+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
General Chat Thread, Summary of what's sensitive information and whats not? in General; Yeah i know its pretty much common sense but i'm trying to help the admin girls. Last year i found ...
  1. #1

    Little-Miss's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    5,508
    Thank Post
    2,371
    Thanked 741 Times in 454 Posts
    Blog Entries
    2
    Rep Power
    541

    Summary of what's sensitive information and whats not?

    Yeah i know its pretty much common sense but i'm trying to help the admin girls.

    Last year i found out that for free school meals, information such as names, addresses and NI numbers were sent over email just as an attachment. I wasn't impressed. More so with the department for letting people do that without giving them any guidance on encryption etc.

    Now, am i being massively paranoid or do i have a point?

  2. #2

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,050
    Thank Post
    1,318
    Thanked 2,310 Times in 1,624 Posts
    Rep Power
    692
    No, you aren't being paranoid and yes, you do have a VERY GOOD point. Where were they being sent and why did they need all that info anyway?

  3. Thanks to witch from:

    Little-Miss (4th October 2011)

  4. #3
    penfold_99's Avatar
    Join Date
    Feb 2008
    Location
    East Sussex
    Posts
    922
    Thank Post
    56
    Thanked 161 Times in 113 Posts
    Rep Power
    67
    Quote Originally Posted by witch View Post
    No, you aren't being paranoid and yes, you do have a VERY GOOD point. Where were they being sent and why did they need all that info anyway?
    The LA would need the information so they could check the entitlement of the parent to a benefit. A lot of LA staff (not all) believe that if they are emailing another county based/school email is doesn't go outside the council network and is secure.
    There are a few LAs looking to handle the FSM entitlement checking service automatically via SIF, which would remove issues like this.

    You are good to be paranoid.

  5. Thanks to penfold_99 from:

    Little-Miss (4th October 2011)

  6. #4

    Jawloms's Avatar
    Join Date
    Aug 2007
    Posts
    809
    Thank Post
    175
    Thanked 104 Times in 72 Posts
    Rep Power
    185
    I'd say you're not being paranoid because to me that means worrying about something you don't need to worry about. Student info going over email IS something to worry about justifiably!

  7. Thanks to Jawloms from:

    Little-Miss (4th October 2011)

  8. #5


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,619
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    Welcome to finding out most data protection blunders with your data are committed (or initiated by) the LA and associated orgs.

  9. Thanks to pete from:

    Little-Miss (4th October 2011)

  10. #6


    Join Date
    Jan 2009
    Posts
    1,218
    Thank Post
    147
    Thanked 238 Times in 164 Posts
    Rep Power
    155
    No, you're not being paranoid at all.

    But that doesn't mean They're not out to get you.


  11. 2 Thanks to Earthling:

    joe90bass (4th October 2011), Little-Miss (4th October 2011)

  12. #7
    Netman's Avatar
    Join Date
    Jul 2005
    Location
    56.343515, -2.804118
    Posts
    911
    Thank Post
    367
    Thanked 190 Times in 143 Posts
    Rep Power
    54
    Here you go...
    Sensitive personal data means personal data consisting of information as to -

    (a) the racial or ethnic origin of the data subject,

    (b) his political opinions,

    (c ) his religious beliefs or other beliefs of a similar nature,

    (d) whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),

    (e) his physical or mental health or condition,

    (f) his sexual life,

    (g) the commission or alleged commission by him of any offence, or

    (h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.

    More here: Key definitions of the Data Protection Act

    You can also order some publications from the ICO site - useful for handing out to staff...

  13. Thanks to Netman from:

    Little-Miss (4th October 2011)

  14. #8

    witch's Avatar
    Join Date
    Nov 2005
    Location
    Dorset
    Posts
    11,050
    Thank Post
    1,318
    Thanked 2,310 Times in 1,624 Posts
    Rep Power
    692
    So sending out names and addresses unencrypted is OK then?

  15. #9
    Netman's Avatar
    Join Date
    Jul 2005
    Location
    56.343515, -2.804118
    Posts
    911
    Thank Post
    367
    Thanked 190 Times in 143 Posts
    Rep Power
    54
    Quote Originally Posted by witch View Post
    So sending out names and addresses unencrypted is OK then?
    No probably not, but the OP asked in the title what is 'sensitive data'. There is a difference in the DPA between 'Personal Data' and 'Sensitive Data' and how you are supposed to handle them...

