Data protection: What it means for schools

Jessica Cumming looks at the detail of proposed wide-ranging changes to data protection legislation that were recently approved by the EU – and what it means for schools and academies.

The General Data Protection Regulation (GDPR) was finally approved by the European Union, the EU Council and Parliament on 14 April, 2016 and will replace all data protection legislation in EU member states, including the Data Protection Act 1998 (DPA 1998). The new framework aims to put individuals in control of their personal data, and will require schools, academies and any other organisations that process data to put a much stricter focus on data protection.

Create an account to read this article

£5.83+ VAT

One-off purchase

Purchase and Download today

Register for free

No Credit Card required

Register for free
Access to 3 free articles
Free TeachingTimes Report every month

array(8) {
  ["distinct_key"]=>
  string(10) "post#37808"
  ["title"]=>
  string(21) "Too much information?"
  ["categories"]=>
  array(1) {
    [0]=>
    string(10) "Leadership"
  }
  ["url"]=>
  string(55) "https://www.teachingtimes.com/slt-too-much-information/"
  ["post_date_timestamp"]=>
  int(1271001605)
  ["objectID"]=>
  string(12) "post-37808-0"
  ["_snippetResult"]=>
  array(2) {
    ["excerpt"]=>
    array(2) {
      ["value"]=>
      string(152) "Do you know your FOI from your DPA? Schools are increasingly bombarded with freedom of information requests, but Chris Lowe is on hand to help."
      ["matchLevel"]=>
      string(7) "partial"
    }
    ["content"]=>
    array(2) {
      ["value"]=>
      string(394) "... if it does then the school must supply the information.This right is in addition to the existing rights under dataprotection legislation. This means that schools are obligedto release all types of information, whether personal or non-personal. The data protection legislation provides safeguardsto people in certain circumstances.Schools may ..."
      ["matchLevel"]=>
      string(7) "partial"
    }
  }
  ["_highlightResult"]=>
  array(4) {
    ["title"]=>
    array(3) {
      ["value"]=>
      string(21) "Too much information?"
      ["matchLevel"]=>
      string(4) "none"
      ["matchedWords"]=>
      array(0) {
      }
    }
    ["excerpt"]=>
    array(4) {
      ["value"]=>
      string(152) "Do you know your FOI from your DPA? Schools are increasingly bombarded with freedom of information requests, but Chris Lowe is on hand to help."
      ["matchLevel"]=>
      string(7) "partial"
      ["fullyHighlighted"]=>
      bool(false)
      ["matchedWords"]=>
      array(1) {
        [0]=>
        string(7) "schools"
      }
    }
    ["content"]=>
    array(4) {
      ["value"]=>
      string(5771) "60 Vol 2.1 n www.teachingtimes.comSchool Business Legal BriefingSchool Leadership TodayIt is all covered by the Freedom of Information Act2000, which gave rights to citizens, and duties to schoolsand other public bodies. Maintained schools, includingacademies and city technology colleges (but notindependent schools), have to give access to informationabout the discharge of their public functions to anyonerequesting it. The act complements the Data Protection Act1998, which is concerned with data held on people. Theworking of all the information legislation is overseen by theInformation Commissioner.Too muchinformation?Do you know your FOI from your DPA?Schools are increasingly bombarded withfreedom of information requests, butChris Lowe is on hand to helpParents whoseson was injuredin a school fighttried to get theschool to let them haveletters which the school hadallegedly sent to the instigatorsof the fight. The school refusedand so the parents applied to theInformation Commissioner toforce the school to comply.The head could prove thatthere were no such letters,but some information aboutthe incident was kept on file.The school was ordered to prepare all thesefiles for publication, taking out the referencesto other children. It took nearly 15 days. Suchrequests are becoming more frequent.After 1 March, when admission placesare published, schools will be inundatedwith requests for information for appeals.Parents can and do demand information when pupils areexcluded, or moving to another school or not performingas well as hoped. Staff ask for information. Other schoolsask for information. Local authority departments ask forinformation. Journalists constantly ask for information. Evenmembers of the general public can fuel their curiosity withrequests for this and that. Heads, not surprisingly, want to beclear about where they stand.61www.teachingtimes.com n Vol 2.1School BusinessLegal BriefingUnder the Freedom of Information Act, anyone whorequests a publicly funded school for information must beinformed whether the school holds that information or not,and if it does then the school must supply the information.This right is in addition to the existing rights under dataprotection legislation. This means that schools are obligedto release all types of information, whether personal or non-personal. The data protection legislation provides safeguardsto people in certain circumstances.Schools may withhold some information of a particularlysensitive nature. However, even if a disclosure is not requiredby the law, the school must consider whether it should bereleased if it is in the public interest to do so. It can only bewithheld if the public interest in withholding it is greaterthan the public interest in releasing it. It is up to the schoolto determine this. If the person seeking the information isaggrieved by the decision, they have the right to go to courtto see if they can get it overturned.The government advises governing bodies, heads,and anyone in the school with delegated responsibility forproviding information to adopt a straightforward approachto meeting the presumption of openness that underlies theact. To put it bluntly: give them what they want to knowunless there is a very compelling reason not to.Requests from journalistsEvery effort should be made to help journalists in theirwork. They have just as much right to school informationas everyone else, and are restricted in the same wayas everyone else. But in their case schools also have toconsider whether the public interests should override anyconsiderations of confidentiality. Inevitably there will beconflicts.A 2008 case in Scotland, although it was concerned withan NHS enquiry, suggests that schools should think carefullybefore complying with journalists’ requests. The House ofLords judgement made it clear that privacy comes beforeopen government. In other words, the Data Protection Acttakes precedence over the Freedom of Information Act insuch an instance.If schools are confronted with demands for the releaseof information where “individuals can readily be identified”they may put themselves and their institutions at risk in lawif they release such information. This could easily happenin very small schools, where there is a small racial or ethnicgroup or youngsters with particular special educationalneeds. If unsure, it might be safer to refuse on the grounds ofa clash with the Data Protection Act.Enquirers must put their requests in writing (including62 Vol 2.1 n www.teachingtimes.comSchool Business Legal Briefingfax and email) but do not have to say why they want theinformation. They are entitled to be told whether the schoolholds the information (this is known as ‘the duty to confirmor deny’) and, if so, to have access to it. Access can includeproviding extracts of a document or a summary of theinformation sought, or access to the original document.Schools do not have to comply with a request if theydon’t hold the information, if the request is consideredvexatious or repeated, or if one or more of the exemptionsapply. The main exemptions are:where information is accessible by other means; forexample, information available from the school’sprospectus, or information that other legislation requiresschools to give (such as examination statistics)where the information is personal; a request for personalinformation is covered by the Data Protection Act (DPA)1998. People may continue to make a ‘subject accessrequest’ under the DPA – these are where the enquirerasks to see what personal information the school"
      ["matchLevel"]=>
      string(4) "full"
      ["fullyHighlighted"]=>
      bool(false)
      ["matchedWords"]=>
      array(4) {
        [0]=>
        string(4) "data"
        [1]=>
        string(10) "protection"
        [2]=>
        string(5) "means"
        [3]=>
        string(7) "schools"
      }
    }
    ["categories"]=>
    array(1) {
      [0]=>
      array(3) {
        ["value"]=>
        string(10) "Leadership"
        ["matchLevel"]=>
        string(4) "none"
        ["matchedWords"]=>
        array(0) {
        }
      }
    }
  }
}

Leadership

Too much information?

11 Apr 2010

array(8) {
  ["distinct_key"]=>
  string(10) "post#43300"
  ["title"]=>
  string(79) "New General Data Protection Regulation: What it means for schools and academies"
  ["categories"]=>
  array(1) {
    [0]=>
    string(10) "Leadership"
  }
  ["url"]=>
  string(61) "https://www.teachingtimes.com/general-data-protection_031016/"
  ["post_date_timestamp"]=>
  int(1475169852)
  ["objectID"]=>
  string(12) "post-43300-1"
  ["_snippetResult"]=>
  array(2) {
    ["excerpt"]=>
    array(2) {
      ["value"]=>
      string(297) "Jessica Cumming, a corporate solicitor at Gordons law firm, looks at the detail of proposed wide-ranging changes to data protection legislation that were recently approved by the EU – and what it means for schools and academies.
Leadership Briefing 11.03(123)"
      ["matchLevel"]=>
      string(4) "full"
    }
    ["content"]=>
    array(2) {
      ["value"]=>
      string(434) "... measures, notify the data controller of databreaches, deletion/return of personal data at the end of provision of services and where appropriate,appointment of a data protection officer.Data Protection Officers (DPOs)GDPR details circumstances where data controllers and processors must appoint a data protectionofficer. This includes where processing is ..."
      ["matchLevel"]=>
      string(7) "partial"
    }
  }
  ["_highlightResult"]=>
  array(4) {
    ["title"]=>
    array(4) {
      ["value"]=>
      string(115) "New General Data Protection Regulation: What it means for schools and academies"
      ["matchLevel"]=>
      string(4) "full"
      ["fullyHighlighted"]=>
      bool(false)
      ["matchedWords"]=>
      array(4) {
        [0]=>
        string(4) "data"
        [1]=>
        string(10) "protection"
        [2]=>
        string(5) "means"
        [3]=>
        string(7) "schools"
      }
    }
    ["excerpt"]=>
    array(4) {
      ["value"]=>
      string(297) "Jessica Cumming, a corporate solicitor at Gordons law firm, looks at the detail of proposed wide-ranging changes to data protection legislation that were recently approved by the EU – and what it means for schools and academies.
Leadership Briefing 11.03(123)"
      ["matchLevel"]=>
      string(4) "full"
      ["fullyHighlighted"]=>
      bool(false)
      ["matchedWords"]=>
      array(4) {
        [0]=>
        string(4) "data"
        [1]=>
        string(10) "protection"
        [2]=>
        string(5) "means"
        [3]=>
        string(7) "schools"
      }
    }
    ["content"]=>
    array(4) {
      ["value"]=>
      string(1863) "places direct obligations on data processors such as therequirement to implement technical and organisational measures, notify the data controller of databreaches, deletion/return of personal data at the end of provision of services and where appropriate,appointment of a data protection officer.Data Protection Officers (DPOs)GDPR details circumstances where data controllers and processors must appoint a data protectionofficer. This includes where processing is carried out by a public authority, the core activities of thecontroller and processor involve ‘regular and systematic monitoring of data subjects on a large scale’or where the entity conducts large scale processing of special categories of personal  data.’  TheDPOs will be required to fulfil a number of obligations. These include: (i) monitoring compliance, (ii)liaising with the ICO and (iii) training staff.European data protection boardThe new independent board will replace the article 29 working party. Its remit shall include issuingguidelines, recommendations and best practice on the application of GDPR.Next StepsLegal BriefingLeadership Briefing – www.teachingtimes.comReports Summaries – a weeklyservice of essential summaries,in-depth reports and criticalanalysis that’s new and relevantto education, linked to originalsource documents.Although GDPR has been agreed, there will now be a period of technical checking and formalapprovals followed by translation for all 28 member states. This may take several months andlast minute changes cannot be ruled out. The final version of the GDPR should be availablelater in 2016.Morris Hill and Ken Slade are part of the Education Team at national law firm Weightmans LLPWEB LINKGordonshttp://www.gordonsllp.com/"
      ["matchLevel"]=>
      string(7) "partial"
      ["fullyHighlighted"]=>
      bool(false)
      ["matchedWords"]=>
      array(2) {
        [0]=>
        string(4) "data"
        [1]=>
        string(10) "protection"
      }
    }
    ["categories"]=>
    array(1) {
      [0]=>
      array(3) {
        ["value"]=>
        string(10) "Leadership"
        ["matchLevel"]=>
        string(4) "none"
        ["matchedWords"]=>
        array(0) {
        }
      }
    }
  }
}

Leadership

New General Data Protection Regulation: What it means for schools and academies

29 Sep 2016

array(8) {
  ["distinct_key"]=>
  string(10) "post#42177"
  ["title"]=>
  string(39) "What the cloud really means for schools"
  ["categories"]=>
  array(1) {
    [0]=>
    string(16) "Digital Learning"
  }
  ["url"]=>
  string(77) "https://www.teachingtimes.com/elu-50-what-the-cloud-really-means-for-schools/"
  ["post_date_timestamp"]=>
  int(1423578342)
  ["objectID"]=>
  string(12) "post-42177-1"
  ["_snippetResult"]=>
  array(2) {
    ["excerpt"]=>
    array(2) {
      ["value"]=>
      string(343) "... cost-savings for schools as well as enhancing the mobility and flexibility offered by e-learning. Yet many teachers are unclear what computing in the ‘cloud’ really means. Ian Skeels highlights the numerous benefits of cloud computing for schools as well as the challenges and issues that can be encountered."
      ["matchLevel"]=>
      string(7) "partial"
    }
    ["content"]=>
    array(2) {
      ["value"]=>
      string(398) "... no exception. A recent article published onWebomedia.com entitled Cloud Computing Security Challenges,indicates that when it comes to cloud computing security, schoolsneed to consider data protection, user authentication and databreaches. By implementing a cloud computing strategy, schools maybe placing their critical data in the hands of a third party ..."
      ["matchLevel"]=>
      string(7) "partial"
    }
  }
  ["_highlightResult"]=>
  array(4) {
    ["title"]=>
    array(4) {
      ["value"]=>
      string(57) "What the cloud really means for schools"
      ["matchLevel"]=>
      string(7) "partial"
      ["fullyHighlighted"]=>
      bool(false)
      ["matchedWords"]=>
      array(2) {
        [0]=>
        string(5) "means"
        [1]=>
        string(7) "schools"
      }
    }
    ["excerpt"]=>
    array(4) {
      ["value"]=>
      string(447) "The cloud has changed the way in which schools operate and manage information. It offers potential cost-savings for schools as well as enhancing the mobility and flexibility offered by e-learning. Yet many teachers are unclear what computing in the ‘cloud’ really means. Ian Skeels highlights the numerous benefits of cloud computing for schools as well as the challenges and issues that can be encountered."
      ["matchLevel"]=>
      string(7) "partial"
      ["fullyHighlighted"]=>
      bool(false)
      ["matchedWords"]=>
      array(2) {
        [0]=>
        string(5) "means"
        [1]=>
        string(7) "schools"
      }
    }
    ["content"]=>
    array(4) {
      ["value"]=>
      string(3748) "month’sfeaturese-learning UPDATE n www.teachingtimes.comEqually, it is hard to talk about schools using cloud basedsystems without mentioning the challenges or issues they encounter,particularly in the early stages.  In turn, it is difficult to discuss theseissues without first looking at the overriding issue of safety.Safety and securityNothing on the internet is completely secure. Every onlineresource is open to compromise, viruses, and hack-attacks; cloudbased resources are no exception. A recent article published onWebomedia.com entitled Cloud Computing Security Challenges,indicates that when it comes to cloud computing security, schoolsneed to consider data protection, user authentication and databreaches. By implementing a cloud computing strategy, schools maybe placing their critical data in the hands of a third party, so theyneed to ensure it is secure when it is being stored and when it is beingtransferred. Ensuring that this data is encrypted is key, and often thisresponsibility will fall on the school itself. In addition, data stored inthe cloud needs to be accessible only by those authorised to do so,therefore schools also need to ensure that their cloud provider hastaken all the necessary security measures to protect their data andaccess to it.The same article highlights that ‘cloud resources are also atthe risk of having data compromised due to a security breach ortemporarily made unavailable due to a natural disaster’, therefore itis important for schools to know ‘what measures their service providerwill be taking to ensure the integrity and availability of that datashould the unexpected occur’. A contingency plan to retrieve the dataand move it to a new service provider or non-cloud based strategyshould also be in place to prepare for any worst case scenarios.Inadequate infrastructure and supportToday it seems that we’re constantly hearing talk about super-fastbroadband and instant access to any online resource; certainly,there is great cloud-based education software available to schools,however, many lack the hardware or bandwidth to make themwork.  Smaller schools in rural areas are often struggling with 2Mbitconnections shared across the whole site, which makes using anycloud-based service a potential challenge.Ultimately, when you place your key data in the cloud, it meansyou have to be able to rely on your connection. Before consideringcloud computing, schools can refer to a really useful free guide fromWebanywhere to check if their internet connection is fit for purpose,8 Steps to meet Government advice on school broadband services(http://bit.ly/1bLu5g0).IT staffing implicationsIt’s no secret that due to increasing workloads, many teachers don’thave the time to immerse themselves and get up to speed withcontinuously evolving technologies. Therefore, it is fair to say thatwhen it comes to the elusive ‘cloud’, schools may need to investin training for their current staff to ensure they are fully supportedand confident in using it. Not only this, but schools will also needto discern the implications of the cloud for the skills and experiencerequired by IT staff going forward; they will need to assume a varietyof perspectives and expertise in areas they may currently lack, whichagain, may prove costly.So there you have it, the pros and cons of cloud computing forschools in a nutshell. The benefits are numerous, but that isn’t to saythat cloud computing is without its challenges and issues.Ian Skeels, managing director at Point2Schoolhttp://www.teachingtimes.comhttp://bit.ly/1bLu5g0"
      ["matchLevel"]=>
      string(7) "partial"
      ["fullyHighlighted"]=>
      bool(false)
      ["matchedWords"]=>
      array(3) {
        [0]=>
        string(4) "data"
        [1]=>
        string(10) "protection"
        [2]=>
        string(7) "schools"
      }
    }
    ["categories"]=>
    array(1) {
      [0]=>
      array(3) {
        ["value"]=>
        string(16) "Digital Learning"
        ["matchLevel"]=>
        string(4) "none"
        ["matchedWords"]=>
        array(0) {
        }
      }
    }
  }
}

