Poll: How well does your school comply with it's Data Protection obligations?

+ Post New Thread
Results 1 to 6 of 6
School ICT Policies Thread, Data protection - how are we doing? in School Administration; Just a quick poll to see how everyone's doing wrt data protection. I know it's not an IT-only thing and ...
  1. #1


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,638
    Thank Post
    275
    Thanked 778 Times in 605 Posts
    Rep Power
    223

    Data protection - how are we doing?

    Just a quick poll to see how everyone's doing wrt data protection. I know it's not an IT-only thing and requires SMT support (or IT/Data Protection Officer poking SMT with a big stick) to work.
    Last edited by pete; 11th May 2010 at 03:43 PM.

  2. #2

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,935
    Thank Post
    1,341
    Thanked 1,783 Times in 1,106 Posts
    Blog Entries
    19
    Rep Power
    594
    Being pedantic ... you should have a SIRO now, not a Data Protection Officer and it should be a member of your SMT. There will be lots of Information Asset Owners though ... and you will be one of them. But yes ... poking .. stick .. big one.

  3. #3


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,638
    Thank Post
    275
    Thanked 778 Times in 605 Posts
    Rep Power
    223
    SIRO appears to be a board/senior-management level advocate of DP best practises, who (reading between the lines) delegates most of the work to the DP Officers / Asset owners, but takes overall responsibility?

    I have an informal DP champion in SMT who I pressganged, but nothing official.

  4. #4

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,935
    Thank Post
    1,341
    Thanked 1,783 Times in 1,106 Posts
    Blog Entries
    19
    Rep Power
    594
    From the Becta Guidance document http://schools.becta.org.uk/upload-d...n_handling.pdf from Becta Schools - Leadership and management - Data management - Data handling security guidance for schools

    2.1 Senior Information Risk Owner (SIRO)

    The Senior Information Risk Owner (SIRO) is a senior member of staff who is familiar with information risks and the organisation’s response. Typically, the SIRO should be a member of the senior leadership team and have the following responsibilities:

    • They own the information risk policy and risk assessment
    • They appoint the Information Asset Owners (IAOs)
    • They act as an advocate for information risk management.

    The Office of Public Sector Information has produced Managing Information Risk [http://www.nationalarchives.gov.uk/s...tion-risk.pdf] to support SIROs in their role.

    The key chunk is that they *own* the information risk policy. Typically they will be the person registered with the ICO in the role of Data Protection Officer (still used as a legacy term de to legal needs for existing legislation but all new jobs in the public sector taking on this role are covered as SIROs) and they are the first point of legal redress in the institute. Depending on the size of the school you may find it as the Head, the Bursar and even the Chair of Governors at times.

    You can check with the ICO what is registered in the Register of Data Controllers to see what data you state (as a school) you are using. Information Commissioners - Data Protection Public Register

    Enforcement cases - Data Protection Act (DPA) - ICO gives you some examples of ICO taking organisations to task.

    I can't find the relevant docs at the moment which point specifically to the Data Controller (ie the institute or company) being fined and where it refers specifically to the registered SIRO / Data Protection Officer. They are on the ICO site and a few LAs have some really good advice out there.

  5. #5
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    897
    Thank Post
    813
    Thanked 19 Times in 17 Posts
    Rep Power
    10
    Dredging up the past here, but with Becta gone, is a SIRO still required?

  6. #6

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,935
    Thank Post
    1,341
    Thanked 1,783 Times in 1,106 Posts
    Blog Entries
    19
    Rep Power
    594
    SIRO is a generic term used within Data Protection, you will also see the term Data Controller but that is frequently used to specify a person dealing with a set of data, and not always the person who the buck ultimately stops with.

SHARE:
+ Post New Thread

Similar Threads

  1. Data Protection - Transfer data to others
    By Dancer in forum School ICT Policies
    Replies: 3
    Last Post: 17th March 2010, 12:33 AM
  2. Data protection
    By beeswax in forum General Chat
    Replies: 6
    Last Post: 24th April 2009, 02:18 PM
  3. Data Protection
    By Ben_Stanton in forum School ICT Policies
    Replies: 8
    Last Post: 11th December 2008, 01:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •