To be fair I look up the advice on the becta site every now and then, some of it is genuingly useful. I think the key with becta is that it is guidance. One of the reasons we complain about ICT in the BSF process is that one size does not fit all. I take becta and adapt what fits here.
On the subject of usernames, I understand the guidance and feel it's better to be safe than sorry. That said I can see the counter-argument that if they are only being used internally there's not mush use for anonimity in the username. The only problem I have with using roll number's or other random strings is that some pupils will find it difficult to remember.
Our SEN intake is growing here. We have pupils that have problems with usernames based around their surname. We have pupils who have problems remembering their password for longer than a period even though they set it as their brothers firstname, favourite colour or football team.
I take the pragmatic approach. A username based on surname and first initial provides a reasonable enough level of anonimity while not being too obscure for the pupils to remember.
As for e-mails, we don't give out e-mail accounts here so it's not an issue for us. My last place however was a 11-18 school of 1800 pupils. E-mails are assigned, monitored and filtered by the LEA. The pupils were given their e-mail address at the start of year 7. From that point we had zero knowledge of what any of the kids were using the accounts for.
If they were using the accounts at home to sign up to and chat on forums we'd not know unless an offesensive e-mail was latter flagged by the LEA or they used the forum in school. In this instance it makes sense to make the e-mail adress as obscure as practicle.
Basically a 3rd party couldn't guess from the e-mail addresses assigned - the full name, age, sex or school of the pupil. As far as the e-mail address goes it could belong to a 50yr old female or a 7yr old boy.