    The Data Protection Act 1998 states, “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”
    This requirement involves a judgement as to what measures are appropriate in particular circumstances. IMO, I would say encrypt to be on the safe side, but it's all shades of grey rather than black or white...

  16. Thanks to Netman from:

    witch (4th October 2011)

  17. #10

    Little-Miss's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    5,508
    Thank Post
    2,371
    Thanked 741 Times in 454 Posts
    Blog Entries
    2
    Rep Power
    541
    Glad its not jsut me then. Its awful. Guessing i just encrypt/password protect it and ring them to give them the password.

  18. #11

    Little-Miss's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    5,508
    Thank Post
    2,371
    Thanked 741 Times in 454 Posts
    Blog Entries
    2
    Rep Power
    541
    Sensitive wasnt the correct word to use i suppose, but you got my point....

  19. #12
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Burgh Heath, Surrey
    Posts
    4,022
    Thank Post
    803
    Thanked 346 Times in 270 Posts
    Blog Entries
    60
    Rep Power
    278
    Our LA has a central mailserver for everyone in the borough who is signed up to their E-Mails service and is considered inside the wider LA network. If we want to send E-Mails to other government organisations or schools, we can use a service called CJSM which is heavily encrypted and has a zero tolerance no messing around policy. Downside is the recipient also needs to have a CJSM address.

    I think it stands for Criminal and Secure Justice Mail.

  20. #13

    Little-Miss's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    5,508
    Thank Post
    2,371
    Thanked 741 Times in 454 Posts
    Blog Entries
    2
    Rep Power
    541
    Ok, so my colleague rings the department to tell them what i had said and that she is going to zip and password protect the file and apparently the women on the phone was not impressed saying we are the only school wanting to do this and all others have sent there's normally and wanted to know who i was and why i was saying this. lol

    So is there a part of the DPA i can quote to this women. It's ridiculous. Why cant they just write a list of can's and cant's (yeah i know there are grey areas)

  21. #14

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,668
    Thank Post
    1,614
    Thanked 1,867 Times in 1,385 Posts
    Blog Entries
    2
    Rep Power
    400
    You go Kaz, u r fully in the right on this one and stick to it.

  22. Thanks to nephilim from:

    Little-Miss (6th October 2011)

  23. #15

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,152
    Thank Post
    284
    Thanked 767 Times in 578 Posts
    Rep Power
    334
    Pick out some bits from this, for instance:
    Example
    An organisation holds highly sensitive or confidential personal data (such as information about individualsí health or finances) which could cause damage or distress to those individuals if it fell into the hands of others. The organisationís information security measures should focus on any potential threat to the information or to the organisationís information systems.
    I would say a list of people with free school meals falls into this category under individuals financial information as it indicates that they are on a low income.

    Also:
    Computer security

    Computer security is constantly evolving, and is a complex technical area. Depending on how sophisticated your systems are and the technical expertise of your staff, you may need specialist information-security advice that goes beyond the scope of this Guide. A list of helpful sources of information about security is provided at the end of this chapter. You should consider the following guiding principles when deciding the more technical side of information security:

    Your computer security needs to be appropriate to the size and use of your organisationís systems.
    As noted above, you should take into account technological developments, but you are also entitled to consider costs when deciding what security measures to take.
    Your security measures must be appropriate to your business practices. For example, if you have staff who work from home, you should put measures in place to ensure that this does not compromise security.
    The measures you take must be appropriate to the nature of the personal data you hold and to the harm that could result from a security breach.
    As it's straightforward and no additional cost to password protect an Office document or use 7-Zip to stick the data in a password protected zip file, then I would say that is the minimum expected nowdays of any organisation.

  24. Thanks to teejay from:

    Little-Miss (6th October 2011)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Exactly the opposite of what we needed @ BETT
    By tom_newton in forum General Chat
    Replies: 12
    Last Post: 15th January 2008, 09:00 AM
  2. Replies: 5
    Last Post: 14th January 2008, 01:05 PM
  3. Replies: 0
    Last Post: 25th October 2007, 12:04 PM
  4. Please Help - What are the challenges and opportunities faci
    By doc69 in forum School ICT Policies
    Replies: 2
    Last Post: 20th May 2007, 07:28 PM
  5. Microsoft, Cisco or Comptia - What are the Pros and Cons?
    By eddiebaby in forum Courses and Training
    Replies: 5
    Last Post: 3rd May 2007, 06:22 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •