ICO gives schools a lesson in data protection

digital padlocks

Statistics released by the Information Commissioner's Office (ICO) suggest schools are aware of their data protection obligations, but many are not acting on them.

Ninety-five per cent of the 400 schools surveyed by the data protection watchdog said they provided some details to pupils and parents about what is done with their personal information.

However, 30 per cent with password-protected computer systems admitted their login details are not strong enough or changed regularly. In addition, 20 per cent admitted their email systems were insecure.

In many respects (the results) should come as no surprise it's not teachers' area of expertise

In response to the findings, the ICO has issued a report advising schools on how to comply with the Data Protection Act.

Its advice includes accurately notifying the ICO about why they need to process personal data, recognising the need to handle personal information in line with data protection principles, and training staff and governors in the basics of information security.

The ICO also recommends schools take time to ensure they have "clear and practical policies" in place to ensure the security of any personal data they store.

Louise Byers, ICO head of good practice, who helped draft the advice document, said the survey results should come as little surprise.

"It's not teachers' area of expertise and it is precisely what our report is aiming to address," said Byers.

"I'd urge teachers and heads to take a look at our recommendations and make sure they're complying with the law. The sensitive personal data that schools handle means it is crucial they get this right."

The full report detailing data protection advice for schools and a summary document of the ICO's recommendations are available to download via the organisation's website.

Jane McCallion
Managing Editor

Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.