Data handling security guidance for schools
We have published a series of good practice guides to help your school to secure sensitive and personal data that you hold on learners, staff and other individuals.
The Data Protection Act 1998 requires all organisations to secure any personal data they hold. This covers data held both electronically and on paper.
Personal data is any combination of data items that identifies an individual and gives specific information about them, their families or circumstances. This includes names, contact details, gender, dates of birth, behaviour and assessment records. The Data Protection Act 1998 specifies additional data items as ‘sensitive personal data’, this includes medical records, criminal convictions and ethnic origin.
Revised good practice guides
Produced by Becta on behalf of the Department for Children, Schools and Families, these revised good practice guides have been reviewed and updated with feedback from a number of cross-sector organisations including the Department for Children, Schools and families (DCSF), Department for Business, Innovation and Skills (BIS), Joint Information Systems Committee (JISC) Legal, The Information Authority and JANET (UK), as well as from schools, local authorities, regional broadband consortia and suppliers.
We have based our guides on the measures contained in the following Cabinet Office documents:
These set out the measures central government departments and their agencies must adopt to protect sensitive and personal data. Becta’s guides are a practical interpretation of these measures that should be considered by schools, colleges and universities to help minimise the risk of data being lost or corrupted and any subsequent adverse consequences such as identity theft, news headlines or breaches of statutory/legal obligations.
Information Security is everyone's responsibility and needs to be embedded into culture and ways of working, therefore, we encourage you to contribute to discuss data handling and information security and to feedback on these guides by joining our online community.
Keeping data secure, safe and legal
This is a summary document for network managers, senior leaders or staff with a responsibility for securing data. It outlines the key measures organisations should adopt.
Dos and Don’ts
This is a common sense guide that senior leaders can make available to staff to ensure everyone within an organisation knows how they should be helping keep data secure.
The following documents are more technical good practice guides for network managers and those responsible for implementing technical solutions. Each guide gives details of the measures organisations should adopt together with starting points for putting the measure in place.
Information risk management and protective markings
Information risk management and protective markings (Word 224KB)
Information risk management and protective markings (PDF 134KB)
Information risk management and protective markings (OpenDocument text format 81KB)
Audit logging and incident handling
Secure remote access
These guides describe procedures and possible technical and operational solutions that can help organisations reduce the risks of data security incidents and comply with current legislation. They are not definitive and may not cover the full range of technologies, products and procedures organisations can use to secure data, but are indicative of the types of solutions that should be put in place. Becta will update these guides to reflect new developments when needed.
Join our online community to discuss information handling and the good practice guides.
The Information Commissioner’s Office has more advice on the Data Protection Act.
Advice on data processing and sharing from the DCSF, including guidance on the privacy notice that schools are required to issue to parents and children is available from Teachernet.