Access menu:
Skip to content, access key c
Local navigation, access key l
Schools menu, access key s
Becta menu, access key b
Becta - leading next generation learning
About Becta
Local authorities
Government & partners
Industry & developers
FE & skills


Schools menu:
& management
& teaching

Data handling security guidance for schools

Recent losses of personal and sensitive information have highlighted the need to update security guidance. This guidance should help to prevent similar losses and minimise the risk of data being misused should media or devices fall into the wrong hands.

Data protection legislation states that all those who hold personal data, whether on paper or electronically, must keep that data secure. This also applies to schools. Personal data is defined as any combination of data items that identifies an individual and provides specific information about them, their families or circumstances. This includes names, contact details, gender, dates of birth, unique pupil number (UPN) and so on, as well as other sensitive information such as academic achievements, other skills and abilities, and progress in school. It may also include behaviour and attendance records.

Data handling procedures

Data Handling Procedures in Government: Final report (the result of a review set up in response to the high profile losses of personal and sensitive information) was published by the Cabinet Office on 25 June 2008.

This report sets out how ‘Government is improving its arrangements around information and data security, by putting in place core protective measures, getting the working culture right, improving accountability and scrutiny of performance’.

The procedures outlined in this report are being implemented across central government and have been cascaded down to non-departmental public bodies (such as Becta) and to organisations such as the Local Government Association who are working on a local authority interpretation of the guidance.

Good practice guidance

Over the last few months Becta has been working with the Department for Children Schools and Families (DCSF), the Information Commissioner’s Office, schools and suppliers to produce information handling security good practice guidance to reflect the procedures in this report.

Keeping data secure, safe and legal’ is an introductory document that aims to distil the key messages outlined in Data Handling Procedures in Government so they are applicable to schools and is intended for school leaders, senior leadership teams, network managers and other members of staff who have responsibility for handling and securing data.

Keeping data secure, safe and legal is available in Word (996KB) PDF (187KB) and OpenDocument text format (572KB).

The following accompanying good practice guides provide a description of the procedures and suggest possible technical and operational solutions that can assist schools in minimising the risk of data security incidents and complying with existing legislation. These good practice guides should be read by school network managers and those responsible for implementing technical solutions:

Impact levels and labelling available in Word (727KB) PDF (246KB) and OpenDocument text format (636KB)

Data encryption available in Word (3.4MB) PDF (3.7MB) and OpenDocument text format (3.2MB)

Audit logging and incident handling available in Word (662KB) PDF (288KB) and OpenDocument text format (563KB)

Secure remote access available in Word (170KB) PDF (135KB) and OpenDocument text format (101KB).

It should be noted that the suggested good practice is not definitive and is intended to be representative of the types of technologies, products and procedures that schools should adopt, and that as technologies are developed, new systems and procedures will need to be developed to ensure data security. Where appropriate, this best practice guidance will be updated to reflect new developments.


Join our online community to discuss data handling and Becta's good practice guidance material.

Further information

More advice on data protection security can be found on the Information Commissioner’s website.

Advice on data processing and sharing from the DCSF, including guidance on the fair processing notice that schools are required to issue to parents and children, can be found on Teachernet.

Published: 06 February 2008
Last modified: 23 September 2008

Footer menu:
Return to top
© Becta 2008
About this site
Freedom of information
Privacy policy
Get next generation learning