+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
MIS Systems Thread, School Data Ownership in Technical; I am looking for a pointer to BECTA or DfEE guidance on the issue of the ownership of school data ...
  1. #1

    Join Date
    Mar 2013
    Location
    Coventry
    Posts
    10
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Question School Data Ownership

    I am looking for a pointer to BECTA or DfEE guidance on the issue of the ownership of school data that is being stored in MIS/Administrative/VLE systems. I seem to remember it came about when one of the MIS suppliers claimed that the data stored in their system was theirs. Anyone have any ideas, please.

  2. #2

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,714
    Thank Post
    1,784
    Thanked 2,170 Times in 1,605 Posts
    Rep Power
    770
    Quote Originally Posted by bencellis View Post
    I am looking for a pointer to BECTA or DfEE guidance on the issue of the ownership of school data that is being stored in MIS/Administrative/VLE systems. I seem to remember it came about when one of the MIS suppliers claimed that the data stored in their system was theirs. Anyone have any ideas, please.
    You need @GrumbleDook for chapter and verse on this

  3. #3
    TheScarfedOne's Avatar
    Join Date
    Apr 2007
    Location
    Plymouth, Devon
    Posts
    1,176
    Thank Post
    570
    Thanked 153 Times in 139 Posts
    Blog Entries
    78
    Rep Power
    80
    Where's the tiger, or @Dos_Box...
    Last edited by witch; 7th March 2013 at 07:57 AM.

  4. #4

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,388
    Thank Post
    368
    Thanked 637 Times in 519 Posts
    Rep Power
    158
    I would love a MIS/Administrative/VLE supplier to public state that they own your school (MIS) data. They wouldn't be trading by the end of the week. I've heard of companies providing the data in very unhelpful CSV format as a data dump prior to them destoring any copies they have.

  5. #5
    scholarpack's Avatar
    Join Date
    Jul 2010
    Location
    UK
    Posts
    191
    Thank Post
    12
    Thanked 30 Times in 20 Posts
    Rep Power
    38
    MIS companies should not own the schools data. The data belongs to the school, it's merely 'processed' by the MIS company.

    If you change MIS, as per the IMLS Framework, the MIS company has an obligation to help you export your data in a meaningful fashion.

  6. #6

    Join Date
    Mar 2013
    Location
    Coventry
    Posts
    10
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    IMLS Framework???

    Quote Originally Posted by scholarpack View Post
    MIS companies should not own the schools data. The data belongs to the school, it's merely 'processed' by the MIS company.

    If you change MIS, as per the IMLS Framework, the MIS company has an obligation to help you export your data in a meaningful fashion.

  7. #7

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    This goes back to data protection principles, so it is not school specific and so the ICO has chapter and verse on it. If you have a look through the "your obligations" section Data Protection Act - Guidance For Organisations - ICO it covers off most of the things you are likely to need to know.

    IIRC the clarification about use / processing of data was around a vendor wanted to use 'live' data (including pictures) without agreement with the data owner / data subjects (ie parents / children (both 13+ and under 13) / staff / other data subjects).

    The Data Owner (person granting authorisation to process the data) and Data Subject (the individual the data is about) are usually the same person in most walks of life. The DPA doesn't actually mention the Data Owner though ... it mentions the subject, personal data, the Data Controller and the Data Processor.

    Data is held in care by someone (the Data Controller) and rather than being an assigned individual it is usually the legal body (eg the school). It has to be dealt with as specified by the Data Controller in their Notification. Within that Notification they might say they will share it with others, allow them to process it, and even allow others to do what they want with it too ... but the person who has ownership of that data is the data subject (and their legal guardian - under 13 it is covered under EU law that the minor is not the owner but the parent and 13+ it is covered as Duty of Care by the parent / guardian but open to challenge by the minor).

    Simple terms. The Data Controller (the school) processes the data. They control how this is done, what other parties have access and how *they* process it, put in place the safeguards that no others can access / process it, and are responsible for ensuring that the requirements of the DPA are met. The MIS provider might say that they own it (which they don't) but they are still required to meet the criteria set out in the original Notification. If the school gives them access and the MIS provider then use it for marketing / training, and this was not one of the requirements then they are complicit in the school breaching the DPA.

    The other conversations around the issues were not on public forums so I can't dig out an archive or share, but I will see what FoI stuff was around from the questions if you need any more.

