+ Post New Thread
Results 1 to 10 of 10
MIS Systems Thread, Teachers sharing SIMS logons in Technical; Excuse my ignorance, is this against the DPA ? I was under the impression it was and would like some ...
  1. #1

    Theblacksheep's Avatar
    Join Date
    Feb 2008
    Location
    In a house.
    Posts
    1,919
    Thank Post
    131
    Thanked 287 Times in 208 Posts
    Rep Power
    193

    Teachers sharing SIMS logons

    Excuse my ignorance, is this against the DPA?

    I was under the impression it was and would like some clarification.

  2. #2
    Jamman960's Avatar
    Join Date
    Sep 2007
    Location
    London/Kent
    Posts
    987
    Thank Post
    185
    Thanked 194 Times in 156 Posts
    Rep Power
    45
    Wouldn't have thought it was against the DPA as I assume they all have a good reason to be accessing the data unless they are using other accounts because they hold more access rights than their own accounts.

    This sort of thing would should probably be dealt with via AUP's etc really

  3. Thanks to Jamman960 from:

    Theblacksheep (8th September 2011)

  4. #3


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,619
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    It's an offence under the Computer Misuse Act if they're using it to gain additional access.

    Computer Misuse Act 1990

    Otherwise it's a HR/AUP problem.

  5. Thanks to pete from:

    Theblacksheep (8th September 2011)

  6. #4

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,922
    Thank Post
    1,332
    Thanked 1,774 Times in 1,101 Posts
    Blog Entries
    19
    Rep Power
    593
    It is also in breach of DPA too - principle 7.
    Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
    Each account on SIMS is allocated to a user based on their need to access (process) data and to use the account of anyone else would be unauthorised. If they have been told by the SIRO / Head to use teh account of someone else then this could be counted as authorisation, but it puts into question the organisational measures, which can (and will) be challenged by the ICO in the event of a breach.

  7. Thanks to GrumbleDook from:

    Theblacksheep (12th September 2011)

  8. #5

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,843
    Thank Post
    671
    Thanked 1,381 Times in 1,143 Posts
    Rep Power
    349
    It could be okay, if they have the same level of access, as they aren't gaining extra access, which as above is not allowed. The problem is ensuring they have the same access, as it's too easy for someone to be given extra access on request, or if their role changes slightly.

    To just gain access to basic data, i would say it's okay, and if it's a time saving thing, it could be worth setting up a generic account with the basic access. We did this in the staff room of a previous school, set to auto-login to windows and via AD to SIMS. To save staff needing to log in themselves. This had physical security in place and would be locked or off at night.

    In a classroom environment, my concern would be the auditing; anyone that can edit data, which even class teachers can do for basic data, there is little auditing of who did what. So if two people use the same account, then how do you ensure the data is safe, and if it gets botched, who is responsible? This would then be a breach.

    Also, for attendance recording, the system needs to record who took the register and any subsequent changes. I think this is a legal requirement. I have suspected for some time that SIMS doesn't record accurately when a register is taken by someone else, but haven't been able to confirm. So this would be something to be aware of as well.

  9. #6

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,843
    Thank Post
    671
    Thanked 1,381 Times in 1,143 Posts
    Rep Power
    349
    Read on supportnet about a school in southampton area being in breach of DPA for using SIMS single sign on. Anyone explain that one...?

  10. #7

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,922
    Thank Post
    1,332
    Thanked 1,774 Times in 1,101 Posts
    Blog Entries
    19
    Rep Power
    593
    Quote Originally Posted by vikpaw View Post
    Read on supportnet about a school in southampton area being in breach of DPA for using SIMS single sign on. Anyone explain that one...?
    Already covered in As if we haven't seen this coming for some time! thread ...

  11. Thanks to GrumbleDook from:

    vikpaw (12th September 2011)

  12. #8

    Join Date
    May 2011
    Location
    Jus North of London, close but not too close
    Posts
    717
    Thank Post
    170
    Thanked 53 Times in 51 Posts
    Rep Power
    34
    We got told by Capita that we could not use Generic accounts probably because of Data Protection and tracebility issues. I something dodgy is put on a students SIMS profile the tracebility has dissappered. I would highly advise against generic accounts or sharing of SIMS logins.

  13. #9

    creese's Avatar
    Join Date
    Feb 2009
    Location
    -28 31' 48.89", +28 25' 37.42" ... if only.
    Posts
    3,201
    Thank Post
    174
    Thanked 371 Times in 301 Posts
    Rep Power
    173
    Quote Originally Posted by Davit2005 View Post
    We got told by Capita that we could not use Generic accounts probably because of Data Protection and tracebility issues. I something dodgy is put on a students SIMS profile the tracebility has dissappered. I would highly advise against generic accounts or sharing of SIMS logins.
    Logging who did what is limited in the extreme, except in the Dinner Money module.

  14. #10

    Join Date
    Oct 2005
    Location
    hey hey hey, stay outta my shed. STAY OUT OF MY SHED.
    Posts
    1,004
    Thank Post
    237
    Thanked 190 Times in 146 Posts
    Rep Power
    106
    I think its incredibly bad practice but, as has been mentioned already, it need not be "illegal" in itself. It contains the potential for bad stuff to happen though.

    The question I would ask is why are they sharing? Is there a problem there with one person's access or with a workflow that would currently be too awkward otherwise that needs to be fixed.

SHARE:
+ Post New Thread

Similar Threads

  1. [SIMS] Deployment of SIMs
    By jumpinjamez in forum MIS Systems
    Replies: 126
    Last Post: 17th April 2012, 07:35 PM
  2. [SIMS] SIMS and online registration
    By alexknight in forum MIS Systems
    Replies: 28
    Last Post: 25th March 2011, 12:33 PM
  3. What do you allow Teachers to view in Sims.
    By Disease in forum MIS Systems
    Replies: 18
    Last Post: 13th December 2007, 10:04 PM
  4. [SIMS] sims ldf file nearly 17 gig
    By edie209 in forum MIS Systems
    Replies: 11
    Last Post: 22nd November 2007, 10:30 PM
  5. Replies: 3
    Last Post: 6th November 2006, 07:50 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •