USB Encryption

[enjay]

You can is using Windows Vista or 7, there are also tools that IBM put out (pay for) that let you enforce encryption on an removable data drive using GPO.

That would presumably affect all users though - we have Primary kids using pen drives too, and I wouldn't fancy trying to get them entering the correct password and then dismounting the drive correctly afterwards. Same goes for some Secondary pupils too, of course.

[LeMarchand]

Perhaps because you've blocked the Command Prompt, meaning users can't run bat files?

I think you're right!

[enjay]

Thought so. That was certainly why I converted mine to an exe :-)

[SYNACK]

That would presumably affect all users though - we have Primary kids using pen drives too, and I wouldn't fancy trying to get them entering the correct password and then dismounting the drive correctly afterwards. Same goes for some Secondary pupils too, of course.

Had a look and it is a per computer setting so this would cause issues, I think the IBM/Lenovo one did allow different policies for different users but again this is an expencive solution.

[AngryITGuy]

Our reasoning against that was to make it as hassle-free as possible. If say half the drive is encrypted, then they can encrypt sensitive stuff when needed, but when they just want to stick a PowerPoint on it or whatever, they don't have to do anything extra. Minimum impact was the name of the game, but this does come at the expense of an increased risk - we deemed this acceptable, you might not.

Whatever exact permutation you settle on, the key thing is to get the buy-in of all staff, so they understand why it should be done and therefore make the effort to do it; also the buy-in of SLT to roast those people who don't.

A good point, will need to think about the balance between hassle for teachers and data security as you said the key is to get the teachers on board from the go and make it out like its being done for their benefit.

[enjay]

make it out like its being done for their benefit.

Personally, I wouldn't make it out like that, as that simply isn't true. I would explain that it is being done for the following reasons:
1 - it is the law
2 - confidentiality is important...
2.1 you don't want the press getting hold of reports or grades for any famous people's kids, or kids who go on to become famous
2.2 the press might be interested in that information anyway
2.3 you don't want kids getting hold of each other's reports
2.4 use the example of a teacher here who lost a pen drive containing the internal exam scripts a week before the internal exams

Points 2.1-2.3 are even more important for Heads of Year who could have all sorts of sensitive information on their pupils, but tutors will also have such information and everyone has reports and marks.

[AngryITGuy]

Personally, I wouldn't make it out like that, as that simply isn't true.

What I meant when I said I would try to make it out like it was done for the benefit of the teachers at the school was to put it across to them that if they loose their USB pen which contains sensitive data and its encrypted they are in the clear to an extent.

Loosing a USB pen that contains sensitive data which is not encrypted is a serious matter as you pointed out with you reasons.

I'm not saying it applies to all teachers but certainly the teachers here I find will only do things if its made out to them to be in their best interest. I certainly wasn't playing down the importance of data security within schools just making a point on how best to get teachers to swallow the bitter pill!

[enjay]

Possibly go through my list of reasons in the reverse order then, starting with "you don't want your exam papers getting leaked" and then going on to the (less likely) scenarios involving journalists. Definitely mention the legal aspects too, if only to deflect any complaints before they even get made.