17 September 2012
One in five schools have admitted to having insecure email systems,the Information Commissioner’s Office has said, as it issued new advice to help schools tackle data protection weaknesses.
Having surveyed 400 schools across nine local authority areas, the ICO said awareness of data protection law was “generally good”.
But schools needed to pay more attention to complying with data protection laws, which if seriously breached could result in fines of up to £500,000.
95 per cent of schools were found to have provided some information to pupils and parents about what was done with personal information.
But the ICO said a third of schools with password-protected computer systems said passwords were not necessarily strong enough and were not changed regularly.
20 per cent of schools admitted their email systems were not secure.
“Whilst awareness of the law was broadly good, knowledge on how to comply with it wasn’t always there,” said Louise Byers, ICO head of good practice.
“In many respects that should come as no surprise – it’s not teachers’ area of expertise – and it is precisely what our report is aiming to address.
“I’d urge teachers and heads to take a look at our recommendations and make sure they’re complying with the law. The sensitive personal data that schools handle means it is crucial they get this right, and we hope the ICO’s report will help them achieve that.”