Best Practice Update

 A blue graphic with three children peering over a dark blue banner. The banner has white text that reads "Back to School Basics: Data Protection & Cyber Security." To the left of the text is a stack of school books with a red apple on top. To the right is a laptop displaying a logo with the text "Data Protection Education."

As schools begin to welcome back students, staff and new joiners, the focus is on the new academic year: curriculum planning, safeguarding and operational logistics.  An equally critical and statutory area that demands attention is data protection and cyber security compliance.  Adhering to data protection law isn't just about avoiding fines; it's about protecting sensitive personal data of children, their families and staff.

 A detailed flowchart titled "Accountability Framework" showing how the ICO (Information Commissioner's Office) framework and DfE (Department for Education) Digital Standard Trackers align. The central hub is "Accountability Framework" with ten radiating branches, each representing a key area: Leadership & Oversight, Risk Management, Policies & Procedures, Individual Rights, Response & Enforcement, Monitoring Verification & Reporting, Transparency, Records Management & Security, Contracts & Data Sharing, and Training & Awareness. Each branch connects to a box labeled "DfE Digital Standard Trackers," with several icons and checklist boxes underneath. The bottom of the image lists various tools and resources, including "Best Practice Library," "Retention Schedule," "Phishing simulations," "Risk Register," and "Accountability Tracker," which are all linked to the main framework. The overall image illustrates a comprehensive system for achieving and tracking data protection compliance in an educational setting.

The ICO Accountability Framework is a crucial tool for any organisation handling personal data, providing a structured approach to data protection compliance. When applied to the Department for Education (DfE) Digital Standards, it becomes a powerful mechanism for schools and trusts to ensure their technology and data practices are not only efficient but also legally compliant and secure.

photo of a hand holding a phone with whatsapp on the screen. Beige background and black text: What's up with WhatsApp? Emma Martins, Chief Commissioner of the Data & Marketing Commission and Data Protection Education have teamed together to give you a comprehensive overview of the risks, recent cases and guidelines about using WhatsApp.

📳What's Up with WhatsApp? WhatsApp is a regular theme in relation to SARs, FOI's, data breaches and general use as tickets into our Knowledge Bank platform.  Emma Martins, Chief Commissioner of the Data and Marketing Commission has worked with us to produce some guidance following the recent employment tribunal that was published in relation to a preschool.

AI generated photo of the back of a  computer screen with hands on a keyboard. Blue padlock with white text saying: Not everyone should have access.  White background and black text: The key to protecting sensitive data : least privilege. Recent dismissal case in Nottinghamshire

🚫🔒 Sensitive data requires a higher level of security under UK GDPR because of its potential to cause significant harm to individuals if it is lost, stolen or misused.  A recent case of a teacher losing their job after accessing a safeguarding report and transcribing it to her personal computer highlights the both the importance for least privilege access and continual review of access.

