How do you ensure that school data is segregated, to prevent being merged with other organisations?

Hierarchically, data about a School and its users is contained within that schools record. This is handled at an application logic level. The only exception to this is Trusts (School Groups) where certain users with the requisite permissions can act as a manager of schools within their group for the purpose of reporting but this is controlled by strict ACLs.