BYOD - how are you auditing information disclosure?
Say Fred uses his iPad to do lessons and it helps him out teaching and he's a better* teacher as a result. If he gets his iPad nicked in Lanzarote while on holiday, what do you have in place to prevent information being disclosed?
Is it a case of "don't do that" with a defence of "er, they signed a bit of paper saying they wouldn't" when ICO comes knocking?
Are you siloing off "work" and "play" using encryption software specific to the device?
Are you / they encrypting the whole device?
We're leaning towards "maybe" for staff because some of the staff who're using their stuff standalone (no access to school network) are demonstrably benefitting from it, but the disclosure issue concerns me vs a school laptop that I know is encrypted.
*whatever your metric is.