Helping schools with data protection compliance

  • Awareness
  • 30/03/2016
  • UK Safer Internet Centre
For many years, schools have been required to be compliant with data protection laws. Many of us that work with schools are all too aware of the difficulties they face in achieving compliance. Here at the South West Grid for Learning and the UK Safer Internet Centre (SIC), we know that schools work to achieve compliance through a variety of means. Some rely on local authority staff, or the Information Commissioners' Office for support, advice and training. What is clear is that practice remains inconsistent and that data breaches are occurring.
 
Evidence suggests that breaches occur largely as a result of weak systems, processes or procedures in the school. In many cases, the breaches that occurred could have been avoided had schools more fully understood their obligations, had more rigorously embedded policies and had clearer information about how to protect their data. Headteachers have a complex role and have often progressed from being a teacher through leadership structures into becoming a Headteacher often with minimal support, especially in data protection. Teachers (and other professionals) are not, nor should they be expected to be, specialists in recruitment, finance, law or data protection. If a pupil needs support, the school will look to educational psychologists or lawyers in the event of a legal challenge. But, in the case of data protection, there's neither consistency nor clarity for where schools should look to for advice.
 
It's made rather more complicated when you begin to consider the move towards cloud computing. Schools have been migrating data away from school servers or computers for many years now. The low (or zero) cost of cloud storage services such as Google Drive or Dropbox make these an attractive proposition. But without clear guidance, policy and advice, schools may, unwittingly, be putting data at risk. This isn't just pupil data, but staff data too. Basic errors can have significant consequences for users and the added complexity of the withdrawal of Safe Harbor further puts cloud storage at risk.
 
What all of this leads to is a rather confusing, complicated and risky area for schools. It's certainly the case that no school wants to intentionally place data in a vulnerable place, or put their pupils or staff wellbeing at risk. But the reality is that, for good intentioned reasons, this is happening all too regularly.
 
This is where the South West Grid for Learning (SWGfL) comes in. As part of our work as the lead partner in the UK Safer Internet Centre we have offered a self-review toolkit, 360 degree safe. Now in its seventh year, the popularity of this tool has grown with nearly 31 per cent of UK schools using it to review eSafety policy and practice. Building on this highly successful tool, SWGfL is proud to announce the launch of a new tool, 360data.
 
The tool will guide you step by step through the journey to data compliance and beyond while supporting you in assessing your current data protection posture through a maturity model. Schools are given 16 ‘aspects' of data protection to review, using a 5 to 1 scale (5 nothing in place, 1 aspirational practice). By using a ‘best-fit' approach, schools can select how advanced they are in each aspect. The tool will automatically suggest next steps for improvement, provides sources of good-practice guidance and includes legally-produced template documents for policies and usage.
 
Over time, 360data will become a living, breathing development plan that maps your strategy towards the safe and responsible use of information and data.
 
Usage of the tool is not limited to schools however. While written with schools in mind, the language of the toolkit does not exclude business from using it either. For small businesses, data protection can be far down the list of priorities. 360data aims to make this accessible, manageable and achievable.
 
It is expected that 2018 will see a significant shift in the European Data Protection legislation which will place further demands upon businesses (including schools) to appropriately process data about their data subjects. The tool has already been written in such a way as to pave the way for compliance with the as yet unknown legislation. Once enacted, the new legislation will be incorporated into the tool.
 
If you'd like to make Data Protection a central part of your school or organisation, then visit www.360data.org.uk and take our free 30-second quiz.
 
Read more about the UK Safer Internet Centre.

Related news

UK Safer Internet Centre wins ISPA award

Congratulations to the UK Safer Internet Centre (SIC) which recently won the Safety Award at the 2016 ISPA Awards.

Pokémon GO – gaming gone mobile

  • Awareness
  • 14/07/2016
  • Alan Earl, UK Safer Internet Centre
Pokémon GO launched in the US this week and it looks set to be a summer craze when it launches in the UK! Alan Earl, Harm Reduction Officer, from UK Safer Internet Centre partners, the South West Grid for Learning (SWGfL), explains a bit more about the app, the risks and what parents can do to avoid them.
 

Young people create apps in Wales for Safer Internet Day 2016

  • Awareness
  • 24/03/2016
  • UK Safer Internet Centre

Two apps created by young people for young people were created and launched in Wales for Safer Internet Day (SID) 2016.

That data, actually OUR data, in the Cloud

  • Awareness
  • 30/03/2016
  • Luxembourg Safer Internet Centre
Nowadays, the Cloud is everywhere. For most users, this technology is assimilated to some sort of a digital extension of their technology-related hardware. If from a technical standpoint the Cloud is not a revolution but a mere evolution of online services, the Cloud nonetheless changes the relationship between us, as users, our computer equipment, our data and our Internet Service Provider (ISP).
 

Data protection among children and young adults

  • Awareness
  • 30/03/2016
  • Hungarian Safer Internet Centre

In this article, Dr. Kisfaludi Gábor shares some methods to measure how students aged 8 and 20 consider, classify and protect their data, what factors affect them and what adults can do to strengthen their awareness.

Is it true that the data we post online remains on the web forever?

  • Awareness
  • 30/03/2016
  • Greek Safer Internet Centre

This question was posed several times by pupils of secondary education during a series of webinars that the Greek Awareness Centre implemented across the country from December 2015 until March 2016, in collaboration with the Computer Technology Institute & Press ‘Diophantus', and with the aim of raising awareness on the importance of our (data) privacy.

Debating data protection with Danish adolescents

  • Awareness
  • 30/03/2016
  • Danish Safer Internet Centre

Your digital footprints often seem to be invisible, but what are you really agreeing to when confirming ‘Terms & Conditions' in an app? With the newly proposed General Data Protection Regulation (GDPR), it is as relevant as ever to put the spotlight on the data protection and the digital identity of youth.

Data protection: How to protect one's privacy on Instagram and Snapchat... with step-by-step privacy guidelines

  • Awareness
  • 30/03/2016
  • Austrian Safer Internet Centre

Pictures, videos and emojis are becoming increasingly important for online communication – especially with children and young people. Two of their favourite apps for sending photos are Instagram and Snapchat.