​The ICO have issued guidance to help organisations who use CCTV to comply with the Data Protection Act 1998 and to help them inspire public confidence that they are using CCTV responsibly:  A data protection code of practice for surveillance cameras and personal information.​

​This is the ICO's advice on  The use of biometrics in schools  for purposes such as cashless catering and borrowing library books.

​A good practice note produced by the ICO about  taking photos in schools ; this is aimed at Local Education Authorities and people working in schools, colleges and universities. It explains what sort of photos are exempt from the Data Protection Act (for example if a grandparent wishes to video a school nativity play) and which photos are not exempt (including photos of students taken for security passes).​

​The purpose of this  guidance  is to offer headteachers and the governing body advice on this matter, although it is ultimately a local decision which should be made by headteachers in consultation with governing bodies and parents.​

​Do your students want to find out more about their exam results? For example, examiners' comments, mark breakdowns or policies about marking and appeals. The Data Protection Act gives them the right to access some exam related material. To find out more, read the ICO's good practice note on  individuals' rights of access to examination records

This good practice note aims to explain to boards of governors, head teachers and school data protection officers how the Data Protection Act affects the  Publication of examination results  by school The Information Commissioner's Office regularly receives enquiries from schools about this. Publication can be done in a variety of ways, including posting lists of results on publicly accessible notice boards, or providing examination results to the media.​

​The ICO has produced a  Code of Practice  for handling requests from pupils, parents and members of staff for access to the personal information your school is processing about themselves. This Code of Practice will help state primary and secondary schools, and Boards of Governors in understanding their data protection responsibilities regarding requests for personal information. All schools will need to adhere to this Code of Practice or have a suitable alternative in place.​

​As an employer, you have responsibilities to ensure your employees' personal details are respected and properly protected.

The ICO’s  quick guide to the Employment Practices Code provides all the information you'll need to keep on the right side of the law and covers the following areas:

• What the Data Protection Act means to an employer
• Recruitment and selection
• Employment records
• Monitoring at work
• Information about workers' health
• What rights do workers have?

The ICO also publish the following guides which cover the code in detail and provide answers to all the main questions you’re likely to ask:
•  Employment Practices Code 
•  Employment Practices Code: Supplementary Guidance (PDF)​

​The Department for Education has provided suggested text and guidance for issuing Privacy Notices and guidance for issuing  Privacy Notices  for privacy notices to be used by schools and local authorities in the associated resources of this page.

The Privacy Notices also refer the recipients to the Department for Education website to see how they will store and use the data. Explanations are provided on how the data collected in the School Census, Children in Need Census and the School Workforce Census will be used​.

​'Sharing Personal Information - Our approach'  Guidance from the Information Commissioner's Office.

The Department for Education have produced guidance for practitioners working with both children and adults available here:  Information sharing: Advice for practitioners providing safeguarding services to children, young people, parents and carers.​

​Schools should follow our  Model School Policy for ICT Acceptable Use Incorporating eSafety and Data Security

Bring your own device (BYOD) 
This guidance explores what you need to consider if permitting the use of personal devices to process personal data for which you are responsible.

Cloud computing 
Cloud computing offers the promise of a cost effective means to access a range of computing services. This guidance explains how the Data Protection Act applies to processing of personal data in cloud computing services.

IT disposal 
The ICO have produced guidance to help organisations securely dispose of their IT equipment. This guidance explains what you need to consider when disposing of electronic equipment that may contain personal data.

Personal information online 
The personal information online code of practice explains how the Data Protection Act applies to the collection and use of personal data online. It provides good practice advice for organisations that do business or provide services online.

Laptop thefts highlight the need for encryption - Information ... 
The ICO’s guidance is clear: all personal information – the loss of which is liable to cause individuals damage and distress - must be encrypted. This is one of the most basic security measures and is not expensive to put in place.

A practical guide to IT security: ideal for the small business 
Keeping your IT systems safe and secure can be a complex task and odes require time, resource and specialist knowledge. If you have personal data within your IT system you need to recognise that it may be at risk and take appropriate technical measures to secure it.​

​This is the  guidance  from the ICO's office on basic information security and where to get more advice/information.​

​Guidance on Dealing with a Personal Data Loss - ICO