Hi
We are abvut to launch Sims Learning Gateway to parents and students and I was wondering what protection measures others have taken when issuing usernames and passwords to access data over the web?
Have you done it face to face, kept separation in user name and password by sending it via post or email or ????
Also does anyone know the ICO view on this and what we are obliged to do under Data Protection Act?
We advise our schools to update their AUP for teachers and students to include SLG and use thses as a template for a parents UAP. Make sure parents realise the implications of the data they have access to falling into the wrong hands and that they accept responsability for keeping it safe (same with staff and students). This is to protect students and the school.
Our advice is to do this face to face (parents evenings combined with training sessions?) or via reception with acceptable proof of id and get the AUP signed before the account details are passed over.
We also took a step further and implemented our own secure (session terminating) log out to SLG rather than rely on TMG as the session could still be open until timeout and potentially potentially accessible via the browser cache on a public computer.
I like the idea of sending username and password separately.
Send username in the letter that explains it all, then hand out password at a parents evening as mentioned, it's a great idea to combine training with a parents evening.
For data protection, it's their data, so you just need to make sure you only give access to the correct people, make sure it's complex enough to not be guessed, and give an easy method for them to have it changed, should the post-it note they wrote it on, fly out the window.
We issued parents with usernames and a copy of the AUP. If they agreed to the AUP we then released the password either face to face at parents evening or within an email to their priority email address held in SIMS. Worked really well. Had a guide available on our website which worked well. We offered training if they wanted it at parents evening, and only 2 took us up on the offer out of 400 parents rest were content in using the guide. Feedback received was positive, got the odd person not keen on using on line report and want it printed.
Didnt have a massive support impact on us, got the odd password reset but nothing major.
Almost all the schools that have adopted our parent portal (MyChildAtSchool) chose to distribute usernames and passwords face to face.
TIming the launch to coincide with the usual round of parents meeting allowed them to maintain a degree of security "plus" it raised the profile of the delivery of the service to a very good degree.