|
Contacts
If you have any DPA or FOI queries please contact the School IT Systems Support Service Desk - 01438 844777 or SITSS.mis@lea.herts.sch.uk
Data Protection Guidance
- www.ico.gov.uk/ - The Information
Commissioners Office is the UK's independent public body set up to promote access to official information and to protect personal information
Data Security
Security of Confidential / Personal Data - Electronic and Paper
It is critical that schools consider the safety of confidential / personal data removed from a school site (electronic and paper). Ensuring that ALL staff are aware of how to handle sensitive or personal information and their responsibilities when accessing data is vital and this section provides guidance on staff training and recommendations.
If you are considering applying this method of security to any computer devices in your school which you think may be taken off-site:
- data encryption must not be attempted on any file servers or computer devices configured as RM Community Connect 3 or 4 workstations;
- storage devices such USB sticks are best encrypted in their entirety;
- staff laptops that hold personal data should have an encrypted ‘container’ created where all sensitive data should be stored;
- existing SIMS ‘master’ PCs should not be encrypted at this stage. SITSS are considering the feasibility of encrypting the whole of the hard drive on all new SIMS ‘master’ computers. We are also investigating the possibility of encrypting existing, older SIMS ‘master’ PCs;
- backup media must be kept secure at all times.
Warning – keep your encryption password in a safe place. Access to encrypted drives and ‘containers’ is controlled by password - should you loose it you will NOT be able to access your data!
SITSS Data Security Article - December 2011 
SITSS Data Security Article - November 2012
How to Encrypt Files
Headteacher Guidance on Data Security
Network Manager/MIS Administrator or Manager Guidance on Data Security
SIRO/IAO Guidance on Data Security
Staff Guidance on Data Security
Appendices
School Policy in Brief
Also see the 'Model School Policy for ICT Acceptable Use Incorporating eSafety, Data Security & Disposal of ICT Equipment' in the esafety section:
Privacy Notice Guidance formerly known as Fair Processing (Pupil Census)
The Information Commissioner has recommended that the term 'Fair Processing Notice' be replaced by 'Privacy Notice'. The DfE is therefore adopting this approach in its data collections from 2010, and has reviewed the whole process of issuing Privacy Notices.
The new approach is that a single, short and easily understandable Privacy Notice will be provided to pupils and staff by the school or LA.
Privacy Notices 2012/13
Updated versions of the Privacy Notices for Department for Education data collections are now available below.
The updated Privacy Notices will be for:
- Pupils in Schools, Alternative Provision and Pupil Referral Units and children in Early Year Settings
- Children in Need or looked after by the Local Authority
The core information in the Privacy Notice is largely unchanged.
There is only one change from last year's Privacy Notice template. Previously, there were links in the template to web pages indicating what the Department did with the pupil and children data it collected and also with which organisations it shared such data with and for what purposes. As part of a rationalisation process these two pages have been consolidated in a single one under the heading of ''What the Department does with pupils' and children's data''. At the moment this information is shown as five separate sub-pages under 'Table of Contents' - the plan is to convert these into a single page.
Schools do not have to reissue the Privacy Notices to existing pupils but must ensure that the updated version is available on the school's website and parents/carers are made aware of the updated version.
Privacy Notice Guidance formerly known as Fair Processing (Workforce)
The Information Commissioner has recommended that the term 'Fair Processing Notice' be replaced by 'Privacy Notice'. The DfE is therefore adopting this approach in its data collections from 2010, and has reviewed the whole process of issuing Privacy Notices.
The new approach is that a single, short and easily understandable Privacy Notice will be provided to pupils and staff by the school or LA.
For Information
The Information Commissioner has recommended that the term 'Fair Processing Notice' be replaced by 'Privacy Notice'. Both the DfE and Hertfordshire County Council are therefore adopting this approach in its data collections from now on, and have reviewed the whole process of issuing Privacy Notices.
In the past, the suggested text has included the use of school information made available by the LA or the DfE. However, the new process will mean much simpler Privacy Notices, where details of any organisations with which the LA and DfE share data are contained on the LA and DfE websites, with links from the Privacy Notices. This means that Privacy Notices do not need reissuing on an annual basis. Any changes to the details of organisations with which school or LA data is shared will be updated on the LA and DfE websites.
For Action
In order to ensure that all staff have been provided with an appropriate form of notice it will be necessary for schools to inform all current staff of the change to this Privacy Notice. As you will note from the information provided above, the systematic changes made by Hertfordshire and DfE should prevent the need to reissue this notice to staff in the future as the legislation currently stands.
It will be every school’s responsibility to issue a Privacy Notice to all staff that commenced employment with your school before 01.10.2010 (this could be via a copy being posted on the staff notice board and staff being made aware of its existence) and for those schools not buying into the HR Transactions Service (managed by Serco) there will be an additional requirement to issue these notices to all new staff as and when they join. Those schools purchasing the HR Transactions Service with staff commencing employment after that date will have their Privacy Notices issued with their contract of employment.
Staff Privacy Notice - no changes required for 2012
Freedom of Information Act 2000 and Document Retention
Guidance in responding to requests for information under the 'Freedom of Information'
Freedom of Information Act 2000: Starter Guide for Schools
Freedom of Information Act 2000: Introduction for Schools
Guidance and Suggested Response (March 2011)
Records Management for Schools
The Records Management Toolkit for schools developed by the Information and Records Management Society can be downloaded from:
Publication Schemes
Explanatory Notes for Model Publication Scheme
Draft Schools Model Publication Scheme
Additional Guidance Table
|
