I explain all the different types of governor and how many governors you need, translating the legal language into plain English. This is a pre-recorded video course so you can watch the video as many times as you like, whenever you like.
The two-hour training video comes with an 80-page written transcript.
It also comes with an extra video that explains the constitution of federations, plus a 28-page written study guide which helps you understand the key points of law and summarises each section.
This is the course I wish existed when I became a clerk in 2012.
This law applies to maintained schools in England.
The Constitution course covers:
the different types of governor – parent governor, staff governor, local authority governor, foundation governor, partnership governor, co-opted governor and headteacher governor
how many governors of each type you must have
how each governor is appointed or elected to the board and how ex officio governors join your board
terms of office
who is eligible for each governor position
how to hold parent and staff governor elections
how many associate members you can appoint and why you might want associate members
reasons why governors are disqualified (including criminal convictions and missing meetings)
how to remove governors from the board
the instrument of government (IoG)
why you might want to change your instrument of government
the process you must use when changing the instrument.
I’ve also included an extra video covering the constitution of federated schools. Federated schools have one governing body overseeing two or more schools.
The board of governors in a federation is composed slightly differently to the board of a single school. My extra video explains the differences to look out for in federations.
Who is this training course for?
The Constitution training course is only suitable for clerks working in maintained schools in England.
It is not suitable for academy clerks, pupil referral unit clerks or college/further education clerks.
What if I’m not sure what type of school I’m in?
If you’re not sure whether the course is suitable for you send me a message including your school website and I’m happy to check before you purchase.
If the instrument of government or GIAS says your school is a community, voluntary-aided, voluntary-controlled or foundation school (or a maintained nursery school) and your school is in England this course is definitely suitable for you.
How is the course delivered?
The video is on a password-protected page on Ask A Clerk and can be watched using any web browser. The written study guide and transcript of the video are available as pdf files.
Once you place an order you’ll receive a password within 24 hours and a link to the training page. (If I receive the order by 6pm you will receive the password the same day.)
The video can be watched and rewatched at any time and the pdf files can be downloaded.
Can I see a preview of the course?
Yes – below is a section of the Constitution training video. You can also view the corresponding sections of the transcript and study guide as pdf files.
You can buy online using Paypal or credit/debit card. You will receive the password to access the training within 24 hours. (If I receive the order by 6pm I’ll send the password the same day.)
If you order with a school email address you can request an invoice instead. The invoice can be paid via bank transfer (BACS), cheque or credit/debit card. You will receive the password to the training within 24 hours of confirming you accept the invoice.
Discounts are available for multiple purchases of 10 courses or more.
If you’d like to buy multiple courses or you’re buying for an organisation and would like to host this course on your own learning management system please contact me for details.
Buy The Constitution Training Via Paypal or Credit/Debit Card (£29.99)
Click the button below to buy via Paypal or credit/debit card. You’ll receive a payment receipt immediately.
I will then email you the password to the training within 24 hours. (If I receive the order before 6pm I will send the password the same day.)
Buy The Constitution Training Via Invoice
If you order using a school email address (eg: clerk@MaloryTowersSchool.com) you can pay by invoice.
Please complete the form below and I will send an invoice within 24 hours. The invoice can be paid via bank transfer (BACS), cheque or credit/debit card.
Once I receive a reply from the school email address to confirm you accept the invoice I will send the password to the training within 24 hours.
Request An Invoice For The Constitution Training (£29.99)
What if I’m not happy with the course?
If you have an IT problem at any time after buying just contact me and I will find a solution.
If you’re not satisfied with the course please contact me within seven days of purchase, tell me why you found the course unhelpful and I will refund your money.
Where can I log in to the course?
You can log in by clicking on the link below. (The same link will be emailed to you when you buy the course, along with your password.)
Where are the pdf versions of the Governance Guides?
The DfE have not released pdf versions of the Governance Guides. They might in future, but in the meantime I’ve made pdf versions you can download below.
These Governance Guides will be updated on an ongoing basis so please check you are using the latest version.
Have the School Governance Regulations or the Academy Trust Handbook changed?
No.
In maintained schools there are no changes to the School Governance (Roles, Procedures and Allowances) (England) Regulations 2013 or the School Governance (Constitution) (England) Regulations 2012.
In academies there are no changes to the Academy Trust Handbook
What has changed from the old Governance Handbook?
First let’s look at changes that appear in both versions of the Guide, so apply to both maintained schools and academies.
The DfE have introduced “musts” and “shoulds” into the Guides. The musts are in bold and indicate mandatory requirements. The shoulds indicate minimum good practice, but schools can choose not to follow them if they can show they have a better approach.
A big change is that the DfE Statutory Policies list has been withdrawn. A slimmed down list of statutory policies now appears as the final section of both Governance Guides.
“Live” documents have all been removed from the policies list, including the pupil register, single central record, register of governor interests and school information published on a website. However, every school still needs to keep and update all these documents or web pages.
Strangely the policies list no longer tells you which policies can be delegated to committees or individuals, it just suggests reading every piece of guidance that relates to every single policy. I hope they reinstate the delegation details shortly…
Here are other changes that apply to both versions of the Governance Guide.
New signposting to resources for link governors who cover SEND, safeguarding and careers (para 2.3 maintained, para 2.3 academies).
The DfE Clerking Competency Framework has been withdrawn. Instead the DfE link to the Chartered Governance Institute’s Competency Framework for Governance Professionals (para 4.8 maintained, para 4.5.1 academies).
New advice that it “may be helpful” to publish the clerk’s contact details on your website (para 5.7.2 maintained, para 1.1.6 academies).
New advice that at least one governor/trustee should complete cyber security training (para 7.7.3 maintained, para 7.9.3 academies).
New advice that governors/associate members in maintained schools and trustees/local governors in academies read Part 2 of Keeping Children Safe in Education. This is odd because the old Governance Handbook said “Boards should ensure they read and have regard to” KCSIE, which I thought meant they need to read it all. Many LAs recommend boards read it all (para 7.8 maintained, para 4.7 academies).
And now let’s look at changes which are specific to either the maintained school version of the Governance Guide or the academy version.
If you spot any changes I’ve missed I would be hugely grateful if you could get in touch and I will update this page as needed.
Maintained Schools Governance Guide – What’s New
New requirement that the board must “assure itself that the headteacher reports to it as required” and headteacher’s reports include information on delegated duties, advice to governors and complying with any reasonable direction of governors (paragraph 3.1).
New advice that governors do not have an automatic right to enter the school whenever they wish (paragraph 3.3.3).
New advice that school visits should be in line with SIP priorities and for an identified purpose linked to the board’s responsibilities such as safeguarding (paragraph 3.3.3).
Confirmation that maintained school governors do not need right to work checks (paragraph 4.3.3).
A new section on chair’s action, which is the chair’s power to take decisions alone in emergencies (paragraph 4.5.1). This power was mentioned in the old Governance Handbook but they didn’t call it chair’s action.
New advice that if you have joint headteachers in a job share the co-heads only have one vote between them, not one vote each (paragraph 4.6).
Confirmation that the board must listen to the clerk’s advice (paragraph 4.8). This requirement was already in the Roles, Procedures and Allowances Regulations 2013 but it’s good to see it here too.
New advice that the clerk receive an appraisal conducted by the chair (paragraph 4.8.1).
Academy Trust Governance Guide – What’s New
References to the three core functions of governance have been removed and replaced with the definition of purpose from the Academy Trust Handbook: strategic leadership, accountability and assurance and strategic engagement (paragraph 2.2).
Local governing bodies (LGBs) in multi-academy trusts are now called local committees. In practice LGBs have always been committees of the trust board, but I guess they wanted to make this more obvious (paragraph 4.3.5).
Withdrawn Publications
The DfE have withdrawn all publications below. These have either been merged into the new Governance Guides or the Guides provide links to similar documents from external providers.
I explain how the rules work in practice and translate the legal language into plain English. This is a pre-recorded video course so you can watch the video as many times as you like, whenever you like.
The two-hour training video comes with a 66-page written transcript. It also comes with a 17-page written study guide which helps you understand the key points of law and summarises each section.
This is the course I wish existed when I became a clerk in 2012.
What does the Roles, Procedures & Allowances training course cover?
If the instrument of government or GIAS says your school is a community, voluntary-aided, voluntary-controlled or foundation school (or a maintained nursery school) and your school is in England this course is definitely suitable for you.
How is the course delivered?
The video is on a password-protected page on Ask A Clerk and can be watched using any web browser. The written study guide and transcript of the video are available as pdf files.
Once you place an order you’ll receive a password within 24 hours and a link to the training page. (If I receive the order by 6pm you will receive the password the same day.)
The video can be watched and rewatched at any time and the pdf files can be downloaded.
Can I see a preview of the course?
Yes – below is a section of the Roles, Procedures & Allowances training video. You can also view the corresponding sections of the transcript and study guide as pdf files.
How can I buy the Roles, Procedures & Allowances training?
There are two ways to purchase.
You can buy online using Paypal or credit/debit card. You will receive the password to access the training within 24 hours. (If I receive the order by 6pm I’ll send the password the same day.)
If you order with a school email address you can request an invoice instead. The invoice can be paid via bank transfer (BACS), cheque or credit/debit card. You will receive the password to the training within 24 hours of confirming you accept the invoice.
Discounts are available for multiple purchases of 10 courses or more.
If you’d like to buy multiple courses or you’re buying for an organisation and would like to host this course on your own learning management system please contact me for details.
Buy The Roles, Procedures & Allowances Training Via Paypal or Credit/Debit Card (£29.99)
Click the button below to buy via Paypal or credit/debit card. You’ll receive a payment receipt immediately.
I will then email you the password to the training within 24 hours. (If I receive the order before 6pm I will send the password the same day.)
Buy The Roles, Procedures & Allowances Training Via Invoice
If you order using a school email address (eg: clerk@MaloryTowersSchool.com) you can pay by invoice.
Please complete the form below and I will send an invoice within 24 hours. The invoice can be paid via bank transfer (BACS), cheque or credit/debit card.
Once I receive a reply from the school email address to confirm you accept the invoice I will send the password to the training within 24 hours.
Request An Invoice for the Roles, Procedures & Allowances Training (£29.99)
What if I’m not happy with the course?
If you have an IT problem at any time after buying just contact me and I will find a solution.
If you’re not satisfied with the course please contact me within seven days of purchase, tell me why you found the course unhelpful and I will refund your money.
Where can I log in to the course?
You can log in by clicking on the link below. (The same link will be emailed to you when you buy the course, along with your password.)
The DfE “encourage” both maintained schools and academies to collect diversity data about their governing boards and publish it online.
This recommendation was brought in during April 2023. It was added to the DfE lists of what governing board information should be published online.
It is not a requirement to publish diversity data, just a recommendation. Boards need to think very carefully before publishing this data, for reasons I explain on this page.
“We encourage schools to collect and publish governing board members’ diversity data.”
The DfE have provided no guidance about the specific data they are encouraging schools to collect.
However, the National Governance Association (NGA) provide a diversity indicators form free to non-members.
The NGA diversity indicators form asks for the following data:
gender identity (but not sex)
age group
disability
sexual orientation
ethnicity
religion
how close you live to the school
your experience of the school as a parent or carer
the type of secondary school you attended
your experience of the care system
your education after leaving school
whether you were eligible for free school meals.
What data should be published online?
The DfE have provided no guidance on the specific data that should be published after it is collected.
The NGA are recommending that age, gender and ethnicity are published as a starting point, but say that other data could be published depending on the make-up the school’s local community.
“Not all diversity information will be relevant to publish – as a starting point, we recommend boards report on the age, gender and ethnicity of their membership although other data may be relevant depending on the characteristics of your local community.”
Your gender identity section on the school website could look like the table below. The NGA provide a template for presenting all the data at the end of their guide on evaluating and reporting diversity responses.
GenderIdentity of Governors
Male
5
Female
4
Other gender identity
0
Prefer not to say
1
Why should schools be very careful if they publish diversity data online?
Some of the diversity questions in the NGA form count as special category data under data protection regulations.
This means data must be handled very carefully, with explicit permission gained from governors to collect or publish it. There are also 10 conditions that must be fulfilled to allow you to process the data.
“The UK General Data Protection Regulation defines special category data as:
personal data revealing racial or ethnic origin;
personal data revealing political opinions;
personal data revealing religious or philosophical beliefs;
personal data revealing trade union membership;
genetic data;
biometric data (where used for identification purposes);
Boards must also avoid identifying any individual when publishing this data. This is where I see a real problem, as many schools have small boards. Even if a governor decides not to share their own data, might they be identifiable from the responses the other governors share?
Say you publish gender identity data, collected using the NGA form. Your website shows you have five governors who identify as male and five as female. But then a new governor joins the board and they record their gender as non-binary. You update your website. Can anyone guess which governor is non-binary?
Or perhaps a school publishes sexuality data (which I would not recommend). Nine governors have recorded that they’re heterosexual. One governor has opted out. Nine governors sometimes mention a husband or wife. One never talks about their personal life. Which governor do you think opted out and why?
How can we avoid identifying individual governors?
You can make a judgement call about the size of your board, but if you are in a single school I would suggest it is very likely you could identify an individual if you choose to publish diversity data.
Therefore you could instead ask governors for permission to collect the data, but not publish it. Data can be collated by the clerk and examined internally. It can be shared with the board as anonymously as possible, with the clerk ensuring that no-one can be identified personally.
On your website you could post a note that explains why you do not publish diversity data for governors. Below is a note you are welcome to use.
The governors of Malory Towers School believe it is important that boards reflect the diversity of the school communities they serve. Diverse boards promote inclusive school environments and provide diverse role models for staff and young people.