  1. National Honesty Day: Transparency
  2. FOI Request - BBC News
  3. Social Media and Marketing Guidelines and Training
  4. New Governor Resources
  5. Does stress lead to more data breaches?
  6. Are teachers using AI? 83% say its a time-saver
  7. DfE Digital Standards - narrowing the digital divide
  8. Arbor AI - On By Default
  9. DfE Guidance: Choosing a new MIS
  10. HCRG Care Group data breach
  11. The Importance of AI literacy and training staff
  12. Short Guide to AI Video
  13. Safer Internet Day, Cyber Security & Data Protection
  14. The Cyber Resilience Championship
  15. The Multiple Dimensions of Supplier Due Diligence
  16. School shares sensitive pupil information as part of an FOI response
  17. AI (Artificial Intelligence) Best Practice Area & Policy
  18. Blacon High School Cyber Attack
  19. WhatsApp and FOI's: ICO Warnings
  20. New AI Guidance from the DfE
  21. What the proposed Government legislative proposal around cyber crime means
  22. ICO report on AI tools in recruitment
  23. DfE update to record keeping and management
  24. Update to data sharing for school immunisation programmes
  25. Early Years Settings and Cyber Security
  26. SLT Digital Lead Profile
  27. The role of governors in cyber security and data protection
  28. Navigating Privacy at the End of Term , Special Occasions and End of Year
  29. Contracts Register
  30. DfE Digital Standards Autumn Update
  31. The importance of knowing how to access your CCTV footage!
  32. Cyber Attack on a Special School
  33. Stealing children's data
  34. What is dark data? (and why does it matter?)
  35. Ofqual highlights the value of cyber security training in schools
  36. Searching for data when you receive a Subject Access Request
  37. Fylde Coast Academy Trust Cyber Attack This Week
  38. Calling all IT leads in schools and mult academy trusts!
  39. Ransomware cyber attack on a school in Bromley
  40. Join Our Social Media Family!
  41. School hit by Cyber Attack
  42. Cyber Security Best Practice Area
  43. DfE Digital Standards for Schools and Colleges Tracker
  44. New Policies, Documents, Letters and Posters page
  45. Schools and Trusts Best Practice Area
  46. The DPE Retention Schedule
  47. Making the Rounds Update (now includes reporting)
  48. ESFA Cyber Essentials Requirement for Colleges from 2024/2025
  49. ICO Reprimands a School
  50. Out of date technology
  51. Data Retention and the Pupil File
  52. Have you assigned your SLT Digital Lead yet?
  53. Getting Started with AI (Artificial Intelligence)
  54. Cyber attack on a school during half term
  55. The rise of cyber attacks in schools are causing pupils to miss classes
  56. ICO: Learning from the mistakes of others report
  57. Cyber attack on a Trust; the aftermath
  58. School Focus: The Vale Federation | Aylesbury
  59. DfE Dealing with Subject Access Requests (SARs) Guidance
  60. Update to the Guidance on Information Sharing from the DfE
  61. FOI Requests generated by Artificial Intelligence
  62. Social Media Best Practice Area
  63. Lettings Best Practice Area
  64. MFA Bombing - What is it?
  65. Protecting your Social Media Accounts
  66. Checklists - Are They Your Most Powerful Compliance Tool?
  67. Product Focus on Checklists : Initial Trust Plan
  68. Product Focus on Checklists : End of Term Checklist
  69. Product Focus on Checklists : Information and Cyber Security
  70. Product Focus on Checklists : Social Media
  71. Product Focus on Checklists : Lettings
  72. Product Focus on Checklists : Record of Processing
  73. Milk Island: The secret location that allows children to view restricted content on Google Maps
  74. Why Data Should Stay Put: Benefits of Keeping Data in Its Original System
  75. Product Focus on Checklists : Data Retention and Destruction
  76. Product Focus on Checklists : Data Migration
  77. Product Focus on Checklists : Biometrics
  78. Product Focus on Checklists : Supplier Due Diligence
  79. Free Cyber help, advice and training with the Cyber Resilience Centres
  80. The Perils of Paper: The Printing Vulnerability
  81. Product Focus on Checklists : FOI
  82. Product Focus on Checklists : Governors and Data
  83. Product Focus on Checklists : DPIA
  84. Product Focus on Checklists : Site Moves
  85. Product Focus on Checklists : Data Breaches
  86. Product Focus on Checklists : Subject Access Requests
  87. Product Focus on Checklists : Bring your own device
  88. Product Focus on Checklists : Working out of school/offsite
  89. Cyber Attack on a School
  90. Product Focus on Checklists : Redaction
  91. Why Due Diligence is Important: Fake apps
  92. Product Focus on Checklists : CCTV
  93. Product Focus on Checklists : Clear desk
  94. Product Focus on Checklists : Commitment to compliance
  95. Product Focus on Checklists : Photos and video
  96. Product Focus on Checklists : Passwords
  97. Product Focus on Checklists : Information Classification
  98. Free cyber training for staff
  99. DfE Digital Standards Update
  100. The Mother of all Breaches
  101. International Data Transfers (part 1): Navigating Cross-Border Data Transfers: Understanding EU SCCs, UK Addendum, and UK IDTA
  102. ClassCharts Possible Data Breach
  103. Where is your data stored?
  104. IAPP looks at AI privacy risks
  105. If you suspect a financial scam .....
  106. School Focus: St Bernadette's Catholic Primary School | Brighton
  107. Guardians of Privacy: 16. Social Media Checklist
  108. Guardians of Privacy: 15. Navigating Social Media in Educational Settings Summary
  109. Guardians of Privacy: 14. Social Media and Cyber Bullying
  110. Guardians of Privacy: 13. Social Media, Copyright and Intellectual Property
  111. Guardians of Privacy: 12. Social Media and Going Viral
  112. Guardians of Privacy: 11. Staff Social Media Accounts
  113. Guardians of Privacy: 10. Social Media and Cookies
  114. Guardians of Privacy: 9. Social Media and Morality
  115. New Resources for Schools from the ICO
  116. Guardians of Privacy: 8. Social Media Policies
  117. Guardians of Privacy: 7. Social Media Data Retention
  118. Guardians of Privacy: 6. Posting Safely
  119. Guardians of Privacy: 5. Social Media and Consent
  120. Guardians of Privacy: 4. Social Media Access Control
  121. Guardians of Privacy: 3. Social Media Channels
  122. Guardians of Privacy: 2. Law and Regulations
  123. The ICO reprimands a Multi Academy Trust
  124. Guidance for the use of school email and applying email retention in schools
  125. Data Protection Tips for Early Years Settings
  126. Children's Privacy around the world is a puzzle
  127. Trust Initial Plan Checklist Update
  128. Records Management Best Practice Update
  129. What do I need to redact?
  130. Trust Initial Plan for Data Protection Compliance (for Multi Academy Trusts)
  131. Google for Education Resources: Helping IT Admins meet DfE digital and technology standards
  132. Lettings Best Practice and Guidance
  133. Considerations when migrating to a new MIS
  134. Public bodies and sensitive data
  135. Get a DPE Badge for your website!
  136. ICO: 10 Step guide to sharing information to safeguard children
  137. Help after a Cyber Attack/Incident
  138. Data Protection and Cyber Security (Inset Day) Training Ideas
  139. How KCSIE is linked to Cyber Strategy
  140. Handling Freedom of Information Requests the right way
  141. Where's Harry the Hacker?
  142. The ICO Reprimands a school
  143. Redaction Guidelines Updated
  144. Using WhatsApp in Schools
  145. How to contact us for support, subject access requests, data breaches and FOI's
  146. FOI: Reinforced Autoclaved Aerated Concrete
  147. FOI: Henry Jackson Society
  148. FOI: Vaccination Justifications
  149. How the Record of Processing Can Help You
  150. What does a Data Protection Officer Do?
  151. Carrying out Supplier Due Diligence
  152. How Long Should You Keep Personal Data For?
  153. B&H FoI: Racist/religious incidents/bullying
  154. Protocol for Setting Up and Delivery of Online Teaching and Learning
  155. Class Dojo International Data Sharing
  156. Model Publication Scheme: Amendments, Improvements and Updates
  157. Transparency
  158. Research projects and GDPR
  159. Secure file transfer of files using Royal Mail
  160. Emergency contacts and consent
  161. Key elements of a successful DPIA
  162. FOI Publication Schemes
  163. Best Practice for Managing Photos and Video
  164. New Drip Feeds: Recognise and Respond to Subject Access Request
  165. When to contact the Data Protection Officer?
  166. National child measurement programme
  167. Headteacher fined for breach of data protection legislation
  168. Acceptable Use Policy

Search