Data handling security guidance for schools

Becta Guide

Becta, last updated: 6th January 2009

Becta have published a series of good practice guides to help your school to secure sensitive and personal data that you hold on learners, staff and other individuals.

The Data Protection Act 1998 requires all organisations to secure any personal data they hold. This covers data held both electronically and on paper.

Personal data is any combination of data items that identifies an individual and gives specific information about them, their families or circumstances. This includes names, contact details, gender, dates of birth, behaviour and assessment records. The Data Protection Act 1998 specifies additional data items as ‘sensitive personal data', this includes medical records, criminal convictions and ethnic origin.

Revised good practice guides

Produced by Becta on behalf of the Department for Children, Schools and Families, these revised good practice guides have been reviewed and updated with feedback from a number of cross-sector organisations including the Department for Children, Schools and families (DCSF), Department for Business, Innovation and Skills (BIS), Joint Information Systems Committee (JISC) Legal, The Information Authority and JANET (UK), as well as from schools, local authorities, regional broadband consortia and suppliers.

We have based our guides on the measures contained in the following Cabinet Office documents:

Data Handling Procedures in Government: Final report

HMG Security Policy Framework

These set out the measures central government departments and their agencies must adopt to protect sensitive and personal data. Becta's guides are a practical interpretation of these measures that should be considered by schools, colleges and universities to help minimise the risk of data being lost or corrupted and any subsequent adverse consequences such as identity theft, news headlines or breaches of statutory/legal obligations.

Information Security is everyone's responsibility and needs to be embedded into culture and ways of working.

Keeping data secure, safe and legal

This is a summary document for network managers, senior leaders or staff with a responsibility for securing data. It outlines the key measures organisations should adopt.

Keeping data secure, safe and legal  

Dos and Don'ts

This is a common sense guide that senior leaders can make available to staff to ensure everyone within an organisation knows how they should be helping keep data secure.

Data Security Dos and Don'ts

The following documents are more technical good practice guides for network managers and those responsible for implementing technical solutions. Each guide gives details of the measures organisations should adopt together with starting points for putting the measure in place.

Information risk management and protective markings

Information risk management and protective markings 

Data encryption

Data encryption 

Audit logging and incident handling

Audit logging and incident handling  

Secure remote access

Secure remote access  

These guides describe procedures and possible technical and operational solutions that can help organisations reduce the risks of data security incidents and comply with current legislation. They are not definitive and may not cover the full range of technologies, products and procedures organisations can use to secure data, but are indicative of the types of solutions that should be put in place.

Attached files: