After implementing HAP+ the head asked about data protection in terms of pupil data once someone has downloaded a document to their home computer.
Is it a case of user responsibility? Agreeing to delete any documents that contain sensitive information after working on them and maybe incorporate into the AUP or staff handbook?
Staff should not have any data covered by the DPA unless its encrypted, like on a memory stick.
It should be made clear to staff in the handbook, AUP and via policies.
UK DPA also suggests that data taken/stored off site should be encrypted, so if staff are using their own machines, the machine should probably conform to a minimum security standard (virus protection, strong password, disc encryption etc).
If we don't provide the equipment, then we cannot demand that their equipment meets those standards, since it is, by definition, their property. All we can do is stop the downloading of data or transference offsite. We use a VPN into our network to overcome this.
There are currently 1 users browsing this thread. (0 members and 1 guests)