News

Recently there has been an annual study published by Ponemon Institute (sponsored by Experian) entitled “Is Your Company Ready for a Big Data Breach?”. The study looks at the state of breach preparedness across organisations over a period of a year,

Retention of Child Protection Information is for 25 years from the DOB of the Pupil 

The Education (Pupil Information)(England) Regulations 2005 (SI 2005/1437 states that pupil records should be retained for 25 years from the date of birth of the pupil. 

At Data Protection Education, we are carrying out an ongoing project on assessing potential organisations that our schools are either currently contracted with to supply a product or service, or may in the future be in contract with.

Email is the classic data protection issue - it's not about the system where we store things, it's about the process and how that data is used. So ask yourself, what is the content of the email and what does it relate to?

For most organisations, a lot of thought and care goes into ensuring that when you’re collecting data, you are complying with the relevant data protection legislation- that it’s being collected with consent where required, that you have a lawful basis etc. However,

A recent study conducted by Check Point Research which can be found at the bottom of this article has found that there has been a 29% increase in cyberattacks on organisations in the education sector since 2020, the highest increase of any sector. 

Cyber attacks are on the up, and with the education sector seeing the highest number of cyber attacks of any sector since the start of the pandemic, as well as the highest increase in attacks in that same period

With biometric technology becoming more and more prevalent in society, the governance of the personal data that organisations collect from using this technology has recently been a topic of discussion.

How to share this year’s Nativity play online safety

Schools will have good intentions in wanting to share this year’s Nativity play online. But how do you ensure you do this safely and adhere to the latest data protection regulations? Below is some guidance which will support you in this task.

We will be releasing the Phishing Simulation to all schools over the next three weeks. We are currently finalising scenarios and implementation materials prior to final user testing and release.

The Children’s Code

The first update from the ICO is that the transition year for the introduction of The Children’s Code (also known as The Age Appropriate Design Code) has passed, with the code having come into effect on September 2nd.

Recording staff vaccination data

Firstly, a couple of links as reference...though they don't really tell you the answer - especially the second one which doesn't seem to have been updated post-August 16th:

Schools in Brighton and Hove have received the following Freedom of Information request:

1. Please send me copies/scans/digital files that record individual racist/religious incidents/bullying incidents in terms of numbers of incidents and their

The National Cyber Security Centre has today upgraded it's advice to schools relating to the prevalence of cybers attacks in the sector:

These protocols aim to ensure that online lessons with pupils when working from home, are safe, secure and continue to provide high-quality education using a virtual platform. 

This is guidance for setting up and managing online lessons using the school’s chosen platform ie  Zoom; Google or Microsoft teams.

Users of Class Dojo will recently have noticed that a requirement to provide consent for international data transfers was included to the login screen.

It is a requirement under the Freedom of Information Act and ICO to set out your commitment to making certain classes of information routinely available, such as policies and procedures, minutes of meetings, annual reports and financial information.

Updated 22 March 2021

The ICO gives the following advice when communicating privacy matters to children:

What information should we give to children?

Transparency is about being clear, open and honest with your users about what they can expect from you.

We've had a few questions recently about parents and students recording conversations with members of staff, both covertly or overtly without seeking permission. This article only covers recordings made by external individuals, not organisations or individuals acting on behalf of an organisation.

We know the jargon can be confusing. As can the timelines for responding to the various requests that you receive.

Is it a month? Or 30 days? Are those working days?

So here's a little chart to simplify everything: