For parents, understandably, the safety of their children is their number one priority. But, when it’s time for those children to go to school, parents have to put their faith in the school to protect their children and keep them safe.
For schools, this is an enormous responsibility, but one that is absolutely paramount. Yet, this is a difficult task. Over the last few decades, we’ve entered a new digital age, with constant technological developments and, with that, we have a whole online world to explore, as well as endless gadgets to play with and work on. But, by doing so, we’re also creating more routes and opportunities for our data to be compromised. And the education sector is no exception to this. So, in this age, how do schools successfully protect the information they have on themselves, their staff and pupils?
Security Measures
To reduce risks and keep confidential data as secure as possible, schools must have appropriate security measures in place. Not doing so will make this data extremely vulnerable, increasing the likelihood of security breaches, hefty fines and potential harm. So, schools should:
- Install a firewall and virus checker on all computers
- Password protect all data, where possible
- Encrypt all electronic personal information
- Disable any auto-complete settings
- Keep devices and hardcopy data under lock and key when not in use
- Check storage systems are secure
- Limit access to data
- Shred all confidential documents and destroy electronic waste carriers
These are just a few examples of security measures that will help protect data – the more the better.
Sharing Personal Data
Whether it be with local authorities, other schools or social services, there are some situations when schools have to share personal data. When doing so, schools must consider all the legal implications and think about what the intentions are behind sharing, who requires the data and why. The individual whose data it is must also give consent for the information to be shared, even if it’s something like a photograph for the school’s social media pages. If the data is being sent abroad or needs to be processed outside of the UK, schools must, again, gain consent from the individual whose data it is and should only send the data if the recipient country has suitable security measures in place.
Holding and Updating Data
While a school holds data about a person, for as long as it’s being used, it needs to remain accurate. To ensure this is the case, schools should carry out information audits at least annually. This includes:
- Writing a letter to parents and students at the start of each school year to check their details are correct
- Amending information as soon as the school is aware it needs doing so
- Following a records disposal schedule and holding data accordingly
- Securely destroying any personal data that is out of date or no longer needed
It is a violation of data protection legislation to keep data for longer than it is needed. Because of this, all businesses and organisations need to think about, and be able to justify, how long they keep personal data. Once no longer needed, this data must be securely destroyed. Failure to do so can result in warnings, financial penalties and reputational damage.
Data Protection Officers
Within a school, everyone who deals with personal data, even students, has a responsibility to handle that data carefully and prevent it from getting into the wrong hands. But, by law, schools must also have a designated Data Protection Officer (DPO), who is educated on data protection and responsible for establishing and upholding systems and policies related to this. Their role will include (but not be limited to):
- Knowing what personal information their school holds and why
- Developing the school’s data protection policy and establishing best practice guidance for those handling data
- Monitoring who has access to personal data and why
- Monitoring the use of removable media (e.g. external hard drives)
- Arranging training for and offering advice to staff members
- Ensuring that everyone processes and destroys data securely
- Establishing and overseeing both physical and digital security measures
Preventing Security Breaches
Within schools, the internet, intranet and email systems are all potential pathways to a security breach. But they’re also a necessary and useful part of school life. So, they should still be used, but safely. To do so, schools should:
- Monitor the use of the internet, email and chat rooms
- Use filtering systems to prevent access to inappropriate materials and websites
- Teach pupils about internet and e-safety as part of the curriculum
- Have a clear reporting procedure in place for accidental access to inappropriate materials or websites
- Follow safe practices when publishing images and names of students on their website
Data Destruction
For schools, as with all businesses and organisations, it is essential to find an accredited supplier to destroy confidential data once it’s no longer needed or out of date. A supplier with the right accreditations will provide a secure, compliant service and a Certificate of Destruction upon completion. By choosing wisely, schools will:
- Remain compliant with the law and current legal regulations
- Avoid hefty fines, penalties and money loss
- Protect themselves, staff, parents and pupils against identity theft, fraud and any other potential harm
- Keep their reputation in tact
- Save time and storage space
An accredited supplier will also provide secure storage options for confidential waste, as well as solutions for a variety of different materials, such as paper documents, hard-drives and media, and branded products. For more information on this, click here.
