The question with this from a DP point of view is almost completely a
security one. Is it appropriate for information of this sort to be
placed on the internet, hidden behind just a password and is it
appropriate that all the teachers have access to the records of all
pupils.
Is the information sensitive? I would say not on the whole although it
is possible that the results of the aptitude tests may be. These may be
children but that doesn't make the info more sensitive from a DP point
of view.
Given the above, we all know that principle 7 talks about appropriate
technology being used to protect the information. I would suggest that
a single password is not appropriate even for non-sensitive info
although it is not really a breach of DP until someone accesses it
inappropriately. You should be looking at 2 or 3 factor authentication.
Also is it appropriate that this info is published via the web?
When thinking about the teachers, is it appropriate that they should all
have access? From an administration point of view I suspect it is much
easier to set the system up with all the teachers given access rather
than complicate the issue by giving each teacher a subset of the pupil
record. All the teachers may at sometime come in to contact with all of
the pupils and all teachers have had CRB checks, to restrict their
access may cause other complications, sometimes you need to be
pragmatic.
This is only a look from a DP point of view, there may be other pieces
of legislation related to children that are breached which bring in
principle 1 on fairness and lawfulness.
Chris Tinsley MSc
Wiltshire County Council
Information is the key
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Ross, Duncan
Sent: 07 June 2007 08:50
To: [log in to unmask]
Subject: Re: [data-protection] Access to pupil information via school
internet
Frightening!!
Wouldn't take long with a password cracker!
Duncan
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]]On Behalf Of Adam Warren
Sent: 06 June 2007 22:23
To: [log in to unmask]
Subject: [data-protection] Access to pupil information via school
internet
Hello
A school puts information concerning all its pupils on the school
website, accessible by a simple password announced to all staff during a
staff meeting. The purpose is to allow staff to contact pupils' parents
when off- site. The information available includes pupil:
Name
Address
Tel no
DOB
Exam results
Aptitude test results
Any thoughts re DP breaches?
Best wishes
Adam
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user
commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error please notify the
sender.
Stockport College was established under the Further and Higher Education
Act 1992 and is an exempt charity for the purposes of the Charities Act
1993.
Stockport College, Wellington Road South, Stockport. SK1 3UQ VAT
Registration 611574558
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user
commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Wiltshire County Council is a four star authority leading the bid for One council in Wiltshire.
Visit www.onecouncilforWiltshire.co.uk for more details.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|