We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

Durham University

Information Governance

Board of Examiners

What constitutes personal data in examinations and to what information does a candidate have a right of access?

Personal data in examinations includes any commentary (including marks and examiner's comments) made by the examiner or moderator about the candidate's performance and the consequences of that performance if it is held in a relevant filing system. This includes expressions of personal opinion made by anyone other than the candidate.

Any information recorded by the candidate during or as part of an examination is exempt from subject access once it has been submitted. This includes answers to questions and supporting documentation. Furthermore, data subjects do not have any rights under the data protection legislation to any explanation about the marking system for the examination or how specific marks or comments were arrived at as this does not constitute personal data.

Access to personal data can not be denied on the grounds that the comments of the examiner(s) and the candidate's work appear together. In such cases the candidate's work will need to be deleted or redacted before the script is released to the data subject.

Releasing Examination Marks

Under data protection legislation, requests for access to information received from data subjects must be complied with within one month of the request being received by the data controller. Examination marks are, however, given temporary exemption from this requirement.

This temporary exemption applies where the due date falls before the day on which the results are to be announced. In such cases, the period for compliance will be extended to:

  • the end of five months beginning with the due date;
  • the end of one month beginning with the date of the announcement or publication of the results;

whichever is earlier.

If more than one month passes between the subject access request and compliance with the request (under the exemption given above) then the University must give access to any additional information if the information requested has changed between the date of request and the date of compliance.

Board of Examiners' Minutes and Examination Board Reports

Data protection legislation only applies to data which is held in relevant filing systems. Relevant filing systems are defined as files relating to the individual. Clearly Boards of Examiners' minutes and Examination Board results will be filed with reference to the Board and not the individuals discussed or considered at the Board. Data protection legislation is, therefore, unlikely to apply to these documents. However, this is still a matter of debate within the sector and current advice states that, where possible, sections of the Board of Examiners' minutes should be made available to data subjects if requested, provided that disclosure does not require the disclosure of information relating to other data subjects. All enquiries relating to access to Boards of Examiners minutes must be referred to the Curriculum Learning and Assessment Service.

Collective Data

It is likely that some documents filed with reference to individuals will occasionally contain information relating to other named or identifiable individuals. For example, a memorandum may deal with more than one student and be copied to each of the students' files. In such cases, the data subject would only have a right of access to the information that related to them and not to the data relating to the other students. In fact, to release the document unedited would constitute a breach of data protection legislation in respect of the other named students. When releasing information which includes references to other individuals, all references to that individual, including details which may lead to their identity being indirectly revealed, must be removed before the document is released. This can be done by editing, cutting and pasting or "blanking out" the relevant information. Where it is not possible to release any of the information without revealing the identity of another data subject, then the data controller needs to seek the consent of the other data subject to the release of their information to the data subject making the subject access request. Where consent is not given or can not be reasonably sought, the University has the right to refuse access to the information concerned.

Releasing Data to Third Parties

There are very few incidences where data can be legally released to a third party without the data subject's explicit consent. Where the information is a matter of public record, in this case the degree result or highest exit qualification, the information may be released. However, any other information, such as examination marks or timetable and personal details, must not be released to any third party without the data subject's explicit, written consent. Written consent must be submitted by the data subject to the University in advance of any release of data to third parties.

Staff should contact the relevant central section for advice if they are unsure how to proceed.

Charges for the Release of Information

In general the information provided by the University will be done without charge. However, a reasonable fee may be charged for additional copies or for requests that are manifestly unfounded or are excessive. Further details will be provided before the request is completed.