Data protection remains a high priority for schools – what can they do to ensure confidential information isn’t compromised? Ian Gover, school development officer at Somerset local authority (LA), says that senior leadership teams (SLTs) should start by treating all data as if it’s their own
Here are some simple questions for SLTs to consider:
- What data does your school hold about staff and pupils?
- Are there any items that are sensitive?
- What rules should there be about the use of personal data?
Schools are awash with sensitive personal data; they have to collect this data
Answering the ‘big question’
Now for the big question – is there a difference between your data and that of your learners? The answer is that there is no difference; whatever rules you have about your data should also apply to learners.
Schools are awash with sensitive personal data; they have to collect this data to enable them to provide the education and safeguarding that the learners deserve. There will always be risks when dealing with this amount of information but the key to data protection is to get the staff to deal with all data as if it is their own.
Some of the common errors are:
- Leaving confidential and personal data in view of people who do not have the right to see it
- Sending emails to the wrong person and including details that should not be sent
- Not securely transporting data
- Not securing websites
- Password issues
- Telling people too much.
All of these issues can be tackled by processes, procedures and training but someone has to own the responsibility – a member of the SLT. This person needs to train themselves – the Information Commissioners Office website provides a vast hoard of well-crafted information – you must find time to train yourself and everybody in the school.
To make sure that he has the information he ‘phones and asks for the learner details to be sent to him
A conflict of interest?
Whilst training I have found that talking about real life examples is quite powerful. Let’s work through a scenario and see what some of the issues are likely to be.
A teacher is about to take pupils on a trip. The teacher has gone home and realises he needs to work on the trip admin but knows that someone is still in the office. To make sure that he has the information he ‘phones and asks for the learner details to be sent to him.
Why have different standards? Treat all data as if it is yours.
I start to see possible issues:
- Did he use a personal email account – how does the office know it is really that teacher?
- Did the office check the email address before sending?
- What data did the person in the office send him – was it too much information?
- How was the data sent – was it encrypted?
- What guidance was given to the teacher about the secure storage of the data and was he asked to return the data at the end of the trip?
If the teacher lost the data while on the trip the school would have to report it to the ICO as a data protection breech; they would also have to tell the parents that they have lost the data. Would the teacher have asked for personal details of a colleague to be sent by email? Would the office have sent them? Would s/he dispose of them carefully?
Why have different standards? Treat all data as if it is yours.
Ian can be contacted at: [email protected]
Don’t forget to follow us on Twitter, like us on Facebook, or connect with us on LinkedIn!
Be the first to comment