Month: January 2023

Data Privacy Day – a School’s Reflections

Written on 27th January 2023. Posted in News.

This year, for Data Privacy Day, we’ve been reflecting on the journey that our school clients have taken to improve their data protection compliance. We interviewed one of our clients for their reflections on the changes they’ve made to their data protection practice since working with our service.

Q1) Does data protection matter to you? If so, what is it that makes you think this?
Yes, Data protection absolutely does matter. There are guidelines and legalities that apply to all of us, rightly so, and it is our duty to follow, protect and respond to these. Annual training, GDPR updates and getting into good ‘habits’ reminds me on a daily basis why these matter. Data protection can sometimes seem a minefield, however, it is an area where I feel brilliantly supported by the GDPR team so that makes it feel less frightening and more rewarding.

Q2) How do you keep data protection ‘alive’ in your school?
Annual training as well as regular mentions in staff meetings, staff emails and additional training. It is part of the ‘ethos’ of the school. Staff are aware of data breaches and always bring them to me. These are then mentioned in staff meetings as ‘reminders’ to be vigilant.

Q3) Do you feel you have a positive data protection culture where staff are confident and engaged?
I feel like we have a positive culture in school. I make it very clear that as Headteacher I have over-arching responsibility for much of data protection. As a school we encourage an open and positive culture and communicate well together. Staff are aware that they can speak out on breaches without feeling like they are ‘telling’ on each other. I will always mention if I make any data breaches so that staff know that we are ‘in it together’.

Q4) What is it like working with an external Data Protection Officer? What is it like working with the Education Data Hub Team?
I cannot speak highly enough of the support we get from our Data Protection Officer and Education Data Hub team. Responses to queries are always timely and detailed and a phone call is made if something needs to be spoken about in more detail. Information is always clear and concise.

Q5) What is the most important data protection lesson you have learned in recent years? What do you do differently as a result?
We think much more about how we present names / information regarding children, particularly as we have an increasing number of vulnerable children in school. School reports are always collected rather than handed out, displays are not named, and we double check permissions for naming children outside of school with parents etc.

Q6) What would your advice be to other schools regarding data protection?
Don’t go it alone. Develop a positive culture in school around data protection – encourage staff to be curious but don’t frighten them. Encourage open and honest lines of communication.
Above all, if in doubt – ask! Use the highly skilled individuals in the team and your data protection officer to ask for help – I do it all the time! We can’t expect to be experts ourselves so ask the experts instead!

Many thanks to Catherine Robinson at Stonelow Junior School for taking part in this interview.

To find out more about how our Data Protection Service can help your school, please email us on [email protected]

Top Tips for Schools

Written on 27th January 2023. Posted in News.

Data Privacy Day is celebrated on 28^th January every year, so to join in with the celebrations, we asked our schools for their top tips about the importance of Data Protection in schools:

“Don’t go it alone. Develop a positive culture in school around data protection – encourage staff to be curious, but don’t frighten them. Encourage open and honest lines of communication. Above all, if in doubt ask! Use the highly skilled individuals in the EDH team to ask for help – I do it all the time! We can’t expect to be experts ourselves so ask the experts instead!” Catherine Robinson, Stonelow Junior School.

“It MUST be taken seriously. Look at your emails – having a lax attitude about how we receive, respond to and store communication is one of the ways that we could sleepwalk into loads of bother. And stop saving passwords!!” Rebecca Fenby, Hady Primary School.

“The small things matter. Keeping data secure and now only writing what is essential makes a huge difference to the possibility of a data breach and therefore of keeping ourselves and our data protected.” Sarah Bentley, Etwall Primary School.

“Passwords are king. Approach any data with ‘fresh eyes’ and treat all data you handle as if it is your own data.” Tim Cocking, Eckington Camms Primary School.

“The most important lesson for me is around pupil data and safety. Having started my teaching career over 20 years ago, there were many practices I followed because I knew they worked or that was how it was always done! Looking at how easy it was for someone to gain information about a pupil from a book cover or a school tracker made me rethink how information should be presented and shared in school.” Prince Regent Street Trust.

To find out more about how our Data Protection Service can help your school, please email us on [email protected]

A Practical Guide for Schools Cyber Incident Response

Written on 24th January 2023. Posted in News.

