+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 24 of 24
Internet Related/Filtering/Firewall Thread, Internet Filtering - Staff Access to Controversial categories in Technical; Originally Posted by Geoff I'd add data protection to that list @ GrumbleDook I did stick it in as a ...
  1. #16

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,944
    Thank Post
    1,343
    Thanked 1,789 Times in 1,112 Posts
    Blog Entries
    19
    Rep Power
    595
    Quote Originally Posted by Geoff View Post
    I'd add data protection to that list @GrumbleDook
    I did stick it in as a specific bit (referring to File Sharing and Data Protection) but I am now tending to see that DPA, FoIA, Record Management, etc cover a variety of areas within Safeguarding, repetitional damage, etc ... consider the latter areas to be themes which take from key areas such as DPA, etc.

    It all depends on the target audience and the best ways of getting information and concepts to them.

  2. #17

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,040
    Thank Post
    241
    Thanked 200 Times in 154 Posts
    Rep Power
    108
    Quote Originally Posted by flyinghaggis View Post
    I'm concerned that if we allow/endorse staff to use sites like the ones above then we literally won't know if they're being mis-used until something goes wrong.

    All comes down to risk vs flexibility at the end of the day I guess...
    Yes it does. If you allow staff to use memory sticks, I bet you don't subject them to a full body search each day to make sure they're not mis-using personal memory sticks to take confidential data off site. That's substantially the same as taking data off site via dropbox really, is it?

    While there can be specific legal nuances in some cases, the issue is what they're doing, not how they're doing it. If your safeguarding procedures say that no student data should leave site then how it leaves site is less important than the fact that it has. This is a human resources issue, not a technical one.
    Last edited by Roberto; 8th October 2012 at 02:20 PM.

  3. Thanks to Roberto from:

    GrumbleDook (8th October 2012)

  4. #18
    flyinghaggis's Avatar
    Join Date
    Jan 2006
    Posts
    1,022
    Thank Post
    104
    Thanked 76 Times in 59 Posts
    Rep Power
    116
    Quote Originally Posted by Roberto View Post
    Yes it does. If you allow staff to use memory sticks, I bet you don't subject them to a full body search each day to make sure they're not mis-using personal memory sticks to take confidential data off site. That's substantially the same as taking data off site via dropbox really, is it?
    It's funny you should mention that actually as another staff member said the same about USB sticks which is a fair point. My response was that in an ideal world staff shouldn't really have to take school files off site. Going forward we should be looking at methods of staff being able to access school resources remotely rather than taking them off site or uploading them to other 3rd party websites. That way when staff leave they immediately lose access and sensitive/confidential data doesn't leave the premises.

    We do have it written in our AUP that staff taking sensitive files off site on USB memory stick are expected to encrypt the contents but I suspect that very few people actually bother hence my concerns about them mis-using dropbox and other file sharing websites. Being practical blocking USB storage devices isn't something that's really feasbile so I suspect the answer to that one (and file sharing sites) might be to do something like making sure school files are stored in something like sharepoint rather than file shares so we can be more granular about what staff can do with confidential files (eg blocking printing, copying to USB, etc.)
    Last edited by flyinghaggis; 8th October 2012 at 03:12 PM.

  5. #19

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,040
    Thank Post
    241
    Thanked 200 Times in 154 Posts
    Rep Power
    108
    Quote Originally Posted by flyinghaggis View Post
    It's funny you should mention that actually as another staff member said the same about USB sticks which is a fair point. My response was that in an ideal world staff shouldn't really have to take school files off site. Going forward we should be looking at methods of staff being able to access school resources remotely rather than taking them off site or uploading them to other 3rd party websites. That way when staff leave they immediately lose access and sensitive/confidential data doesn't leave the premises.
    We supply staff with a remote desktop service that's available over the internet from home for precisely this reason. Data files never needs to leave our site.

    Quote Originally Posted by flyinghaggis View Post
    We do have it written in our AUP that staff taking sensitive files off site on USB memory stick are expected to encrypt the contents but I suspect that very few people actually bother hence my concerns about them mis-using dropbox and other file sharing websites. Blocking staff/pupils using USB storage is actually something that I think would be a good idea in future providing we can make sure they still have other means of accessing the data remotely.
    It's not for me to say what the right answer is to this online vs. USB (or email attachment or whatever) issue. Just that you should be consistent; if you block dropbox because people might abuse it then you should block USB sticks because people might abuse them. The threat hasn't changed just because the method has.
    Last edited by Roberto; 8th October 2012 at 03:11 PM.

