+ Post New Thread
Results 1 to 5 of 5
Home Access Plus+ Thread, Data Protection Issues in Projects:; Hi All After implementing HAP+ the head asked about data protection in terms of pupil data once someone has downloaded ...
  1. #1

    Join Date
    Jul 2014
    Location
    Birmingham
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Data Protection Issues

    Hi All

    After implementing HAP+ the head asked about data protection in terms of pupil data once someone has downloaded a document to their home computer.

    Is it a case of user responsibility? Agreeing to delete any documents that contain sensitive information after working on them and maybe incorporate into the AUP or staff handbook?

    Thanks

  2. #2
    nickbro's Avatar
    Join Date
    Jul 2010
    Location
    Gilwern, Wales
    Posts
    3,584
    Thank Post
    39
    Thanked 513 Times in 443 Posts
    Rep Power
    115
    Yep, that's the rule. If you know javascript you can write a clause into the myfiles page that if it's a certain directory, disabled the download abilities.

  3. #3
    Galway's Avatar
    Join Date
    Jun 2007
    Location
    West Yorkshire
    Posts
    1,374
    Thank Post
    9
    Thanked 311 Times in 219 Posts
    Rep Power
    101
    Staff should not have any data covered by the DPA unless its encrypted, like on a memory stick.
    It should be made clear to staff in the handbook, AUP and via policies.

  4. #4


    Join Date
    May 2009
    Posts
    3,211
    Thank Post
    284
    Thanked 863 Times in 645 Posts
    Rep Power
    336
    Quote Originally Posted by adamjoseph7 View Post
    Is it a case of user responsibility? Agreeing to delete any documents that contain sensitive information after working on them and maybe incorporate into the AUP or staff handbook?
    Yes and no :-)! Yes you should have a policy in place and at a certain point, it is incumbent on staff to follow that policy and if they don't, they may be 'liable' (in that it is they as an individual who is not exercising their duty of care). No, in that having a policy is not enough - the policy needs to be fit for purpose, you need to ensure it is promulgated and you need to do some assurance that it is being followed.

    UK DPA also suggests that data taken/stored off site should be encrypted, so if staff are using their own machines, the machine should probably conform to a minimum security standard (virus protection, strong password, disc encryption etc).

  5. #5

    Join Date
    Jan 2013
    Location
    Switzerland
    Posts
    170
    Thank Post
    13
    Thanked 24 Times in 23 Posts
    Rep Power
    8
    Quote Originally Posted by pcstru View Post
    , so if staff are using their own machines, the machine should probably conform to a minimum security standard (virus protection, strong password, disc encryption etc).
    Lets face it, most home users simply will not conform to this, which is why they demand a school provided laptop, which we then make sure meets the standards we prescribe.
    If we don't provide the equipment, then we cannot demand that their equipment meets those standards, since it is, by definition, their property. All we can do is stop the downloading of data or transference offsite. We use a VPN into our network to overcome this.

SHARE:
+ Post New Thread

Similar Threads

  1. Data Protection implications of asset disposal - ICO issue guidance
    By JSchlackman in forum School ICT Policies
    Replies: 0
    Last Post: 29th November 2012, 07:30 PM
  2. Replies: 20
    Last Post: 24th September 2011, 12:51 PM
  3. Replies: 1
    Last Post: 24th November 2010, 10:29 AM
  4. ePortal - external access data protection issues
    By cheredenine in forum MIS Systems
    Replies: 3
    Last Post: 1st May 2009, 08:44 PM
  5. Data Protection Act - re: Remote Access
    By mark in forum School ICT Policies
    Replies: 18
    Last Post: 26th September 2005, 07:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •