My son's school sends out an annual 'Data Protection Notice' to parents/guardians of all pupils. This must be signed and returned to the school to grant permission to process pupil data. The data protection notice states that information may be shared with a range of partners, several of whom are explicitly named such as the DofE, QCA & NHS. The full list covering all of the organisations with whom the school shares pupil data is somewhat different. A total of nearly 50 external bodies receive non-anonymised pupil data, despite only 5 being named in the data protection notice issed to parents/guardians. No explicit permission has been sought for this level of data sharing. The school does not disclose to pupils, parents or guardians that this level of data sharing takes place. There appears to be no legal requirement for most of this pupil data sharing to take place. I would welcome any comments on this level of non-anonymised pupil data sharing and the need for explicit permission to be sought from pupils, parents or guardians.