News
07/01/08 Are you putting pupil data at risk?
Detailed information on around two million schoolchildren in England is being put at risk by primary school staff taking unprotected data home with them every night.
In the wake of the HM Customs and Revenue data security scandal, new research from RM School Management Solutions suggests almost half (49%) of all 17,300 primary schools in England are backing up their school MIS onto CDs, memory sticks and tapes and taking the copies out of the school, exposing them to loss or theft.
The ‘at-risk’ data is being carried by school managers commuting to and from work and includes names, addresses and birthdates of pupils, contact numbers for parents, details of pupils’ attendance and behaviour, and academic records. Only 1% of survey respondents encrypted the data.
But the head of RM SMS, Paul Grubb, says the blame lies not with the schools, but with the absence of the clear guidance and resources that school staff are given.
Mr Grubb said: “Schools may be acting with the best intentions to preserve children’s records and ensure information is kept up to date, but they risk breaching data protection guidelines by taking such risks with pupil data.
“Unfortunately, the Data Protection Act isn’t clear enough on this issue and so schools are interpreting it and making their own decisions. Following our findings we plan to take the matter up with the Information Commissioner to try and establish clearer guidance for schools.”
The research showed that, in addition to the 49 per cent of schools who allow the data to be taken home by a staff member, a further four per cent (equivalent to around 700 schools) are leaving the sensitive and unprotected data at unsecured locations in the school.
The school management systems used by the majority of schools mean a physical copy of the data onto tape, disc or memory stick is the only “safe” option they have to back up the information.
“This is a potentially dangerous responsibility being placed upon primary schools in particular,” said Paul Grubb.
”They know they have a duty to keep pupil records safe, but the systems that currently exist in most primary schools do not offer the security that is needed, so schools are forced to develop their own solutions.”
Paul Grubb added: “In the absence of effective controls in place with current systems, we have to have alternative ways of managing education information – without extra costs to schools - if we are to keep this data safer than we are at present.
“Suppliers of information systems to schools should be looking seriously at the issues of providing secure remote hosting and exploring ways of doing this without simply charging schools more.”
About IntegrisG2
IntegrisG2 provides local authorities with a centrally hosted and web-delivered system, meaning pupil data from across an authority sits on one secure live database.
The centrally hosted system means software and data are not physically stored in schools or learning centres, but hosted either by the local authority or an approved third party hosting partner. This removes the onus on the school to back-up and store the data, and further eliminates any worry about how to keep this sensitive data secure.