Social care: Ofsted privacy notice
Updated 1 November 2024
Applies to England
Ofsted is the Office for Standards in Education, Children’s Services and Skills, a non-ministerial government department. We inspect and regulate services that care for children and young people, and inspect services providing education and skills for learners of all ages.
Ofsted is the data controller for the personal data described in this notice, except where we inspect services jointly with other organisations. You can find out more about these in the sections for area SEND and joint targeted area inspections.
Registered children’s care services
‘Registered children’s care services’ refers to social care services that are regulated and inspected under the Care Standards Act 2000. These are:
- children’s homes, including secure children’s homes
- residential family centres
- residential holiday schemes for disabled children
- independent fostering agencies
- voluntary adoption agencies
- adoption support agencies
You can jump directly to the relevant section if:
- you’re registered to provide/manage these services
- you work for a registered children’s care service provider, or with the children who stay in/are helped by registered children’s care services
- you are a child who has used registered children’s care services
- you are the parent of a child who has used registered children’s care services
Why we process this personal data
Under the Care Standards Act 2000, Ofsted is the registration authority for, and has the power to, inspect children’s homes, residential family centres, residential holiday schemes for disabled children, fostering agencies, voluntary adoption agencies and adoption support agencies in England.
We get and process a wide range of personal data about individuals who are employed in and others involved in the provision of registered children’s care services. While carrying out these functions and conducting inspections, we may also obtain personal details of children, their parents or other individuals associated with the children.
We only process information when necessary in performing our role as the registration authority for registered children’s care services.
How we will use information about you
This section sets out how we will use data for different types of people.
I am registered to provide or manage registered children’s care services
You need to register with Ofsted if you are providing or managing a children’s home, adoption support agency, independent fostering agency, residential family centre, voluntary adoption agency or residential holiday scheme for disabled children.
If you are carrying on an establishment or agency referred to above, you must register with Ofsted under the Care Standards Act 2000 before the establishment or agency can operate. Anyone who manages an establishment or agency (other than a voluntary adoption agency) must also register.
Because Ofsted needs to ensure that you are and remain fit to carry on or manage a registered children’s care service, it is necessary for us to look at and keep a range of your personal data for as long as you may provide these services. We will retain relevant information about your suitability to provide registered children’s care services for as long as you are registered to provide these services. We may keep this information under review for a longer period of time if any regulatory issues or concerns were raised during the period of registration.
We process your personal data under Part II of the Care Standards Act 2000. In particular, we undertake the following regulatory activities with regards to registered persons’ personal data:
- registration
- cancellation or suspension of registration
- regulation of establishments and agencies
- inspection
- prosecuting offences within the Care Standards Act 2000 and the Adoption and Children Act 2002
I work for a registered children’s care service provider or with the children who stay in or are helped by registered children’s care services
We may collect information about you while we regulate or inspect registered children’s care services. This can include information written by inspectors or given by you, the provider, children or the public in their correspondence about the provider.
Our role is primarily to ensure that registered providers and managers continue to meet the relevant legislation and remain suitable to be registered. This means that we will not specifically try to collect information about staff or others who work with children unless as part of an inspection or general regulatory work.
We may, however, examine lists of staff to make sure that the provider has made proper checks or to check that staff have appropriate qualifications, speak to you and privately record your views about the provider or, if you are a staff member, to discuss your performance with the provider in the context of the services being delivered.
We may keep relevant information about you as part of inspection evidence and, when it relates to the suitability of people who are registered to provide registered children’s care services, for at least the length of that registration. We may also keep this information under review for longer if any regulatory issues or concerns were raised during the period of registration.
We may also collect information from you if you decide to whistleblow about your employer in a way that is protected by the Public Interest Disclosure Act 1998.
I am a child who has been in contact with registered children’s care services
This affects you if you stay in a:
- children’s home
- residential family centre
- residential holiday scheme for disabled children
or if you are/have been helped by an:
- independent fostering agency
- voluntary adoption agency
- adoption support agency
We will collect information about you and your experiences to help us check whether you have been provided with a good service which helps and protects you. Some of this information will be given by you, the people who run the services you use, local authorities, social workers or other government agencies.
We will always keep any information we hold or share as secure as possible. However, we sometimes have to share information about you or other children to other public authorities, such as the police and local authority child protection services, when we feel this will help and protect you or other children.
The people who run the place you stay in or the service you are helped by are required by law to send information about children to Ofsted when certain things happen. This is to ensure that Ofsted can check whether you have been provided with a good service which helps and protects you. These events include where:
- children have been involved in or subject to sexual exploitation
- a child has died
- children have been involved in a serious incident that required police involvement
- a child protection enquiry has started or ended
- children have been involved in any other serious incidents
We will normally hold this information alongside our information about your home or service provider. We may keep relevant information about you as part of inspection evidence and when it relates to the suitability of people who are registered to provide registered children’s care services for at least the length of that registration.
The Department for Education gives us data about looked after children. This contains date of birth and gender and will also identify which service may be looking after each child. This can also include ‘special category’ data on disabilities or ethnicity.
We will use this data to:
- carry out research and analysis
- help us with policy development
- help us understand the lives and journeys of the children in public care (whose provision and corporate parents we inspect)
- develop and test hypotheses relating to services for children in care to inform future inspection framework development
For example, we must publish an annual report about our work. We also have further powers to produce surveys and reports based on the information we hold.
I am the parent of a child staying in a children’s home or a child helped by registered children’s care services
We may collect important and sometimes sensitive information about you, your child and their experiences, to help us check whether your child was helped and protected and has been provided with a good service. Some of this information will be provided by you, the people who run the services you and your child uses, other government agencies or people who work with your child, such as social workers.
We will keep any information we hold or share as secure as possible. However, we sometimes have to share information about you or your child to other public authorities, such as the police and local authority child protection services, when we feel this will help and protect your child or other children.
We may hold this information alongside other information about the home or service.
We may keep relevant information about you as part of inspection evidence and, where it relates to the fitness of those registered to provide registered children’s care services, for at least the length of that registration. We may also keep this information under review for longer, depending on whether any regulatory issues or concerns were raised during the period of registration.
I am, or want to be, a foster carer or adopter
We may obtain information about you when Ofsted registers and inspects adoption and fostering agencies you use. We may hold this information alongside other information about these agencies.
