+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
School ICT Policies Thread, Data Protection Act - re: Remote Access in School Administration; At our local Secondary Heads meeting it was stated that no-one should access pupil data remotely as this contravenes the ...
  1. #1
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,958
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Data Protection Act - re: Remote Access

    At our local Secondary Heads meeting it was stated that no-one should access pupil data remotely as this contravenes the Data Protection Act.

    Yes - that would apply to staff that legally shouldn't access data not required of thier job function - maybe Heads too - how does it affect them?

    Can anyone help me here?

  2. #2

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,918
    Thank Post
    708
    Thanked 550 Times in 365 Posts
    Blog Entries
    3
    Rep Power
    204

    Re: Data Protection Act - re: Remote Access

    dont think it would and is part of betca draft docs that they can access it..

    data protection so that people who should not have access to it can not access it and that only relevant people can access it i.e teacher should not be able to access pay info for staf but should be able to access pupil test scores.

    russ

  3. #3

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,840
    Thank Post
    583
    Thanked 2,162 Times in 987 Posts
    Blog Entries
    23
    Rep Power
    627

    Re: Data Protection Act - re: Remote Access

    How do you mean remotely? Over a LAN or WAN? If you look at the Becta presentation recently posted on the forum Becta want staff to have remote access to this information, should they have a need to and the relevent authorization. The problem with the DPA is that everyone knee jerked and forbid everything when most of it was about restricting who go to see the informantion.
    Try here for more info.

    http://www.informationcommissioner.gov.uk/

  4. #4
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,958
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: Data Protection Act - re: Remote Access

    I mean form outside the WAN. Like me remotely accessing the site from home. Once in, with my credentials It is possible to access everything of course.

    http://demserv.in.powys.gov.uk/dataprot/dpp.pdf

    Section 6 actaully states that we hold Pupil data and may transfer it over the Internet...

  5. #5

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    9,840
    Thank Post
    583
    Thanked 2,162 Times in 987 Posts
    Blog Entries
    23
    Rep Power
    627

    Re: Data Protection Act - re: Remote Access

    Bad link.

  6. #6
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,958
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: Data Protection Act - re: Remote Access

    sorry - internal link

    here it is again:
    Attached Files Attached Files

  7. #7
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,958
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: Data Protection Act - re: Remote Access

    relevant clause:

    Transfers: Worldwide
    Via Internet ( E,G, Examination Results)

  8. #8

    SpuffMonkey's Avatar
    Join Date
    Jul 2005
    Posts
    2,230
    Thank Post
    54
    Thanked 278 Times in 186 Posts
    Rep Power
    134

    Re: Data Protection Act - re: Remote Access

    Quote Originally Posted by russdev
    dont think it would and is part of betca draft docs that they can access it..

    data protection so that people who should not have access to it can not access it and that only relevant people can access it i.e teacher should not be able to access pay info for staf but should be able to access pupil test scores.

    russ
    In a previous life - I was at a presentation by the Data Reg people - and (at that time anyway) their view was that it was a tool for thinking about who should have access and why, and then declaring that publicly and sticking to your declaration. Pretty much not about restricting access at all. They clearly stated that data that wasn't personal in content (ie that was anonomous or was related to a position or organisation rather than an actual person was not covered at all.

  9. #9

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594

    Re: Data Protection Act - re: Remote Access

    The sticking point for me on the DPA is that people (ie staff and parents) tend to think that it means that you are obliged not to let anyone see anything.

    Once you set out what information you have, what you use it for, who is allowed to access and update which portions then the security of the data is guided by this.

    One obvious issue is allowing staff access to data at home. Staff want to update stuff from home ... we know this ... but we have to make every reasonable effort to keep it secure. The same priveleges that allow staff to access home addresses and disciplinary records of students whilst in school mean, for most MIS, that they have the same access at home.

    The question is does that breach the declaration you have made? If you run access through a VPN with encryption then yes ... if it is through a web browser on good old-fashioned http then no ...

    But what is to stop staff running a report of home addresses and taking it home anyway? The same with other information ... or even email it to themselves ... or stick it on a USB key which they also pass round the class to collect homework (this was done just before the holidays ....)

    The key phrase I suppose is that you have taken every reasonable action to ensure the correct use and security of data within the school.

  10. #10

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Re: Data Protection Act - re: Remote Access

    Don't forget that under the new Freedom of Information Act, etc. you should really have a policy that states what information you will be holding about anyone and what process is in place for the retrieval of that information if the person to whom that information ascertains to requests it.

  11. #11

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594

    Re: Data Protection Act - re: Remote Access

    Most schools should have received guidance on this from their LEA. It should have gone to whoever is registered with the Information Commissioner (formerly the Data Protection Registrar).

    Trying to find out who that is in a school is sometimes difficult but a word of advice ... if someone asks you to do it, then politely ask a member of the Senior Leadership Team to do it instead (or whatever you call the upper echelons of Manglement in your school).

    Help write the policies, make sure you neck is covered ... but get someone else to have to wory about it or to take the flak if something goes wrong. If you have to do it then get it written into your job description as it may help to justify a higher position on the pay scales ... after all ... it does involve more work and responsibility.

  12. #12

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24

    Re: Data Protection Act - re: Remote Access

    Great information there Tony- I haven't looked into the ramifications of the DPA as yet, but I've kept a copy of this thread so that I can look over them again when I get the time.

    I know this is perhaps a separate question (and goes out to all), but do you demand an SLA from those you outsource any work to? I am thinking of doing so from CSE who have recently broken our network and have offered very little in the way of support afterwards. If I had an SLA from them, it would be easier to pull them up when they do go wrong.

    Any thoughts?

    Paul

  13. #13
    mark's Avatar
    Join Date
    Jun 2005
    Posts
    3,958
    Thank Post
    248
    Thanked 49 Times in 45 Posts
    Blog Entries
    2
    Rep Power
    46

    Re: Data Protection Act - re: Remote Access

    Great pieces of advice Ric and Tony - i've copied parts of those comments to our DPA contact.

    Thanks!

    PS I have asked my initial question of our central advisor - i'll let you know the outcome.

  14. #14

    Join Date
    Jun 2005
    Location
    Bristol
    Posts
    51
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Data Protection Act - re: Remote Access

    Quote Originally Posted by kingswood
    Great information there Tony- I haven't looked into the ramifications of the DPA as yet, but I've kept a copy of this thread so that I can look over them again when I get the time.

    I know this is perhaps a separate question (and goes out to all), but do you demand an SLA from those you outsource any work to? I am thinking of doing so from CSE who have recently broken our network and have offered very little in the way of support afterwards. If I had an SLA from them, it would be easier to pull them up when they do go wrong.

    Any thoughts?

    Paul
    Not sure what we do here Paul, the IT Manager deals with that stuff for us, being CSE reliant ourselevs - grrrr! - I know it is most frustrating that you can't just get on and fix it(does that invalidate any contract you have with them?), it might be best to speed up the dropping of CSE!

    What are you problems? Lets see if we can help!

  15. #15

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594

    Re: Data Protection Act - re: Remote Access

    Quote Originally Posted by kingswood
    Great information there Tony- I haven't looked into the ramifications of the DPA as yet, but I've kept a copy of this thread so that I can look over them again when I get the time.

    I know this is perhaps a separate question (and goes out to all), but do you demand an SLA from those you outsource any work to? I am thinking of doing so from CSE who have recently broken our network and have offered very little in the way of support afterwards. If I had an SLA from them, it would be easier to pull them up when they do go wrong.

    Any thoughts?

    Paul
    You *must* get an SLA, or statement of work for those one-off jobs like projector installs, from whoever is in doing stuff for you. It is your big lump of wood ... with rusty nails in.

    As well as information on service the SLA or statement of work should contain information about the companies Health & Safety practices, Data Protection (where appropriate), complaints procedures and possibles penalties.

    Becta's Tech Support Advisory Service has a section on this (and linking it in with other things).

    CSE do actually have on their website info about their SLAs ... ask them to send you a copy of the one for you. Most solutions providers such as CSE, RM, etc have a standard SLA for schools and it is usually up to you to negotiate for a better one suited to your institution.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Changes to data protection act
    By sjplot in forum Network and Classroom Management
    Replies: 18
    Last Post: 5th October 2007, 11:19 AM
  2. Folder access - Data Protection Act - How do you do it?
    By Paid_Peanuts in forum How do you do....it?
    Replies: 7
    Last Post: 29th August 2007, 11:39 AM
  3. Stateside Hosting, Data Protection, etc...
    By plexer in forum Web Development
    Replies: 0
    Last Post: 17th May 2007, 09:48 AM
  4. Backups - Data Protection Manager
    By fooby in forum How do you do....it?
    Replies: 4
    Last Post: 14th December 2006, 10:45 AM
  5. Data Protection Act And Root/Administrators Passwords.
    By tickmike in forum General Chat
    Replies: 4
    Last Post: 11th September 2006, 03:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •