Data security in schools

Listening to the news this morning, my attention was grabbed by the Information Commissioner, on the subject of data security, as he said "Data is being stolen too easily. Laptops, containing personal information and databases, being stolen when they are taken outside of the workplace without proper data encryption."

This issue also affects schools, although today it's a relief that we haven't had a high profile incident. Many teachers have laptops that they use in school and take home for preparation and marking. And if you take a look at the data on them, you'll find some limited data, typically marks and assessments in a spreadsheet, class lists, and perhaps parental contact lists left over from the last trip. However on many laptops you'll find some extremely sensitive information, such as pupils' special needs statement and IEPs. This is exactly the kind of information which you would want to safeguard.

And on some laptops, in some schools, you'll find copies of the entire pupil database, with lots of detail, including home addresses and contact details etc. Typically these will be on the laptops of the Leadership team, but in some schools, all teachers may have a copy of the database for their classes.

So what should you do?

1) Do a quick review.

Take a look at a couple of laptops to assess what kind of data are being taken out of school. Maybe a typical classroom teacher's and perhaps (if you're brave!) take a look at the data on the SENCO's laptop and whoever in the leadership team is responsible for timetabling and assessment. The databases they are using for that are probably at the extreme end of the scale!

2) Ensure you have some basic security requirements covered

Start with the basics, for example: What is your password policy and is it being kept to?

Take a look at our Security Tools and Resources guide on the UK Education website, which includes a link to the Security Risk Management Guide on TechNet.

This guide helps you to plan, build, and maintain a successful security risk management program. In a four phase process, the guide explains how to conduct each phase of a risk management program and how to build an ongoing process to measure and drive security risks to an acceptable level. The guide is technology agnostic and references many industry accepted standards for managing security risk.

3) Plan your next move

When you move to Windows Vista, plan to implement BitLocker Drive Encryption included within Windows Vista Enterprise Edition. This will ensure that all data on your laptops are encrypted to highly secure, government standards. This may be the easiest way to ensure that every bit of data on your laptops remains secure permanently. (Watch the BitLocker video)

Comments (0)

Skip to main content