The governors are currently collecting data on the diversity of the board, including data on age, gender and ethnicity. They will use that data to inform their recruitment and training needs and ensure there is a diverse range of perspectives around the table to support robust decision making.
Due to our relatively small governing body we do not publish this diversity data online as individual governors could be identified and we have a legal obligation to protect their personal data.
Why do the DfE want the data to be published?
They say they want boards to be “increasingly reflective” of the communities they serve. For example, a board where all governors are white will not reflect a pupil and parent community where a significant percentage of people are black or Asian.
Collecting the data internally makes sense to me, because boards can then act on any gaps. For example, if you find that no governor has experience of the care system you could arrange for training on looked after children. I am less convinced of the value of publishing this data.
Can schools insist that governors share their personal data?
Definitely not. Schools must allow governors to opt out of sharing personal data, including data on any of the protected characteristics from the Equality Act 2010.
The protected characteristics are age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex and sexual orientation.
In the majority of cases governor positions cannot be shared, so you must have one person filling one vacancy. The only exception to this is when you have co-headteachers in a job share, who both share the role of headteacher governor.
In all other cases the rule is one vacancy, one volunteer. So if you have one parent governor vacancy, for example, you can only fill it with one parent rather than two people sharing the position. It’s not possible to serve as half a governor!
People sometimes ask to share governor positions so they can reduce the amount of time spent volunteering but unfortunately this is not possible.
What happens if we have a co-headteacher?
This is the only exception to the rule that governor positions cannot be shared. If you have two co-heads they will share the one position of headteacher governor.
They will have one vote between them so will have to decide who can cast that vote at meetings, or perhaps decide to alternate using the vote. This shouldn’t be too much of a problem as you would hope the co-heads will agree on most issues!
It may sound unfair that the co-heads don’t get a vote each, but each school only has one headteacher governor position on its board (or one chief executive officer/principal position in academy trusts) so there is only one vote allocated to the head.
If both co-heads were given a vote each it would double the power of the headteacher governor position for no reason other than a job share is in place.
Assuming the co-heads would agree on most votes this would just add an extra vote in favour of the headteacher viewpoint each time. This would be problematic because one of the core functions of the governing body is to hold the head(s) to account.
Can link governor roles be shared?
Yes. Link governor rolescan be shared, so you could have two link governors for SEND for example. They would need to agree how to share the work between them, perhaps using written terms of reference to record this.
It’s up to the governing body to decide how it distributes its work between all the link governors and committees, so it’s free to decide that there will be two link governors for a particular area and just one for another.
Can the role of chair of governors be shared?
Yes. Both the chair and vice-chair roles can be shared. It’s uncommon for the vice-chair role to be held jointly but fairly common for schools to have joint chairs. You could also have joint chairs or vice-chairs of committees.
Why can link roles and the chair be shared when governor positions cannot be?
When governors carry out link roles or chairing they are sharing out work that must be completed by the governing body as a whole. There are no rules that say the chair must be one person only or that link roles must be carried out by individuals. The governing body itself controls how the work gets done.
However, when a person joins the governing body they must fill a vacancy that exists in either a maintained school’s instrument of government, an academy trust’s articles of association (for the board of trustees) or an academy’s terms of reference (for local governing bodies).
These documents list the total number of governor positions available. A maintained school’s instrument of government might say for example that the board will consist of two parent governors, one LA governor, one staff governor, one headteacher governor and five co-opted governors.
The instrument will also list the total number of governors the school can have, so in the example in the previous paragraph the school’s instrument would say “the total number of governors shall be 10”.
If the school tried to allocate two people to the LA governor position that would not match the “one LA governor” that is set out in their instrument, nor the total number of governors they are allowed, because they would now have 11 governors rather than 10.
Even if the legal documents allowed for shared positions it would be very difficult in practice. If a governor only came to every other meeting they would miss a huge amount of information. If they came to all meetings and tried to cut down on school visits they would miss learning first-hand about the school.
The people sharing the position would also have to agree on how to cast their one vote each time. It’s likely that co-heads will agree most of the time but much less likely that two parent or LA governors will always agree.
Finally, even with just one vote between two people you could argue that they would still have more power over the board than a single person, because there would be two different voices to be heard and exert influence.
There is no specific requirement in the UK General Data Protection Regulation (UK GDPR) that means governors must use school email addresses instead of their personal email accounts. (UK GDPR is just the new name for GDPR after Brexit.)
However, it is usually good practice for governors to use a school email address. One exception to this is when using a service like GovernorHub, which I discuss below.
Here is the advice from Warwickshire local authority, who strongly recommend giving school email accounts to all governors and clerks.
“GDPR does not specifically require governors to use a school email account when communicating on governing board matters.
“However, the GDPR does mean governors/clerks should be doing everything in their power to prevent a breach of personal data. This means the use of secure school email accounts by all governors/clerks is strongly advised.”
The demands of GDPR apply to both maintained schools and academies, so this advice also applies to academy trustees and local governors. The law firm Browne Jacobson agree that it is sensible for governors to use school emails because they discuss sensitive topics that could include personal data.
“That would be good practice, yes. From a data protection viewpoint, it is only the security of personal information that would be of interest to the Information Commissioner’s Office (ICO), but given the sensitive nature of governor email conversations and minutes, it is sensible for all email traffic to come from school email addresses.”
Firstly, if all governors use a school email address the school can control which email provider is used (eg: gmail, outlook etc) to ensure they choose a reputable, secure service.
Keeping personal and school emails separate also helps governors keep their address books and contacts separate, reducing the chances of accidentally emailing confidential information to someone from outside the school. It also ensures that governors do not use email accounts they may share with family members.
“As a governor, the personal data you send over email must be kept secure. Using a secure school email address will help you to meet the GDPR requirement to prevent a data breach and respond to subject access requests quickly.“
If a subject access request (SAR) or freedom of information request is received school email accounts can be searched easily, without asking governors to trawl though their private account.
“Responding to a SAR will involve carrying out extensive searches for the requester’s personal data and in many cases this will involve searching emails.
“If you know that staff and governors use email addresses which do not belong to the school for school work reasons, and you have good reason to believe that the requester’s personal data might be held on a non-school email account, then you are obliged to consider the contents of these email accounts when responding to the SAR.”
Using school accounts also ensures the governing body has access to the emails if the governor resigns, is removed from the board or is unwell. SARs must be responded to within one calendar month.
Many schools set up permanent email addresses like chair@school.com that can be passed on to the new chair of governors. This avoids data being inadvertently sent to chairs or clerks who have left the school and saves time because the new chair does not have to register anew for services like The Key, the National Governance Association or the school intranet.
Do we need school email addresses if we use GovernorHub?
Probably not, no. GovernorHub is a paid service that lets governing bodies store all their agendas, minutes and documents online, as well as providing a noticeboard to allow governors to communicate.
GovernorHub say that because their system eliminates the need for governors to send email attachments and all data is stored securely in their encypted database, it doesn’t matter whether governors use personal email addresses or not.
