Becta have published a series of good practice guides to help your school to secure sensitive and personal data that you hold on learners, staff and other individuals.
The Data Protection Act 1998 requires all organisations to secure any personal data they hold. This covers data held both electronically and on paper.
Personal data is any combination of data items that identifies an individual and gives specific information about them, their families or circumstances. This includes names, contact details, gender, dates of birth, behaviour and assessment records. The Data Protection Act 1998 specifies additional data items as ‘sensitive personal data', this includes medical records, criminal convictions and ethnic origin.
Revised good practice guides
Produced by Becta on behalf of the Department for Children, Schools and Families, these revised good practice guides have been reviewed and updated with feedback from a number of cross-sector organisations including the Department for Children, Schools and families (DCSF), Department for Business, Innovation and Skills (BIS), Joint Information Systems Committee (JISC) Legal, The Information Authority and JANET (UK), as well as from schools, local authorities, regional broadband consortia and suppliers.
We have based our guides on the measures contained in the following Cabinet Office documents:
These set out the measures central government departments and their agencies must adopt to protect sensitive and personal data. Becta's guides are a practical interpretation of these measures that should be considered by schools, colleges and universities to help minimise the risk of data being lost or corrupted and any subsequent adverse consequences such as identity theft, news headlines or breaches of statutory/legal obligations.
Information Security is everyone's responsibility and needs to be embedded into culture and ways of working.
Keeping data secure, safe and legal
This is a summary document for network managers, senior leaders or staff with a responsibility for securing data. It outlines the key measures organisations should adopt.
Dos and Don'ts
This is a common sense guide that senior leaders can make available to staff to ensure everyone within an organisation knows how they should be helping keep data secure.
The following documents are more technical good practice guides for network managers and those responsible for implementing technical solutions. Each guide gives details of the measures organisations should adopt together with starting points for putting the measure in place.
Information risk management and protective markings
Audit logging and incident handling
Secure remote access
These guides describe procedures and possible technical and operational solutions that can help organisations reduce the risks of data security incidents and comply with current legislation. They are not definitive and may not cover the full range of technologies, products and procedures organisations can use to secure data, but are indicative of the types of solutions that should be put in place.
- Data Handling Procedures in Government: Final report
217.7 KB PDF document
- HMG Security Policy Framework
357.3 KB PDF document
- Keeping data secure, safe and legal
303.6 KB PDF document
- Data Security Dos and Don'ts
193.8 KB PDF document
- Information risk management and protective markings
134.8 KB PDF document
- Data encryption
354.8 KB PDF document
- Audit logging and incident handling
843.7 KB PDF document
- Secure remote access
526.4 KB PDF document