Teacher crossed a line

[Batshitcrazy82]

My dd is in year 6 and she has recently started having counselling for complicated grief, originally over the phone but she had her 1st face to face session the day before the end of term, she missed a hour of school and just told her friends she had a appointment. On the last day of term she asked her teacher for a pen and her teacher replied in front of the whole class "no because when you left for your counselling session yesterday you left a lid off" my daughter is really upset as she doesn't want her private business broadcast to a class full of children. I feel this is a safeguarding issue a d have messaged the headteacher but have had no reply. Aibu to be so angry
Over this?

@Spanglemum

If you don't get anywhere with the Head, complain to the head of Governors.

Please don't even think about involving the governors until you've followed every step of the complaints procedure all they can do is refer you back to that

@Lemmeout

It’s not humiliating! Ffs no wonder people suffer, yes suffer with mental ill health when people think counselling is humiliating!

That’s how you feel about it, great. Not everyone feels the same, plus the meeting was confidential and should not be broadcast regardless of how the kid feels?!

1. Who the fuck cares if she left a lid off? She’s a human being, and, in fact, a child
2. It’s totally inappropriate for the teacher to say that in front of the class. YANBU.

4pm on the Friday was I assume after the end of the day.

I think the head hasn't replied because they haven't questioned the teacher yet. It is half term so the teacher and the head are off school.

The head will already be on covid alert over half term so has probably put this to the first day back then it can be investigated properly ... I hope!

It does need to be addressed though so please follow it through.

Teacher and school governor here. This isn't a safeguarding issue or a GDPR issue. There are a lot of people on this thread spouting total misinformation. The child has not come to harm through the teacher's actions and neither has sensitive, specific personal information been revealed. Saying a child has gone to counselling is the same as saying they've been to the doctors - unnecessary information that shouldn't be shared with a class, of course, and totally inappropriate - but it doesn't reveal anything sufficiently personal or confidential that would warrant investigation for safeguarding or GDPR breaches. Posters without sufficient training/knowledge in this area need to be careful with throwing these kinds of claims around.

I completely agree that what the teacher said was unacceptable and inappropriate and OP, you were right to complain. However, as a teacher, I can appreciate that it may have been an accidental slip of the tongue said while under pressure or distracted. We don't know the exact circumstances. It's been an exhausting and stressful year and none of us are at our best at the moment. We all make mistakes sometimes. I wouldn't jump to the conclusion that it was said maliciously to purposely humiliate. This doesn't make it OK, of course, but I do think it is unfair to automatically assume it was said to deliberately hurt your daughter.

Can I also say I'm very sorry for the grief your child is experiencing and I very much hope the counselling has a positive impact on how she's feeling.

A data breach means sharing confidential, personal or sensitive information with an unauthorised person. The children in the child’s class had no need to know about the child going to counselling, the teacher knew about it purely due to her role and shared it. In sharing with the class she breached the child’s confidentiality and - assuming that information was held electronically, breached GDPR.

In a professional role telling others that someone is going to counselling, saying they’re going to the doctors, isn’t ok unless they’ve given you permission to share it. In the same way you wouldn’t share someone’s health condition without their permission.

@Jellycatspyjamas

A data breach means sharing confidential, personal or sensitive information with an unauthorised person. The children in the child’s class had no need to know about the child going to counselling, the teacher knew about it purely due to her role and shared it. In sharing with the class she breached the child’s confidentiality and - assuming that information was held electronically, breached GDPR.

In a professional role telling others that someone is going to counselling, saying they’re going to the doctors, isn’t ok unless they’ve given you permission to share it. In the same way you wouldn’t share someone’s health condition without their permission.

I repeat, in a school setting, this type of information being shared would not be considered a breach of GDPR. This is largely because it would not fall under the category of 'data'. If the teacher had revealed the reason why the child was going for counselling, then there may be a case for a GDPR breach, as the reason would be 'data' for GDPR purposes. I could only see a reason to consider it a GDPR breach though, if the information had been shared electronically and clearly marked as confidential. If was just delivered by word of mouth, then you'd have a hard time classifying it as a GDPR breach.

The reason for these different classifications is that in a school setting so much information of this nature (medical appointments, illness, etc) gets passed around to various people for various reasons during the day that classing it as sensitive data would render the functioning of a school largely impossible. A line has to be drawn somewhere and the GDPR guidance for schools does make it clear that only data of a certain type needs to be categorised as sensitive for this very reason.

Again, unless you have specialised knowledge in this area, I would request that you don't make statements like this that can be misleading and unhelpful. The last thing schools need right now is parents emailing in making erroneous claims about GDPR breaches because well-meaning but uninformed people on the internet told them so.

If was just delivered by word of mouth, then you'd have a hard time classifying it as a GDPR breach.

Delivering it by word of mouth to another adult you’d have a hard time classifying.

Delivering it to classroom full of children not so much.

The reason for these different classifications is that in a school setting so much information of this nature (medical appointments, illness, etc) gets passed around to various people for various reasons during the day that classing it as sensitive data would render the functioning of a school largely impossible

Schools have leeway with information being passed to adult members of staff. They don’t have leeway passing information to children or other parents.

Agree this is a huge data breach of highly sensitive information. I'd report to the ICO (although the school should report themselves but I wouldn't trust them too).

I'm appalled. Your poor daughter.

ico.org.uk/for-organisations/guide-to-data-protection/guide-to-law-enforcement-processing/personal-data-breaches/

If the teacher did say that aloud to the class, I agree, it was an awful thing to say. I work in a primary school and have heard some unpleasant things said by staff-not just teachers.

The ICO doesn’t seem to have anything on their website saying that schools can reclassify information - I’d assume that such secondary guidance would be publicly available.

Personal and sensitive information is just that, and is shared within schools under public task, ie is shared to enable staff to do their job. Sharing with a class of children doesn’t fall under the schools legitimate public task. Interestingly enough, it would seem the majority of complaints the ICO receives about schools relates to disclosure of data.

Again, guys, please, you don’t know what you’re talking about. I’m a school governor, I’ve had training in this.

Telling a class of children that a child has had a counselling appointment is not a data breach under GDPR guidelines. This does not need to be reported to the ICO. For goodness’ sake. Data breaches that need to be reported would be a list of pupil premium pupils being accidentally made available on the school website, or a list of students in receipt of bursaries, or so on. Having a class overhear that a child had a counselling appointment is not anywhere near the level of seriousness required for a report to the ICO, as upsetting as it is for the OP’s daughter.

The teacher was unprofessional and should be reminded that it’s inappropriate to tell the class information like this. She absolutely needs to be disciplined and possibly given some training. But reporting her to the ICO is mumsnet hyperbole of the highest order. It’s not the appropriate or correct course of action in these circumstances.

@EnidSpyton Thanks for your informative post.

Teacher and school governor here. This isn't a safeguarding issue or a GDPR issue.

I don’t think you are a teacher or a school governor. If you are, God help the kids you work with!

Again, guys, please, you don’t know what you’re talking about. I’m a school governor, I’ve had training in this.

And I deliver training in this.

www.itgovernance.co.uk/blog/personal-data-breaches-in-schools-to-report-or-not-to-report

You might want to read this @EnidSpyton

@Lettuceforlunch

I read that link and what the teacher did isn't a breach of GDPR and doesn't need reporting according to your own link.

Did you miss this bit @SaltAndVinegarSandwiches

This occurs, for example, when a pupil’s special needs information, staff and pupil health records, child protection records, staff pay scale and payroll information or pupil progress and attainment records are compromised.

Safeguarding? No

Foolish and small mistake? Yes

Maybe good to normalise it......Like a dental appointment.

@Lettuceforlunch Yes I did and it's very very clear in this situation that none of that has happened. The fact of her going to counselling (while massively inappropriate to share) isn't a health record. The teacher didn't share the reason for her going to counselling or any private information shared during counselling.

@EnidSpyton, could you quote chapter and verse in terms of the authority for your contention that schools are exempt from GDPR in respect of sensitive personal information about children?

Dreadful. Total breach of confidentiality.
Don’t let it go.

*Sensitive personal data is a specific set of “special categories” that must be treated with extra security.

It covers information related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, health data, sexual orientation life and criminal convictions and offences or related security measures.*

And this bit @SaltAndVinegarSandwiches, attendance at counselling would be considered health data, in the same way as attendance at a fertility clinic would in that it’s quite specific in terms of the nature of treatment unlike a GP or hospital appointment (though those shouldn’t be shared either).

One of the markers for reporting to the ICO is whether the data breach might give rise to bullying or discrimination, given the stigma attached to mental health issues, the knowledge that someone is receiving support for their mental health could reasonably be foreseen to give rise to bullying.

The fact of her going to counselling (while massively inappropriate to share) isn't a health record

Yes, it is, irrespective of whether the teacher also shares the reason for it. Counselling is a specific form of treatment with a limited number of conditions and situations for which it would be prescribed.

Saying a child has gone to counselling is the same as saying they've been to the doctors

The two are not the same if the person who has gone would feel differently about classmates knowing one of these two. They are also not the same if classmates might react differently. Would parents of other classmates be contacting OP if teacher had said "doctor visit" instead of "counselling"?

Clearly they are not the same impact, in terms of being a breach of privacy.