  6. #20

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Do you have any sort of policies for BYOD such as USB sticks, phones, tablets, etc?

  7. #21
    flyinghaggis's Avatar
    Join Date
    Jan 2006
    Posts
    1,022
    Thank Post
    104
    Thanked 76 Times in 59 Posts
    Rep Power
    116
    Quote Originally Posted by Roberto View Post
    We supply staff with a remote desktop service that's available over the internet from home for precisely this reason. Data files never needs to leave our site.

    It's not for me to say what the right answer is to this online vs. USB (or email attachment or whatever) issue. Just that you should be consistent; if you block dropbox because people might abuse it then you should block USB sticks because people might abuse them. The threat hasn't changed just because the method has.
    We have remote access for staff as well via a similar method but there are always going to instances where staff claim they dont have an internet connection or compatible hardware/software at home to log into it.

    I agee with you on the point about consistency. The whole USB stick/Dropbox scenario basically boils down the the same problem of how to secure school data hence my thoughts that trying to secure the files/data at source and educating staff on the risks will probably ultimately be far more effective than blocking access to USB sticks and file sharing websites.

  8. #22
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    810
    Thank Post
    85
    Thanked 176 Times in 145 Posts
    Rep Power
    65
    Someone once said to me, create policy that stops people losing their job, rather than stops them doing their job. Really important to remember that.

    The technology or the social networks themselves are not bad, they are just sometimes used badly. It's usually a behaviour issue, not a technology one. I think that works for both sites that should be blocked, and ways of transporting data off site to be honest.

    Training is key, backed up by a sensible, and workable policy.

  9. Thanks to IrritableTech from:

    GrumbleDook (8th October 2012)

  10. #23

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,040
    Thank Post
    241
    Thanked 200 Times in 154 Posts
    Rep Power
    108
    Quote Originally Posted by flyinghaggis View Post
    We have remote access for staff as well via a similar method but there are always going to instances where staff claim they dont have an internet connection or compatible hardware/software at home to log into it.
    At this point, especially if what you had set up was what was agreed with your SLT as the one true way of doing things, I'd suggest that they enjoy the valuable learning experience on how you can't always get what you want. Our current RDP solution doesn't natively support mac clients which is a PITA for me personally as a Mac user, but that's the way the cookie crumbles.

    Quote Originally Posted by flyinghaggis View Post
    I agee with you on the point about consistency. The whole USB stick/Dropbox scenario basically boils down the the same problem of how to secure school data hence my thoughts that trying to secure the files/data at source and educating staff on the risks will probably ultimately be far more effective than blocking access to USB sticks and file sharing websites.
    I'd agree with that. It is a case of evaluating the risk v. reward as you stated earlier. It would be a shame to stop people being able to work on lesson plans or other innocent stuff how they want purely because of what someone else might do, and whether you put a ban/block into place or not, there's still a training issue as to why which for me suggests good quality training and a reasonably open stance are the way to go.
    Last edited by Roberto; 8th October 2012 at 03:51 PM.

  11. #24

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    11,197
    Thank Post
    1,806
    Thanked 2,217 Times in 1,635 Posts
    Rep Power
    802
    You can have all the policies in in the world you like, but without training and regular refresher training they are useless.

    Staff must understand the need to protect their personal identities, safeguarding risks and their obligations under the Data Protection Act.

    The DPA training needs to thoroughly rub in the financial penalties to which they, personally, will be liable in the event of a breach.

  12. Thanks to elsiegee40 from:

    Roberto (8th October 2012)

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Staff Access to ARD
    By mellowip1983 in forum Mac
    Replies: 10
    Last Post: 29th September 2011, 11:16 AM
  2. Staff access to student work folders
    By GoldenWonder in forum How do you do....it?
    Replies: 6
    Last Post: 2nd February 2011, 12:27 PM
  3. Giving Administrators and Staff access to Student Home Drives
    By madman070578 in forum Windows Server 2000/2003
    Replies: 6
    Last Post: 22nd October 2009, 07:51 PM
  4. Staff access to student work
    By AngryITGuy in forum Network and Classroom Management
    Replies: 31
    Last Post: 22nd June 2009, 12:57 PM
  5. Staff Access to Student Home Drives?
    By noser in forum Windows
    Replies: 15
    Last Post: 21st October 2008, 02:55 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •