Information Commissioner issues another undertaking notice to a school for a breach of the data protection act.
Protecting confidential personal data from disclosure is a fundamental legal requirement for many organisations, including schools.
There have been a number of high profile incidents involving schools and other educational establishments in recent times. Here are some notable examples, all of which were issued with undertaking notices by the Information Commissioner committing the organisation to specific course of action in order to ensure compliance with the data protection act.
5 October 2011 - Holly Park School
8 August 2011 - Bay House School
21 April 2011 - Freehold Community School
19 April 2011 - Norwich City College of Further and Higher Education (City College Norwich)
There are a number of tools available to the Information Commissioner’s Office for taking action to change the behaviour of organisations and individuals that collect, use and keep personal information. They include criminal prosecution, non-criminal enforcement and audit.
Information security has always presented a challenge for schools. Schools retain and store significant amounts of personal information covering staff and pupils. Often that data has to be shared with staff or other agencies such as the local authority, health care agencies and others sometimes on a daily basis.
It is therefore no surprise that some schools run into problems and that the Information Commissioner takes such a vigorous role in enforcing and monitoring compliance with the law. The Information Commissioner also has the power to serve a monetary penalty notice on a data controller. These can be up to £500,000 for serious breaches of the Data Protection Act. It may only be a matter of time before a school is fined. Fines will only be imposed where the organisation has seriously contravened the data protection principles and the contravention was of a kind likely to cause substantial damage or substantial distress. For example:
A County Council was fined £100,000 for faxing details of a child abuse case to the wrong recipient. And numerous organisations have been fined for losing laptops containing personal information. Fines for the latter have ranged from £60,000 to £80,000. The loss or theft of a laptop or USB stick seems to be one of the most likely scenarios facing schools.
SWGFL Sophos SafeGuard Enterprise: your central key for data protection
One of the simplest solutions that can be implemented is to encrypt the data on laptops and removable media such as USB sticks. To this end, South West Grid for Learning has gone back to basics and recognising that budgets are tight and time is limited we have done it for you, securing a best-price guarantee on Sophos Data Protection Suite. As well as award-winning encryption protection you also benefit from multi-layered data security combining anti-virus, encryption and data leakage prevention.
We applied the same theory behind procuring your connectivity, buy in bulk, make savings, pass them on to our schools. Simple. Clever.
The centrally managed solution secures data on desktops, laptops and removable media.
Don’t wait for something to go wrong and run the risk of an ICO undertaking or worse, a fine. Take action today. Our prices are the best a school can get anywhere in the UK. £3.95 + VAT per device
is a considerable discount on the List price of £15.13.
The licences are for 3 years
from the date of purchase. Thus £3.95 per licence is fantastic value for money and represents only £1.32 per annum per device over the 3 year period.
Find out more and purchase it here today via our partner Phoenix software, click here
to go there now.