Need Some Advice Please .What Would You Do If You Were Me.!.

[tickmike]

Hello . I need some advice please on this subject (put yourself in my shoes ) what would you do ?.

Talking to the head of the school I help for free and I'm not connected now in any way, there was a question that came up "can I see any of the data on the network" ( I think she was talking about the pupils folders/files and the staff and admin files).

Reading between the lines I think she needed an answer for parents or offstead if she was asked.

I put her mind at rest by saying that unless she give me all the passwords I could not see all the data. (oop's). ops:
I also said (which is true) that I'm not interested in what is in any bodies folders or files only interested in the working of the network and the usefulness for the pupils education.

So I been thinking about folder / file Encryption.

1.. Do you use it .

2.. Is there problems with its use.

3.. Is it worth me telling the head about it.

4.. If we used it on the admin / staff folders would you also suggest it used on the pupils folders as well if she that concerned..

Any comments on this subject will be appreciated.

From Michael.

[ajbritton]

If we're talking about EFS, then there's one big issue in the following scenario

1 - User encrypts their home folder (or even just a few files)
2 - User forgets password P
4 - You change the users password
5 - Encrypted files cannot now be accessed unless user remembers original password.

I believe it is possible to get around this by setting up a recovery policy (never done this though), which would enable you to recover the data. Either way then you'll be able to get at the data.

[pete]

You can set an overriding efs key so the domain admin can unencrypt stuff if users forget passwords. Haven't done it but cursory reading makes it appear easy enough.

Regarding being root: you may want to consider an non-disclosure agreement or similar agreement so that the school (and you) are covered for Ofsted / Data Protection.

It's better to tell the head the truth (she'll work it out if you ever have to change her password - "if he can change my password, he can log in as me = access what I can access") and state why they need to entrust someone with that ability.

[tickmike]

This sound interesting would she draft something out or is there a standard form ?
Re... egarding being root: you may want to consider an non-disclosure agreement or similar agreement so that the school (and you) are covered for Ofsted / Data Protection.
Michael.

[pete]

IANAL but I have signed NDAs before.

They are legal documents that are signed by you, the other party + witnesses. NDAs are negotiable by both parties and are usually used to protect intellectual property: one or both parties agree to not reveal privileged information gained by doing $job to outside parties both during and after working for a company. NDAs can be perpetual (never reveal) or time-limited.

That way there's a legally-binding undertaking on your part to not reveal any info you learn and an explicit acknowledgement by the school that they are aware you will learn such info and they are OK with this. It covers their arse and yours.

I strongly suggest you consult your solicitor and ask them to draw one up.

[crc-ict]

The NDA is not a bad idea.

The problem is arising because you are not employed by the school or the Local Authority, and as such, are outside of their control.

I have just got the contracts through from the LEA for my new jobs and they include a clause very similar to an NDA covering all issues of confidentiality, Data Protection and data access.

This is a very serious issue in this modern world and you would both (ie. yourself and the school) do well to ensure that all relevant 'backside covering' has been done.

It is probably worth getting the head to take advice from the LEA about what's needed in the first instance, certainly before incurring legal costs from engaging a solicitor

[plexer]

I think you should come up with something like a NDA just so you and the school are both satisfied if it ever comes up having a document/policy to show you have allready explored this issue should be enough to satisfy anyone.

At the end of the day administering a network gives you the ability to look at just about anything should you so wish however going down this route may lead others to not being in a job for long.

Regarding encryption I thought that the enterprise admin can always decrypt windows stuff. If you changed domain names or something and had encrypted files then you would be stuffed.

Ben

[tickmike]

Thanks .

Its A Private Parent Run School, No Lea . Ofsted Yes.

The Parents make all rules via. a management group.

One Head/Teacher and Two Other Teachers.

Parents for admin,cleaning, odd jobs, Gardening, helping in class, etc. etc.

Parents also raise all the money to run the school.

Michael.

[Mungo]

Always a sticky one.

As previously stated, you are always going to have access to sensitive stuff, its the nature of the job, especially on small networks when there may only be one admin. As far as you are concerned its all just data. It should be up to staff to qualify what is sensitive and who should have access to it.

For peace of mind for the school do the NDA thing but also get yourself on the Criminal Records Bureau (CRB Checked) if you havent already got one. I consider this an absolute must for handling Pupil related information of any sensitivity. It also shows that you have been open and proactive as an employee and are sensitive to the nature of confidential data.

Aidan

[tickmike]

Being this is a charity I would not want them to have any costs ( and there no way I will pay for it being I'm already giving them lots of my own time for free).

So if the head / school management wrote up some document and I agreed with it and signed it would that be ok do you think.

About CRB, I have been checked out when I was a helping parent at the school but I believe it must have run out because my daughter has left that school two years ago, I will get them to renew it.

Can anyone give me some idea what the document would be like (not word for word but general outline please).

Michael.

[Norphy]

It would probably be along the lines of

"I understand that I have access to potentially sensitive material. I will not access anything confidential unless it is necessary to do so. If the need does arise to do so, I will not disclose the information to anyone outside of the organisation"

I'm not a lawyer but I think that probably covers it quite well.

Oh and lay off the caps lock, we can all hear you you know :P

[tickmike]

Thank for that Norphy

The use of bold I have been finding the some members have mist important points eg. I use sever 2000 .
also I do not know how this 'quote' button works at the top of the post . :?

Michael

[russdev]

Quote:

Originally Posted by tickmike

Thank for that Norphy

The use of bold I have been finding the some members have mist important points eg. I use sever 2000 .
also I do not know how this 'quote' button works at the top of the post . :?

Michael

the quote button click on it and opens ups a reply with contents quoted in it.

Russ

[Norphy]

Quote:

Originally Posted by tickmike

Thank for that Norphy

The use of bold I have been finding the some members have mist important points eg. I use sever 2000 .
also I do not know how this 'quote' button works at the top of the post . :?

Michael

I have no problem with the liberal use of bold, helps emphasise the point if necessary. I was talking about the all caps thread title. It is generally considered poor netiquette to use nothing but caps in a thread or thread title, it's the online equivalent of shouting

[tickmike]

Quote:

Originally Posted by Norphy

Quote:

I have no problem with the liberal use of bold, helps emphasise the point if necessary. I was talking about the all caps thread title. It is generally considered poor netiquette to use nothing but caps in a thread or thread title, it's the online equivalent of shouting

oop's Cap lock must have been on ops: