Esafety – Six ways to keep personal info safe in school

by Hafeeza Joorawan

Share

DOWNLOAD A FREE RESOURCE! Pie Corbett KS2 Non-Fiction Collection Download Now

PrimaryEnglish

Are you concerned with making sure your esafety processes are up to snuff? Follow these steps to make sure you’re keeping your data secure…

1. Have a clear desk policy

Classrooms are often busy environments where it’s easy to misplace important documents.

But teachers have a responsibility to keep personal information safe and make sure no one has access to it without their authorisation. So, whether it is exam results or a parent’s phone number, we need to securely store paperwork including any personal information.

Schools should ideally have a policy in place to help minimise the risk of unattended personal information. This could include always keeping a clear desk, and being aware of your surroundings when accessing personal information.

For example, try to avoid checking emails while your laptop is connected to the classroom projector.  

2. Encrypt your tech

Make sure you use strong passwords on smartphones, laptops, tablets and email accounts. Also check any other devices or accounts where you store personal information.

This will help to protect devices from suspicious activity. Also, where possible, consider using multi-factor authentication (MFA). This is a security measure to confirm identity and make sure the right person is accessing the data.

You need to take additional precautions to ensure that information is secure on devices that you take off school premises. Especially if you work from home in the evenings, at weekends and during school holidays.

It is important that you still follow school IT policies and procedures at home.

3. Be wary of suspicious emails

While anti-virus software can help protect a device against cyber-attacks, we should all be aware that hackers may target our work emails. This is known as phishing.

Read up on how to spot suspicious emails. Look out for signs such as bad grammar, demands for you to act urgently and requests for payment.

New technologies mean that email attacks are becoming more sophisticated than ever. A phishing email could even appear to come from a source you recognise.

Make sure you’re aware, too, of the correct procedures to contain and minimise any damage in the event of a cyber-attack. This includes reporting a data breach to the ICO within 72 hours of becoming aware of it.   

4. Stay alert to SARs

As well as ensuring any personal data is safe and secure, it’s also important that we understand our wider responsibilities under data protection law.

For example, a subject access request (SAR) is when someone asks you for a copy of their personal information.

It’s their legal right to request copies of their information, and by law, you must respond within one month.

Since teachers frequently interact with parents and carers, you should know how to recognise any SARs made to the school. This will help you spot them early.

It’s easy to miss these requests if you receive them orally at parents’ evening, or in the middle of an email about something else.

5. Be mindful when talking to others

The most common data breaches that occur in schools include personal information sent to the wrong party, and/or discussions about personal matters in front of other students or their parents/carers.

It is important to understand that small actions can still constitute an inappropriate disclosure of personal information.

For example, think twice about giving information to childminders and other people who may collect a child from school.

Consider what information you put in a child’s school bag, particularly if they’re being collected by someone other than a parent.

Be careful not to talk about personal matters where you can be overheard, or tell a person something they’re not entitled to know – including friends and family outside of school. 

6. Prioritise data protection training

Schools must ensure that every teacher has the training and support that they need to get data protection right.

With a whole host of more pressing concerns, this might be at the bottom of your to-do list, but it’s important to make sure data protection training is considered a priority.

The ICO offers a wealth of free advice and resources to educate teachers on their responsibilities – see guidance and resources at tinyurl.com/tp-ICOschools 

Hafeeza Joorawan is a senior policy officer at the Information Commissioner’s Office, specialising in the education sector. Follow the ICO on Twitter @ICOnews and learn more at orcula.co.uk