+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
General Chat Thread, School governors and insecure communication in General; What do you do/think? Governors communicate with school usually by e-mail, this would be done in most cases over an ...
  1. #1
    Hosker's Avatar
    Join Date
    Sep 2011
    Location
    Yorks
    Posts
    29
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    School governors and insecure communication

    What do you do/think? Governors communicate with school usually by e-mail, this would be done in most cases over an un-encrypted mail service from an insecure private workstation. They are discussing some of the most delicate matters about school!
    I am tempted to say they should have a school supplied laptop and mail service.

  2. #2
    detjo's Avatar
    Join Date
    Feb 2008
    Posts
    356
    Thank Post
    13
    Thanked 47 Times in 39 Posts
    Rep Power
    31
    Probably!
    Ours have a school email address, but they choose not to use it and so use their own. Bottom line is, as long as IT makes the school aware of the potential risks, it's up to the school to enforce it, or not.

  3. #3
    Hosker's Avatar
    Join Date
    Sep 2011
    Location
    Yorks
    Posts
    29
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    That still leaves info on an un encrypted workstation. We are duty bound by the data protection act this would come straight back at you, wouldn’t it?

  4. #4

    Join Date
    Feb 2009
    Location
    Hampshire
    Posts
    68
    Thank Post
    12
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    I think most schools approach to Data Protection is 'We'll worry about it when the ICO slaps us with a fine'.

    I can't remember the exact details but I know some schools and local authorities were fined in the recent past. I find the problem is that we as IT professionals are responsible, but actually getting users - whether they're SLT, staff or even governors - to adhere to the rules is next to impossible.

    We've got people who take sensitive data home on usb sticks, copy documents to personal devices etc etc. And that's aside from staff who leave themselves logged on to multiple machines on site, potentially allowing pupils access to staff/school data. All-in-all, not good really.

  5. #5
    happymeal's Avatar
    Join Date
    May 2011
    Location
    Darwen
    Posts
    443
    Thank Post
    88
    Thanked 97 Times in 60 Posts
    Rep Power
    52
    Pass what you've seen onto your Head Teacher and whoever your Data Protection Officer is on site. Failing that, does your LA have a Data Protection Officer?

  6. #6

    Join Date
    Feb 2009
    Location
    Hampshire
    Posts
    68
    Thank Post
    12
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    Quote Originally Posted by happymeal View Post
    Pass what you've seen onto your Head Teacher and whoever your Data Protection Officer is on site. Failing that, does your LA have a Data Protection Officer?
    That would certainly be the professional thing to do... but without going into detail, that course of action wouldn't work here. I don't believe our LA has a DP officer as such.

  7. #7
    CAM
    CAM is online now

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,074
    Thank Post
    812
    Thanked 353 Times in 277 Posts
    Blog Entries
    60
    Rep Power
    280
    Doesn't matter if they exist or not, someone in the organisation is the Data Protection Officer if they want it or not. This is the person responsible for enforcing and creating the DPA guidelines in the school and most likely falls with the Head if all else fails. Remind him that DPA fines are also issued to offenders and those responsible personally, not just to the school.

  8. #8

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,211 Times in 761 Posts
    Rep Power
    394
    Quote Originally Posted by Easy_506 View Post
    I can't remember the exact details but I know some schools and local authorities were fined in the recent past. I find the problem is that we as IT professionals are responsible, but actually getting users - whether they're SLT, staff or even governors - to adhere to the rules is next to impossible.
    Some LAs and councils have been fined, but to date, I don't believe there has been a single publicised case of a school being fined. As much as I hate to wish that on someone, until it happens we will all be facing an uphill struggle.

    Whoever is the DP officer will be the fall guy if you are caught out. Schools are required by law to register individually, you can't just leave it to the LA, so legal buck-passing is out of the question.

  9. #9
    Hosker's Avatar
    Join Date
    Sep 2011
    Location
    Yorks
    Posts
    29
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Ok what about skydrive encrypted up and down but again device lets it down because if device stolen etc access to mail means access to skydrive account. Nominated person should be SLT position and have training but again real world - Do you even have a nominated DP person?

  10. #10

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,254
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    A small Office 365 instance?

  11. #11

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    Quote Originally Posted by Hosker View Post
    What do you do/think? Governors communicate with school usually by e-mail, this would be done in most cases over an un-encrypted mail service from an insecure private workstation. They are discussing some of the most delicate matters about school!
    I am tempted to say they should have a school supplied laptop and mail service.
    What e-mail service are they using? All of the popular e-mail providers secure their pages with SSL, unless you mean it's an internally hosted e-mail solution by the LA and there's no encryption whatsoever? I'd be more worried about users entering their e-mail and password without encryption onto a webpage.

    Admittedly even e-mails sent from pages secured with SSL could be read in theory. E-mail isn't a secure form of communication and probably never will be!

  12. #12
    Hosker's Avatar
    Join Date
    Sep 2011
    Location
    Yorks
    Posts
    29
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    All Governor’s use whatever they like (I wonder if it’s a shared family one ). The only way I can think of is to give them a laptop with encrypted drive and no access to USB etc. Plus a school e-mail account with only SSL access.

  13. #13
    nicholab's Avatar
    Join Date
    Nov 2006
    Location
    Birmingham
    Posts
    1,463
    Thank Post
    4
    Thanked 97 Times in 93 Posts
    Blog Entries
    1
    Rep Power
    50
    I would if could say that the information is private but on bound by the DPA as it should not contain personnel data as it policy that the governors are working on.

  14. #14

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,702
    Thank Post
    1,784
    Thanked 2,169 Times in 1,604 Posts
    Rep Power
    769
    * Clears throat *

    I have been a school governor for several years and am currently chair, so I have particular interest in this... especially with my eSafety hat on.

    Governors do deal with confidential information, but the majority of what we do is in the public domain. Virtually everything can be requested under FoI if not already on the website. Governing body paperwork is sent out by snail mail or email and rarely contains information that would breach the DPA. Statistics, for example, are anonymised. We should not know the performance of individual students or staff members for example.

    Every governor has reams of paperwork at home which, if left lying around, could embarrass the school. The email side of it is probably more secure than the paper.

    That said, I am in the process of getting our GB into the school's Google Apps, so that we can use Google Drive to store the paperwork rather than have Gigabytes of stuff clogging up our email accounts. The sharing and collaboration ofered by this will make life much easier... and hopefully more secure too.
    Last edited by elsiegee40; 17th October 2013 at 02:45 PM.

  15. #15
    Hosker's Avatar
    Join Date
    Sep 2011
    Location
    Yorks
    Posts
    29
    Thank Post
    2
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    So what you are saying is governors do not deal with information that ICO would see as being part of the DPA?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Personal use of school laptops and tax
    By plexer in forum General Chat
    Replies: 22
    Last Post: 14th March 2008, 03:35 PM
  2. Replies: 16
    Last Post: 17th December 2007, 08:50 AM
  3. UPS and network communications.
    By maniac in forum Hardware
    Replies: 4
    Last Post: 22nd June 2007, 07:51 AM
  4. Wired and Wireless communication
    By Samson in forum Wireless Networks
    Replies: 2
    Last Post: 26th March 2007, 10:13 AM
  5. School networks and aid to Africa. A comparison.
    By Dos_Box in forum General Chat
    Replies: 14
    Last Post: 5th July 2005, 11:36 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •