Yes, and we said no / worked a compromise
Yes, and we ended up having to send it in the clear
No, and we wouldn't send it unencrypted/secure
No, but we probably would end up having to send it in the clear
I (as you'd expect) said no and mentioned that we were willing to provide the data if it was sent via secure means, encrypted and stored securely at the other end, but their current methods include printing and posting or via excel attached to an email.
I expect some pushback from them and will work with them for an acceptable solution, but I'll be damned if we're going to be the school who's pupil details get into the public domain.
How many of you are running into local government/local government-affiliated quangos/bodies that aren't fulfilling their data protection obligations and are making requests of schools (sending pupil data in the clear) that would get said school into trouble?
Which government body/quango in question?
I'll decline to answer that for the moment, since I'm hoping we can settle this amicably and educate them along the way. It's a local gov-affiliated org, rather than a national one.Originally Posted by webman
No, No, No, No, No!!!!
Schools can use S2S or other secure systems to transfer files to the LA or between LAs (or things like AVCO).
The other problem I have seen (in fact just had an email asking me to investigate) is that some LA / RBC filters block password protected zip files and so you *cannot* email them across.
An option I would suggest people look at is a password-protected area of their website, drop the password protected file into it, send the link or give a ring to the LA/third party, give them the URL and password, they download and then get the zip password, they unzip and you delete the file off your server. If possibly do it over https too ...
3rd party companies should really have their own drop box for things like this anyway and I have to admit I have failed to renew products due to their position on security of data.
Encrypted Office files do pass through our LEA email without issue. Office 2007 has 128-bit AES as an option, so we'll probably go down that route and then phone across with the password (which won't be the default, easily guessed one they wanted us to use).
Of course, I bet they can't open Office 2007 documents.
--
Secondary question which may or may not apply in this case:
If you know/strongly suspect that they won't be keeping the data securely after they've recieved it, is it reasonable to refuse?
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote