ICO investigation finds knowledge is good, action is lacking.
UK schools are being urged to reappraise their secure document storage options after an investigation into how institutions are handling pupils’ personal information was published by the Information Commisioner’s Office (ICO).
The survey of 400 schools across nine local authority areas showed that while institutional awareness of the parameters of the Data Protection Act were generally good, schools could still do more to comply with data protection laws.
According to the report, 95 per cent of schools across the UK provided information on the storage and access of student files to both pupils and teachers.
However, when it came to implementing such security, the ICO found certain services lacking – with a third of schools admitting the passwords used on secure computer systems across their school network were not, on the whole, strong enough.
"The survey results showed that whilst awareness of the law was broadly good, knowledge on how to comply with it wasn’t always there," said ICO head of good practice Louise Byers. "In many respects that should come as no surprise – it’s not teachers’ area of expertise – and it is precisely what our report is aiming to address.
"I’d urge teachers and heads to take a look at our recommendations and make sure they’re complying with the law. The sensitive personal data that schools handle means it is crucial they get this right, and we hope the ICO’s report will help them achieve that."
Recommendations include notifying students and parents on how data is used and stored, as well as fulfilling their legal requirement to notify the ICO; complying with ‘fair procession’ directives that protect pupil’s from having their data misused; preparing, with key, school-wide data protection policies; and, most importantly, keeping data secure.
Data management services can help school migrate from a paper-based system to a secure third-party cloud, freeing up space and making old archived files more easily accessible.