Statistics released by the Information Commissioner's Office (ICO) suggest schools are aware of their data protection obligations, but many are not acting on them.
Ninety-five per cent of the 400 schools surveyed by the data protection watchdog said they provided some details to pupils and parents about what is done with their personal information.
However, 30 per cent with password-protected computer systems admitted their login details are not strong enough or changed regularly. In addition, 20 per cent admitted their email systems were insecure.
In many respects (the results) should come as no surprise it's not teachers' area of expertise
In response to the findings, the ICO has issued a report advising schools on how to comply with the Data Protection Act.
Its advice includes accurately notifying the ICO about why they need to process personal data, recognising the need to handle personal information in line with data protection principles, and training staff and governors in the basics of information security.
The ICO also recommends schools take time to ensure they have "clear and practical policies" in place to ensure the security of any personal data they store.
Louise Byers, ICO head of good practice, who helped draft the advice document, said the survey results should come as little surprise.
"It's not teachers' area of expertise and it is precisely what our report is aiming to address," said Byers.
"I'd urge teachers and heads to take a look at our recommendations and make sure they're complying with the law. The sensitive personal data that schools handle means it is crucial they get this right."
The full report detailing data protection advice for schools and a summary document of the ICO's recommendations are available to download via the organisation's website.
-
Arctera Backup Exec 25.1 reviewReviews Plenty of new features make this on-premises backup solution an even better choice for SMBs that want to protect physical, virtual, and MS365 environments
-
How Dragon Copilot is helping clinicians spend more time with their patientsFeature The Dragon Copilot AI tool is offloading some of the administrative burden of clinicians at an NHS teaching hospital, improving productivity and allowing clinicians to focus on their patients
-
TikTok to open first European data centre in IrelandNews The move could signify a desire to shift its operations away from the US as well as secure its position in the European market
-
MPs in a muddle over GDPR and storing voters' personal dataNews Labour MP Chris Bryant says his staff were told to delete constituents' data
-
Trump resort will not be charged for breaching data lawsNews Presidential hopeful's Scottish golf course failed to register under the Data Protection Act for four years
-
Banks urged to share data but warned over securityNews Experts voice concern over security of open API recommendations
-
EU centralises European open data through one portalNews Open Data Portal will enable public sector bodies to share information
-
Experts question sheer scale of data storage required by Snooper's CharterNews Who will foot bill for physical infrastructure to house UK's browsing histories?
-
Snapchat's T&Cs update could put user data at riskNews Kaspersky said giving the service permission to share pictures with third parties could lead to a serious breach of privacy
-
Transport Systems Catapult launches data sources catalogueNews Intelligent Mobility Data Index could push forward smart transport innovation in the UK
