e-Safety Thread, Staff forwarding on and using private E-mails for work in School Administration; I was just wondering if anyone had any good information/links about the issues involved in Staff forwading e-mails to their ...
7th January 2013, 12:44 PM #1
Staff forwarding on and using private E-mails for work
I was just wondering if anyone had any good information/links about the issues involved in Staff forwading e-mails to their own private address.
I know there are issues about data protection/pupil information and potential issues about staff and pupils e-mailing privately but I was wonding if there were some good example of the dangers and some links to specific legislation?
Someone is not taking the fact that we are trying to protect the organisation and the staff well. It's not convieinet for him to log to two things (Work E-mail/Private Email) when he's not in school.
7th January 2013, 02:42 PM #2
This is a combination of staff organisational and technical policy (Principle 7 of DPA). If you have an organisational procedure then it *has* to be followed. Organisational and technical policies and procedures are developed hand in hand so it is not up to staff to pick and mix.
As part of your school's risk assessment for information management you have a) chosen where you will host emails and associated data, b) have chosen the methods of authentication and c) have prepared your operational / organisational policies and procedures. Any change to this means you have to complete a new risk assessment. This would be too costly for the school to do for each member of staff so the school takes the position that *all* staff have to operate inside the existing rules.
It is not just DPA you have to consider but FoIA too ... at this point, should a FoI request come in and you are aware that staff have been emailing things to a private address then you have to ask those members of staff to divulge any and all emails to the school related to the request. Remember that this is where the big argument is presently going on (still) between DfE and ICO. The amount of work this creates for those within the school is unreasonable.
The legislation (DPA) basically says you need to know and control where the data is. The amount of control will vary from school to school (depending on cloud hosting, managed hosting via LA / RBC, locally hosted, etc) but you pretty much have not control over a private account.
2 Thanks to GrumbleDook:
Stuart_C (12th February 2013), winng (7th January 2013)
7th January 2013, 06:41 PM #3
We use swgfl easymail and there is a function in the alias lists to add in an external email address. The only person who does is the head of IT.
Never really thought about data protection as it is very likely that teachers have printed off emails and taken them home or taken home other data in other forms, as well as using their home computers. No encryption of any sort here
7th January 2013, 08:57 PM #4
Everything Grumbledook says, but also you need the support of your senior management. The policy is in place. It is a disciplinary matter if the member of staff does not follow it. If the senior managers won't enforce it, the Governing body should be informed - the school has legal responsibilities under the DPA which the Governors have to monitor and uphold.
What I haven't tied down is how to deal with staff using gmail iphones and outlook as email readers or clients i.e. downloading emails to their own devices. We'll still know what emails they're sending and receiving, but won't have control of the data.
8th January 2013, 09:29 AM #5
If using non-work purchased / allocated devices to access work emails then you can specify some security / protection settings to then. For example, with an iOS device specify that it must have a minimum of an 8 character alpha-numeric passphrase (and not just a 4 digit passcode), that the cover unlock feature is turned off (if you lift the cover you *still* have to enter the passphrase), that documents saved on the device are not synced with any cloud solution (eg iCloud / dropbox) unless specifically provided / approved by the school, that it automatically wipes after x number of failed attempts to access the device (a feature often not enabled with people who share their device with toddlers / children as a distraction tool ... but that should be dealt with in the next one) and that the device is only ever used by the member of staff (as they are not multi-user devices!)
Similar breakdowns can be given for other devices but when looking at the range of windows, iOS, BB, android and other devices it is a shame there is not a single place where you can go to find all these ... or if there is I'd be interested to see it.
By FatBoy in forum How do you do....it?
Last Post: 14th May 2012, 11:30 AM
By mattx in forum General Chat
Last Post: 28th September 2010, 02:05 PM
By DAZZD88 in forum How do you do....it?
Last Post: 22nd January 2010, 08:01 PM
By reggiep in forum Windows
Last Post: 18th November 2009, 10:53 AM
Last Post: 21st December 2008, 08:49 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)