School ICT Policies Thread, Student info requested by external (local gov) agencies in plain text. in School Administration; I (as you'd expect) said no and mentioned that we were willing to provide the data if it was sent ...
6th July 2009, 02:02 PM #1
Student info requested by external (local gov) agencies in plain text.
I (as you'd expect) said no and mentioned that we were willing to provide the data if it was sent via secure means, encrypted and stored securely at the other end, but their current methods include printing and posting or via excel attached to an email.
I expect some pushback from them and will work with them for an acceptable solution, but I'll be damned if we're going to be the school who's pupil details get into the public domain.
How many of you are running into local government/local government-affiliated quangos/bodies that aren't fulfilling their data protection obligations and are making requests of schools (sending pupil data in the clear) that would get said school into trouble?
IDG Tech News
6th July 2009, 03:19 PM #2
Which government body/quango in question?
6th July 2009, 03:56 PM #3
I'll decline to answer that for the moment, since I'm hoping we can settle this amicably and educate them along the way. It's a local gov-affiliated org, rather than a national one.
Originally Posted by webman
6th July 2009, 04:08 PM #4
No, No, No, No, No!!!!
Schools can use S2S or other secure systems to transfer files to the LA or between LAs (or things like AVCO).
The other problem I have seen (in fact just had an email asking me to investigate) is that some LA / RBC filters block password protected zip files and so you *cannot* email them across.
An option I would suggest people look at is a password-protected area of their website, drop the password protected file into it, send the link or give a ring to the LA/third party, give them the URL and password, they download and then get the zip password, they unzip and you delete the file off your server. If possibly do it over https too ...
3rd party companies should really have their own drop box for things like this anyway and I have to admit I have failed to renew products due to their position on security of data.
6th July 2009, 05:29 PM #5
Encrypted Office files do pass through our LEA email without issue. Office 2007 has 128-bit AES as an option, so we'll probably go down that route and then phone across with the password (which won't be the default, easily guessed one they wanted us to use).
Of course, I bet they can't open Office 2007 documents.
Secondary question which may or may not apply in this case:
If you know/strongly suspect that they won't be keeping the data securely after they've recieved it, is it reasonable to refuse?
By Hightower in forum Educational IT Jobs
Last Post: 13th January 2009, 12:05 PM
By somabc in forum General Chat
Last Post: 11th December 2008, 10:05 AM
By FN-GM in forum General Chat
Last Post: 19th September 2007, 05:31 PM
By Norphy in forum How do you do....it?
Last Post: 10th November 2006, 01:24 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)