Statistics released by the Information Commissioner's Office (ICO) suggest schools are aware of their data protection obligations, but many are not acting on them.
Ninety-five per cent of the 400 schools surveyed by the data protection watchdog said they provided some details to pupils and parents about what is done with their personal information.
However, 30 per cent with password-protected computer systems admitted their login details are not strong enough or changed regularly. In addition, 20 per cent admitted their email systems were insecure.
In many respects (the results) should come as no surprise it's not teachers' area of expertise
In response to the findings, the ICO has issued a report advising schools on how to comply with the Data Protection Act.
Its advice includes accurately notifying the ICO about why they need to process personal data, recognising the need to handle personal information in line with data protection principles, and training staff and governors in the basics of information security.
The ICO also recommends schools take time to ensure they have "clear and practical policies" in place to ensure the security of any personal data they store.
Louise Byers, ICO head of good practice, who helped draft the advice document, said the survey results should come as little surprise.
"It's not teachers' area of expertise and it is precisely what our report is aiming to address," said Byers.
"I'd urge teachers and heads to take a look at our recommendations and make sure they're complying with the law. The sensitive personal data that schools handle means it is crucial they get this right."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Jane McCallion is ITPro's deputy editor, specializing in cloud computing, cyber security, data centers and enterprise IT infrastructure. Before becoming Deputy Editor, she held the role of Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.
Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.