“There is no mandate which says governors must have school email addresses – although many schools do provide one for governors.
“As GovernorHub is a secure system, governors and schools can use any email address to login. All of your documents are kept securely in the encrypted GovernorHub database and the email notifications only contain links to the documents, which will only work for authorised users on the board.
“Therefore as long as you refrain from putting personal data in the body text of the noticeboard posts, then it doesn’t matter what email addresses the governors and headteacher are using, because they are not receiving emails which contain personal data.
“If a board is using GovernorHub then the GDPR benefits of using school-specific email addresses are minimal. GovernorHub security remains strong no matter where the email notifications end up.”
In fact, if all governing body documents are stored inside GovernorHub then the governor’s email address is only being used as a username to login to the website.
They are not storing any documents inside their own email account or on the servers of their email provider and they are not sending documents in attachments. The only emails they receive contain links to their password-protected storage on GovernorHub.
Governors and clerks should still use a strong password to login to GovernorHub of course, but whether they use a personal or school email address to log in really makes no difference.
Does GDPR still apply after Brexit?
Yes. The original regulations came from EU law. However, the UK implemented GDPR through the Data Protection Act 2018 and this Act is still in force. Our version of GDPR is now known as “UK GDPR”.
Both maintained schools and academies must follow the UK GDPR because they are public authorities that process personal data.
“The EU GDPR is an EU Regulation and it no longer applies to the UK. The provisions of the EU GDPR have been incorporated directly into UK law as the UK GDPR.
“In practice, there is little change to the core data protection principles, rights and obligations.“
You can see the amended text of UK GDPR in a document called the GDPR Keeling Schedule. A Keeling Schedule is an unofficial record of the amendments made to a law. Unfortunately there is no official copy of UK GDPR to be found yet on legislation.gov.uk.
A Quick Guide to UK GDPR
The purpose of UK GDPR is to protect personal data. This means any information which could directly or indirectly identify a living person, including information that could identify you online.
What Is Personal Data?
Personal data could include:
your name
an ID number, eg: a national insurance or NHS number
your address or location
genetic data (eg: a fingerprint)
ways to identify you online such as an IP address or cookies
data from a special category which is more sensitive, eg: medical records, data on ethnic background, sexual orientation or religion.
The regulations cover all personal data collected by schools, so that includes data on staff, volunteers, pupils, parents and governors.
Seven Key Principles Of GDPR
Personal data must be processed in a way that is lawful, fair and transparent.
The purposes of processing must be specified, explicit and legitimate.
Data must be adequate, relevant and not excessive.
Data must be accurate and kept up to date.
Data must be kept for no longer than is necessary.
Data must be processed in a secure manner.
Accountability. (Data controllers and processors are responsible for the data they hold.)
Six Lawful Reasons To Process Data
A person has given consent for the processing of their personal data for one or more specific purposes.
Processing is necessary under a contract involving that person.
Processing is necessary to comply with the law.
Processing is necessary in order to protect the vital interests of that person or someone else.
Processing is necessary in the public interest or in the exercise of official authority.
Processing is necessary for the purposes of the legitimate interests of the controller or a third party.
People have the right to request a copy of the personal data schools hold on them. This right applies in both maintained schools and academies due to the Data Protection Act 2018 and UK General Data Protection Regulation (UK GDPR).
Requests for personal data are called subject access requests because under UK GDPR each person is called a data subject. They may also be known as DSARs, for data subject access request. (UK GDPR is the new name for GDPR after Brexit.)
Subject access, freedom of information or school file request?
Subject access requests are often confused with other rights to request information from schools.
A subject access request lets you see personal data.
A request for a child’s school file (in maintained schools only) lets parents see educational records.
Below is a summary of the difference between subject access requests (SARs), freedom of information (FOI) requests and requests to see a child’s school file.
SAR
FOI
School File (Maintained Schools Only)
What info can be requested?
Personal data
General info held by public authorities
A pupil’s educational records
Usual response time?
One calendar month
20 school days
15 school days
Can deadline be extended?
Only for complex requests or multiple requests from one person.
Only to consider the public interest test.
No
Can we charge a fee?
Only if request is “manifestly unfounded or excessive” or is asking for an extra copy.
Yes, to cover costs like printing or postage. (Can charge more if it will cost the school over £450 to produce.)
No, if parent just wants to see the record. Yes, if they want a copy.
Must the request be in writing?
No
Yes
Yes
Who can submit a subject access request?
Anyone whose personal data is held by the school. This could be pupils, parents, school employees, volunteers, governors or anyone who used to be in one of these categories. Usually SARs should be sent to the school’s data protection officer.
What data can be requested?
Any personal data that relates to a living, identifiable person can be requested. The DfE advise that personal data in schools includes (but is not limited to) the following:
contact information about pupils, students, learners, staff and carers
health information
details about recipients of pupil premium
employee references
safeguarding information about an individual
passport information, if planning trips to the EU
pupil exam references and results.
When someone submits an SAR they may specify exactly what kind of data they want, eg: please supply a copy of any health records you hold on me.
If they submit a much broader request, perhaps one that asks for any and all personal data the school holds, staff must make reasonable efforts to search through all the school records. This includes:
emails (including emails moved to a trash folder, as well as any archived emails)
Word documents
spreadsheets
databases
record systems
CCTV
USB sticks or CDs
paper records in filing systems.
Can personal data from governing body meetings be requested?
Yes. Any personal data in confidential governing body documents like minutes and papers from meetings is covered by UK GDPR. (Any minutes and papers the governing body have not marked as confidential are public documents anyway and must be given to anyone who asks for them.)
However, in most circumstances there should be little or no personal data in governor paperwork because of the strategic role of governors. They rarely talk about individual children and personal data such as salaries of staff should be anonymised so specific employees cannot be identified.
How long does a school have to respond to a subject access request?
The school must respond to a subject access request within one calendar month, but your response may be either to send the actual data or to tell someone you need more time, depending on the nature of the request.
For straightforward requests you must provide the requested data with one month.
For complex or multiple requests where you need to extend the deadline you must tell the requester you are extending the deadline by two further months, giving you three months in total to send the data.
“The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request.
“That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
“The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.”
If the school holds a large amount of data you can ask the requester to specify exactly what they wish to receive. The clock stops until the clarification is received. Here is the advice from the Information Commissioner’s Office (ICO).
“If you process a large amount of information about an individual, you may ask them to specify the information or processing activities their request relates to before responding to the request.
“The time limit for responding to the request is paused until you receive clarification. This is referred to as ‘stopping the clock’.”
The DfE advise that asking for clarification is good practice because parents may well be looking for specific information that can be retrieved quickly if the school knows exactly where to look.
“Have a conversation to see if the requestor is willing to clarify the scope of the data requested. A parent may only be interested in one small part of the data record and would far rather get a quick response focussed on that scope rather than await a full SAR response.”
The clock also stops if you cannot work out whether someone intends to make a subject access request or not.
“If you receive a request where it is genuinely unclear whether an individual is making a SAR, then the time limit does not begin until you have clarified whether the individual is making a SAR, and what personal data they are requesting.
“In such cases, you are expected to contact the individual as quickly as possible (eg: by phone or email where this is appropriate).”
The one calendar month time limit starts from the day you receive the request, unless you are either a) charging a fee or b) asking for a clarification of the request, in which case the time limit starts from the day the fee or clarification is received.
If the next month is shorter than the current month the time limit runs to the last day of the next month. So if a request is received on 31 March the deadline is 30 April.
If the deadline falls on a weekend or public holiday you can add one extra day to the time period, eg: a request received on 2 April is due on 2 May (Mayday bank holiday) but should be answered by 3 May.
To avoid having to worry about months of differing length and bank holidays you could set a deadline of 28 days for all requests rather than one calendar month.
“You should calculate the time limit from the day you receive the request, fee or other requested information (whether it is a working day or not) until the corresponding calendar date in the next month.
“If this is not possible because the following month is shorter (and there is no corresponding calendar date), the date for response is the last day of the following month.
“If the corresponding date falls on a weekend or a public holiday, you have until the next working day to respond.”
What if we receive a subject access request in school holidays?
Deadlines for subject access requests do not distinguish between school days and school holidays or INSET days. If the school receives a request on 20 July it has until 20 August to respond.
“There are no special rules which allow you to extend the time period for dealing with a SAR you receive it during school holidays. Regardless of whether a school is closed, if you receive a SAR then you have the normal time period to comply.”
However, in their Data Protection Toolkit For Schools the DfE advise that although schools must follow the deadlines, they can tell parents that they may find this more difficult in the holidays.
“Include your willingness to help data subjects access their data in your privacy notice. Explain to parents that most of the year you aim to do this in a timely manner, but during school holidays this may become more difficult.”
Can we ask for subject access requests to be submitted on a specific form?
Yes, you can ask, but not insist. The ICO recommend providing a form because it helps to collect the necessary information and avoid asking for clarification.
I’ve produced a template school subject access request form which you can download below.
Can we reject a request that is not submitted via our form?
No. SARs submitted through other means are equally valid, so you cannot insist that your own form is used.
“It is good practice to provide a SAR form on the organisation’s website, although you must make it clear that completion of a SAR form is not compulsory.
“A form can act as a guide for requesters and staff and help to ensure that all relevant information is captured at the outset. This helps to minimise the need to ask for further clarification, ID or proof of consent from the requester further into the process.”
Note that SARs can be submitted via social media or email and even verbal requests must be responded to.
“However, you should note that a SAR is equally valid whether an individual submits it to you by letter, email or verbally. You must therefore make it clear that it is not compulsory to use the form and simply invite individuals to do so.”
If a verbal request is received the school can ask for a form to be completed to help them understand and respond to the request, but if the form is not filled in they must still respond.
Should we ask for ID?
You can ask for ID but whether you should depends on who is making the request.
If you are sure of their identify, for example they are a previous employee or a parent who regularly picks up their child and is known to the staff, you should not ask for ID.
If their identity is not obvious or there is a risk that they could be confused with someone else you should ask for ID.
“To avoid personal data about one individual being sent to another, either accidentally or as a result of deception, you need to be satisfied that you know the identity of the requester (or the person the request is made on behalf of) and the data you hold relates to the individual in question.
“The key point is that you must be reasonable and proportionate about what you ask for. You should not request more information if the requester’s identity is obvious to you. This is particularly the case when you have an ongoing relationship with the individual.”
UK GDPR states that when a request has come in electronically the data should be sent electronically “where possible”, unless the person has asked for a different format of reply. For non-electronic requests the school can decide how to send data.
Can we refuse to release data?
Yes. You can refuse the request in one of three situations:
an exemption applies
the request is manifestly unfounded
the request is manifestly excessive.
“Can we refuse to comply with a request? Yes.
“If an exemption applies, you can refuse to comply with a SAR (wholly or partly). Not all exemptions apply in the same way and you should look at each exemption carefully to see how it applies to a particular request.
“You can also refuse to comply with a SAR if it is manifestly unfounded or manifestly excessive.”
The exemptions that are most likely to apply in schools involve requests where disclosing the data might:
cause serious harm to the pupil (either their physical or mental health) or another person
reveal that a child is at risk of abuse, where that revelation would not be in the best interests of the child
reveal information in adoption papers or parental order records
involve court proceedings
include data on another person (a “third party”), although in this case the extra data could be redacted or removed before disclosure.
Detailed guidance on applying exemptions is available on the ICO website.
What does manifestly unfounded mean?
Broadly speaking manifestly unfounded means someone is obviously mis-using their right of access and does not genuinely wish to access their data. For example, if a parent clashed with the headteacher and then submitted weekly SARs solely to make the head’s life harder.
It could also be manifestly unfounded if someone submitted a request and then offered to withdraw it in return for a favour, or used the system for malicious purposes to harass the school or an employee.
“A request may be manifestly unfounded if:
– the individual clearly has no intention to exercise their right of access. For example an individual makes a request, but then offers to withdraw it in return for some form of benefit from the organisation; or
– the request is malicious in intent and is being used to harass an organisation with no real purpose other than to cause disruption. For example, the individual:
– explicitly states, in the request itself or in other communications, that they intend to cause disruption;
– makes unsubstantiated accusations against you or specific employees which are clearly prompted by malice;
– targets a particular employee against whom they have some personal grudge;
– or systematically sends different requests to you as part of a campaign, eg once a week, with the intention of causing disruption.”
A request would be manifestly excessive if it is obviously unreasonable, in light of the time or cost it would take to supply the data. This doesn’t just mean someone has requested a lot of information, but it might mean that you have limited staff resources and it is not reasonable to spend so much time finding the info.
What do we include in the refusal letter?
If you do decide to refuse the request you must:
tell the requester within one month
include your reasoning
let them know they can complain to the ICO
let them know they can seek a “judicial remedy” (take the school to court).
“If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with the Commissioner and seeking a judicial remedy.”
No, in the majority of cases. Schools are only allowed to charge a “reasonable” fee for admin costs if the request is manifestly unfounded or excessive or someone has already received one copy of their data and now wants an extra copy. The fee could cover photocopying costs and staff time.
“In most cases, you cannot charge a fee to comply with a SAR. However, you can charge a ‘reasonable fee’ for the administrative costs of complying with a request if it is manifestly unfounded or excessive or an individual requests further copies of their data following a request.”
The right to submit an SAR belongs to the individual data subject, so the right to see a child’s data belong to the child, not the parent. However, if the child is not able to act on their own behalf or gives their consent the parent can submit a request.
“Unlike the parent’s right of access to their child’s educational record, it is the pupil’s right to make a SAR. Parents can only submit a SAR for information about their child if the child is not competent to act on their own behalf or has given their consent.”
As a rule of thumb, the ICO advises that children under 12 are probably not mature enough to submit a subject access request themselves, whereas children of 12 or over probably are. They say for children under 12 it is “usually appropriate” to accept subject access requests from their parents.
“In Scotland, a person aged 12 years or over is presumed to be of sufficient age and maturity to be able to exercise their right of access, unless the contrary is shown. This does not apply in England, Wales or Northern Ireland but would be a reasonable starting point.
“If you are satisfied that the child is not competent and the request is from a person with parental responsibility for the child, then it is usually appropriate to let the holder of parental responsibility exercise the child’s rights on their behalf.”
Yes. The school must “protect the rights and freedoms” of other people when responding to an SAR, so they must not release the personal data of others.
Redacting may include blanking out information with a blacker marker pen or removing it using software. A full record of the redactions should be kept in case you are asked to review the decision.
If records contain data on third parties the school must redact the extra data. For example, if emails talking about a child also name and discuss two other children, the parent must only see the information on their own child. Schools should not usually redact teacher’s names, however.
“If an educational record contains personal data relating to someone other than the requester (such as a family member), you must consider the rules about third-party data before disclosing it to the requester.
“However, you should not normally withhold information that identifies a teacher.”
The ICO recommend the National Archives Redaction Toolkit (.pdf) which explains how to remove information from paper and electronic records. The appendices of this toolkit provide practical suggestions such as how to deal with Microsoft Office files that contain metadata and tracked changes (it is safer to send plain text files) and how to edit pdf files.
Can someone complain if they are unhappy with our response?
Yes. Article 15 of UK GDPR gives people “the right to lodge a complaint” with the ICO (although the ICO asks people to complain directly to the school first).
The ICO will not punish a school or give compensation, but they may advise the school on how to proceed. People also have the right to go to court.
Good Practice Tips For Dealing With SARs In Schools
In 2020 the ICO reviewed how eight schools handled SARs. Their report (.pdf) gives advice on good practice to follow and poor practice to avoid.
Good practice for schools includes:
having one specific person such as the data protection officer (DPO) deal with SARs
logging SARs in a central document which records the due date of each request, a brief explanation of any information withheld and the reasoning for an exemption or exception
using an information asset register or data map to list all types of data held and its location
sending a template acknowledgement letter when an SAR is received, explaining the deadline for the data to be sent
documenting the process for redactions.
Poor practice includes:
over a third of schools did not action SARs in the summer holidays, incorrectly delaying them until the new term
half of schools only recognised written requests
half of schools did not have a documented process for verifying ID
some schools did not explain how to make an SAR on their website
some schools did not tell people they had the right to complain to the ICO under Article 15(1)(f) of UK GDPR.
What if a parent asks to see their child’s school file?
This right is not connected to subject access requests. Notice that the Pupil Information Regulations give parents the right to see the school file, whereas for subject access requests the right belongs to the child.
According to the ICO the educational record would cover “information such as the records of the pupil’s academic achievements as well as correspondence from teachers, local education authority employees and educational psychologists engaged by the school’s governing body”.
Parents must make a written request to see their child’s school file. They must then be shown the file free of charge. However, they ask for a copy of the file the school can charge a fee that covers the cost of supplying it.
“(2) Subject to paragraph (4), the governing body shall make a pupil’s educational record available for inspection by the parent, free of charge, within fifteen school days of receipt of the parent’s written request for access to that record.
“(3) Subject to paragraph (4), the governing body shall provide a copy of a pupil’s educational record to the parent, on payment of such fee (not exceeding the cost of supply), if any, as the governing body may prescribe, within fifteen school days of receipt of the parent’s written request for a copy of that record.
“(4) When complying with a request under paragraph (2) or paragraph (3), a governing body shall not make available for inspection or provide a copy of any information—
(a) which they could not lawfully disclose to the pupil himself under the GDPR; or
(b)in relation to which the pupil himself would have no right of access under the GDPR.”
Schools have a duty to release recorded information under the Freedom of Information Act 2000. This law applies to both maintained schools and academies because it covers all public authorities.
Who can make a freedom of information request?
Anyone at all. They don’t need to be connected to the school in any way and they don’t need to tell you why they want the information.
What can they ask for?
The Freedom of Information Act lets people request a wide range of recorded information held by public authorities. This means paper copies of documents, electronic files, emails, photos and video or sound files.
“Recorded information includes printed documents, computer files, letters, emails, photographs, and sound or video recordings.
The Act also applies to any draft documents, CCTV and recordings of phone conversations, as well as information that has not been created by the school itself.
For example, letters that have been sent to the school can be requested.
“It is not limited to official documents and it covers, for example, drafts, emails, notes, recordings of telephone conversations and CCTV recordings.
“Nor is it limited to information you create, so it also covers, for example, letters you receive from members of the public, although there may be a good reason not to release them.”
The Act only applies if the information has already beenrecorded. If a teacher has a verbal conversation with the headteacher but takes no notes, the teacher does not have to write an account of that conversation after the fact just because someone submits an FOI request.
“The Act does not cover information that is in someone’s head. If a member of the public asks for information, you only have to provide information you already have in recorded form.
“You do not have to create new information or find the answer to a question from staff who may happen to know it.”
Requests must be in writing. However, electronic requests are specifically allowed so email requests are valid, as are requests made through an online form or via social media such as Twitter. Requests can be sent to any member of staff and do not have to mention the Freedom of Information Act.
The person making the request must give their name and a reply address and describe the information they wish to receive.
“In this Act any reference to a “request for information” is a reference to such a request which—
(a) is in writing,
(b) states the name of the applicant and an address for correspondence, and
(c) describes the information requested.
“A request is to be treated as made in writing where the text of the request—
(a) is transmitted by electronic means,
(b) is received in legible form, and
(c) is capable of being used for subsequent reference.”
Schools must send the information within 20 school days, unless the request is received near to the summer holidays in which case the deadline can be extended to 60 working days.
“For schools, the standard time limit is 20 school days, or 60 working days if this is shorter. Working day means any day other than a Saturday, Sunday, or public holidays and bank holidays.”
If the request is confusing and you need clarification (see the next section) the 20 school days does not start until you have received that clarification.
“The time for compliance will not begin until you have received the necessary clarification to allow you to answer the request.”
You should contact the person as soon as you can to ask them what they wish to receive. Be careful not to imply that you need to know why they want the information or that they need to tell you their motives in order for the school to fulfil the request.
“If you can’t answer the request because you are not sure what is being requested, you must contact the requester as soon as possible for clarification.
“For example, you could explain what options may be available to them and ask whether any of these would adequately answer their request.”
The Freedom of Information Act 2000 says the request must “state the name of the applicant” and the Information Commissioner’s Office (ICO) advises that this does refer to someone’s real name. However, the ICO also say that normally you should not ask for proof of identity.
The exception might be if someone has used an obvious pseudonym or there is reason to think you might deny the request if you knew who they were, for example because it is a request you have already answered.
“To be valid under the Act, the request must include the requester’s real name. The Act treats all requesters alike, so you should not normally seek to verify the requester’s identity.
