Product Development for Staff and Student Anonymisation

What are CAPITA developing?

CAPITA are starting to analyse in detail the process of anonymising staff and then student data in SIMS.  In breaking down the process they have made lots of assumptions, these are outlined below and would really like your feedback.

Staff Assumptions

  • Anonymization will be available for one or more staff leavers
  • When the choice is made to anonymise staff data, their PII is anonymised. All non PII data is left intact for reporting, etc
  • Anonymization is available for staff members who became leavers more than 3 academic years ago
  • All links from an anonymized staff leaver to other person records will be removed
  • All links from an anonymized staff to documentation / attachments will be removed
  • Anonymized data will be replaced with ZZ_GDPR Removed. This will mean that the anonymised staff member will, by default, appear at the bottom of staff lists
  • We will not provide a function to 'un-anonymize' staff leavers
  • A flag / column will identify the staff member as anonymised in the person table. This will enable us to exclude them e.g. from future selection for anonymization
  • A progress bar will not be displayed on the screen (anonymization will not be as time consuming as deletion)
  • We will not be disabling the staff screen following anonymisation (all current functionality will persist)
  • Reports will contain anonymised staff data
  • The following data will be deleted / removed from UI and reports:
    • Previous Names
    • NI Number
    • Bank Details
    • Disability Number
    • Passport Details
    • Visa Details
    • Cars
    • Next of Kin (link removed)
    • Address (providing that it is not linked to any other person, in which case, only the link between the address and the anonymised person will be deleted)
    • Previous addresses
    • Additional addresses
    • Telephone / Fax Numbers
    • eMail addresses
    • Contacts (link removed)
    • Staff Contacts (link removed)
    • Family Links
    • Free text fields that may hold personally identifiable information (e.g. names held in summary / notes / comments)
    • Attachments / Documents

Student Assumptions

  • Anonymization will be available for one or more students
  • When the choice is made to anonymise student data, their PII is anonymised. All non PII data is left intact for reporting, etc
  • Anonymization is available for students who became leavers more than 3 academic years ago with the exception of those who are protected from data deletion
  • Students with o/s balances on Dinner Money and Fees will be available for anonymization
  • If a student is protected from data deletion, they will not be available for anonymization
  • All links from an anonymized student to other person records will be removed
  • All links from an anonymized student to documentation / attachments will be removed
  • Anonymized data will be replaced with ZZ_GDPR Removed. This will mean that the anonymised students will, by default, appear at the bottom of student lists
  • We will not provide a function to 'un-anonymize' students
  • A flag / column will identify the student as anonymised in the person table. This will enable us to exclude them e.g. from future selection for anonymization
  • Student admission number is identifiable data and will be anonymized
  • A progress bar will not be displayed on the screen (anonymization will not be as time consuming as deletion)
  • Dinner Money pupil anonymization functionality will be 'reused'
  • We will not be disabling the student screen following anonymization (all current functionality will persist)
  • Reports will contain anonymised student data
  • The following data will be deleted / removed from UI and reports:
    • Previous Names
    • UPN, ULN, UCI & Exam Number
    • address (providing that it is not linked to any other person, in which case, only the link between the address and the anonymised person will be deleted)
    • Previous addresses
    • Additional addresses
    • Telephone / Fax Numbers
    • eMail addresses
    • Contacts (link removed)
    • Family Links
    • NHS Number
    • Passport Details
    • Visa Details
    • Free text fields that may hold personally identifiable information (e.g. names held in notes / comments)
    • Attachments / Documents
Have more questions? Submit a request

0 Comments

Article is closed for comments.