asking them to give us
their email addresses so we can contact them more easily. Do we
need to include any special wording?
I'd recommend including a brief explanation of why you are
collecting the information. It would be best practice to explain
how their details would be used, how you would store this
information, who would have access to it (for example, elected
committee members only) and for how long you would keep their
details. You should give parents the option to opt in or out of
having their details kept on file.
The school sends out a contact form at the start of every
academic year. Should we be doing the same for the PTA?
Absolutely! Best practice would suggest that you do this on an
annual basis to check the accuracy and the relevance of the
information you hold.
We have a database of parents' email addresses and phone
numbers - does this mean our PTA needs to register as a 'data
Generally, organisations which hold or process personal data do
need to register with the Information Commissioner's Office. There
are, however, some exemptions including 'not for profit'
organisations. As long as your PTA is working on a 'not for profit'
basis - regardless of whether you have charitable status - you are
NOT required to register as a 'data controller'. This means you are
not legally obliged to adhere to the terms of the Data Protection
Act 1998, however there are several 'best practice' principles that
I'd recommend you comply with. Make sure that the information held
Processed for limited purposes
Adequate, relevant and not excessive
Accurate and up-to-date
Not kept for longer than is necessary
Also, if your PTA is emailing groups of parents, make sure you
use the 'bcc' option to ensure that personal details are hidden
from other recipients.
Are there any special criteria for making sure that our
database of contact information is held securely?
It depends upon the nature of the data and the harm that could
be caused if the information was accidentally or otherwise
disclosed. I would suggest that if the information is just names
and addresses, the database should be password protected. Those who
have access to it should understand that they need to keep it safe
and not let non-approved people view or access it unless it is
appropriate to do so.
To save time and effort, we want to use an online booking
system for events, where people can view available slots and add
their names (such as doodle.com). Does this pose any data
It doesn't pose any data protection problems as you are not
subject to the Act, but it would be ethical to ensure that people
who are invited to input their information understand why you want
it and who has access to it.
Other PTAs successfully use Facebook and Twitter to communicate
with parents, but our head teacher is reluctant - what can I do to
There aren't any real issues on this from a data protection
perspective. Individuals voluntarily sign up to Facebook and
Twitter, so you can only contact them through these means if they
have made their details available. If their details can be
accessed, or if parents ask to join a PTA's Facebook group, they
have essentially given consent for their details to be used.
Schools are often reticent about PTAs using social networking as
a means of communication, not for data protection issues, but out
of concern that inappropriate comments might go unmoderated.
Last year we ran a PTA shopping and pamper night. I have
recently been contacted by a local nursery to ask for details of
our stallholders for an event they're planning, but can I pass
these details on?
NO! Unless you made it clear, when you originally collected the
data, that you may share details with third parties, then you
shouldn't pass this information on. I'd suggest that you email your
contact list and ask that they get in touch with the nursery direct
if they wish to get involved.
We often put photos of events on our noticeboard or videos on
our PTA website. Are there any data protection issues with
When taking photographs or videoing people you should get their
consent, explaining what you intend to do with the
photograph/footage including whether it is to be published and
where. In relation to children, consent must be given by a parent
or guardian, either in writing or verbally, depending on the
circumstances. Consent should not be necessary when
photographing/videoing a crowd where the individuals remain
For more information, visit ico.gov.uk.
Share this page