LinkBack URL
About LinkBacks..and the url for that is?I'll continue storing all my money in a big box outside my door.
Si
..and the url for that is?I'll continue storing all my money in a big box outside my door.
Si
After speaking with ICO, OFSTED and legal advice I have the following ... again paraphrased until I have agreement on text to stick up.
As far as the ICO is concerned there is a risk about Safe Harbour and the Patriot Act, but to some extent this is negated because data can be seized / released anyway under section 35 of the DPA. The key thing is that you need to tie in any contract arranged within the EU with companies that might be affected by The Patriot Act with breach of contract should any data be released. It can then become a civil matter, but backed up by DPA should it not fall within section 35 exemptions. As far as OFSTED are concerned they do not deal directly with looking at DPA policies / procedures within Section 5 or Section 8 inspections, and it does not look as if this would change even should an Undertaking be signed between the school and the ICO. They would, however, be looking at other safeguarding aspects so should it be linked in with that (including loss of data about children in care) or should a concern be raised by the Local Safeguarding Children's Board then it would be looked at.
I have asked OFSTED to confirm that they would not change any approach to inspection should an Undertaking have been signed, and in a manner I can share with schools.
So ... it looks as if I will have to change some of my stance on this as it seems as if no matter what some bodies say in meetings or seminars, they are not willing to back it up with real authority. Oh well ... I am sure that this would go down well with the Daily Fail!
CHR1S (17th October 2011)
It seems that if any company that stores your private data goes bankrupt - they can just sell off your private data. Not specifically a cloud issue, just thinking about some of those flakey cashless catering systems....
Layer 8: Privacy stink erupts over Borders bankruptcy dealTo perhaps to no one's surprise, Borders bookstore collected a ton of consumer information - such as personal data including records of particular book and video sales - during its normal course of business. Such personal information Borders promised never to share without consumer consent. But now that the company is being sold off as part of its bankruptcy filing, all privacy promises are off.
Reuters wrote this week that Barnes & Noble, which paid almost $14 million for Borders intellectual assets including customer information at auction last week, said it should not have to comply with certain customer privacy standards recommended by a third-party ombudsman. In court papers, Barnes & Noble said that its own privacy standards are sufficient to protect the privacy of customers whose information it won during the auction.
Well, I have a few more answers now and it covers a range of areas.
1 - After some discussions with a Duty Inspector at OFSTED I had a partial response to the theoretical question about what affect having to sign an Undertaking with the ICO would have on an inspection. Unfortunately I am only allowed to paraphrase the response as no individual answer can be published at the risk of it seeming to be policy advice, which can only be gained from the relevant DfE page on Safeguarding Children and Safer Recruitment (which is a reference to the 2006 paper on this subject https://www.education.gov.uk/publica...FES-04217-2006 ). OFSTED do not, for Section 5 or Section 8 inspections, check compliance with the DPA as this is the job of the ICO. However, they will look at how well the governing body and the school leadership fulfils its responsibilities in relation to statutory requirements and/or statutory codes of practice or guidance, including the relevant Health & Safety legislation. They will also evaluate any non-compliance with relevant legislation, including DPA, on pupils' safety, care and well-being. Putting it bluntly, if this leads to Safeguarding to be found to be inadequate, then the 'overall effectiveness' judgment for the school is also likely to be judged inadequate. So ... an Undertaking is not just a slap on the risks but can risk OFSTED judging your school inadequate. I will be watching those schools who have recently had to sign Undertakings to see what happens at their next inspections.
2 - The Patriot Act has been a bit of a concern for a few of us ... after all, there is nothing wrong with a bit of paranoia ... it is what we get paid for ... and just because you aren't paranoid it doesn't mean the world *isn't* out to get you! After a bit more delving with the ICO (again ... that paraphrasing thing) I got the following. The Patriot Act and The DPA do match quite well. We have our own equivalent section, section 35, and co-operation between Law Enforcement Agencies and Governments around the world will mean information is disclosed as required. In fact there was a darned good article which @rayfleming refers to in his blog How safe is my cloud data? And what which links to another good article from Jeff Bullwinkel. Whilst it is related to Australia it does also cover a number of similar concerns from the UK too.
So ... to summarise. Breaches of DPA are bad, Undertakings are not just a slap on the wrist as they put you at risk of issues during OFSTED inspections, and The Patriot Act is a bit of a Red Herring that should not overshadow the other concerns around Data Protection. Official strategy and guidance is limited, open to interpretation (think 'rope to hang yourself' stuff) and no matter what anyone says you will find people taking on a lot of risk.
The key messages ... If you want to take a risk then be aware of the possible implications, there is still a matter of the law, but make sure people are as informed as possible because ignorance is no excuse in the eyes of the Law.
Thanks to everyone who has taken part in this discussion...
Last edited by ZeroHour; 14th October 2011 at 01:32 PM.
There is a free option, you just have to look for it, click sign up, go down to the bottom. You get 5GB of storage. It has to be registered to an individuals email account, but as far as I'm aware there nothing stopping each teacher setting up a Free account for themselves.Originally Posted by localzuk
https://www.sugarsync.com/signup?startsub=5
Last edited by smithson83; 14th October 2011 at 12:57 PM.
i user it no issues.. works with proxy too !
Only seen a few pages of this but what data are people looking to store on Dropbox? I'd never put anything with student names, reports, grades etc up there, too risky but resources and learning materials would be OK... although that relies on users understanding the restrictions which I guess could be as dangerous as allowing anything up there?
Yeh I can understand not using dropbox for Student details but I use it for everything else.
I was hoping to do the same for students one day.
BYOD will make this interesting... if a student brings their own laptop \ tablet and wants to use a personal Dropbox account then at that point the agreement isn't related to the school... only one step removed from the organisation provisioning the accounts but yet in theory completely different application of DPA (or maybe it's not, hence raising the point
The original article was sparked off by a number of folks on twitter and at meetings I had been to talking about how DropBox could replace the USB Memory Stick as a way of storing and transferring files around *including* stuff that would have SIROs fuming!
Sharing of files as stimulus for curriculum activities is one of several good examples of using dropbox, but staff using it for mark sheets, contact databases, etc ... *shudder*
On the note of BYOD/BYOT/BYOC (I wish someone would make a definitive choice about which it is) this is linked to a serious of conversations about eSafety law in Education that some folk may have seen or been part of. The idea that if you instruct a child to use a tool or resource, even if it isn't the school's, can mean the school takes on the responsibility for what happens with it. This part of the discussion is around eSafety but I suppose it can readily be pointed to similar issues with data protection.
Off topic but this whole idea (above) is based on the same flawed premise that demands internet filters be 100% and that everything be fixable with technology. A view usually held and promoted by those least qualified to understand the technology and most aversed to people taking responcibility for themselves.
The discussion being held is purely based on the Law involved, and it is quite extensive. It has been an eye-opener for me and whilst I still view some of the position unrealistic the points of law still have to be looked at and followed.
Ah, yes, some laws do have tend to have that issue, my above point stands just pointed at the lawmakers which seems to be where the blame lies.
The focus on the discussions tends to be around identifying what the Law is, how it is checked for ALARP, where the responsibility lies and what the impact is of breaking the Law or following the Law.
Dr Bandey is looking to do some stuff at BETT around it (supported by our friends at SmoothWall) so that will be interesting for folk to follow.
So I guess this helps matters along a lot with Dropbox? The Dropbox Blog » Blog Archive » US-EU Safe Harbor Certification now safe harbor compliant.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