We may obtain important and sometimes sensitive information about you or the children you care for, to help us check whether the children have been helped and protected and whether the agency has provided a good service. Some of this information will be given by you or the people who run the agencies you use.
We annually collect data on foster carers and fostered children directly from agencies. We use the data from independent fostering agencies, which we both regulate and inspect, to support our inspection of those agencies. We publish this data as a statistical release. We use it to understand wider sectorial issues.
We may keep relevant information about you as part of inspection evidence and, where it relates to the fitness of those registered to provide registered children’s care services, for at least the length of that registration. We may also keep this information under review for longer, depending on whether any regulatory issues or concerns were raised during the period of registration.
Types of personal data that we might hold
We hold a wide range of personal data because of our regulation and inspection of the provision of registered children’s care services in England. Specifically for those who are registered to provide registered children’s care services, this can include:
- address/contact details
- date of birth
- health information
- information about their compliance with regulations
- financial/contractual information
- previous employment/references
- details of criminal convictions and alleged offences
- performance information
- relevant information received about personal life and relationships
We may also hold the following information about any person working in registered children’s care services:
- their personal opinions relating to their work
- safeguarding information
For children in children’s homes or using social care services, we may be given information about their life and experiences from which they may be identified. This will include details where:
- children have been involved in or subject to sexual exploitation
- children have been involved in a serious incident that required police involvement
- a child protection enquiry has started or ended
- children have been involved in any other serious incidents
Who we might share personal data with
We share information with child protection agencies in accordance with our duties, powers and statutory guidance issued by the government.
Ofsted may also share personal data with a number of other public authorities. These are:
- local authorities
- any appropriate persons, for the purpose of protecting children from harm or neglect
- Health and Care Professions Council
- His Majesty’s Courts and Tribunals services
- Disclosure and Barring Service
- the National Child Safeguarding Review Panel
- Care Quality Commission and other inspectorates
- Charity Commission
- Care Inspectorate Wales
- the Office of the Children’s Commissioner
- the police
We may also share information with colleagues who need it within Ofsted, such as inspection planning teams or inspectors when carrying out inspections.
How long we keep personal data
We will keep relevant information about the suitability of those registered to provide registered children’s care services at least for the duration of that registration. We may keep this information under review for longer, depending on whether any regulatory issues or concerns were raised during the period of registration.
Where personal data comes from
We collect personal data about people involved in carrying on and managing registered children’s care services in England, the staff who work for these services, and the children who use them. As well as the information recorded by our own inspectors, this personal data can also come from a variety of sources outside Ofsted.
Information is given mainly by the individuals themselves, but Ofsted also receives information from public authorities and members of the public. Public authorities include:
- the police
- children’s care services registered under the Care Standards Act 2000
- local authorities
- The Charity Commission
- Care Inspectorate Wales
- National Child Safeguarding Practice Review Panels
- Health and Care Professions Council
- the Health & Safety Executive
- fire services
- medical professionals
- Disclosure & Barring Service (DBS)
- other government departments, such as the Department for Education
- other inspectorates
Members of the public include:
- parents of children in contact with registered children’s care services
- providers of registered children’s care services
- whistle-blowers
- the press
- other registered persons
We receive this information through our telephone contact centre, emails, written correspondence, social media, online forms, referrals from other internal teams or from inspection.
The legal requirement to give us this information
Inspectors require information to be provided when they carry out inspections. Failure to cooperate by failing to provide information required as part of an inspection carried out under sections 31(1) or 32(1) is an offence under section 31(9) of the Care Standards Act 2000.
Registered persons and those applying to be registered persons have to meet legal requirements to provide information to Ofsted. These include:
- information required as part of an application by a person seeking registration under the Care Standards Act 2000 (Registration) (England) Regulations 2010
- information under Section 31 of the Care Standards Act 2000 that requires a person who carries on or manages an establishment or agency to provide Ofsted with any information which it considers necessary to carry out its regulatory functions which includes inspection
- information required to be provided to Ofsted under the Children’s Homes (England) Regulations 2015
- information required to be provided to Ofsted under the Residential Family Centres Regulations 2002
- information required to be provided to Ofsted under the Residential Holiday Schemes for Disabled Children (England) Regulations 2013
- information required to be provided to Ofsted under the Fostering Services (England) Regulations 2011
- information required to be provided to Ofsted under the Adoption Support Agencies (England) and Adoption Agencies (Miscellaneous Amendments) Regulations 2005
Unregistered children’s care services
‘Unregistered children’s social care services’ refers to children’s social care services, or those managing them, that we suspect or believe should be registered under the Care Standards Act 2000.
Services that require people who carry on or manage them to be registered are:
- children’s homes, including secure children’s homes
- residential family centres
- residential holiday schemes for disabled children
- independent fostering agencies
- voluntary adoption agencies (no requirement for managers to be registered)
- adoption support agencies
You can jump directly to the relevant section if you:
- provide or manage these services
- work for one of these services, or with the children who stay in/are helped by them
- are a child who has used a children’s social care service that we suspect is unregistered
- are the parent of a child who has used a children’s care service that we suspect is unregistered
Why we process this personal data
We have the power to enter and inspect premises and records if we suspect unregistered children’s social care services are being carried out. It is a criminal offence to carry on or manage one of the services listed above without registration.
As a result of this, we can request and process a wide range of personal data that we need to detect, prevent and investigate criminal offences or to safeguard children. As part of this, we may also get personal details of children, parents or any other individual associated with suspected unregistered services.
How we will use information about you
This section sets out how we will use data for different types of people.
I provide or manage a children’s social care service suspected of being unregistered
If you are providing a children’s social care service referred to above, you must register with Ofsted before the service can operate. Anyone who manages any of these services other than voluntary adoption agencies must also register.
Failure to register is an offence, and we may prosecute. There are also offences under adoption.
We may receive information from people who suspect unregistered children’s social care services are being provided. We will use that information and any additional information gathered by our inspectors to decide whether you are providing unregistered children’s social care services and whether we should prosecute.
I work for a children’s social care service provider suspected of being unregistered or with the children using the service
We may collect and see information about you as part of an investigation into whether your employer is providing unregistered social care. This can include information written by inspectors or given to us by you, the provider, children or members of the public.
Our role in these investigations is mainly to ensure that registered providers and managers are not providing unregistered children’s social care. We will not specifically try to collect information about staff or others who work with children unless as part of the investigation. We will store any information about you as securely as possible.
We may also collect and store information from you if you decide to whistleblow (share information about your employer in a way that is protected by the Public Interest Disclosure Act 1998).
I am a child who has used a children’s social care service suspected of being unregistered
We may hold information about you if we suspect that where you stay, or the person who helps you, is not registered with Ofsted when they should be. We will keep this information alongside our other information about the unregistered service.
We will keep any information we hold or share as securely as possible. However, we sometimes have to share information about you or other children to other public authorities, such as the police and local authority child protection services, when we feel this will help and protect you or other children.
I am the parent of a child who has used a children’s social care service suspected of being unregistered
We may receive and hold information about you or your child if we suspect that your child is staying in, or using, a children’s social care service that is unregistered. We will hold this with our other information about the service to help us decide whether the people who run the service are committing an offence.
Some of this information will be provided by you, the people who run the services you and your child use, and other government agencies or people who work with your child, such as social workers.
We will keep any information we hold or share as securely as possible. However, we sometimes have to share information about you or your child to other public authorities, such as the police and local authority child protection services, when we feel this will help and protect your child or other children.
Types of personal data that we might hold
We hold a wide range of personal data on suspects, witnesses, parents, and children as a result of our investigations into suspected unregistered children’s social care.
This can include:
- address/contact details
- date of birth
- information about compliance with regulations
- financial/contractual information
- previous employment/references
- details of criminal convictions and alleged offences
- details of children’s care needs
- relevant information received about personal life and relationships
- safeguarding information.
Who we might share personal data with
We share information with child protection agencies in accordance with our duties, powers and the statutory guidance issued by the government.
Ofsted may also share personal data with a number of other public authorities:
- the Department for Education
- local authorities
- any appropriate persons for the purpose of protecting children from harm or neglect
- Health and Care Professions Council
- His Majesty’s Courts and Tribunals services
- Disclosure and Barring Service
- the National Child Safeguarding Review Panel
- Care Quality Commission and other inspectorates
- Charity Commission
- the Office of the Children’s Commissioner
- the police
- The Welsh Assembly government
- Care Inspectorate Wales
- The Scottish government
- Care Inspectorate (in Scotland)
We may also share information with Ofsted colleagues who need it, such as inspectors when carrying out inspections.
How long we keep personal data
We will keep relevant information during the course of the investigation and any prosecution or related court hearings. We may keep this information after we complete an investigation to help future investigations and our activity as the regulator of children’s social care in England.
Where personal data comes from
As well as the information recorded by our own inspectors, this personal data can also come from a variety of sources outside Ofsted. We may also receive information from other public authorities and members of the public. Other public authorities include:
- the police
- children’s care services registered under the Care Standards Act 2000
- local authorities
- The Charity Commission
- Care Inspectorate Wales
- National Child Safeguarding Practice Review Panels
- Health and Care Professions Council
- the Health & Safety Executive
- fire services
- Disclosure & Barring Service (DBS)
- other government departments, such as the Department for Education
- Welsh Assembly Government and the Scottish Government
- other inspectorates
Members of the public include:
- parents of children
- providers of registered children’s care services
- whistleblowers
- the press
- other registered people.
We receive this information through our telephone contact centre, emails, written correspondence, social media, online forms, referrals from other internal teams or from inspection.
The legal requirement to give us this information
Inspectors require information from those we suspect of providing or managing children’s social care services as part of an inspection. It is an offence not to provide information we need.
Inspections of Cafcass
You can jump directly to the relevant section if:
- you work for Cafcass or with a child or young person whose case has involved Cafcass
- you are a child or young person whose case has involved Cafcass
- you are a parent of a child or young person whose case has involved Cafcass
Why we process this personal data
Under the Education and Inspections Act 2006, Ofsted inspects the Children and Family Court Advisory and Support Service (Cafcass). As a result of our functions under this Act, we collect and process a wide range of personal data about individuals working for Cafcass and others involved in the care of, and legal cases involving, children. While carrying out these inspections, we may also obtain personal details of children, parents or other individuals associated with the children.
We only process information when necessary in performing our inspections and the preparation of inspection reports in connection with Cafcass.
How we will use information about you
This section sets out how we will use data for different types of people.
I work for Cafcass or with a child or young person whose case has involved Cafcass
We may collect information about you as part of our inspections. This can include information written by inspectors or provided by you, your employer, from children, their parents, or by the public in their correspondence about Cafcass.
Our role is to inspect Cafcass. This means that we will not specifically try to collect information about staff or others who work with children unless it is relevant to our inspection work. We may, however, talk to young people and their parents, and gather views from stakeholders, examine records and key documents, including case files and audits, and interview managers and staff.
We may keep relevant information about you as part of inspection evidence. We will store this information safely for at least 3 years.
We may also collect information from employees who decide to whistleblow about their employer in a way that is protected by the Public Information Disclosure Act 1998.
I am a child or young person whose case has involved Cafcass
We may obtain important and sometimes sensitive information about you and your experiences when we inspect in order to help us evaluate how Cafcass helped you. Some of this information will be provided by you, parents or carers, the people who run Cafcass or other government agencies. We hold this information as part of inspection evidence from the inspection of the service provided by Cafcass. We may keep this information securely for a minimum of 3 years.
We will keep any information we hold or share as secure as possible. We sometimes have to share information about young people to other public authorities, such as the police and local authority child protection services, when we feel this will help and protect children.
I am a parent of a child or young person whose case has involved Cafcass
We may collect important and sometimes sensitive information about you and your child and their experiences, to help us check how Cafcass helped you or your child. Some of this information will be provided by you, the people at Cafcass or other people who work or worked with your child. We may keep relevant information about you or your child as part of inspection evidence. We may keep this information for a minimum of 3 years.
We will keep any information we hold or share as secure as possible. We sometimes have to share information to other public authorities, such as the police and local authority child protection services, when we feel this will help and protect children.
Types of personal data that we might hold
We hold a wide range of information because of our inspection of Cafcass.
For children and families who receive services and support from Cafcass, this includes:
- address/contact details
- date of birth
- health data
- relevant information received about personal life and relationships
- information about the services and support provided by Cafcass
- information contained in reports prepared for legal proceedings.
We may also hold the following information about any person working at Cafcass:
- information about their employment and performance
- their personal opinions relating to their work
- safeguarding information
Who we might share personal data with
We share information with child protection agencies in accordance with our statutory duties and powers and other statutory guidance issued by the government.