“However, you may decide to check their identity if it is clear they are using a pseudonym or if there are legitimate grounds for refusing their request and you suspect they are trying to avoid this happening, for example because their request is vexatious or repeated.
“Remember that a request can be made in the name of an organisation, or by one person on behalf of another, such as a solicitor on behalf of a client.”
This is also stated in the government’s FOI Code of Practice: “Applicants must provide their real name and not use a pseudonym. Pseudonymous requests are not valid requests.”
In practice, if an email arrives from Bob.Smith@gmail.com the school will not know if that is a pseudonym or not, as the usual position is that you should not verify someone’s identity. Requests are also valid if they are made on behalf of someone else or in a company name.
Remember that if someone is asking to see the personal data you hold on them that is a subject access request (SAR), not a freedom of information request. When submitting a subject access request the person does of course have to supply their real name.
Can we charge a fee?
Yes, but in most cases you can only charge to cover the costs of supplying the information, for example photocopying, printing or postage costs. You cannot usually charge for staff time used up when finding the information.
An ICO document provides a guide to fees that may be charged (.pdf). They give an example of a substantial FOI request submitted to a public authority. The authority could charge 10p per sheet for photocopying 200 pages, £10 for postage, but zero for the large amount of staff time it will take up.
Although you cannot charge for staff time, in most circumstances you can reject the request completely if it is very substantial. This is explained in the next section.
Can we refuse requests?
Yes, but only if one of four criteria are met:
fulfilling the request would cost too much or use too much time
it is “vexatious”
it is a repeat request from the same person, or
a specific exemption applies.
“You can refuse an entire request under the following circumstances:
– it would cost too much or take too much staff time to deal with the request
– the request is vexatious
– the request repeats a previous request from the same person.
“In addition, the Freedom of Information Act contains a number of exemptions that allow you to withhold information from a requester.”
So first, you can refuse a request due to cost or staff time used. The cost limit for schools is £450. A request would have to be enormous to breach that limit just through photocopying at 10p a sheet or postage costs, but it is more likely that a request could breach the limit because it would take too long for your staff to supply.
The ICO advise that staff time should be calculated at £25 per hour and 25 x 18 = 450. Therefore the cost limit for schools is 18 hours of staff time.
If a freedom of information request would take staff longer than 18 hours to respond to, you can reject the request. (Note though that you also have the option to offer to fulfil the request if the person provides written agreement that they will cover your costs.)
“The biggest cost is likely to be staff time. You should rate staff time at £25 per person per hour, regardless of who does the work, including external contractors. This means a limit of 18 staff hours.”
Second, “vexatious” requests can be refused. A vexatious request is one that is “likely to cause a disproportionate or unjustified level of disruption, irritation or distress” according to the ICO. They produce full guidance on Dealing With Vexatious Requests (.pdf).
A vexatious request might include abusive or aggressive language, accusations, place a burden on the school that is unreasonable, involve a personal grudge, be a persistent request or be a trivial request submitted just for fun.
Third, requests can be refused if they are just a repeat of a previous request from the same person.
Finally, requests can be refused if an exemption applies.
Some exemptions are absolute, which means you can refuse the request without any further consideration.
Most exemptions are qualified, which means that before deciding to withhold the info you must consider whether it would actually be in the public interest to disclose it. This is called the public interest test.
Absolute Exemptions
Section 40(1): If someone is asking for their own personal information –this would need to be treated as a subject access request instead.
Section 40(2):If the info contains the personal data of a third party -schools must comply with the UK general data protection regulation (UK GDPR) and not release personal information about others.
Section 41: If information was provided in confidence – information can be withheld if it would breach a confidence.
Qualified Exemptions
Section 22: If information is intended for future publication – if the info will be published anyway at some point in the future.
Section 28: If disclosure would (or be likely to) endanger someone’s physical or mental safety – safeguarding information might fall under this category.
Section 36: If disclosure would (or would be likely to) inhibit the free and frank exchange of views or prejudice the effective conduct of public affairs – this is an unusual exemption because it must be decided by “the reasonable opinion of a qualified person”.
The ICO provides a useful list of key questions that its staff use when investigating whether FOI law has been applied correctly which can help you decide whether the school is allowed to use a particular exemption.
Can confidential governing body minutes be requested under FOI?
Yes, although the possible exemptions listed above would apply. Maintained school governing bodies have a legal right to record some issues in confidential minutes and in academy trusts the same right is contained in their articles of association.
However, this right does not override the FOI Act, so the board cannot simply refuse to release confidential minutes in all circumstances; they must consider whether an exemption applies under FOI and if it does not the minutes must be released.
What happens after a request is refused?
If a person has had their request refused and is unhappy or believes an exemption has been applied unfairly they can write to the school within 40 working days and ask for an internal review. The review should be carried out by someone who did not respond to the original request.
“You should have in place a procedure to handle any disputes or complaints arising from the outcome or handling of a request for information.
“This procedure is known as an internal review and demonstrates a commitment to openness and transparency. Internal review requests should be made within 40 working days of the initial response.
“It is good practice for the internal review to be carried out, wherever possible, by somebody other than the person who issued the initial response.”
If the school does not review its decision or the person is still unhappy after the internal review they can complain to the Information Commissioner’s Office.
When refusing a request schools must let people know they have a right to complain to the ICO. If the ICO decides the school was in the wrong they can issue a decision notice with instructions on what you must do to correct the mistake.
This could lead to the school having to release further information or give further help to the requester, but the ICO does not dole out punishments or fines or force public bodies to pay compensation for mishandling FOI requests.
St Ralph Sherwin Catholic Multi-Academy Trust (.pdf) was asked for “a variety of information” which it refused to provide as the requests were seen as vexatious. The ICO over-ruled this for two requests and told the trust to respond to the requests within 35 days.
Townley Grammar School (.pdf) received 78 FOI requests in one day from the same person. They refused the requests because a response would have exceeded the cost limit.
The ICO ruled that the school had the right to add up all the requests when calculating the cost limit. The school had also given the person advice on how the requests could be refined. The ICO did not ask the school to take any action.
Beths Grammar School (.pdf) was asked to release info about exam grades. The school sent anonymised information with names redacted and data randomised, but refused to release a change of format as it would have identified the children and been a breach of personal data. The ICO agreed with their approach.
Example FOI Requests To Schools
You can view FOI requests at What Do They Know, a site that helps people make FOI requests and publishes the responses online.
JFS School was asked to provide minutes from governor meetings; they accepted this request and sent the minutes. However, they were also asked for “all information relating to the recent OFSTED inspection”. The school refused as they calculated that this very broad request would take much longer than 18 hours of staff time to fulfil.
All Saints’ Catholic High School was asked to provide the performance appraisal records of senior leaders. They refused because the appraisal records contained the personal data of staff.
The requester asked for appraisals to be anonymised but the school refused this request too because targets in the appraisals were linked closely to job roles and therefore staff could still be identified. However, they did provide an overview of the number of targets set and met by the senior leaders.
Aston Fields Middle School was asked about the number of fixed term and permanent exclusions, including those given to SEN children. The school refused to release the information because the low numbers of children involved meant that individual pupils might be identifiable and therefore they would be releasing personal data.
Steiner Academy Bristol was asked to provide the “OFSTED action plan”. The school accepted this request and sent out their school improvement plan (SIP), even though they had in fact already sent the SIP to the requester, which made this a repeat request.
However, the school refused to send the most current version of the SIP as they believed it could have a negative impact on the operation of the school. They relied on section 36 of the FOI Act that says info can be withheld if it “would otherwise prejudice, or would be likely otherwise to prejudice, the effective conduct of public affairs”.
Tiffin School was asked to send a copy of the staff handbook. They refused the request under section 40(2) of the FOI Act as they said it contained personal data. The requestor asked again and was refused again, but then the requestor complained to the ICO and subsequently received a copy of the handbook.
Yes. Governing bodies at both maintained schools and academies can continue to hold meetings and take decisions even if they have ongoing vacancies.
In maintained schools there is no legal minimum number of governors you must have in post, but you must have a minimum of seven governors in the board’s constitution.
In academies your articles of association may say that if the number of trustees in post falls below a quorum those trustees can only make limited decisions. However, articles should also say that in all other circumstances the board can function normally with vacancies.
There are provisions in the rules (explained below) that allow boards to function with vacancies. However, it is not good practice to have too many vacancies because it puts pressure on your remaining governors.
This page explains the rules and suggests when vacancies may become a concern.
Law For Maintained Schools
Each maintained school must have a minimum of seven governors in its constitution. This number is set by law. You can see how many governors are in your constitution by checking the instrument of government.
The constitution of a governing body means the number of governor roles on your school board, which may be different to the number of volunteers you actually have in post.
“The total membership of the governing body of a maintained school must be no fewer than seven governors.”
Although boards must have at least seven governors in their constitution, the law says that governing bodies can still function if they are not full and do not become valid because of “any vacancy”. This means there is no minimum number of governors that schools must legally have in post.
“The proceedings of the governing body of a school are not invalidated by any vacancy among their number.”
Say for example a school has seven governor roles in its constitution but one of these roles is not filled, which leaves only six governors in post.
These six governors are able to carry on attending meetings and making decisions if they are quorate, so for full governing body meetings they would need three governors in attendance for a quorum.
Rules for Academies
Check your own articles to be sure, but the current model articles of association for academies (June 2021) state that trustees are able to act even if there are vacancies on the trust board.
However, they also say that if the number of trustees in post is less than the number needed for a quorum then the trustees can only make decisions on two issues: filling the trustee vacancies or calling a general meeting (a meeting of academy members).
“The trustees may act notwithstanding any vacancies in their number, but, if the numbers of trustees is less than the number fixed as the quorum, the continuing trustees may act only for the purpose of filling vacancies or of calling a general meeting.”
The quorum in model articles is either three trustees or one-third of trustees in post (rounded up), whichever number is greater.
So if an academy trust board has enough trustees in post to form a quorum it can function as normal. If there are two trustees in post or fewer they can only fill vacancies or call a general meeting.
If it is a committee such as a local governing body the rules will be set by that committee’s terms of reference.
When should we worry about governor vacancies?
As shown above the rules allow governing bodies to function with very small numbers of people, but a tiny board is not good practice for a number of reasons.
Firstly, a handful of people cannot take on all the responsibility of the governing body without strain.
It will be difficult to assign link roles and form committees or panels and the board may struggle to elect a chair and vice-chair. It may even struggle to find a free governor to meet OFSTED during an inspection.
The balance of stakeholders on the board would be another concern. If for example you have only five governors and the headteacher governor and staff governor are in post, it would only need a few other governors to send apologies for a meeting to effectively become a staff meeting rather than a meeting of the board.
Aiming for a minimum of around eight or nine governors/trustees in post might be a good rule of thumb. In reality most boards are larger than this, allowing a few governors to resign without putting too much pressure on those left.
A survey by the National Governance Association found that in 2019 the average board contained 11 to 12 governors when full, with only 16.7% of schools having eight governors or fewer in their constitution. Mind you, 2.8% of schools had 20 governors or more! Here are the full survey results.
Size Of School Boards When All Vacancies Filled
Boards with with eight governors or fewer: 16.7% of schools Boards with 9-10 governors: 23.1% Boards with 11-12 governors: 31.9% Boards with 13-15 governors: 19.2% Boards with 16-19 governors: 6.2% Boards with 20 governors or more: 2.8%
This page provides revised, consolidated versions of the three main sets of School Governance Regulations, incorporating all amendments made since the original laws came into force.
The School Governance Regulations for maintained schools are only made available on www.legislation.gov.uk in their original form, which means that the text does not show the changes made by amendments from the following years.
This can cause confusion, particularly for new clerks who might for example wonder why governors do not need DBS checks in the original 2012 Constitution Regulations. The DBS requirement was added as an amendment in 2016, but unfortunately the text of the 2012 original law has not been updated to make this clear.
This page provides the most up-to-date version of the Constitution Regulations 2012, the Roles, Procedures and Allowances Regulations 2013 and the Federations Regulations 2012. Amendments are colour-coded in the downloadable files so you can see when they were introduced.
added a requirement that LA, foundation, appointed parent and partnership governors must have the skills to contribute to effective governance and the success of the school
changed the procedure for removing surplus governors from “first in, last out” to a process based on skills
added one disqualification criteria so governors and associate members are now disqualified if they are on the section 128 list.
The 2016 amendment made it mandatory to apply for an enhanced criminal record check for any governor who did not already hold one within 21 days of their election or appointment.
removed a requirement that you should round numbers up or down to a whole number when calculating how many foundation or partnership governors you need
allowed boards to remove elected parent or staff governors
stated that an elected parent or staff governor who is removed is disqualified from holding or continuing to hold office as a governor for five years
removed a requirement that a person must notify the clerk if they are disqualified under any of the criteria in the regulations (although this requirement still exists in statutory guidance to the 2012 constitution regulations).
Revised Roles, Procedures and Allowances Regulations 2013
added a requirement that reports and other papers must be sent out with the agenda seven clear days in advance of full governing body and committee meetings (unless the chair determines there are urgent matters to address)
allowed virtual attendance at committee meetings by phone, video link or other methods.
(Note: The Federations Regulations 2012 only apply to federated schools, where one governing body oversees two or more schools. Single schools follow the Constitution Regulations 2012 instead.)
stated that local authority, foundation, appointed parent and partnership governors must be appointed for their skills
amended the rule on co-opted governors who are school employees, which used to say they must not exceed one third of the board (and now says co-opted school employees plus headteachers plus the staff governor must not exceed one third of the board)
changed the procedure for removing surplus governors.
The 2016 amendment requires federations to have only two parent governors (from any federated school), rather than one parent governor from each school in the federation. It also made minor amendments to the list of preferred candidates when appointing parent governors.