You are in: School Admin » School Office & Admin » Data Protection & Freedom of Information

Data Protection Guidance

Biometrics

Privacy Notice Guidance
formerly known as Fair Processing (Pupil Census)

Privacy Notice Guidance
formerly known as Fair Processing (Workforce)

Contacts

Data Protection &
Freedom of Information

New
Guidance in Responding to FoI Request - ICT

New

Data Security

Freedom of Information Act 2000 & Document Retention

Publication
Schemes

 

 

 

Contacts

If you have any DPA or FOI queries please contact the School IT Systems Support Service Desk - 01438 844777 or SITSS.mis@lea.herts.sch.uk


Data Protection Guidance

Data Protection Checking Sheet - Suggested amendments to the Pupil Data Checking Sheet

Data Security

Security of Confidential / Personal Data - Electronic and Paper

It is critical that schools consider the safety of confidential / personal data removed from a school site (electronic and paper).  School IT Systems Support are preparing a set of guidance documents for schools to use to encrypt confidential / personal data on computer devices that are taken off school premises.  At this stage we are not in a position to offer guidance about the need or otherwise to encrypt computers and file servers which remain securely on a school site, however it is under investigation.

If you are considering applying this method of security to any computer devices in your school which you think may be taken off-site:

  • data encryption must not be attempted on any file servers or computer devices configured as RM Community Connect 3 or 4 workstations;
  • storage devices such USB sticks are best encrypted in their entirety;
  • staff laptops that hold personal data should have an encrypted ‘container’ created where all sensitive data should be stored;
  • existing SIMS ‘master’ PCs should not be encrypted at this stage.  SITSS are considering the feasibility of encrypting the whole of the hard drive on all new SIMS ‘master’ computers.  We are also investigating the possibility of encrypting existing, older SIMS ‘master’ PCs;
  • backup media must be kept secure at all times.

Warning – keep your encryption password in a safe place.  Access to encrypted drives and ‘containers’ is controlled by password - should you loose it you will NOT be able to access your data!

Download and print the above information:

Headteacher Guidance on Data Security New
Network Manager/MIS Administrator or Manager Guidance on Data Security New
SIRO/IAO Guidance on Data Security New
Staff Guidance on Data Security New

Appendices

Protective Marking Scheme

School Policy in Brief

 

Also see the 'Model School Policy for ICT Acceptable Use Incorporating eSafety, Data Security & Disposal of ICT Equipment' in the esafety section:

 

Privacy Notice Guidance formerly known as Fair Processing (Pupil Census) Updated

The Information Commissioner has recommended that the term 'Fair Processing Notice' be replaced by 'Privacy Notice'. The DfE is therefore adopting this approach in its data collections from 2010, and has reviewed the whole process of issuing Privacy Notices.
The new approach is that a single, short and easily understandable Privacy Notice will be provided to pupils and staff by the school or LA.

 

Privacy Notices 2010/11

Please see below the announcement made by the DfE in July 2010 ICES Bulletin.

Updated versions of the Privacy Notices for Department for Education data collections will be available shortly. These versions will posted on the HfGL as soon as available.

The updated Privacy Notices will be for:

  • Pupils in Schools, Alternative Provision and Pupil Referral Units and children in Early Year Settings
  • Children in Need or looked after by the Local Authority
  • School Workforce: those employed, or otherwise engaged to work, at a school or the Local Authority

The core information in the Privacy Notice is largely unchanged. The only amendments are to incorporate the new Department for Education name and a reference to the Learning Records Service.

Within the Privacy Notice there is reference to a linked document which outlines how DfE uses pupil and children data and other organisations with whom it shares such information. This document has been amended to reflect a number of organisational changes which have taken place and also indicates revised uses of information where applicable.

Freedom of Information Act 2000 & Document Retention

Guidance in responding to requests for information under the 'Freedom of Information'
Retention Guidelines for Schools
Records Management Toolkit for Schools
Freedom of Information Act 2000: Starter Guide for Schools
Freedom of Information Act 2000: Introduction for Schools

Publication Schemes

Schedule for publication schemes:
Guidance letter on Publication Schemes:
Model publication scheme for schools with Nursery aged pupils:
Model publication scheme for schools with no Secondary aged pupils:
Model publication scheme for schools with Secondary aged pupils:
Explanatory Notes for the Model Publication Scheme for Schools:
Explanatory Notes for the Model Publication Scheme for Maintained Nursery Schools


Privacy Notice Guidance formerly known as Fair Processing (Workforce)Updated

The Information Commissioner has recommended that the term 'Fair Processing Notice' be replaced by 'Privacy Notice'. The DCSF is therefore adopting this approach in its data collections from 2010, and has reviewed the whole process of issuing Privacy Notices.
The new approach is that a single, short and easily understandable Privacy Notice will be provided to pupils and staff by the school or LA.

For Information
The Information Commissioner has recommended that the term 'Fair Processing Notice' be replaced by 'Privacy Notice'. Both the DCSF and Hertfordshire County Council are therefore adopting this approach in its data collections from now on, and have reviewed the whole process of issuing Privacy Notices.

In the past, the suggested text has included the use of school information made available by the LA or the DCSF. However, the new process will mean much simpler Privacy Notices, where details of any organisations with which the LA and DCSF share data are contained on the LA and DCSF websites, with links from the Privacy Notices. This means that Privacy Notices do not need reissuing on an annual basis. Any changes to the details of organisations with which school or LA data is shared will be updated on the LA and DCSF websites.

For Action
In order to ensure that all staff have been provided with an appropriate form of notice it will be necessary for schools to inform all current staff of the change to this Privacy Notice. As you will note from the information provided above, the systematic changes made by Hertfordshire and DfE should prevent the need to reissue this notice to staff in the future as the legislation currently stands.

It will be every school’s responsibility to issue a Privacy Notice to all staff that commenced employment with your school before 01.10.2010 (this could be via a copy being posted on the staff notice board and staff being made aware of its existence) and for those schools not buying into the HR Transactions Service (managed by Serco) there will be an additional requirement to issue these notices to all new staff as and when they join. Those schools purchasing the HR Transactions Service with staff commencing employment after that date will have their Privacy Notices issued with their contract of employment.

Staff Privacy Notice - August 2010

2010 School Workforce Census (including pilots in 2009) Cover Letter
Privacy Notice 2010 School Workforce

 



Guidance in Responding to FoI Request for ICT Equipment Numbers, Investment, etc (TE) June 2010 in schools only