General Chat Thread, School governors and insecure communication in General; What do you do/think? Governors communicate with school usually by e-mail, this would be done in most cases over an ...
17th October 2013, 11:08 AM #1
School governors and insecure communication
What do you do/think? Governors communicate with school usually by e-mail, this would be done in most cases over an un-encrypted mail service from an insecure private workstation. They are discussing some of the most delicate matters about school!
I am tempted to say they should have a school supplied laptop and mail service.
IDG Tech News
17th October 2013, 11:13 AM #2
Ours have a school email address, but they choose not to use it and so use their own. Bottom line is, as long as IT makes the school aware of the potential risks, it's up to the school to enforce it, or not.
17th October 2013, 11:19 AM #3
That still leaves info on an un encrypted workstation. We are duty bound by the data protection act this would come straight back at you, wouldn’t it?
17th October 2013, 12:50 PM #4
- Rep Power
I think most schools approach to Data Protection is 'We'll worry about it when the ICO slaps us with a fine'.
I can't remember the exact details but I know some schools and local authorities were fined in the recent past. I find the problem is that we as IT professionals are responsible, but actually getting users - whether they're SLT, staff or even governors - to adhere to the rules is next to impossible.
We've got people who take sensitive data home on usb sticks, copy documents to personal devices etc etc. And that's aside from staff who leave themselves logged on to multiple machines on site, potentially allowing pupils access to staff/school data. All-in-all, not good really.
17th October 2013, 12:54 PM #5
Pass what you've seen onto your Head Teacher and whoever your Data Protection Officer is on site. Failing that, does your LA have a Data Protection Officer?
17th October 2013, 01:07 PM #6
- Rep Power
That would certainly be the professional thing to do... but without going into detail, that course of action wouldn't work here. I don't believe our LA has a DP officer as such.
Originally Posted by happymeal
17th October 2013, 01:12 PM #7
Doesn't matter if they exist or not, someone in the organisation is the Data Protection Officer if they want it or not. This is the person responsible for enforcing and creating the DPA guidelines in the school and most likely falls with the Head if all else fails. Remind him that DPA fines are also issued to offenders and those responsible personally, not just to the school.
17th October 2013, 01:13 PM #8
Some LAs and councils have been fined, but to date, I don't believe there has been a single publicised case of a school being fined. As much as I hate to wish that on someone, until it happens we will all be facing an uphill struggle.
Originally Posted by Easy_506
Whoever is the DP officer will be the fall guy if you are caught out. Schools are required by law to register individually, you can't just leave it to the LA, so legal buck-passing is out of the question.
17th October 2013, 01:20 PM #9
Ok what about skydrive encrypted up and down but again device lets it down because if device stolen etc access to mail means access to skydrive account. Nominated person should be SLT position and have training but again real world - Do you even have a nominated DP person?
17th October 2013, 01:47 PM #10
A small Office 365 instance?
17th October 2013, 01:51 PM #11
What e-mail service are they using? All of the popular e-mail providers secure their pages with SSL, unless you mean it's an internally hosted e-mail solution by the LA and there's no encryption whatsoever? I'd be more worried about users entering their e-mail and password without encryption onto a webpage.
Originally Posted by Hosker
Admittedly even e-mails sent from pages secured with SSL could be read in theory. E-mail isn't a secure form of communication and probably never will be!
17th October 2013, 02:07 PM #12
All Governor’s use whatever they like (I wonder if it’s a shared family one ). The only way I can think of is to give them a laptop with encrypted drive and no access to USB etc. Plus a school e-mail account with only SSL access.
17th October 2013, 03:22 PM #13
I would if could say that the information is private but on bound by the DPA as it should not contain personnel data as it policy that the governors are working on.
17th October 2013, 03:43 PM #14
* Clears throat *
I have been a school governor for several years and am currently chair, so I have particular interest in this... especially with my eSafety hat on.
Governors do deal with confidential information, but the majority of what we do is in the public domain. Virtually everything can be requested under FoI if not already on the website. Governing body paperwork is sent out by snail mail or email and rarely contains information that would breach the DPA. Statistics, for example, are anonymised. We should not know the performance of individual students or staff members for example.
Every governor has reams of paperwork at home which, if left lying around, could embarrass the school. The email side of it is probably more secure than the paper.
That said, I am in the process of getting our GB into the school's Google Apps, so that we can use Google Drive to store the paperwork rather than have Gigabytes of stuff clogging up our email accounts. The sharing and collaboration ofered by this will make life much easier... and hopefully more secure too.
Last edited by elsiegee40; 17th October 2013 at 03:45 PM.
17th October 2013, 03:48 PM #15
So what you are saying is governors do not deal with information that ICO would see as being part of the DPA?
By plexer in forum General Chat
Last Post: 14th March 2008, 04:35 PM
By Uraken in forum Hardware
Last Post: 17th December 2007, 09:50 AM
By maniac in forum Hardware
Last Post: 22nd June 2007, 08:51 AM
By Samson in forum Wireless Networks
Last Post: 26th March 2007, 11:13 AM
By Dos_Box in forum General Chat
Last Post: 5th July 2005, 12:36 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)