We may also share personal data with a number of other public authorities, including:
- Cafcass
- local authorities
- any appropriate persons, for the purpose of protecting children from harm or neglect
- His Majesty’s Courts and Tribunals Services
- Disclosure and Barring Service
- the police
We may also share information with colleagues who need it within Ofsted, such as inspection planning teams or inspectors when carrying out inspections.
How long we keep personal data
We will usually keep relevant information, including information about you or your child, as part of our inspection evidence for a minimum of 3 years.
Where the personal data comes from
We collect personal data about people who work for Cafcass, children, parents and other people involved in the care of, and legal cases involving, children. As well as the information recorded by our own inspectors, this personal data can also come from a variety of sources outside Ofsted. Information comes mainly from the individuals themselves, but we also receive information from other public authorities and members of the public. Other public authorities include:
- Cafcass
- the police
- local authorities
- medical professionals
- Disclosure & Barring Service (DBS)
- other government departments, such as the Department for Education
Members of the public include:
- parents of children and young people in contact with Cafcass
- whistleblowers
- the press
We receive this information through our telephone contact centre, emails, written correspondence, social media, online forms, referrals from other internal teams or from inspection.
The legal requirement to give us this information
Section 145 of the Education and Inspections Act 2006 sets out why we can inspect documents and has the power to require redaction of information provided to Ofsted for the purposes of inspection. Inspectors require information to be provided when they carry out inspections. We would not be able to carry out its inspections without personal data.
Secure training centres
You can jump directly to the relevant section if:
Why we process this personal data
Ofsted inspects secure training centres in England in accordance with arrangements made under the Education and Inspections Act 2006. Inspections are commissioned by the Youth Justice Board to take place jointly with inspectors from His Majesty’s Inspector of Prisons and the Care Quality Commission.
We collect and process a wide range of personal data about individuals who work for secure training centres. We may also obtain personal data about young people in secure training centres and their parents.
We only process information if necessary when inspecting secure training centres and the preparation of inspection reports.
How we will use information about you
This section sets out how we will use data for different types of people.
I work for a secure training centre
We may collect information about you as part of our inspection of secure training centres. This can include information recorded by inspectors about you or provided by you, your employer, from children or by the public in their correspondence about or with your employer.
Our role is to inspect secure training centres. This means that we will collect information about staff or others who work with children that is relevant to our inspection. We may talk to young people, gather views from stakeholders, examine records and key documents, including young people’s files and electronic surveillance records and interview managers and staff.
We may keep relevant information about you as part of our inspection evidence. We will store this information safely for at least 3 years.
We may also collect information from you if you decide whistleblow about your employer in a way which is protected by the Public Interest Disclosure Act 1998.
I am a young person in a secure training centre
We may collect important and sometimes sensitive information about you and your experiences, to help us when we check whether you are helped and protected and have been provided with a good service. Some of this information will be provided by you, other inspectorates or the people who run the centre. We hold this information as part of inspection evidence. We may keep this information securely for at least 3 years.
We will keep any information we hold or share as secure as possible. However, we sometimes have to share information about young people with other public authorities, such as other inspectorates, the police and local authority child protection services, when we feel this will help and protect young people.
Types of personal data we might hold
We hold a wide range of information because of our inspection of secure training centres in England. For young people this may include:
- address or contact details
- date of birth
- health data
- details of your educational performance
- details of your behaviour and how it has been managed
- details of criminal convictions, cautions and alleged offences
- relevant information received about personal life and relationships
- information about the services and support provided by the training centre
We may also hold the following information about any person working in a secure training centre:
- information about their employment and performance
- their personal opinions relating to their work
- safeguarding information
Who we might share personal data with
We share information with child protection agencies in accordance with our duties, and powers and statutory guidance issued by the government.
Ofsted may also share personal data with a number of other public authorities:
- His Majesty’s Inspector of Prisons
- Care Quality Commission
- the Youth Justice Board
- Ministry of Justice
- local authorities
- any appropriate persons, for the purpose of protecting children from harm or neglect
- Health and Care Professions Council
- His Majesty’s Courts and Tribunals Service
- Disclosure and Barring Service
- the police
We may also share information with colleagues who need it within Ofsted, such as inspection planning teams or inspectors when carrying out inspections.
How long we keep personal data
Ofsted will keep relevant information as part of our inspection evidence for at least 3 years.
Where the personal data comes from
We collect personal data about people who work for secure training centres and the young people in the centre. As well as the information recorded by our own inspectors, this personal data can also come from a variety of sources outside Ofsted.
Information comes mainly from the individuals themselves, but we also receive information from other public authorities and members of the public. Public authorities include:
- His Majesty’s Inspector of Prisons
- Care Quality Commission
- the Youth Justice Board
- Ministry of Justice
- the police
- HM Prisons and HM Probation
- local authorities
- national child safeguarding practice review panels
- medical professionals
- Disclosure & Barring Service (DBS)
- other government departments
Members of the public include:
- parents of children in custodial secure estates
- whistleblowers
- the press
We receive this information through our telephone contact centre, emails, written correspondence, social media, online forms, referrals from other internal teams or from inspection.
The legal requirement to give us this information
The information is provided to Ofsted under the arrangements made under section 146 of the Education and Inspections Act 2006.
Local authority children’s services
We inspect local authority children’s services under the Education and Inspections Act 2006. In carrying out these inspections, we collect and process a wide range of personal data about individuals who work for local authorities. We may also obtain personal data about children and young people and their parents and others provided with services by local authorities.
You can jump directly to the relevant section if:
- you work for a local authority
- you are a child or young person who receives services and support from the local authority
- you are the parent of a child who receives services and support from a local authority
Ofsted must publish an annual report about our work. We have further powers to produce surveys and reports based on the information we hold. We also produce statistics about this work.
We only process information when necessary to inspect and prepare inspection reports.
How we will use information about you
This section sets out how we will use data for different types of people.
I work for a local authority
We may collect information about you as part of our inspections. This can include information provided by you, your employer, from children or by the public in their correspondence about the local authority or information recorded by inspectors.
Our role is to inspect local authority children’s services. It involves evaluating the experiences of children and young people. It may also scrutinise and discuss a sample of children’s cases alongside discussions with practitioners working with the child or young person. We will only obtain information about staff or others who work with children when it is necessary for our inspection work.
We may keep relevant information about you as part of inspection evidence. This information will be stored securely for at least 3 years.