…or How to Plan for the Proverbial Hitting the Cyber Fan!

With a noted increase in cyber incidents involving schools since Covid, it is
imperative that schools know how they can prepare A Practical Guide for Schools Cyber Incident Response 3 and protect themselves against a cyber attack.

Data has become big business in the world of crime, and with this there has been a rise in the number of cyber attacks. One of the most powerful tools that hackers use is Social Engineering, which relies on manipulation of the end user into first activating the cyber attack, commonly through phishing, although this is not the only method of infiltration. Educating your school staff on understanding hackers’ tools and tactics can help bolster your schools cyber defences.

In the last six months alone there have been several cyber incidents in schools reported in the media, where personal and special category data has been breached, leaving staff and pupils unable to access school systems. Most recently was an Academy Trust where fourteen schools were affected.

In the event that school cyber defences are breached, it is vitally important to have contingency plans in place to maintain a minimum level of functionality – not only to safeguard pupils and staff, but to also restore the school back to an operational standard. This planning is known as a Cyber Incident Response Plan (CIRP) and should form part of an overall School Continuity Plan (Disaster Recovery Plan) as per the DfE Cyber Security Standards (Oct 2022).

The key to a successful Cyber Incident Response Plan (CIRP) and improvement of the schools cyber resilience is the ownership of it by the Governors and Senior Leadership team. This is outlined by the DfE Cyber Security Standards and National Cyber Security Centre (NCSC) By enforcing the school’s cyber strategy, from the top, a culture of cyber compliance is built.

A robust Cyber Incident Response Plan (CIRP) contains all the information that your school would need to respond to a cyber incident. This includes:

A named Cyber Recovery Team including roles and responsibilities
A list of critical data assets and how long school could function without them
Plans for internal/external communications, including your cyber insurance provider
How to access registers/staff and pupil contact details
Actions log

Understanding your school’s data and where and how it is stored is key to a successful CIRP. Time should be taken to review and risk assess your school information systems, IT infrastructure, and policies and procedures relating to these as part of an ongoing Cyber Resilience cycle. This enables informed decisions to be made and a formal digital strategy to be developed as part of ongoing school improvements. The DfE Digital and Technology Standards in Schools and Colleges should form a basis for this.

If technology isn’t your bag, or the busy school environment consumes your time, contact us at Education Data Hub on [email protected] to find out how our Cyber Ready Project can help you.

Becca De Ville, Service Manager for our Cyber Security for Education Team, will be speaking at the GDPRiS Conference in Bristol and London about cyber response planning for schools.

Cyber Safe Schools

Written on 20th January 2023. Posted in News.

Our thanks go out to Ian Hickling, National Coordinator of Police CyberAlarm and Sam Hancock, Cyber Protect Officer for Derbyshire Constabulary for contributing to a successful IT Provider Round Table meeting on Tuesday 17th Jan. They both took time out of their incredibly busy schedules to attend and it was much appreciated.

Sam explained exactly what her busy role within Derbyshire Police entailed and how that translated into fantastic cyber security and online safety support for our schools, while Ian spoke about the benefits of registering for Police CyberAlarm before taking questions from IT Providers in attendance, which made for a really interesting and informative session.

Education Data Hub aim to hold these Round Table discussions every half term. They are designed to be supportive, informative, and collaborative, and bring together school IT suppliers to discuss the challenges of working in and around schools, and the security and privacy issues that impact the education sector. It provides a chance for School IT Providers to advise us of any concerns they may have and to discuss how we can work together to ensure children are kept safe in a digital world, as well as providing updates on Education Data Hub projects.

We are aiming to hold our next RoundTable meeting in March 2023 and will endeavour to have relevant guests in attendance. If you are a schools IT Solution Provider, or think you could add value as a guest contributor and would like to attend, please register your interest by completing this short form or email us on [email protected] if you would like to discuss anything raised in this article.

You can find out how we are helping schools improve cyber resilience in our article Meeting the New DfE Cyber Security Standards for Schools – Education Data Hub

Samantha Hancock, Cyber Protect Officer for Derbyshire Police is available to contact on [email protected]

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.