People are definitely getting concerned about the need to secure data in schools. On Tuesday, in the "When too much security means less security" post I mentioned that there are new stricter penalties faced by organisations for losing/disclosing personal data, with fines up to £500,000. And there has been some discussion about the need for encryption of teachers’ laptops on the EduGeek website.
One of the issues that I’ve found is that some head teachers believe that it is fundamentally an IT problem – and therefore the network manager gets given ownership for it. However, it really needs addressing at a whole-school level (and the IT team can arrive as the heroes who can provide a solution to the problem).
But how do you get Information Security onto the senior leadership team’s agenda?
Last week’s TES might help. When you get into school on Monday, grab it (dated Friday 9th April) and make sure the SMT see the article on page 11:
Schools face £500k fine for data lapses
Penalties increase 100-fold for worst transgressions
Schools have been warned to check procedures for protecting pupil data after the information watchdog was given powers to issue fines of up to £500,000.
The Information Commissioner's Office (ICO), previously only able to issue fines of up to £5,000, is planning to punish organisations which mislay or misuse sensitive personal information.
Although most high-profile data losses reported so far have been from government organisations, headteachers have been warned to ensure their policies are watertight.
And the very next thing you’ll want the SMT to read is Becta’s “Data handling security guidance for schools”
There’s plenty of supporting information on this blog on strategies and actions for protecting your data – start at the Information Security article for help.
Probably the very first step to take is to ensure that all of your file servers are kept in locked room.
The second is to make sure that your teachers’ laptops have encrypted drives, and that your staff use encrypted USB memory sticks for any sensitive data.
If you’re one of the many schools that already buys your Microsoft software under a subscription agreement (such as School Agreement or SESP) then you’re already licensed for Windows 7 Enterprise – which comes complete with BitLocker (allowing you to easily, safely, and invisibly encrypt every teachers laptop) and BitLocker To Go (which allows you to encrypt any USB memory stick). I think implementing this gets you a long way towards to meeting the guidelines (without any additional cost!)