We may also collect information from you if you decide to whistleblow about your employer in a way which is protected by the Public Interest Disclosure Act 1998.
I am a child or young person who receives services and support from the local authority
We may collect important and sometimes sensitive information about you and your experiences to help us evaluate whether you are or were helped and protected and have been provided with a good service by the local authority. Some of this information will be provided by you, the people who run the services you are helped by, or have helped you in the past (like health professionals), the local authority or other government agencies. We hold this information as part of inspection evidence from the inspection of the local authority services. We may keep this information securely for at least 3 years.
We will always keep any information we hold or share as secure as possible. However, we sometimes have to share information about children and young people with other public authorities, such as the police and local authority child protection services, when we feel this will help and protect children.
We are also given data about looked after children from the Department for Education. This data contains date of birth and gender and will also identify which service may be looking after each child. This can also include ‘special category’ data on disabilities or ethnicity.
We use this data to carry out research and analysis and to assist us with policy development. For example, we must publish an annual report about our work. We also have further powers to produce surveys and reports based on the information it holds.
I am the parent of a child who receives services and support from a local authority
We may collect information about your and your child’s experiences to help us evaluate whether your child was helped and protected and has been provided with a good service. Some of this information will be provided by you, the people who run the services you and your children receive, other government agencies or people who work or worked with your children. We hold this information as part of inspection evidence from the inspection of the local authority services. We may keep this information securely for at least 3 years.
We will keep any information we hold or share as secure as possible. However, we sometimes have to share information about you or your children to other public authorities, such as the police and local authority child protection services, when we feel this will help and protect children.
Types of personal data that we might hold
We hold a wide range of information in relation to its inspection of local authority children’s services in England. For children and families who receive services and support from a local authority this includes:
- address/contact details
- date of birth
- health data
- details of criminal convictions, cautions and alleged offences
- relevant information received about personal life and relationships
- information about the services and support provided by the local authority
- data about local authority foster parents and prospective adopters
- data on looked after children from the Department for Education
For children using local authority children’s services, we may be given information about their life and experiences from which they may be identified. This will include details where:
- a child has died
- children have been involved in or subject to sexual exploitation
- children have been involved in a serious incident that required police involvement
- a child protection enquiry has started or ended
- children have been involved in any other serious incidents
for any person working in local authority children’s services this includes:
- information about their employment and performance
- their personal opinions relating to their work
- safeguarding information
We also receive information from local authorities about serious incidents where children die or are seriously harmed, and where it is suspected that they have been abused or neglected. Local authorities are required to send us this information and we have to keep it in case it is needed by the Independent Inquiry into Child Sexual Abuse. We keep this information as secure as possible and we use it to inform our inspections.
Who we might share personal data with
We share information with child protection agencies in accordance with our statutory duties and powers and other statutory guidance issued by the government.
We may also share personal data with a number of other public authorities:
- the Department for Education
- the Independent Panel of National Experts on Serious Case Reviews
- local authorities
- any appropriate persons, to protect children from harm or neglect
- Health and Care Professions Council
- His Majesty’s Courts and Tribunals Services
- Disclosure and Barring Service
- Care Quality Commission
- Care Inspectorate Wales
- Local Government Ombudsman
- His Majesty’s Inspectorate of Constabulary and Fire & Rescue Services
- His Majesty’s Inspectorate of Probation
- His Majesty’s Inspectorate of Prisons
- His Majesty’s Crown Prosecution Service Inspectorate
- the police
We may also share information with colleagues who need it within Ofsted such as inspection planning teams or inspectors when carrying out inspections.
How long we keep personal data
We will usually keep relevant information as part of our inspection evidence for at least 3 years. We may also use the information for larger pieces of research to help local authorities improve or other statistical research. If that happens, we may keep the information until the research is completed.
Where the personal data comes from
We collect personal data about people who work for local authority children’s services, and the children and care leavers who they provide services and support to and their parents. As well as the information recorded by our own inspectors, this personal data can also come from a variety of sources outside Ofsted. Information comes mainly from the individuals themselves, but we also receive information from other public authorities and members of the public. Public authorities include:
- the police
- children’s services registered under the Care Standards Act 2000
- the Charity Commission
- Care Inspectorate Wales
- local authorities
- national child safeguarding practice review panels
- Health and Care Professions Council
- the Health & Safety Executive
- fire services
- medical professionals
- Disclosure & Barring Service (DBS)
- other government departments, such as the Department for Education
- other inspectorates
Members of the public include:
- parents of children and young people in contact with local authority children’s services
- whistleblowers
- the press
- other registered persons
We receive this information through our telephone contact centre, emails, written correspondence, social media, online forms, referrals from other internal teams or from inspection.
The legal requirement to give us this information
Section 140 of the Education and Inspections Act 2006 provides the statutory basis for Ofsted to obtain personal data held by local authorities. We would not be able to carry out its inspections without the personal data. It is an offence under section 140(9) to prevent such access to personal data as part of an inspection.
Section 141 of the Education and Inspections Act 2006 gives Ofsted the power to request information from a local authority that may contain personal data. We would not be able to carry out its inspections without the personal data. Failure to comply with such a request without reasonable excuse is an offence under section 141(4) of the Education and Inspections Act 2006.
Under the statutory guidance Working together to safeguard children, local authorities are required to inform Ofsted of any incident involving the care of a child where:
- a child has died (including cases of suspected suicide), and abuse or neglect is known or suspected; a child has been seriously harmed and abuse or neglect is known or suspected
- a looked after child has died (including cases where abuse or neglect is not known or suspected)
- a child in a regulated setting or service has died (including cases where abuse or neglect is not known or suspected)
Area SEND inspections
This section covers inspections of local area provision for children and young people who have special educational needs and disabilities. These are also known as area SEND inspections.
Ofsted and the Care Quality Commission (CQC) jointly inspect local areas arrangements for children and young people who have special educational needs and/or disabilities, under the Children Act 2004. Ofsted inspects and regulates the care and education of children and young people in England. CQC is the independent regulator of health and adult social care in England.
Ofsted is the data controller for the personal data gathered through the shared IT systems used on inspections of local area provision for children and young people who have special educational needs and disabilities (area SEND inspections).
CQC is the data controller for personal data gathered by it directly (that is, data not gathered through the shared systems used for area SEND inspections).
