The Becta advice page on “Information Security Guidance for Schools” suggests a few rules for schools to help with data security … This may be opening a big can of worms here but anyway … BECTA say
In the meantime, school management teams should take urgent steps to ensure information asset owners in their institutions follow this guidance:
- All data should be kept safe and made available only to those who are authorised to access it.
- Do not remove sensitive or personal data from the school premises unless the media is encrypted and is transported securely for storage in a secure location.
- When data is required by an authorised user from outside of the school premises – for example by a teacher working from their home – they must have secure remote access to the management information system (MIS) or learning platform.
- Protect all desktop, portable and mobile devices, including media, used to store and transmit personal information using approved encryption software.
- Securely delete (over-write media and shred paper) sensitive or personal data when it is no longer required.
- Ensure that your institution’s security policy covers how personal information is stored, transmitted or processed and that it is managed and protected accordingly. Use Binding Corporate Rules and best practice methodologies such as the International Standard ISO 27001.
- School leaders should ask their support providers or technical staff to ensure that their institutions are fully adopting and using the ICO, Hannigan and international best practice standards.
The Hannigan recommendations were made after the 27 million HMRC records were lost on CD.
I’d be expecting this to be a fairly hot topic at BECTA right now and advice could change!