Digital Learning

What the cloud really means for schools

10 Feb 2015

array(8) {
  ["distinct_key"]=>
  string(10) "post#41811"
  ["title"]=>
  string(39) "What the cloud really means for schools"
  ["categories"]=>
  array(1) {
    [0]=>
    string(16) "Digital Learning"
  }
  ["url"]=>
  string(70) "https://www.teachingtimes.com/what-the-cloud-really-means-for-schools/"
  ["post_date_timestamp"]=>
  int(1409156563)
  ["objectID"]=>
  string(12) "post-41811-0"
  ["_snippetResult"]=>
  array(2) {
    ["excerpt"]=>
    array(2) {
      ["value"]=>
      string(154) "Ian Skeels highlights the numerous benefits of cloud computing for schools, but also flags up the challenges and issues that can be encountered.
"
      ["matchLevel"]=>
      string(7) "partial"
    }
    ["content"]=>
    array(2) {
      ["value"]=>
      string(403) "... no exception. A recent article published onWebomedia.com entitled ‘Cloud Computing Security Challenges’,indicates that when it comes to cloud computing security, schoolsneed to consider data protection, user authentication and databreaches.By implementing a cloud computing strategy, schools may beplacing their critical data in the hands of a third party ..."
      ["matchLevel"]=>
      string(7) "partial"
    }
  }
  ["_highlightResult"]=>
  array(4) {
    ["title"]=>
    array(4) {
      ["value"]=>
      string(57) "What the cloud really means for schools"
      ["matchLevel"]=>
      string(7) "partial"
      ["fullyHighlighted"]=>
      bool(false)
      ["matchedWords"]=>
      array(2) {
        [0]=>
        string(5) "means"
        [1]=>
        string(7) "schools"
      }
    }
    ["excerpt"]=>
    array(4) {
      ["value"]=>
      string(154) "Ian Skeels highlights the numerous benefits of cloud computing for schools, but also flags up the challenges and issues that can be encountered.
"
      ["matchLevel"]=>
      string(7) "partial"
      ["fullyHighlighted"]=>
      bool(false)
      ["matchedWords"]=>
      array(1) {
        [0]=>
        string(7) "schools"
      }
    }
    ["content"]=>
    array(4) {
      ["value"]=>
      string(5770) "This month’sfeaturesWhat the cloud reallymeans for schoolsIt is easy to see why many people favour online shopping over in-storeshopping; it’s incredibly convenient, it saves time, and often thereare better deals to be made. And while it is probably safe to say thatnowadays, most people are familiar with online shopping, sourcingservices from ‘the cloud’ may be less familiar territory for many. Teachers,senior leadership teams, governors or anyone making purchases onbehalf of their school are no different. Here, Ian Skeels highlights thenumerous benefits of cloud computing for schools, but also flags up thechallenges and issues that can be encountered.Cloud computing, which has become one of the most talked about solutions on theeducation scene, refers to applications and services offered over the Internet. Theseservices, which could include networks, applications, storage and servers, are offered fromdata centres across the world and are collectively referred to as the ‘cloud’.Working “in the cloud” means that your files are stored (and often created) in the cloud, rather than onthe computer where the file was originally created. A program (for example, for word processing) runssimultaneously on numerous connected computers. The program software and user data are stored on remoteservers. Any networked client device (i.e., a tablet) can access the program through a browser or app.http://www.teachingtimes.comThis month’sfeaturesThe ProsThe biggest benefit has to be the flexibility cloud computing givesschools.Rental option: Access to the newest resources whilesavingThe ‘renting versus buying’ debate is a common one when it comesto property, with many of us led to believe that ‘buying is best’, andthat renting a property is money down the drain. However, sometimesit definitely is better to rent than to buy, a concept that is pertinentwithin the education sector, particularly when it comes to ICT anddigital resources, educational software and content.A typical online ‘shopping mall’ service for primary andsecondary schools gives teachers and learners access to a richrange of multimedia educational content on a rental and subscriptionbasis. So, rather than buying digital content outright, which will soonbe succeeded by newer versions, schools can rent content for a setamount of time from this cloud-based system. This means insteadof using their software budget for the year to buy one or two titles,teachers can rent a wide selection of software for a fraction of thecost, ploughing the savings into other areas. Resources can then beused on an as-and-when-needed basis, instead of sitting on a shelfsomewhere waiting to be installed.Greater choice with no commitmentWith traditional software packages, schools are stuck with theirpurchasing decisions, even when the programme becomes outdatedand obsolete. Conversely, cloud computing services can be turnedon and off, meaning schools can scale and flex services as they areneeded and they don’t have to pay for resources they aren’t using,and therefore, don’t have to worry about expenditure wastage.Innovative educators wanting to try out something new can do sowithout having to tie themselves into long contracts.Implementing cloud-based systems also means that these sameeducators no longer need to wait for delivery and installation whichtraditionally could take weeks; installation can be done quickly andeasily with very little down time, allowing schools to meet the rapidlychanging software requirements for both today and tomorrow’steachers and learners.Anywhere, anytime learningAccording to a report by the Department for Education (DfE) lastyear, students who spend time each night on homework are farmore likely to achieve better results in school. Cloud-based systemsfacilitate learning outside the classroom walls; they enable teachers http://www.teachingtimes.comThis month’sfeaturesto use digital content as part of students’ homework tasks so they cancontinue the learning process at home.In addition, using a cloud-based system at home supports 21stcentury parents in better engaging with their children and takinga more active interest in their schooling, because it facilitatesengagement on their terms and in a format that they are familiar withand favour: via technology.Equally, it is hard to talk about schools using cloud-basedsystems without mentioning the challenges or issues they encounter,particularly in the early stages.  In turn, is difficult to discuss theseissues without first looking at the overriding issue of safety.The ConsSafety and securityNothing on the Internet is completely secure. Every onlineresource is open to compromise, viruses, and hack-attacks; cloud-based resources are no exception. A recent article published onWebomedia.com entitled ‘Cloud Computing Security Challenges’,indicates that when it comes to cloud computing security, schoolsneed to consider data protection, user authentication and databreaches.By implementing a cloud computing strategy, schools may beplacing their critical data in the hands of a third party, so they needto ensure it is secure when it is being stored and when it is beingtransferred. Ensuring that this data is encrypted is key, and often thisresponsibility will fall on the school itself.In addition, data stored in the cloud needs to be accessible onlyby those authorised to do so, therefore schools also need to ensurethat their cloud provider has taken all the necessary security measuresto protect their data and access to it.The same article highlights that ‘cloud"
      ["matchLevel"]=>
      string(4) "full"
      ["fullyHighlighted"]=>
      bool(false)
      ["matchedWords"]=>
      array(4) {
        [0]=>
        string(4) "data"
        [1]=>
        string(10) "protection"
        [2]=>
        string(5) "means"
        [3]=>
        string(7) "schools"
      }
    }
    ["categories"]=>
    array(1) {
      [0]=>
      array(3) {
        ["value"]=>
        string(16) "Digital Learning"
        ["matchLevel"]=>
        string(4) "none"
        ["matchedWords"]=>
        array(0) {
        }
      }
    }
  }
}

Digital Learning

What the cloud really means for schools

27 Aug 2014