Updated Data handling Guidance from Becta

[GrumbleDook]

I would recommend you recall *all* USB sticks anyway as they will require a secure wipe to get rid of the data they have had on them already. Remember to factor that in. It is not just about making sure that staff do things right in the future, it is also about cleaning up due to the problems right now.

[PiqueABoo]

On the other hand it is a Government directive so must be implemented

BECTA: "These set out the measures central government departments and their agencies must adopt to protect sensitive and personal data. Becta’s guides are a practical interpretation of these measures that should be considered by schools,colleges and universities to help minimise the risk of data being lost or corrupted and any subsequent adverse consequences such as identity theft, news headlines or breaches of statutory/legal obligations."

My emphasis. I don't think they're saying you "must" do X, it's more of a relatively strong recommendation to do X if you want that backside covered for DPA etc. And that's the kind of angle that I'd have thought would chime with most management when it comes to budgets.

[leco]

I would recommend you recall *all* USB sticks anyway as they will require a secure wipe to get rid of the data they have had on them already. Remember to factor that in. It is not just about making sure that staff do things right in the future, it is also about cleaning up due to the problems right now.

I was thinking that I could swap sticks if I got new encrypted ones. That way down time for users would be somewhat minimised. However, some sticks are owned by the user rather than the school, so I would still need to wipe those. Hey ho, more things on the To Do list, life is never dull in IT.

[leco]

My emphasis. I don't think they're saying you "must" do X, it's more of a relatively strong recommendation to do X if you want that backside covered for DPA etc. And that's the kind of angle that I'd have thought would chime with most management when it comes to budgets.

If management had thought of it before setting budgets. As it is, yes I agree they will wish to cover themselves, just me wondering which other budget will be cut. Coincidentally, the subject came up at a recent (this week) HT meeting, so I am now tasked with "researching" a solution. In the end, not my decision, only my recommendation.

[markcuk]

who's Head Teachers actually listen to advice from Becta I know mine never did!

[leco]

who's Head Teachers actually listen to advice from Becta I know mine never did!

Maybe not, but they do listen to each, other especially if one of them sounds knowledgeable on the subject.

[markcuk]

They would only listen if this was forced by certain people from the Local LEA in my old school.

Same problem with pupils so easy to copy course work now (we had a number of pupils that were caught cheating in GCSE course work swapping stuff on pens and logging in as each other)

**Think i was trying to say why is this guide aimed at staff only I mean shouldn't pupils gcse work be encrypted to stop copying etc**

Mark

[leco]

They would only listen if this was forced by certain people from the Local LEA in my old school.

Same problem with pupils so easy to copy course work now (we had a number of pupils that were caught cheating in GCSE course work swapping stuff on pens and logging in as each other)

**Think i was trying to say why is this guide aimed at staff only I mean shouldn't pupils gcse work be encrypted to stop copying etc**

Mark

I can understand your views, perhaps aimed at staff in order to cascade best practice to pupils?

Maybe there lies the difference then, I am in the Primary sector, where "nobody" wishes to be seen not doing what "everyone else" is doing.

[markcuk]

I can understand your views, perhaps aimed at staff in order to cascade best practice to pupils?

we can only hope

[sahmeepee]

**Think i was trying to say why is this guide aimed at staff only I mean shouldn't pupils' gcse work be encrypted to stop copying etc**

I'm not sure how encryption is going to help you in a situation where the two students are sharing their credentials - Pupil A logs on and copies coursework from his home drive onto Pupil B's encrypted pen drive using Pupil B's password/smartcard/thumbprint/whatever. Pupil B makes his changes and submits the modified work as his own. Where does encryption come in?


I'm only aware of one case of pupil-to-pupil plagiarism here that wasn't done with the original author's consent and that was work done on paper and stolen from a classroom; it was actually the digital drafts on the network which allowed us to get the problem sorted out. For "unauthorised" copying of work, a strong password policy (via technological measures or user education) or going down the 2-factor authentication route may help. Stolen pen drives are the only thing encryption would help with in that scenario, but I'm not aware of a widespread issue with pupils stealing pen drives to copy coursework.

[kimclayton]

Hi

I found the first version of these documents brilliant for raising appropriate levels of awareness with our senior management team. Combined with mention of the Ofst*d word was enough for them to commit to a project to implement a comprehensive data handling and information security framework in the school. Only downside is that I have got to run it!!!!

We are a special school so our data ranges from child protection to the more routine pupil performance data.

I have recently found the low cost AES encrypted memory sticks for around £10 for 1Gb and will be insisting that these must be used at all times for taking data off site.

We have problems with Offline files on our laptops as in some cases 5 or 6 people may use the same laptop.

Dos and Don'ts well written and will for the basis of my initial awareness session which i am giving to Staff after 1/2 term.


Auditing paper is an absolute pig.

Our LEA is currently running a seminar/roadshow regarding Info handling and I am attending the local one tomorrow. I'll feedback when I know what they are expecting us to do.

KC

[enjay]

I have recently found the low cost AES encrypted memory sticks for around £10 for 1Gb and will be insisting that these must be used at all times for taking data off site.

We had that thought too, but felt that if insisting on a particular - more expensive - pen drive, the correct thing would be for us to by them for the teachers, which quickly adds up to a noticeable amount of money.

[tincatinca]

I accept your point re costs of memory sticks, however we only have a staff requirement of around 25 and each teacher is likely to have to purchase the stick from their own budget,which as it is only a tenner will not make that much of a dent.

Our staff here are really cooperative on this sort of thing though I fully appreciate this may be somewhat unusual!!

[jamin100]

had a meeting with the SLT about this yesterday.

We're doing the following.

1. All staff laptops are to have whole disk encryption with strong passwords (teachers will love that)
2. SLT, Teachers & HLTA's will get Integral Crypto 2gig encrypted drives £15 each.
3. Teaching assistants will not be allowed to use any sort of USB drive (don't like this idea but hey)

Got a busy time ahead of me encrypting all the laptops.

Anyone know how i can use truecrypt and ghost to image drives???

[enjay]

3. Teaching assistants will not be allowed to use any sort of USB drive (don't like this idea but hey)

That would rank alongside a fart in a lift, here! That aside, is this going to be technically enforced or will they just be asked/told not to use them?