+ Post New Thread
Results 1 to 10 of 10
e-Safety Thread, Encryption Questionnaire - Help in School Administration; I am in the process of writing up a questionnaire to staff to find out what data they take off ...
  1. #1
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,098
    Thank Post
    314
    Thanked 296 Times in 206 Posts
    Rep Power
    122

    Encryption Questionnaire - Help

    I am in the process of writing up a questionnaire to staff to find out what data they take off site what medium they use. The questions i have got so far are:

    If you take data off site, how do you transport it home?

    What sort of data do you take off site?

    Are you aware of encryption?

    Can anyone think of any more questions i should be asking.

    Thanks

  2. #2

    LosOjos's Avatar
    Join Date
    Dec 2009
    Location
    West Midlands
    Posts
    5,565
    Thank Post
    1,470
    Thanked 1,223 Times in 832 Posts
    Rep Power
    752
    Are they aware of how many pieces of identifiable information on a student a document has to hold before it is legally required to be encrypted before being moved off site? (the answer is 2)

    Do they know the email is not a secure method of transferring files, and any sensitive document sent by email should always be encrypted? (I recently had somebody insisting I didn't need to encrypt an extremely sensitive document before emailing it to them because they work in a bank )

  3. #3
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,098
    Thank Post
    314
    Thanked 296 Times in 206 Posts
    Rep Power
    122
    Quote Originally Posted by LosOjos View Post
    Are they aware of how many pieces of identifiable information on a student a document has to hold before it is legally required to be encrypted before being moved off site? (the answer is 2)
    Probably not. This is something that needs to be better clarified. What is personal information? I, sorry some of the NM in my LA are confused about what actually needs to be encrypted. They have not given any guidance on what should be encrypted. All they say is encrypt laptops.

    Quote Originally Posted by LosOjos View Post
    Do they know the email is not a secure method of transferring files, and any sensitive document sent by email should always be encrypted? (I recently had somebody insisting I didn't need to encrypt an extremely sensitive document before emailing it to them because they work in a bank )
    Thats what i am trying to identify.

  4. #4

    LosOjos's Avatar
    Join Date
    Dec 2009
    Location
    West Midlands
    Posts
    5,565
    Thank Post
    1,470
    Thanked 1,223 Times in 832 Posts
    Rep Power
    752
    On a student, no more than one piece of information that can be used to identify a student can be sent unsecured, i.e. you could send an email saying "Jonathan Smith must see me after school today", but "Jonathan Smith (DOB: 01/01/01) must see me after school today" would have to be secured/encrypted as it contains 2 pieces of identifiable information.

  5. #5
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,098
    Thank Post
    314
    Thanked 296 Times in 206 Posts
    Rep Power
    122
    Thought so. Some people say that information with only a name on it needs to be encrypted but isnt that going over the top? What about name and form of a student?

  6. #6

    LosOjos's Avatar
    Join Date
    Dec 2009
    Location
    West Midlands
    Posts
    5,565
    Thank Post
    1,470
    Thanked 1,223 Times in 832 Posts
    Rep Power
    752
    Some do say that forename and surname are separate identifiers and so both of them would be 2 identifying fields and thus need to be encrypted. Reg groups are an internal identifier, they don't tell you anything about the student, so you're OK with that.

    As for names needing to be encrypted, I'm not sure what the legal stance is, however I always encrypt any document containing any student data - better to be safe than sorry!

  7. #7
    AyatollahPies's Avatar
    Join Date
    Jan 2008
    Location
    Earth
    Posts
    900
    Thank Post
    48
    Thanked 105 Times in 95 Posts
    Rep Power
    42
    My experience with Encryption is that it needs to be all or nothing. If you leave the user the option to not Encrypt data, then they won't.

    I spent the last year evaluating Encryption software and it highlighted a lot of practices that need managing from a business level, rather than software level, if that makes sense?

    Various questions were raised along the lines of:

    What data is being taken off site?
    Why is this data being taken off site?
    Does it really need to be taken off site?
    What controls are in place to stop data being taken off site?

    As LosOjos mentioned, some users use email as a means of transporting data off site. It's all good and well encrypting laptops and USB sticks, and locking the system down to only allow authorised USB drives to access the network, but if a user can simply attach a file to an email, then it undermines the system.

    Encryption needs to be seen as good practice and promoted from the Head/Business manager, rather than a new annoying hindrance that the I.T department has introduced.

    I appreciate this isn't quite what the OP is asking for, but I believe it is useful information to share.

  8. #8
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,098
    Thank Post
    314
    Thanked 296 Times in 206 Posts
    Rep Power
    122
    Thanks for the posts, any info will help at the mo. Like i said, there is hardly any guidance from our LA on what needs to be encrypted.

  9. #9

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,403
    Thank Post
    1,517
    Thanked 1,056 Times in 925 Posts
    Rep Power
    303
    Quote Originally Posted by timbo343 View Post
    Thanks for the posts, any info will help at the mo. Like i said, there is hardly any guidance from our LA on what needs to be encrypted.
    They are getting there I'll keep pushing them to improve it for us all Interesting to see the 2 bits of data, where did you get that information from LosOjos?

  10. #10

    LosOjos's Avatar
    Join Date
    Dec 2009
    Location
    West Midlands
    Posts
    5,565
    Thank Post
    1,470
    Thanked 1,223 Times in 832 Posts
    Rep Power
    752
    Quote Originally Posted by john View Post
    They are getting there I'll keep pushing them to improve it for us all Interesting to see the 2 bits of data, where did you get that information from LosOjos?
    That's advice from our LA, but it makes perfect sense to me. One piece of data would usually not be enough to identify a child (unless it's something very unusual, such as a specific condition that it's unlikely anybody else in the area has, or an unusual name), but with 2 pieces of data you could quite quickly start to trace somebody, especially with the myriad of online services people sign up to these days.

SHARE:
+ Post New Thread

Similar Threads

  1. Self Survey/Questionnaire
    By knightrider in forum General Chat
    Replies: 2
    Last Post: 5th October 2009, 08:09 AM
  2. Prototype Questionnaire
    By garethedmondson in forum Coding
    Replies: 1
    Last Post: 5th May 2009, 11:10 PM
  3. Design Questionnaire
    By Hightower in forum Web Development
    Replies: 0
    Last Post: 14th October 2008, 10:07 AM
  4. Conference Questionnaire
    By Sylv3r in forum Comments and Suggestions
    Replies: 1
    Last Post: 29th May 2008, 11:24 PM
  5. Pupil Questionnaire?
    By Butuz in forum How do you do....it?
    Replies: 5
    Last Post: 22nd April 2008, 10:13 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •