+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
School ICT Policies Thread, Data Protection Act - re: Remote Access in School Administration; At our local Secondary Heads meeting it was stated that no-one should access pupil data remotely as this contravenes the ...
  1. #1
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,946
    Thank Post
    235
    Thanked 48 Times in 44 Posts
    Blog Entries
    2
    Rep Power
    45

    Data Protection Act - re: Remote Access

    At our local Secondary Heads meeting it was stated that no-one should access pupil data remotely as this contravenes the Data Protection Act.

    Yes - that would apply to staff that legally shouldn't access data not required of thier job function - maybe Heads too - how does it affect them?

    Can anyone help me here?

  2. #2

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,873
    Thank Post
    650
    Thanked 534 Times in 353 Posts
    Blog Entries
    3
    Rep Power
    200

    Re: Data Protection Act - re: Remote Access

    dont think it would and is part of betca draft docs that they can access it..

    data protection so that people who should not have access to it can not access it and that only relevant people can access it i.e teacher should not be able to access pay info for staf but should be able to access pupil test scores.

    russ

  3. #3

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,478
    Thank Post
    527
    Thanked 1,996 Times in 935 Posts
    Blog Entries
    23
    Rep Power
    576

    Re: Data Protection Act - re: Remote Access

    How do you mean remotely? Over a LAN or WAN? If you look at the Becta presentation recently posted on the forum Becta want staff to have remote access to this information, should they have a need to and the relevent authorization. The problem with the DPA is that everyone knee jerked and forbid everything when most of it was about restricting who go to see the informantion.
    Try here for more info.

    http://www.informationcommissioner.gov.uk/

  4. #4
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,946
    Thank Post
    235
    Thanked 48 Times in 44 Posts
    Blog Entries
    2
    Rep Power
    45

    Re: Data Protection Act - re: Remote Access

    I mean form outside the WAN. Like me remotely accessing the site from home. Once in, with my credentials It is possible to access everything of course.

    http://demserv.in.powys.gov.uk/dataprot/dpp.pdf

    Section 6 actaully states that we hold Pupil data and may transfer it over the Internet...

  5. #5

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,478
    Thank Post
    527
    Thanked 1,996 Times in 935 Posts
    Blog Entries
    23
    Rep Power
    576

    Re: Data Protection Act - re: Remote Access

    Bad link.

  6. #6
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,946
    Thank Post
    235
    Thanked 48 Times in 44 Posts
    Blog Entries
    2
    Rep Power
    45

    Re: Data Protection Act - re: Remote Access

    sorry - internal link

    here it is again:
    Attached Files Attached Files

  7. #7
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,946
    Thank Post
    235
    Thanked 48 Times in 44 Posts
    Blog Entries
    2
    Rep Power
    45

    Re: Data Protection Act - re: Remote Access

    relevant clause:

    Transfers: Worldwide
    Via Internet ( E,G, Examination Results)

  8. #8

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,192
    Thank Post
    53
    Thanked 270 Times in 178 Posts
    Rep Power
    131

    Re: Data Protection Act - re: Remote Access

    Quote Originally Posted by russdev
    dont think it would and is part of betca draft docs that they can access it..

    data protection so that people who should not have access to it can not access it and that only relevant people can access it i.e teacher should not be able to access pay info for staf but should be able to access pupil test scores.

    russ
    In a previous life - I was at a presentation by the Data Reg people - and (at that time anyway) their view was that it was a tool for thinking about who should have access and why, and then declaring that publicly and sticking to your declaration. Pretty much not about restricting access at all. They clearly stated that data that wasn't personal in content (ie that was anonomous or was related to a position or organisation rather than an actual person was not covered at all.

  9. #9

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,881
    Thank Post
    1,316
    Thanked 1,738 Times in 1,087 Posts
    Blog Entries
    19
    Rep Power
    563

    Re: Data Protection Act - re: Remote Access

    The sticking point for me on the DPA is that people (ie staff and parents) tend to think that it means that you are obliged not to let anyone see anything.

    Once you set out what information you have, what you use it for, who is allowed to access and update which portions then the security of the data is guided by this.

    One obvious issue is allowing staff access to data at home. Staff want to update stuff from home ... we know this ... but we have to make every reasonable effort to keep it secure. The same priveleges that allow staff to access home addresses and disciplinary records of students whilst in school mean, for most MIS, that they have the same access at home.

    The question is does that breach the declaration you have made? If you run access through a VPN with encryption then yes ... if it is through a web browser on good old-fashioned http then no ...

    But what is to stop staff running a report of home addresses and taking it home anyway? The same with other information ... or even email it to themselves ... or stick it on a USB key which they also pass round the class to collect homework (this was done just before the holidays ....)

    The key phrase I suppose is that you have taken every reasonable action to ensure the correct use and security of data within the school.

  10. #10

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,582
    Thank Post
    107
    Thanked 761 Times in 592 Posts
    Rep Power
    180

    Re: Data Protection Act - re: Remote Access

    Don't forget that under the new Freedom of Information Act, etc. you should really have a policy that states what information you will be holding about anyone and what process is in place for the retrieval of that information if the person to whom that information ascertains to requests it.

  11. #11

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,881
    Thank Post
    1,316
    Thanked 1,738 Times in 1,087 Posts
    Blog Entries
    19
    Rep Power
    563

    Re: Data Protection Act - re: Remote Access

    Most schools should have received guidance on this from their LEA. It should have gone to whoever is registered with the Information Commissioner (formerly the Data Protection Registrar).

    Trying to find out who that is in a school is sometimes difficult but a word of advice ... if someone asks you to do it, then politely ask a member of the Senior Leadership Team to do it instead (or whatever you call the upper echelons of Manglement in your school).

    Help write the policies, make sure you neck is covered ... but get someone else to have to wory about it or to take the flak if something goes wrong. If you have to do it then get it written into your job description as it may help to justify a higher position on the pay scales ... after all ... it does involve more work and responsibility.

  12. #12

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    23

    Re: Data Protection Act - re: Remote Access

    Great information there Tony- I haven't looked into the ramifications of the DPA as yet, but I've kept a copy of this thread so that I can look over them again when I get the time.

    I know this is perhaps a separate question (and goes out to all), but do you demand an SLA from those you outsource any work to? I am thinking of doing so from CSE who have recently broken our network and have offered very little in the way of support afterwards. If I had an SLA from them, it would be easier to pull them up when they do go wrong.

    Any thoughts?

    Paul

  13. #13
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,946
    Thank Post
    235
    Thanked 48 Times in 44 Posts
    Blog Entries
    2
    Rep Power
    45

    Re: Data Protection Act - re: Remote Access

    Great pieces of advice Ric and Tony - i've copied parts of those comments to our DPA contact.

    Thanks!

    PS I have asked my initial question of our central advisor - i'll let you know the outcome.

  14. #14

    Join Date
    Jun 2005
    Location
    Bristol
    Posts
    51
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Data Protection Act - re: Remote Access

    Quote Originally Posted by kingswood
    Great information there Tony- I haven't looked into the ramifications of the DPA as yet, but I've kept a copy of this thread so that I can look over them again when I get the time.

    I know this is perhaps a separate question (and goes out to all), but do you demand an SLA from those you outsource any work to? I am thinking of doing so from CSE who have recently broken our network and have offered very little in the way of support afterwards. If I had an SLA from them, it would be easier to pull them up when they do go wrong.

    Any thoughts?

    Paul
    Not sure what we do here Paul, the IT Manager deals with that stuff for us, being CSE reliant ourselevs - grrrr! - I know it is most frustrating that you can't just get on and fix it(does that invalidate any contract you have with them?), it might be best to speed up the dropping of CSE!

    What are you problems? Lets see if we can help!

  15. #15

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,881
    Thank Post
    1,316
    Thanked 1,738 Times in 1,087 Posts
    Blog Entries
    19
    Rep Power
    563

    Re: Data Protection Act - re: Remote Access

    Quote Originally Posted by kingswood
    Great information there Tony- I haven't looked into the ramifications of the DPA as yet, but I've kept a copy of this thread so that I can look over them again when I get the time.

    I know this is perhaps a separate question (and goes out to all), but do you demand an SLA from those you outsource any work to? I am thinking of doing so from CSE who have recently broken our network and have offered very little in the way of support afterwards. If I had an SLA from them, it would be easier to pull them up when they do go wrong.

    Any thoughts?

    Paul
    You *must* get an SLA, or statement of work for those one-off jobs like projector installs, from whoever is in doing stuff for you. It is your big lump of wood ... with rusty nails in.

    As well as information on service the SLA or statement of work should contain information about the companies Health & Safety practices, Data Protection (where appropriate), complaints procedures and possibles penalties.

    Becta's Tech Support Advisory Service has a section on this (and linking it in with other things).

    CSE do actually have on their website info about their SLAs ... ask them to send you a copy of the one for you. Most solutions providers such as CSE, RM, etc have a standard SLA for schools and it is usually up to you to negotiate for a better one suited to your institution.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Changes to data protection act
    By sjplot in forum Network and Classroom Management
    Replies: 18
    Last Post: 5th October 2007, 11:19 AM
  2. Folder access - Data Protection Act - How do you do it?
    By Paid_Peanuts in forum How do you do....it?
    Replies: 7
    Last Post: 29th August 2007, 11:39 AM
  3. Stateside Hosting, Data Protection, etc...
    By plexer in forum Web Development
    Replies: 0
    Last Post: 17th May 2007, 09:48 AM
  4. Backups - Data Protection Manager
    By fooby in forum How do you do....it?
    Replies: 4
    Last Post: 14th December 2006, 10:45 AM
  5. Data Protection Act And Root/Administrators Passwords.
    By tickmike in forum General Chat
    Replies: 4
    Last Post: 11th September 2006, 03:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •