The rate of technological change is staggering and this not only presents schools with opportunities for learning, but also challenges regarding data security. So how safe is your data and information? Could data and information be lost or get into the wrong hands? If this happened, what would be the consequences for the school and the headteacher?
Here are a few possible scenarios:
- A teacher leaves their computer logged on and a student finds the phone number and address of a member of staff
- An assistant headteacher leaves their memory stick or external hard drive on the bus or in a café
- Someone email’s a student list with Dates of Birth and SEND details using their Gmail account, or to someone’s Gmail account without realising
- Someone has their laptop stolen from their car
- A rewards data file with pictures of students alongside their name and school name was on an external hard drive which has been lost
What is the normal data security practice for each member of staff in your organisation?
As well as how staff use and store data there is of course a need for firewall security on servers. But files are also transferred, sometimes to outside organisations, and staff may have access from. Do staff store schools files on their home computer? What information is being stored in ‘the cloud’ and what information is being stored on your site? If you are a part of a MAT, what information is shared, how is it shared and how safe is your information from being lost?
What can you do?
It is worth following a few principles to improve data security:
- Have a robust data security policy relating to staff conduct that staff have signed.
- Train staff in data security and data protection as well as Child Safeguarding.
- Commission an external audit of your current policy and practice.
- Ensure that only encrypted devices are used to store data, and consider a ban on all external devices (or encrypt them).
- Ensure that all laptops are encrypted as well as password protected.
- Only use VPN connections for staff to use at home.
- Review all devices at least once a year for data security and data protection compliance.
- Ensure that email attachments are encrypted.
- Consider asking visitors / consultants / contractors / SLE’s to sign a data security agreement.
- Consider disciplinary action where your data security policy has not been followed.
If you would like a member of the team to review your policy regarding data security, please speak to your HR Advisor or give one of our team a call on 01924 827869. You can also email email@example.com. Look out for our data protection training course next term or register your interest now.