You can jump directly to the relevant section if:
- you work for a local authority or relevant institution
- you are a child or young person with special educational needs or disabilities
- you are the parent/carer of a child with special educational needs or disabilities
Why we process personal data
The role of Ofsted and CQC is to inspect and evaluate how well a local area partnership works to improve the experiences and outcomes of children and young people with SEND, aged from birth to 25.
The inspection process involves evaluating the experiences of children and young people and their parents and carers, as well as the experiences of the educational institutions where these children and young people are placed.
Inspectors may also scrutinise and discuss a sample of children and young people’s cases alongside discussions with professionals working with them. We will only get information about staff or others who work with children or young people when it is necessary for our inspection work.
On inspection, we collect and process a wide range of personal data about individuals who work for relevant local agencies and educational institutions. We also collect personal data about children/young people and their parents and/or carers who are provided with services by the local area.
We use this personal data to inform our report following an area SEND inspection. We never identify individuals in our reports. We only process information that we need to carry out the inspection or to write the report.
How we will use information about you
This section sets out how we will use data for different types of people.
I work for a local authority or a relevant educational/health institution
We may collect information about you as part of our inspection. This can include information provided by you, your employer, children or young people and their parents or carers, members of the public and other practitioners working in your local area, or information recorded by inspectors.
We may keep relevant information about you as part of inspection evidence. The names of individuals are not recorded in the evidence base but the information we have about your role may make it possible to identify you.
This information will be stored securely for at least 3 years.
I am a child or young person who has special educational needs and/or disabilities
We may collect important and sometimes sensitive information about you and your experiences to help us evaluate whether local area agencies have properly identified and effectively supported your needs.
Some of this information will be provided by you. Some information will be provided by the nursery, school or college you attend, or by the people who run the agencies that assess or support you (like educational psychologists, social workers and doctors or nurses). We also get information from other government agencies.
We hold this information as part of the inspection evidence. We will not use your name but other information we record about you may make it possible to identify you. We may keep this information for at least 3 years.
We will always keep any information we hold or share as secure as possible. We may have to share information about you with other public authorities, such as the police and local authority child protection services, if we feel this is necessary to protect you or another child or young person.
The local area also gives us data about children and young people who have special educational needs or disabilities. This data includes date of birth and gender and will also identify the special educational need/disability. It will include information about which service may be assessing/supporting each child or young person. This can also include ‘special category’ data on disabilities or ethnicity.
We use this data to carry out research and analysis and to assist us with policy development.
I am the parent or carer of a child or young person who has special educational needs or disabilities
We may collect information about you and your child’s experiences to help us evaluate whether the local area agencies have properly identified and effectively supported your child’s needs.
Some of this information will be provided by you or your child. Some will be provided by the people who run the local area institutions that assess or support you and your child or that have done so in the past.
We hold this information as part of the inspection evidence. We may keep this information for at least 3 years.
We will keep any information we hold or share as secure as possible. We may have to share information about you or your child with other public authorities, such as the police and local authority child protection services, if we feel that this is necessary to protect your child or other children.
Types of personal data that we might hold
We hold a wide range of information about the effectiveness of local area services in England for children and young people who have special educational needs or disabilities.
For children and young people who are assessed by or receive support from local area agencies, we may hold:
- address/contact details
- date of birth
- health data
- details of criminal convictions, cautions and alleged offences
- relevant information received about personal life and relationships
- information about the services and support provided by the local area
- data about educational performance
For children and young people assessed or supported by local area agencies, we may be given information about their life and experiences that may make it possible to identify them. This will include details about:
- their medical conditions and treatment
- their special educational needs and educational attainment
- their involvement with local authority social care
- their family circumstances
For any person working in a local area agency or educational institution, we may record information that may make it possible to identify them. This will include details about:
- their employment
- their personal opinions relating to the support of children and young people
- safeguarding information
Who we might share personal data with
On an area SEND inspection, Ofsted and the CQC share information with each other to support a joint assessment of local area partnerships.
We also share information with child protection agencies in line with our statutory duties and powers and any statutory guidance issued by the government.
We may also share personal data with other public authorities. These are:
- local authorities
- health authorities
- any appropriate persons to protect children from harm or neglect
- the Health and Care Professions Council
- His Majesty’s Courts and Tribunals Services
- Disclosure and Barring Service
- the Local Government and Social Care Ombudsman
- the police
We may also share information with other Ofsted colleagues who need it to do their jobs, such as inspection support teams or other inspectors.
How long we keep personal data
We will usually keep relevant information as part of our inspection evidence for at least 3 years. We may also use the information for larger pieces of research to help local area services improve or other statistical research. If that happens, we may keep the information until the research is completed.
Where the personal data comes from
We collect personal data during inspection, as explained above. This information comes mainly from the individuals themselves, but we also receive information from other public authorities and members of the public. Public authorities include:
- children’s services registered under the Care Standards Act 2000
- the Charity Commission
- local authorities
- medical professionals
Members of the public include:
- parents and carers of children and young people who have special educational needs or disabilities
- support groups
- whistleblowers
- the press
We receive this information through our telephone contact centre, emails, written correspondence, social media, online forms, referrals from other internal teams and inspection. We also get information from surveys of children and young people with SEND, of their parents and carers, and of professionals who work with them.
The legal requirement to give us this information
Section 140 of the Education and Inspections Act 2006 (applied by Regulation 2 and the Schedule to the Children Act 2004 (Joint Area Reviews) Regulations 2015) provides the statutory basis for Ofsted to collect personal data held by local authorities. We would not be able to carry out these inspections without the personal data. It is an offence under section 140(9) to prevent access to personal data as part of an inspection.
Section 141 of the Education and Inspections Act 2006 similarly applied gives Ofsted the power to request information from a local authority, which may contain personal data. We would not be able to carry out these inspections without the personal data. Failure to comply with these requests without reasonable excuse is an offence under section 141(4) of the Education and Inspections Act 2006.
Section 64 of the Health and Social Care Act 2008 (applied by Regulation 2 and the Schedule to the Children Act 2004 (Joint Area Reviews) Regulations 2015) provides the statutory basis for CQC to collect personal data held by public authorities where there is a review of children’s services that comprise the provision of health care or the promotion and protection of public health. Ofsted/CQC would not be able to carry out these inspections without the personal data. It is an offence under section 64(4) to prevent access to personal data as part of an inspection.
Your rights
You can write to either Ofsted or CQC to ask whether we hold information about you and to ask us to give you that information. View contact details and information about your rights for Ofsted and for CQC and other inspectorates.
Joint targeted area inspections
Ofsted carries out joint targeted area inspections (JTAIs) together with the following organisations:
- The Care Quality Commission (CQC) is the independent regulator of health and adult social care in England.
- His Majesty’s Inspectorate of Constabulary and Fire & Rescue Services (HMICFRS) assesses and reports on the effectiveness and efficiency of police forces and fire and rescue services in the public interest. HMICFRS is independent of government, the police and fire and rescue authorities.
- His Majesty’s Inspectorate of Probation is the independent inspector of youth offending and probation services in England and Wales. Their purpose is to report on the effectiveness of work with adults and children and young people who have offended.
Ofsted is the data controller for the personal data gathered through the shared IT systems used on a JTAI (see Annex A of the inspection framework).
The following organisations are the data controllers for the data they gather directly (that is, data not gathered through the shared systems used for JTAIs):
- CQC is the data controller for health sector data
- HMICFRS is the data controller for police data
- HMI Probation is the data controller for probation service data
You can jump directly to the relevant section if:
- you work for a local authority, healthcare provider, the police, probation services or youth offending services, or a relevant educational institution
- you are a child or young person receiving services and support from local multi-agency children’s services
- you are the parent/carer of a child receiving services and support from local multi-agency children’s services
Why we process this information
We jointly inspect multi-agency children’s services in a local authority area under the Children Act 2004. On inspection, we collect and process a wide range of personal data about individuals who work for the local agencies responsible for these services. We also collect personal data about children/young people and their parents/carers and others who are provided with services by the local area agencies.
We use this personal data to inform our report to the Secretary of State following a local area inspection. We never identify individuals in our reports. We only process information that we need to carry out the inspection or to write the report.
How we will use information about you
This section sets out how we will use data for different types of people.
I work for a local authority, healthcare provider, the police, probation services or youth offending services, or a relevant educational institution
We may collect information about you as part of our inspections. This can include information provided by you, your employer, children and their parents or carers, members of the public and other practitioners working in your local authority area, or information recorded by inspectors.
Our role is to inspect multi-agency children’s services in a local authority area. The inspection process involves evaluating the experiences of children and young people and their parents and carers. Inspectors may also scrutinise and discuss a sample of children’s cases alongside discussions with practitioners working with the child or young person. We will only get information about staff or others who work with children when it is necessary for our inspection work.
We may keep relevant information about you as part of inspection evidence. This information will be stored securely for at least 3 years.
I am a child or young person who receives services and support from the multi-agency children’s services in the local authority area
We may collect important and sometimes sensitive information about you and your experiences to help us evaluate whether you are or were helped and protected and whether the local agencies provided you with a good service.
Some of this information will be provided by you or your parent/carer. Some will be provided by the people who run the services you are helped by, or have helped you in the past (like social workers, doctors and nurses, police officers and probation officers). We also get information from other government agencies.
We hold this information as part of the inspection evidence. We may keep this information for at least 3 years.
We will always keep any information we hold or share as secure as possible. We may have to share information about you with other public authorities, such as the police and local authority child protection services, if we feel this is necessary to help and protect you or another child.
The Department for Education also gives us data about looked after children. This data contains date of birth and gender and will also identify which service may be looking after each child. This can also include ‘special category’ data on disabilities or ethnicity.
We use this data to carry out research and analysis and to assist us with policy development. For example, we must publish an annual report about our work. We also have further powers to produce surveys and reports based on the information we hold.
I am the parent or carer of a child who receives services and support from the multi-agency children’s services in the local authority area
We may collect information about your and your child’s experiences to help us evaluate whether your child was helped and protected and whether the local agencies provided them with a good service.
Some of this information will be provided by you or your child. Some will be provided by the people who run the services you and your child receive or those that have helped you in the past. We also get information from other government agencies.
We hold this information as part of the inspection evidence. We may keep this information for at least 3 years.
We will keep any information we hold or share as secure as possible. We may have to share information about you or your child with other public authorities, such as the police and local authority child protection services, if we feel that this is necessary to protect your child or other children.
Types of personal data that we might hold
We hold a wide range of information about multi-agency children’s services in local authority areas.
For children and families who receive services and support from a local agencies, we may hold:
- address/contact details
- date of birth
- health data
- details of criminal convictions, cautions and alleged offences
- relevant information received about personal life and relationships
- information about the services and support provided by the local agencies
- data about foster parents and prospective adopters
- data received from the Department for Education on looked after children (see above)
For children using multi-agency children’s services, we may be given information about their life and experiences that could make it possible to identify them. This will include details of when:
- a child has died
- children have been involved in or subject to sexual exploitation
- children have been involved in a serious incident that required police involvement
- a child protection enquiry has started or ended
- children have been involved in any other serious incidents
For any person working in a local agency, we may record information that could make it possible to identify them. This will include details about:
- their employment
- their personal opinions relating to the support of children and young people
- safeguarding information
Who we might share personal data with
On a JTAI, the inspectorates share information with each other to support a joint evaluation of local multi-agency services.
We share information with child protection agencies in line with our statutory duties and powers and any other statutory guidance issued by the government.
We may also share personal data with a number of other public authorities. These are:
- local authorities
- any appropriate persons to protect children from harm or neglect
- the Health and Care Professions Council
- His Majesty’s Courts and Tribunals Services
- Disclosure and Barring Service
- The Local Government and Social Care Ombudsman
- His Majesty’s Inspectorate of Prisons
- His Majesty’s Crown Prosecution Service Inspectorate
- the police
We may also share information with other Ofsted colleagues who need it to do their jobs, such as inspection support teams or other inspectors.
How long we keep personal data
We will usually keep relevant information as part of our inspection evidence for at least 3 years. We may also use the information for larger pieces of research to help multi-agency children’s services improve or other statistical research. If that happens, the information may be retained until the research is completed.
Where the personal data comes from
We collect personal data during inspection, as explained above. As well as the information recorded by our own inspectors, this personal data can also come from a variety of sources outside Ofsted. Information comes mainly from the individuals themselves, but we also receive information from other public authorities and others, including
- the police
- children’s services registered under the Care Standards Act 2000
- the Charity Commission
- local authorities
- national child safeguarding practice review panels
- the Health and Care Professions Council
- the Health & Safety Executive
- fire services
- medical professionals
- Disclosure & Barring Service (DBS)
- other government departments, such as the Department for Education
- other inspectorates
- parents of children and young people
- whistleblowers
- the press
- services inspected or regulated by any of the inspectorates
We receive this information through our telephone contact centre, emails, written correspondence, social media, online forms, referrals from other internal teams or inspection.
The legal requirement to give us this information
Section 140 of the Education and Inspections Act 2006 provides the statutory basis for Ofsted to collect personal data held by local authorities. We would not be able to carry out our inspections without the personal data. It is an offence under section 140(9) to prevent access to personal data as part of an inspection.
Section 141 of the Education and Inspections Act 2006 gives Ofsted the power to request information from a local authority, which may contain personal data. We would not be able to carry out our inspections without the personal data. Failure to comply with these requests without reasonable excuse is an offence under section 141(4) of the Education and Inspections Act 2006.
Section 64 of the Health and Social Care Act 2008 (applied by Regulation 2 and the Schedule to the Children Act 2004 (Joint Area Reviews) Regulations 2015) provides the statutory basis for CQC to collect personal data held by public authorities where there is a review of children’s services that comprise the provision of health care or the promotion and protection of public health. Ofsted/CQC would not be able to carry out these inspections without the personal data. It is an offence under section 64(4) to prevent access to personal data as part of an inspection.
Your rights
You can write to either Ofsted or any of the other inspectorates to ask whether we hold information about you and to ask us to give you that information. View contact details and information about your rights for Ofsted and for other inspectorates.
Residential schools and colleges
This section covers:
- boarding schools where Ofsted inspects the boarding provision
- residential special schools
- further education colleges with residential provision
You can jump directly to the relevant section if you:
Why we process this information
Under section 87(3) of the Children Act 1989, Ofsted inspects residential provision in boarding schools, residential special schools and further education colleges. As a result of this, we ask for and process a wide range of personal data about individuals who work in the schools or colleges where this allows the school or college to prove that staff working there are suitable to do so. We may also obtain personal data about children and young people who are or have been accommodated by the schools or colleges, and their parents or other individuals associated with these schools and colleges.
How we will use information about you
This section sets out how we will use data for different types of people.
I work for a residential school or college
We may collect information about you as part of our inspections. This can include information recorded by inspectors or provided by you, your employer, from children or by the public in their correspondence about the school or college.
Our role is primarily to inspect the quality of the service provided to the children and young people who are accommodated by the school or college, and to evaluate whether their welfare is being safeguarded and promoted.
We may examine staff records to make sure that the school or college has made proper checks or to check that staff have appropriate qualifications or to speak to you privately and record your views about the residential provision or employer or, if you are a member of staff, discuss your performance with your employer in the context of the services being provided.
We may keep relevant information about you as part of the inspection evidence. We will store this information securely for a minimum of 3 years.
We may also collect information from you if you decide to ‘whistleblow’ about your employer in a way that is protected by the Public Information Disclosure 1998.
I am a child or young person who attends a residential school or college that Ofsted inspects
If you attend a school or college with residential provision, we may obtain important and sometimes sensitive information about you and your experiences to help us check whether your welfare was safeguarded during the time you were living in a residential school or college. Some of this information will be given to us by you or the people who run the school or college or other government agencies.
We will always keep any information we hold or share as secure as possible. We sometimes have to share information about children and young people to other public authorities, such as the police and local authority child protection services, when we feel this will help and protect you or other children.
We may hold this information alongside our other information about the school or college. We may keep relevant information about you as part of inspection evidence for a minimum of 3 years.
Types of information we hold
We hold a wide range of information because of our inspection of residential provision in boarding schools, residential special schools and further education colleges in England. Specifically for those who must be suitable to work in educational setting like these, this can include:
- name
- address/contact details
- date of birth
- health information
- previous employment/references
- details of criminal convictions, cautions and alleged offences
- financial/contractual information
- employment performance information
- relevant information received about personal life and relationships
- personal opinions relating to their work
- safeguarding information
Who we might share personal data with
We have arrangements to share information with child protection agencies. We also have arrangements with a number of other public authorities to share information about children or young people accommodated by the schools or colleges:
- local authorities
- the Department for Education
- any appropriate persons for the purpose of protecting children or young people from harm or neglect
- Health and Care Professions Council
- Disclosure and Barring Service
- Care Quality Commission
- other independent school inspectorates
- Independent Schools Council
- the police
- Charity Commission
We may also share information with colleagues who need it within Ofsted, such as inspection planning teams or inspectors for when they carry out inspections.
How long we keep personal data and how we decide this
Ofsted will usually keep relevant information as part of our inspection evidence for a minimum of 3 years.
Where the personal data comes from
As well as the information recorded by our inspectors, personal data can come from a variety of sources outside of Ofsted. Information comes mainly from the individuals themselves, but we also receive information from other public authorities and members of the public.
Other public authorities include:
- the police
- local authorities
- national child safeguarding practice review panels
- Health and Care Professions Council
- Charity Commission
- the Health & Safety Executive
- the Fire Service
- medical professionals
- Disclosure & Barring Service (DBS)
- other government departments, such as the Department for Education
- other independent school inspectorates
Members of the public include:
- parents
- whistleblowers
- the press
- other registered persons
We receive this information through our telephone contact centre, emails, written correspondence, social media, online forms, referrals from other internal teams or from inspection.
The legal requirement to give us this information
Section 87(3) of the Children Act 1989 and the National Care Standards Commission (Inspection of Schools and Colleges) Regulations 2002 set out why we can get personal data. We would not be able to carry out inspections and prepare reports without that personal data.
It is an offence to intentionally obstruct an inspector exercising these powers.
Your rights and contacting Ofsted
For more about your rights and how to get in touch with us about the information we hold, view the Ofsted personal information charter.
Contacting other inspectorates
We carry out some inspections jointly with other inspectorates. These include area SEND and joint targeted area inspections.
Care Quality Commission
CQC’s data protection officer is Nimali de Silva, Head of Governance and Legal Services. Email: information.access@cqc.org.uk
View CQC’s privacy notice, including contact information.
HMICFRS (His Majesty’s Inspectorate of Constabulary and Fire & Rescue Services)
Email: KIM@hmic.gsi.gov.uk
View HMICFRS’s privacy notice, including contact information.
HMI Probation
Email: hmip.enquiries@hmiprobation.gov.uk
View HMI Probation’s privacy notice, including contact information.