Closed Circuit Television Cameras (CCTV)
Fingerprinting in Schools
Taking photos in schools
A good practice note produced by the ICO about taking photos in schools ; this is aimed at Local Education Authorities and people working in schools, colleges and universities. It explains what sort of photos are exempt from the Data Protection Act (for example if a grandparent wishes to video a school nativity play) and which photos are not exempt (including photos of students taken for security passes).
Press and Publicity in Primary Schools
The purpose of this guidance is to offer headteachers and the governing body advice on this matter, although it is ultimately a local decision which should be made by headteachers in consultation with governing bodies and parents.
Do your students want to find out more about their exam results? For example, examiners' comments, mark breakdowns or policies about marking and appeals. The Data Protection Act gives them the right to access some exam related material. To find out more, read the ICO's good practice note on individuals' rights of access to examination records
This good practice note aims to explain to boards of governors, head teachers and school data protection officers how the Data Protection Act affects the Publication of examination results by school The Information Commissioner's Office regularly receives enquiries from schools about this. Publication can be done in a variety of ways, including posting lists of results on publicly accessible notice boards, or providing examination results to the media.
Accessing pupils' information - Data Protection Act Subject Access Requests
The ICO has produced a Code of Practice for handling requests from pupils, parents and members of staff for access to the personal information your school is processing about themselves. This Code of Practice will help state primary and secondary schools, and Boards of Governors in understanding their data protection responsibilities regarding requests for personal information. All schools will need to adhere to this Code of Practice or have a suitable alternative in place.
Data Protection and Staff
As an employer, you have responsibilities to ensure your employees' personal details are respected and properly protected.
The ICO’s quick guide to the Employment Practices Code provides all the information you'll need to keep on the right side of the law and covers the following areas:
• What the Data Protection Act means to an employer
• Recruitment and selection
• Employment records
• Monitoring at work
• Information about workers' health
• What rights do workers have?
The ICO also publish the following guides which cover the code in detail and provide answers to all the main questions you’re likely to ask:
• Employment Practices Code
• Employment Practices Code: Supplementary Guidance (PDF)
The Department for Education has provided suggested text and guidance for issuing Privacy Notices and guidance for issuing Privacy Notices for privacy notices to be used by schools and local authorities in the associated resources of this page.
The Privacy Notices also refer the recipients to the Department for Education website to see how they will store and use the data. Explanations are provided on how the data collected in the School Census, Children in Need Census and the School Workforce Census will be used.
Schools should follow our Model School Policy for ICT Acceptable Use Incorporating eSafety and Data Security
Bring your own device (BYOD)
This guidance explores what you need to consider if permitting the use of personal devices to process personal data for which you are responsible.
Cloud computing offers the promise of a cost effective means to access a range of computing services. This guidance explains how the Data Protection Act applies to processing of personal data in cloud computing services.
The ICO have produced guidance to help organisations securely dispose of their IT equipment. This guidance explains what you need to consider when disposing of electronic equipment that may contain personal data.
Personal information online
The personal information online code of practice explains how the Data Protection Act applies to the collection and use of personal data online. It provides good practice advice for organisations that do business or provide services online.
Laptop thefts highlight the need for encryption - Information ...
The ICO’s guidance is clear: all personal information – the loss of which is liable to cause individuals damage and distress - must be encrypted. This is one of the most basic security measures and is not expensive to put in place.
A practical guide to IT security: ideal for the small business
Keeping your IT systems safe and secure can be a complex task and odes require time, resource and specialist knowledge. If you have personal data within your IT system you need to recognise that it may be at risk and take appropriate technical measures to secure it.
Production of Guidance
This is the guidance from the ICO's office on basic information security and where to get more advice/information.
Information Security Breaches