School leaders have been warned they will face action if they abuse their position of trust following the successful prosecution of an ex-headteacher who unlawfully took pupils’ personal data from his previous schools.
The Information Commissioner’s Office issued the strong warning after Darren Harrison, of Twickenham, south London, was fined after admitting two offences of unlawfully obtaining personal data in breach of section 55 of the Data Protection Act 1998.
Ealing Magistrates Court heard how Harrison, a former deputy head at Isleworth Town Primary School, obtained information about pupils from Spelthorne Primary and The Russell School in Richmond, and uploaded it to his then current school’s server. The ICO said he had “no lawful reason” to process the personal data, and was therefore in breach of data protection laws.
Harrison was suspended from Isleworth six months into his role, and a subsequent investigation found “large volumes of sensitive personal data present on the Isleworth server from his previous schools”, the ICO said.
Harrison provided “no valid explanation as to how the information had appeared on his system, which was via an upload from his USB stick, stating he had deleted the personal data from it”.
In a subsequent interview with the ICO Harrison read from a prepared statement, claiming the information was taken for “professional purposes”.
He was fined £700, ordered to pay £364.08 costs and a victim surcharge of £35.
Mike Shaw, the ICO’s criminal investigation group manager, said children and their parents or guardians “have the right to expect that their personal data is treated with respect and that their legal right to privacy is adhered to”.
“A headteacher holds a position of standing in the community and with that position comes the added responsibility to carry out their role beyond reproach.
“The ICO will continue to take action against those who we find have abused their position of trust.”