    The ICO is your friend in this though ... if you have an issue and you believe that a vendor is being difficult, or plain wrong in their approach, then the ICO helpline is a wonderful resource. Failing that, if you know the vendor has a copy of the data then you draft a template letter to all your parents so they can make DP requests for what data is held on them, how it is used and follow up with instructions to delete / remove. If the vendor fails to do this then you report each failure to the ICO and they risk being fined for each, individual failure.

  8. 4 Thanks to GrumbleDook:

    Marci (5th March 2013), Pico (6th March 2013), SovietRussia (6th March 2013), vikpaw (5th March 2013)

  9. #8

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Quote Originally Posted by bencellis View Post
    IMLS Framework???
    IMLS framework: advice and guidance - Schools for more information.

  10. #9

    Join Date
    Mar 2013
    Location
    Coventry
    Posts
    10
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Thank you for your help - very useful.

  11. #10

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,848
    Thank Post
    671
    Thanked 1,383 Times in 1,145 Posts
    Rep Power
    350
    Quote Originally Posted by bencellis View Post
    IMLS Framework???
    More info here: Something to keep an eye on from DfE

  12. #11

    GREED's Avatar
    Join Date
    Mar 2008
    Location
    Portsmouth
    Posts
    2,976
    Thank Post
    367
    Thanked 359 Times in 293 Posts
    Blog Entries
    8
    Rep Power
    173
    Would you say Microsoft owns your Word documents? An MIS is just a piece of software (or for me... a way of life!), should be treated as such. Schools own the data.

  13. #12

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    To add a clarification in here ...

    There are circumstances where a vendor might say we 'own' the data, when they actually mean they own the process of what you do with it. It might be that this is a 3 way agreement between parties (eg school, solutions provider, VLE) and the solutions provider gets the data from A to B. The solutions provider could be contractually obliged to ensure that only relevant data is moved, that they are responsible at the end of the arrangement (contract, project, etc) for ensuring that data is removed from the VLE (ie the provider no longer has agreement to process the data so it has to be stripped out as per DPA principle 5) and so on.

    All this should be written into contracts (including the Notification with the ICO), backed up with data processing agreements and involves clear communication.

    I am sure we can all point to when one or more of the above have been a problem. Again, to put things simply, if it is not written down, a clear process and backed up by the Notification then you don't do it!

  14. #13

    Join Date
    Jan 2007
    Posts
    100
    Thank Post
    0
    Thanked 34 Times in 23 Posts
    Rep Power
    21
    Quote Originally Posted by bencellis View Post
    I am looking for a pointer to BECTA or DfEE guidance on the issue of the ownership of school data that is being stored in MIS/Administrative/VLE systems. I seem to remember it came about when one of the MIS suppliers claimed that the data stored in their system was theirs. Anyone have any ideas, please.
    Are you able to give details on which MIS supplier claimed this?

    The ownership and responsibility for the data is the school's (unless they close, then it becomes the LA's)

  15. #14

    GREED's Avatar
    Join Date
    Mar 2008
    Location
    Portsmouth
    Posts
    2,976
    Thank Post
    367
    Thanked 359 Times in 293 Posts
    Blog Entries
    8
    Rep Power
    173
    Quote Originally Posted by Greg View Post
    Are you able to give details on which MIS supplier claimed this?

    The ownership and responsibility for the data is the school's (unless they close, then it becomes the LA's)
    I think we would all be keen to know this if an MIS did indeed claim this.

  16. #15

    Join Date
    Sep 2006
    Location
    London
    Posts
    1,318
    Thank Post
    35
    Thanked 351 Times in 237 Posts
    Rep Power
    78
    So if your data is in the cloud presumably it gets deleted if you stop paying? Even though the school owns it without doubt can someone else delete it?

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. How do you encrypt school data (and offer secure file deletion) ?
    By revilloc in forum How do you do....it?
    Replies: 3
    Last Post: 11th November 2009, 11:17 AM
  2. How Safe Is Your Schools Data ?
    By CPLTD in forum Internet Related/Filtering/Firewall
    Replies: 15
    Last Post: 11th August 2009, 07:18 PM
  3. Encryption of school data
    By Sylv3r in forum How do you do....it?
    Replies: 27
    Last Post: 12th May 2009, 09:10 AM
  4. Replies: 2
    Last Post: 2nd May 2006, 10:42 AM
  5. KS3 Import data (private school)
    By Simcfc73 in forum ICT KS3 SATS Tests
    Replies: 3
    Last Post: 24th March 2006, 10:38 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •