+ Post New Thread
Results 1 to 10 of 10
School ICT Policies Thread, Complience with the Data Protection Act on admin networks. in School Administration; I have been asked to gather the experiences and implementation of the storage and access of confidential documentation and information ...
  1. #1

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,855
    Thank Post
    583
    Thanked 2,162 Times in 987 Posts
    Blog Entries
    23
    Rep Power
    627

    Complience with the Data Protection Act on admin networks.

    I have been asked to gather the experiences and implementation of the storage and access of confidential documentation and information stored on school networks.
    Do you have a document management system? Or you just have a network share with file permissions? Is it backed up to a separate medium? Do you even know about how to comply with the DPA?
    Please let me know here as it is a subject many are watching with interest.

  2. #2

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,403
    Thank Post
    638
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319

    Re: Complience with the Data Protection Act on admin network

    Admin, Staff, and Student shared folders with share-level and filesystem-level permissions on the main shares and subdirectories. Group-based appropriate permissions are reviewed as and when required.

    It is backed up to tape along with the rest of the drives on the servers.

    Yes we are aware of the DPA.

    Our MIS system is SIMS .net and user access is granted as and when needed and with correct permissions set.

  3. #3

    maniac's Avatar
    Join Date
    Feb 2007
    Location
    Kent
    Posts
    3,037
    Thank Post
    209
    Thanked 425 Times in 306 Posts
    Rep Power
    144

    Re: Complience with the Data Protection Act on admin networks.

    Depends on what type of informaton is in question.

    Student information is held in Facility CMIS and relevant information is available to the right staff by use of the roles within CMIS. Staff also have access to selected information through Facility E-Portal. All of these systems are passworded in the normal manner, with regular password changes encouraged.

    For confidential and highly priveledged information such as staff contracts, pay details etc. these are held in the Business managers and HR managers personal home folders on the network which have the security permissions set accordingly. There are also areas of the public share secured for access only by selected staff for the sharing of this type of information, although generally most of it is shared by e-mail.

    For less sensitive information, we have a public share which is accessible by all staff which is used for sharing less sensitive, but still priveledged information such as staff handbooks, timetable information, IEPs etc.

    All our data is backed up by a tape backup system, tapes are securely stored in a safe, and a code is required to remove a tape from the drive. A password is also required to perform a restore from the tape, which is known by me and the systems co-ordinator only, but is recorded in the safe in a sealed envelope (slight flaw, but necessary) The server room is also locked and only selected people have access to it.

    We are looking at implementing a document server at some point soon to tidy up and streamline our messy document management, but teaching staff and encouraging them to use it might be a big hurdle.

    Mike.

  4. #4

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,855
    Thank Post
    583
    Thanked 2,162 Times in 987 Posts
    Blog Entries
    23
    Rep Power
    627

    Re: Complience with the Data Protection Act on admin networks.

    Fantastic. just the info I need. Keep it coming guys. Please also note the poll on the homepage.

  5. #5
    daveyboy's Avatar
    Join Date
    Jun 2005
    Location
    Bath / Bristol
    Posts
    278
    Thank Post
    37
    Thanked 19 Times in 17 Posts
    Rep Power
    22

    Re: Complience with the Data Protection Act on admin networks.

    Quote Originally Posted by maniac
    Student information is held in Facility CMIS and relevant information is available to the right staff by use of the roles within CMIS. Staff also have access to selected information through Facility E-Portal. All of these systems are passworded in the normal manner, with regular password changes encouraged.
    Ditto.

    All confidential info is on a networked folder with which have the security permissions set accordingly. I need three signatures to change these or give others access (Headmaster, Director of ICT and Myself). Backup (along with CMIS) is seperate from the main & encripted - No details there - sorry!


    For less sensitive information, we have a public share which is accessible by all staff which is used for sharing less sensitive, but still priveledged information such as staff handbooks, timetable information, IEPs etc.
    Ditto.

    This and other data is backed up by a tape backup system, tapes are stored in a safe. No password is needed to perform a restore from the tape, but each tape is signed in and out.

    There is always one complete backup off site - Weekly

    The server room is also locked and only the team, Director of ICT and the Site Manager (No Problems there ) have acces to it.

    Oh, and I keep an medieval axe and a chopping board in the office for the fingers of people who try to get in the Server room and touch things they have no idea about.

  6. #6

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,855
    Thank Post
    583
    Thanked 2,162 Times in 987 Posts
    Blog Entries
    23
    Rep Power
    627

    Re: Complience with the Data Protection Act on admin networks.

    Another quick question is 'who decides what is confidential or not?'.

  7. #7
    daveyboy's Avatar
    Join Date
    Jun 2005
    Location
    Bath / Bristol
    Posts
    278
    Thank Post
    37
    Thanked 19 Times in 17 Posts
    Rep Power
    22

    Re: Complience with the Data Protection Act on admin network

    For us - Headmaster, Director of ICT, Senior Finance Officer and Myself.

  8. #8

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594

    Re: Complience with the Data Protection Act on admin networks.

    Presently we use file permissions for documents or keep the data directly on the MIS and only use it when needed (and then destroyed if required). The MIS has groups allocated so that only the right staff have the right access.

    Confidentiality is decided by the Data Controller (me), the Business Manager, the Head or other nominated person in the school (SENCO, Child Protection Officer, etc) based on Govt legislation or LA policy (or common sense when no guidance or laws stipulate control!)

  9. #9

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,855
    Thank Post
    583
    Thanked 2,162 Times in 987 Posts
    Blog Entries
    23
    Rep Power
    627

    Re: Complience with the Data Protection Act on admin networks.

    This is proving interesting. I'm doing the introduction to this seminar, are there any open questions any of you want to raise in a public forum about questions you have about the DPA?

  10. #10

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594

    Re: Complience with the Data Protection Act on admin networks.

    How does DPA and relevant guidance (see thread about flat networks) change how schools may plan, structure, deploy and maintain their networks?

SHARE:
+ Post New Thread

Similar Threads

  1. Changes to data protection act
    By sjplot in forum Network and Classroom Management
    Replies: 18
    Last Post: 5th October 2007, 11:19 AM
  2. Folder access - Data Protection Act - How do you do it?
    By Paid_Peanuts in forum How do you do....it?
    Replies: 7
    Last Post: 29th August 2007, 11:39 AM
  3. Stateside Hosting, Data Protection, etc...
    By plexer in forum Web Development
    Replies: 0
    Last Post: 17th May 2007, 09:48 AM
  4. Backups - Data Protection Manager
    By fooby in forum How do you do....it?
    Replies: 4
    Last Post: 14th December 2006, 10:45 AM
  5. Data Protection Act - re: Remote Access
    By mark in forum School ICT Policies
    Replies: 18
    Last Post: 26th September 2005, 07:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •