+ Post New Thread
Results 1 to 8 of 8
How do you do....it? Thread, Folder access - Data Protection Act - How do you do it? in Technical; Scenario: Every member of staff has their own H: drive. Currently there are members of staff i.e. Support Services Manager ...
  1. #1
    Paid_Peanuts's Avatar
    Join Date
    Jun 2007
    Location
    South Yorkshire
    Posts
    232
    Thank Post
    11
    Thanked 13 Times in 12 Posts
    Rep Power
    17

    Folder access - Data Protection Act - How do you do it?

    Scenario:
    Every member of staff has their own H: drive.
    Currently there are members of staff i.e. Support Services Manager who periodically needs access to all admin H: drives in someone’s absence.
    In such cases we have added them to the security settings on the folders as and when. So there is probably about half a dozen people that have or want access to other peoples H: drives as well as their own.

    Are we in breach of any data protection acts by doing this? Do we need to gain the permission of the person whos H: drive it is the staff members are accessing? Or because they are an employee of the school are we allowed to give anyone access to their H: drive?

    How do people do this at their schools?

    Comments and advice greatly appreciated.

  2. #2
    eean's Avatar
    Join Date
    May 2006
    Location
    Kuala Lumpur
    Posts
    561
    Thank Post
    68
    Thanked 52 Times in 37 Posts
    Rep Power
    29

    Re: Folder access - Data Protection Act - How do you do it?

    I can't see how you'd be breaking the Data Protection act - it's not really for that kind of thing.
    A similar scenario is companies scanning users' emails, which they ARE allowed to do, so long as they have a specific business purpose for doing so. (See Here). In your case you DO have a specific business purpose. However, I would say that it is polite to make people aware that, in their absence, other people would access their home drive.
    I wouldn't use home drives for storing 'work' in the first place. It would probably be better placed on a shared network drive with a hierarchical access policy. That’s what networks are for – the Support services manager should be able to access the files they need without having to go to you.
    Home drives are just really temporary storage or for personal things (done in lunch hour, of course).

  3. #3
    Paid_Peanuts's Avatar
    Join Date
    Jun 2007
    Location
    South Yorkshire
    Posts
    232
    Thank Post
    11
    Thanked 13 Times in 12 Posts
    Rep Power
    17

    Re: Folder access - Data Protection Act - How do you do it?

    Both you and I know what shared drives are for - however people using them in the manner they were designed is a step too far in our place. Every thing important is stored in someones H: drive somewhere. I suppose its just a case of educating the end users.

  4. #4
    kestrel1's Avatar
    Join Date
    Jul 2005
    Location
    New Forest
    Posts
    294
    Thank Post
    3
    Thanked 11 Times in 11 Posts
    Rep Power
    20

    Re: Folder access - Data Protection Act - How do you do it?

    I would say, that as long as staff are made aware of the need for others to access their home areas if they are off, there shouldn't be a problem. If there was a shared area on the network though for different subjects, staff could save work into these folders instead of their own personal area.
    That is the system we use. Only staff have access to these shared folders, whilst other folders are for everyone to view, but only staff have write access.
    Some staff wish students to be able to save to certain folders, so write access is granted to that year group on a per folder basis. Any abuse to this & the access is withdrawn.

  5. #5
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    75

    Re: Folder access - Data Protection Act - How do you do it?

    As others have said, so long as people know that others might be given access to some or all of their files, you're okay - a line in the AUP will cover that (and should be there anyway, since us NMs with domain admin rights can see them).

    Any data held on the company network belongs to the company and can be viewed by whoever the company deems appropriate. It's the same as scanning emails, really.

    You might get a couple of people object, but the vast majority will be cool with it if you explain why. Those really worried about privacy will buy a pen drive :-)

  6. #6
    iatkinson's Avatar
    Join Date
    Jun 2007
    Location
    Blackburn
    Posts
    135
    Thank Post
    5
    Thanked 6 Times in 5 Posts
    Rep Power
    16

    Re: Folder access - Data Protection Act - How do you do it?

    In our acceptable use policy there is a seperate section for staff to sign giving us permission to look in their work area, otherwise we have to go up the tree to SLT and the decision rests with them.

  7. #7
    Marvintpa's Avatar
    Join Date
    Jan 2007
    Location
    Grantham, Lincs
    Posts
    27
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Folder access - Data Protection Act - How do you do it?

    I would argue that the DPA does not have any relevance to home drives and shared drives. The DPA covers personal/private information stored by companies, organisations about individuals. DOB, Addresses, NI Numbers etc. This data specific to each individual.

    Home and Shared drives are areas that staff / students dump crap in when they cant be bothered to find a better place to store it

    Surely the establishment's AUP should cover this.
    I/we work thus
    1. The school owns the equipment, pays for the electricity, heating etc.
    2. The school own the interlecual property rights on all data created or stored on school machines.
    3. I manage the school systems for the governors and Head/Chair of Govs.
    4. They require me to carry out checks to ensure that the school (and ultimately they) are not breaching any laws.

    Thus I and my "lad" are permitted to go anywhere .... assuming we have a sysadmin or security reason to do so.

    My answer to staff and students when they complain is simple. (Other than "Tough $%^&"). If you have something "secret" or "personnal" store it on a pen drive away from school services.

  8. #8

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,684
    Thank Post
    516
    Thanked 2,453 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833

    Re: Folder access - Data Protection Act - How do you do it?

    'Personal' things shouldn't be stored within school servers - that is not what they are for.

    The home drive at our school is for storing things like lesson plans, and course material. The shared drives are for storing the same, but for those staff who share their work.

    Therefore, anything that is personal in there is not our problem as it shouldn't be there.

SHARE:
+ Post New Thread

Similar Threads

  1. Complience with the Data Protection Act on admin networks.
    By Dos_Box in forum School ICT Policies
    Replies: 9
    Last Post: 27th November 2007, 08:29 AM
  2. Changes to data protection act
    By sjplot in forum Network and Classroom Management
    Replies: 18
    Last Post: 5th October 2007, 11:19 AM
  3. Stateside Hosting, Data Protection, etc...
    By plexer in forum Web Development
    Replies: 0
    Last Post: 17th May 2007, 09:48 AM
  4. Backups - Data Protection Manager
    By fooby in forum How do you do....it?
    Replies: 4
    Last Post: 14th December 2006, 10:45 AM
  5. Data Protection Act - re: Remote Access
    By mark in forum School ICT Policies
    Replies: 18
    Last Post: 26th September 2005, 07:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •