+ Post New Thread
Results 1 to 6 of 6
General Chat Thread, Standard USB keys for staff to carry work on. Need advice please. in General; I have just been handed an updated e-safety document for the primary school I work in and I have noticed ...
  1. #1

    Join Date
    Apr 2010
    Posts
    2,036
    Thank Post
    83
    Thanked 187 Times in 154 Posts
    Rep Power
    83

    Standard USB keys for staff to carry work on. Need advice please.

    I have just been handed an updated e-safety document for the primary school I work in and I have noticed the requirement for encrypted keys has been removed. I mentioned this to the head and he seems to think it is fine for the teachers to use non encrypted sticks. I pointed out that the LA have this in the e-safety doc but he says that the LA version is just for guidance.

    Is this correct and OK?

  2. #2

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    9,062
    Thank Post
    591
    Thanked 1,945 Times in 1,345 Posts
    Blog Entries
    19
    Rep Power
    813
    Quote Originally Posted by edutech4schools View Post
    Is this correct and OK?
    It depends on what data the sticks are holding.

    If it's lesson plans, I think a regular non encrypted USB will be fine.

    If it's pupil assessment data or anything that can personally identify a specific pupil, parent or staff member... then it needs to be encrypted [by law IIRC].

  3. #3
    mmoseley's Avatar
    Join Date
    Apr 2007
    Location
    Birmingham
    Posts
    751
    Thank Post
    109
    Thanked 105 Times in 80 Posts
    Blog Entries
    2
    Rep Power
    43
    Give him the example of...teacher has private pupil data on a memory stick, medical info, address, DOB, etc etc etc...that teacher then loses it...Explain that one away? Wouldn't want to be in the situation
    Last edited by mmoseley; 9th May 2014 at 02:48 PM. Reason: Speling

  4. #4

    Join Date
    Apr 2010
    Posts
    2,036
    Thank Post
    83
    Thanked 187 Times in 154 Posts
    Rep Power
    83
    If it's pupil assessment data or anything that can personally identify a specific pupil, parent or staff member... then it needs to be encrypted [by law IIRC].
    Where would I find that it is illegal to do this?

    My issue with having lesson plans on standard keys is how do you monitor it, How would I know what they have on them. I would have thought it simpler just to have encrypted keys and be done with it.

  5. #5
    Galway's Avatar
    Join Date
    Jun 2007
    Location
    West Yorkshire
    Posts
    1,323
    Thank Post
    9
    Thanked 300 Times in 209 Posts
    Rep Power
    99
    Quote Originally Posted by edutech4schools View Post
    Where would I find that it is illegal to do this?

    My issue with having lesson plans on standard keys is how do you monitor it, How would I know what they have on them. I would have thought it simpler just to have encrypted keys and be done with it.
    Why do I get the feeling that an internet pixie dies when I hear this.

    "My issue with having lesson plans on standard keys is how do you monitor it"
    Why would you? its data not covered by the dpa.

    "How would I know what they have on them."
    Why do you need to. I think it comes under professional trust and conduct.

    Tech: dont do "X", its against policy,do you understand?
    Teacher: okay. Yes I agree.
    Teacher: Tech, can you help me, I just did X.
    Tech: Busted !

    "I would have thought it simpler just to have encrypted keys and be done with it"
    Yea, and little stickers on the back with the code. I think its alright as it is to beat them with the misconduct stick when they epic fail.

  6. #6

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    394
    Quote Originally Posted by edutech4schools View Post
    I pointed out that the LA have this in the e-safety doc but he says that the LA version is just for guidance.
    It's "guidance" in the same way that many of the rules in the Highway Code are "guidance". It's a guide for "how not to do something that would probably be deemed illegal" and also "how we determine if a c***-up is your fault".

    There's no specific law saying that personal data on USB keys must be encrypted, because that's not the way the UK legal system works; in most cases, the law is never so prescriptive. Laws are passed, and guidance is issued to establish how courts would interpret the law in specific cases.

    The Data Protection Act (1998) makes it a legal requirement to use "appropriate technical and organisational measures" to protect personal data. Encryption is widely accepted as one of the most appropriate technical measures. The authority that issues the most authoritative guidance on the DPA is the Information Commisioner's Office, and they have a nice page about encryption here: ICO - Our approach to encryption

    The ICO recommends that portable and mobile devices including magnetic media, used to store and transmit personal information, the loss of which could cause damage or distress to individuals, should be protected using approved encryption software which is designed to guard against the compromise of information.
    If that isn't enough to convince your Head that his suggested policy will not be looked upon fondly, here's a selection of articles about how the ICO has also been regularly fining businesses, local authorities, and NHS trusts for the loss of encrypted laptops and USB sticks for years now: https://www.google.co.uk/search?q=ico+encryption+fine
    Last edited by AngryTechnician; 9th May 2014 at 04:50 PM.

  7. Thanks to AngryTechnician from:

    edutech4schools (9th May 2014)

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 9
    Last Post: 15th July 2013, 01:05 PM
  2. Replies: 5
    Last Post: 16th January 2013, 04:20 PM
  3. Can anyone suggest a tool for staff to reset student passwords and unlock accounts
    By Davit2005 in forum Network and Classroom Management
    Replies: 1
    Last Post: 13th September 2012, 11:49 AM
  4. FRS/RPC not working on new DC - Please Help!
    By TheFopp in forum Windows Server 2000/2003
    Replies: 3
    Last Post: 11th February 2009, 12:29 PM
  5. Replies: 5
    Last Post: 31st August 2006, 05:01 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •