What precautions do you take to make sure an individual cannot be identified from their postcode?
There are general precautions about the security of our servers which I am sure every good business would adopt, but we make a special effort with postcodes.
I don't know if your child competed the survey online or on paper - the account to be given in each case is slightly different.
Online, the postcodes are encrypted using GnuPG when storing, and downloaded with the encryption intact (screenshot).
They are decrypted only when the postcode information is required; the decrypted postcode is not stored but discarded once the analysis is complete. The encryption is AES-256, which we believe has never been cracked, even when Government and Police are very keen to see what is on a suspect's computer.
For paper surveys, we store only part of the postcode with the case, replacing the last two letters with "99", like this:
SCHID PUPILID SEX AGE YEAR PCODE Q1 Q2 etc 712 1 0 12 8 9999999 1 0 712 2 0 13 8 SG19399 0 1 712 3 1 13 8 SG19299 0 1 712 4 0 13 8 SG19399 0 0 712 5 0 13 8 SG19399 1 0 etc
We store the whole postcodes separately from the rest of a pupil's answers as below, tagged with two numbers which together can identify an individual case, and merge the information only when necessary, and don't keep the merged data file.
SCHID PUPILID PCODE1 PCODE2 746 2 CB013 LN 746 3 CB013 LN 746 4 CB013 BN 746 5 CB014 ET 746 6 CB013 PU
We have mostly used postcodes for things like allocating pupils to districts - as a pupil may go to school in one district but live in another. The reports produced are at the level of district rather than at the pupil level.
Elsewhere, we have used postcodes for allocating deprivation scores, assigning ward-level information, and so on; again, we keep the derived information and discard the postcode. An example of an analysis using deprivation scores is given below: