We have staff using each others accounts to access the SIMS Mis system. Is this illegal or just annoying?
Printable View
We have staff using each others accounts to access the SIMS Mis system. Is this illegal or just annoying?
If they are using it to get higher permissions then I guess there would be data protection issues involved. Otherwise I am guessing that they forgot their password and so have taken to using a colleagues that still has their password as "password1" or something similar. Soooo annoying.
Fine until someone decides to have fun with their email.......
Why would they do this when they wont get their classes?
Is it not against your Acceptable Use Policy?
If they are doing this without the other user's permission it should (I believe) be against the Computer Misuse Act, gaining illicit entry to a system. Doesn't matter that they would have access themselves, they gaining access illicitly here, so it is A Bad Thing.
If they are using another person's account through willful sharing of passwords then they are in breach of the 8 principles of the Data Protection Act, in that it is not secure. Different staff may have different access rights (or none at all) so the sharing of passwords then means the school is at risk of data being seen by those not eligible to see it.
If you look at Personal privacy, legal obligations - Data Protection Act (DPA) - ICO and look particularly at the line below
and if it is the case that teacher b is able to access stuff he doesn't need to know through teacher a's account then the school is failing in its obligations.Quote:
Is access to personal information limited to those with a strict need to know?
If it is that teacher b is using teacher a's account without him knowing then you are talking Computer Misuse Act.
This is almost as bad as them leaving PCs logged in all the time with SIMS running! I want to stamp this out totally but its always the human element that is the weak point in network security