+ Post New Thread
Results 1 to 14 of 14
School ICT Policies Thread, Data Protection Discussion in School Administration; Hi folks A brief pop back in to bring you the next installment on Data Protection changes. Becta have updated ...
  1. #1

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,933
    Thank Post
    1,339
    Thanked 1,782 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594

    Data Protection Discussion

    Hi folks

    A brief pop back in to bring you the next installment on Data Protection changes.

    Becta have updated their page on Data Protection guidance and I hope to be running an online discussion on this next tuesday from 4-6pm.

    We hope to have a representative from IX Associates (the company that worked on this for BECTA and who have performed a significant amount of data protection work within Europe) to help discuss the impact on schools.

    Places will be limited so I may have to be selective about participants depending on demand.

    Please PM me if you wish to take part in the discussion. It will be worth your while to be ahead of the game. Any good examples of the use of technology at end-point (client) or enteprise level appreciated.

  2. 5 Thanks to GrumbleDook:

    elsiegee40 (3rd September 2008), KWestos (3rd September 2008), leco (3rd September 2008), russdev (5th September 2008), tmcd35 (22nd October 2009)

  3. #2

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,680
    Thank Post
    516
    Thanked 2,451 Times in 1,897 Posts
    Blog Entries
    24
    Rep Power
    832
    I've passed this on to my boss, who now looks very unhappy. She usually glances over things that I give her, but this one she is going to read intently.

    Does the whole labelling of different levels of data mean that schools have to label all the hard copy documents in personal files? What about SIMS - there isn't IL labelling in there?

    What about teachers who collect their data in excel sheets, and print them off for other teachers? Should that also be labelled?

    This entire thing seems like a massive undertaking.

  4. #3

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,933
    Thank Post
    1,339
    Thanked 1,782 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    One of the key things to remember is that the law hasn't changed ... but examples of practice have shown to be at fault, meaining everyone has to be more aware of the letter of the law and tighten things up.

    I am meeting (shortly) with IX Associates and will have a look at some of the examples in more depth and feedback. I should be able to get these full guidance over to those that are taking part so they get it early, but the summary sums up most of the key points ...

    Yes, it will mean operational and technical changes, more so for some schools than others but I doubt if there will be a single school that is not affected.

    The guidance will cover examples of technology and operational changes rather than just leaving you to your own devices. Where possible I will build this in to a number of tutorials for change if they don't already exist within the guidance. The important bit about this discussion next week is that it will be a chance to ask questions and say what you have already done before these documents have come out.

  5. #4
    Andie's Avatar
    Join Date
    Sep 2006
    Location
    Cambridgeshire
    Posts
    794
    Thank Post
    167
    Thanked 66 Times in 49 Posts
    Rep Power
    30
    "Becta recognises that conflicts exist in existing policy, practice, technology and budgets." From Becta: "Good practice in information handling in schools: Keeping data secure, safe and legal", September 2008

    Too right they do! We are short of man hours and money to be able to implement this properly, and when we try there are staff who simply don't get the fact that they must keep the information on "their" laptops and USB pen drives secure.

    Another headache for the start of term! But thanks anyway for bringing all this to our attention and for trying to help us make sense of it all.

  6. #5

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,933
    Thank Post
    1,339
    Thanked 1,782 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Yes ... we are short on staff to do this, time to train staff and money to get the software we really could do with. SNAFU.

    If you want some even quicker 'quick wins' then I wrote the following at the start of the summer but was waiting for a bit more info before sticking them up here ...
    Review of Information security guidance for schools

    After a number of serious breaches of Data Protection by officials at Central Govt., Govt. agencies, Local Govt. and associated organizations, a review was issued to examine how these breaches can be limited in future and dealt with accordingly.

    The review, Data Handling Procedures in Government: Final report, has identified a systemic failure by multiple sectors to control and acknowledge the importance of data. All sectors of Central Govt. have been instructed to review policies and procedures and to issue subsequent instructions and guidance to their respective sectors.

    Becta, the education technology agency, have been commissioned by the DCSF to provide guidance to schools on how to comply with the mandatory minimum measures from this review . They will be working with LGA on guidance within Local Authorities.

    This guidance will be released by the end of August, but in the meantime,the following actions would be helpful for most schools to follow until guidance is issued.

    1 – Schools need to identify Information Asset Owners. These are staff who control who has access to data within the school. This will be (and not exclusively) the Headteacher, the nominated Data Controller, the Child Protection Officer, the SEN Coordinator, the nominated financial officer and a technical manager or partner with responsibility for implementing the technology holding or managing this data.

    2 – Schools need to assess which members of staff are allowed due access to data controlled by the above and ensure that they have sufficient training and instruction on the access and use of this data. Schools also need to ensure that when staff roles change that this access is reviewed.

    3 – Schools need to issue staff with instructions about which data may be safely viewed outside of the school premises. Further guidance will be issued about these data classes but anything regarded ‘Secret’ or ‘Highly Confidential’ should not be accessible outside of the school at this time without sufficient security technology being in place.

    4 – With immediate effect the practice of sending unsecured, non-anonymous student data via email across the internet should stop.

    5 – With immediate effect the practice of using portable devices, such as external hard drives and USB memory, to hold student data in transport should stop until sufficient security technology is put in place.

    6 – The above guidance, which is based on electronic access to sensitive or personal data should be considered good practice for the majority of hard copy access to the same data.
    None of the above contradicts the summary and could be used as a more friendly start (if you *really* need somethign more friendly than Appendix A - Quick wins for data handling compliance.)

  7. 2 Thanks to GrumbleDook:

    leco (3rd September 2008), Sylv3r (5th September 2008)

  8. #6


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,637
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    Funding this, especially wrt to long-term log-keeping (currently 3-6 months here, depending on log in question) is going to be interesting. Even more interesting is checking that what teachers say they have == what they actually have.

    What happens to Network Managers / IT Technicians in schools where the SMT continues to ignore the data protection requirements (no, not here)? I assume the IT staff would be expected to report such activity to the LEA/Local Gov? Many will be left in untenable positions. Resign and work somewhere responsible, risk being associated with the local government data protection blunder or unable to get a reference from a school because you got them into trouble.

    *buys shares in IronKey*

  9. #7

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,933
    Thank Post
    1,339
    Thanked 1,782 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    As with all these things the responsibility is with the Head teacher and the nominated Data Protection Officer. There are whistleblower schemes for pretty much everything in the public sector nowadays and this will be no different, but the important thing is to do as you would normally do. Raise the issue, give advice on how it can be addressed and then document the response. Whether you take it further is up to you to some extent and I would not like to presume to tell you what to do in the circumstances you outlined above. (I know ... cop out ... but it is for *my* protection)

  10. #8

    Sylv3r's Avatar
    Join Date
    Jul 2005
    Location
    Co. Durham
    Posts
    3,206
    Thank Post
    372
    Thanked 377 Times in 335 Posts
    Rep Power
    148
    Good discussion here.

    I would also advise all schools to have this sort of documentation put together if possible also, as I would imagine it won't be long before the likes of OFSTED are asking for evidence that data protection is been adhered to in schools.

    Before I am going to give access to my staff from home to student details, staff details from our VLE using the SIMS webparts I will be insisting the staff sign a proforma..... that reminds me something else I have to add to the job list to do!

  11. #9

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,787
    Thank Post
    1,789
    Thanked 2,180 Times in 1,615 Posts
    Rep Power
    771
    Thanks for this... I shalll print it off tomorrow to try and hope it makes the SMT take my concerns more seriously.

  12. #10

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,933
    Thank Post
    1,339
    Thanked 1,782 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    A bit of a bump on this. I want to finalise numbers by the end of the day. We will have IX Associates there (who have prepared the guidance for Becta) and we hope to have Becta present too.

    Alex has been a star and given us access to have a few more present now so I will be opening this up via a few other areas, so get in quick. Thanks for those that have responded so far.

  13. #11

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,933
    Thank Post
    1,339
    Thanked 1,782 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594
    Another quick bump.

    I am looking for someone who has implemented, or is presently planning to implement :

    a) enterprise wireless security
    b) remote access to the school systems (either via VPN or https front end to terminal / citrix services)

  14. #12

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    Yes to both...

  15. #13


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,637
    Thank Post
    275
    Thanked 777 Times in 604 Posts
    Rep Power
    223
    have done a), am considering b)

  16. #14

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,922
    Thank Post
    709
    Thanked 551 Times in 366 Posts
    Blog Entries
    3
    Rep Power
    204
    We are planning both here..

    Russ

SHARE:
+ Post New Thread

Similar Threads

  1. Data Protection Policies
    By EduTech in forum Wiki Announcements
    Replies: 1
    Last Post: 16th March 2012, 10:42 AM
  2. Update on Data Protection
    By GrumbleDook in forum School ICT Policies
    Replies: 8
    Last Post: 7th July 2008, 01:50 PM
  3. Changes to data protection act
    By sjplot in forum Network and Classroom Management
    Replies: 18
    Last Post: 5th October 2007, 11:19 AM
  4. Stateside Hosting, Data Protection, etc...
    By plexer in forum Web Development
    Replies: 0
    Last Post: 17th May 2007, 09:48 AM
  5. Backups - Data Protection Manager
    By fooby in forum How do you do....it?
    Replies: 4
    Last Post: 14th December 2006, 10:45 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •