Skip to main content

Data protection

Personal data held by HESA

HESA holds information on students and staff in universities, higher education (HE) colleges and specialist providers in the UK

The Collection Notices describe the purposes for which this data is collected.

We also hold information on customers and other people who have contact with HESA where it is necessary to allow HESA to carry out its functions.

Do you hold any information about me?

Students

All publicly funded higher education providers in the UK (also known as higher education institutions), plus the privately funded University of Buckingham, send data about all of their students to HESA at the end of each academic year. If you have been registered as a student at a UK HE provider at any time since 1994/95, it is likely that HESA will have a record about you.

From the 2014/15 academic year, HESA also collects data from some alternative HE providers.

HESA conducts a survey every year asking recent leavers from HE providers what they are doing after leaving higher education. The Destinations of Leavers from HE (DLHE) survey has its own Collection Notice. A further survey, the DLHE Longitudinal survey, asks a sample of leavers what they are doing after another three years and also has its own Collection Notice. Results of the surveys are linked to the Student record. Participation in these surveys is optional.

Staff

All HE providers in the UK, plus the privately funded University of Buckingham, send data about all of their staff to HESA at the end of each academic year. If you have been a member of staff working for a UK HE provider at any time since August 2004, it is likely that HESA will have a record about you. For the period August 1994 to August 2004, HESA only holds information on academic staff working more than 25% full-time equivalence.

What sort of data might HESA hold on me?

Full lists of all the data fields collected each year can be found via our Data collection area. The HESA records have changed over the years, and not all fields are returned for every individual. HESA does not hold the contact details of students or staff. The HESA Staff record does not include names.

What happens to the information HESA holds?

The Student Collection Notice and the Staff Collection Notice describe the various uses of the HESA records. The Student Collection Notice describes 'Administrative purposes' for which where the HESA Student record might be used to look up individuals. In all other cases the HESA records are only used to create statistics and are not used to look up, or make decisions about, individuals.

Why is HESA allowed to collect this information?

Please see the document Data Protection Guidance for the HESA Records, which aims to provide supporting information for those in HE providers dealing with data protection issues. Please also see the HESA Collection Notices. These documents are updated as necessary when there are any changes to the legal background.

Website privacy policy and Cookies

Please see the following pages:

Retention

The HESA Student record and the HESA Staff record are held indefinitely since they are used to monitor participation and employment in higher education over time.

Security

HESA has achieved the ISO 27001 International Standards accreditation for Information Security. This means that the security of HESA's systems and processes are regularly and independently reviewed and certified.

Data Protection Register

HESA and its subsidiary HESA Services Ltd are registered as Data Controllers under the Data Protection Act 1998. The Register of Data Controllers is maintained by the Information Commissioner's Office. To find HESA's registration details use the Data Protection Public Register search facility.

  • Higher Education Statistics Agency Limited (Registration Number Z7475057)
  • HESA Services Limited (Registration Number Z7899462).

Contact details for more information

If you have any other questions about HESA and data protection please contact the Data Protection Officer:

Under the Data Protection Act 1998 you are entitled to know what information we hold about you. To make a Subject Access Request you will need to complete a Subject Access Request Form, pay a £10 fee, and provide proof of your identity. To receive a Subject Access Request Form please send your name and postal address to the email address above with 'Subject Access Request' in the subject line. You can also use any of the other contact details.