Best Practice Update

AI Due Diligence: DfE Standard announced. Generative AI safety standards in education.

The DfE previously issued training and guidance about the use of AI in Education - this has now changed to standards.  Standards define minimum requirements that must be met, whereas a guideline offers recommended best practice or advice. The standards outline the safety standards that generative AI products and systems should meet to be used in educational settings.

Image of two CCTV cameras and text: ' CCTV Policy Update'

We've updated the CCTV policy to consider the requirements of retention, especially over the summer holiday.

There may be situations where at the start of a summer holiday a subject access request comes in for CCTV footage - but there are no resources available in school to stop the footage from being deleted under the regular retention schedule. 

Therefore, where organisations are unable to access and retrieve this footage over the holidays, we recommend extending the retention period to cover the time from the earliest footage under the normal retention period (e.g. 15 days prior) to ensure this footage is still available when the request will be dealt with after the summer holidays.

This avoid situations where footage is deleted after a request has been submitted. 

See CCTV Best Practice Area for the template (v1.5).

 A dark image with the word "FRAUD" in white lettering on a black background, with a magnifying glass over the F. Below "FRAUD" are the words "Awareness" in orange text. In the bottom-left corner, a person in a black hoodie and a white mask holds a phone and has a finger to their lips in a shushing gesture. In the bottom-right corner is a circular logo for "Data Protection Officer" with the website "dataprotection.law/education".

Given the Public Sector Fraud Authority estimates that every year between £39.9 billion and £58.5 billion of taxpayer's money is subject to fraud and error, it's no wonder the UK Government has published some guidance about fraud awareness.

  1. Back to School Basics for Data Protection and Cyber Security Compliance
  2. Building a Secure School: Using the ICO Accountability Framework to Meet DfE Digital Standards
  3. Why Physical and Data Security Must Go Hand-In-Hand
  4. Digital Safeguarding: DfE announces statutory DfE Digital Standards
  5. The Data Protection Lead/Champion Role
  6. Changes to the Academy Trust Handbook 2025
  7. Social Media Day 2025
  8. How Ofsted looks at AI during inspection and regulation
  9. Preschool Employment tribunal for the use of WhatsApp
  10. Data Breaches 2025 Report Highlights
  11. Not everyone needs access: The Key to Protecting Sensitive Data
  12. West Lothian Schools in Cyber Attack
  13. National Honesty Day: Transparency
  14. FOI Request - BBC News
  15. Social Media and Marketing Guidelines and Training
  16. New Governor Resources
  17. Does stress lead to more data breaches?
  18. Are teachers using AI? 83% say its a time-saver
  19. DfE Digital Standards - narrowing the digital divide
  20. Arbor AI - On By Default
  21. DfE Guidance: Choosing a new MIS
  22. HCRG Care Group data breach
  23. The Importance of AI literacy and training staff
  24. Short Guide to AI Video
  25. Safer Internet Day, Cyber Security & Data Protection
  26. The Cyber Resilience Championship
  27. The Multiple Dimensions of Supplier Due Diligence
  28. School shares sensitive pupil information as part of an FOI response
  29. AI (Artificial Intelligence) Best Practice Area & Policy
  30. Blacon High School Cyber Attack
  31. WhatsApp and FOI's: ICO Warnings
  32. New AI Guidance from the DfE
  33. What the proposed Government legislative proposal around cyber crime means
  34. ICO report on AI tools in recruitment
  35. DfE update to record keeping and management
  36. Update to data sharing for school immunisation programmes
  37. Early Years Settings and Cyber Security
  38. SLT Digital Lead Profile
  39. The role of governors in cyber security and data protection
  40. Navigating Privacy at the End of Term , Special Occasions and End of Year
  41. Contracts Register
  42. DfE Digital Standards Autumn Update
  43. The importance of knowing how to access your CCTV footage!
  44. Cyber Attack on a Special School
  45. Stealing children's data
  46. What is dark data? (and why does it matter?)
  47. Ofqual highlights the value of cyber security training in schools
  48. Searching for data when you receive a Subject Access Request
  49. Fylde Coast Academy Trust Cyber Attack This Week
  50. Calling all IT leads in schools and mult academy trusts!
  51. Ransomware cyber attack on a school in Bromley
  52. Join Our Social Media Family!
  53. School hit by Cyber Attack
  54. Cyber Security Best Practice Area
  55. DfE Digital Standards for Schools and Colleges Tracker
  56. New Policies, Documents, Letters and Posters page
  57. Schools and Trusts Best Practice Area
  58. The DPE Retention Schedule
  59. Making the Rounds Update (now includes reporting)
  60. ESFA Cyber Essentials Requirement for Colleges from 2024/2025
  61. ICO Reprimands a School
  62. Out of date technology
  63. Data Retention and the Pupil File
  64. Have you assigned your SLT Digital Lead yet?
  65. Getting Started with AI (Artificial Intelligence)
  66. Cyber attack on a school during half term
  67. The rise of cyber attacks in schools are causing pupils to miss classes
  68. ICO: Learning from the mistakes of others report
  69. Cyber attack on a Trust; the aftermath
  70. School Focus: The Vale Federation | Aylesbury
  71. DfE Dealing with Subject Access Requests (SARs) Guidance
  72. Update to the Guidance on Information Sharing from the DfE
  73. FOI Requests generated by Artificial Intelligence
  74. Social Media Best Practice Area
  75. Lettings Best Practice Area
  76. MFA Bombing - What is it?
  77. Protecting your Social Media Accounts
  78. Checklists - Are They Your Most Powerful Compliance Tool?
  79. Product Focus on Checklists : Initial Trust Plan
  80. Product Focus on Checklists : End of Term Checklist
  81. Product Focus on Checklists : Information and Cyber Security
  82. Product Focus on Checklists : Social Media
  83. Product Focus on Checklists : Lettings
  84. Product Focus on Checklists : Record of Processing
  85. Milk Island: The secret location that allows children to view restricted content on Google Maps
  86. Why Data Should Stay Put: Benefits of Keeping Data in Its Original System
  87. Product Focus on Checklists : Data Retention and Destruction
  88. Product Focus on Checklists : Data Migration
  89. Product Focus on Checklists : Biometrics
  90. Product Focus on Checklists : Supplier Due Diligence
  91. Free Cyber help, advice and training with the Cyber Resilience Centres
  92. The Perils of Paper: The Printing Vulnerability
  93. Product Focus on Checklists : FOI
  94. Product Focus on Checklists : Governors and Data
  95. Product Focus on Checklists : DPIA
  96. Product Focus on Checklists : Site Moves
  97. Product Focus on Checklists : Data Breaches
  98. Product Focus on Checklists : Subject Access Requests
  99. Product Focus on Checklists : Bring your own device
  100. Product Focus on Checklists : Working out of school/offsite
  101. Cyber Attack on a School
  102. Product Focus on Checklists : Redaction
  103. Why Due Diligence is Important: Fake apps
  104. Product Focus on Checklists : CCTV
  105. Product Focus on Checklists : Clear desk
  106. Product Focus on Checklists : Commitment to compliance
  107. Product Focus on Checklists : Photos and video
  108. Product Focus on Checklists : Passwords
  109. Product Focus on Checklists : Information Classification
  110. Free cyber training for staff
  111. DfE Digital Standards Update
  112. The Mother of all Breaches
  113. International Data Transfers (part 1): Navigating Cross-Border Data Transfers: Understanding EU SCCs, UK Addendum, and UK IDTA
  114. ClassCharts Possible Data Breach
  115. Where is your data stored?
  116. IAPP looks at AI privacy risks
  117. If you suspect a financial scam .....
  118. School Focus: St Bernadette's Catholic Primary School | Brighton
  119. Guardians of Privacy: 16. Social Media Checklist
  120. Guardians of Privacy: 15. Navigating Social Media in Educational Settings Summary
  121. Guardians of Privacy: 14. Social Media and Cyber Bullying
  122. Guardians of Privacy: 13. Social Media, Copyright and Intellectual Property
  123. Guardians of Privacy: 12. Social Media and Going Viral
  124. Guardians of Privacy: 11. Staff Social Media Accounts
  125. Guardians of Privacy: 10. Social Media and Cookies
  126. Guardians of Privacy: 9. Social Media and Morality
  127. New Resources for Schools from the ICO
  128. Guardians of Privacy: 8. Social Media Policies
  129. Guardians of Privacy: 7. Social Media Data Retention
  130. Guardians of Privacy: 6. Posting Safely
  131. Guardians of Privacy: 5. Social Media and Consent
  132. Guardians of Privacy: 4. Social Media Access Control
  133. Guardians of Privacy: 3. Social Media Channels
  134. Guardians of Privacy: 2. Law and Regulations
  135. The ICO reprimands a Multi Academy Trust
  136. Guidance for the use of school email and applying email retention in schools
  137. Data Protection Tips for Early Years Settings
  138. Children's Privacy around the world is a puzzle
  139. Trust Initial Plan Checklist Update
  140. Records Management Best Practice Update
  141. What do I need to redact?
  142. Trust Initial Plan for Data Protection Compliance (for Multi Academy Trusts)
  143. Google for Education Resources: Helping IT Admins meet DfE digital and technology standards
  144. Lettings Best Practice and Guidance
  145. Considerations when migrating to a new MIS
  146. Public bodies and sensitive data
  147. Get a DPE Badge for your website!
  148. ICO: 10 Step guide to sharing information to safeguard children
  149. Help after a Cyber Attack/Incident
  150. Data Protection and Cyber Security (Inset Day) Training Ideas
  151. How KCSIE is linked to Cyber Strategy
  152. Handling Freedom of Information Requests the right way
  153. Where's Harry the Hacker?
  154. The ICO Reprimands a school
  155. Redaction Guidelines Updated
  156. Using WhatsApp in Schools
  157. How to contact us for support, subject access requests, data breaches and FOI's
  158. FOI: Reinforced Autoclaved Aerated Concrete
  159. FOI: Henry Jackson Society
  160. FOI: Vaccination Justifications
  161. How the Record of Processing Can Help You
  162. What does a Data Protection Officer Do?
  163. Carrying out Supplier Due Diligence
  164. How Long Should You Keep Personal Data For?
  165. B&H FoI: Racist/religious incidents/bullying
  166. Protocol for Setting Up and Delivery of Online Teaching and Learning
  167. Class Dojo International Data Sharing
  168. Model Publication Scheme: Amendments, Improvements and Updates
  169. Transparency
  170. Research projects and GDPR
  171. Secure file transfer of files using Royal Mail
  172. Emergency contacts and consent
  173. Key elements of a successful DPIA
  174. FOI Publication Schemes
  175. Best Practice for Managing Photos and Video
  176. New Drip Feeds: Recognise and Respond to Subject Access Request
  177. When to contact the Data Protection Officer?
  178. National child measurement programme
  179. Headteacher fined for breach of data protection legislation
  180. Acceptable Use Policy

Search