Contingency Planning & Data Protection – SchoolPro TLC Monthly Newsletter – Issue 7 – March ’20

Spring is on the way, the days are definitely getting longer and, hopefully, the worst of the storms are behind us. It is impossible, though, to get away from news of the current virus outbreak so we will be using this month’s newsletter to look at your contingency planning and disaster recovery plans should the need arise to close schools over the coming weeks.

This month’s newsletter will therefore feature guidance on considering your data when contingency planning, especially in light of the current situation with the novel coronavirus Covid-19. We are also considering our response to this developing situation and have an update for you regarding that. As well as this, we want to reiterate our tips on reducing your breach risk with your IT systems as well as our price freeze for the next year for your DPO service!

If you have any further questions about the topics below, or if you would like to book your next visit from us, please get in touch via GDPR@schoolpro.uk.

Contingency Planning and Data Protection

There is a possibility that schools may have to close over the coming weeks and months as the situation with the novel coronavirus Covid-19 develops. Clearly, the health and well-being of staff, pupils, parents and the wider population is the highest priority, but it is also important to consider the implications to your data when putting in place contingency plans. Here are some questions for you to consider as part of that process:​

  • If your school is forced to close at short notice, what state is your data in? Your ongoing daily practice should be ensuring that data is kept secure so the coming days would be a good time to walk your school to check that this is still the case and that staff are keeping on top of your processes.

     

  • If a company was brought in to deep clean the school tomorrow, is there any data that is not secure and which would therefore be at risk of a breach?
  • Similarly, if staff start having to self-isolate and you find that you are bringing in a large number of supply or temporary staff to provide cover, will they have access to appropriate data whilst also being restricted to only data that is necessary to do the role they have been brought in to do?
  • If senior members of staff, your DSL and your Deputy DSL are unable to come in to school, do you have other individuals setup with access to specialist systems to ensure that data is still accessible and also able to be kept secure?
  • If specific members of staff are unable to attend school, do you still have access to your data and system backups in the event that you may need to retrieve data?

If you have any questions about this, please contact us and we can help provide further advice!

Our Response to the Coronavirus Outbreak

As we have already said, this is a developing situation and we are keeping a close eye on the news as it evolves and more information is released. As things currently stand, we do not see there being an increased risk for us continuing to visit schools as planned. However, we are going to look to at contingency planning for ourselves over the coming days and weeks. This will include:​

  • Reducing physical contact when on visits and as we move between schools.
  • Booking in remote meetings – phone or video conference – where practical and appropriate. If you feel that your next meeting or visit from us would be more appropriate to be done remotely, please let us know.
  • Cancelling visits and meetings if the situation requires. This is a last resort scenario and we hope won’t become necessary. We will still be able to work remotely to support schools as much as we can even if this does happen.

Common Breaches – Use of IT Systems

We discussed these tips last month but felt it important to reiterate the messages as well as add an additional tip to the list. As we said then, we deal with a large number of data breaches involving the mis-use of IT systems including emailing sensitive data to an incorrect recipient. Many of these breaches can be avoided by following a few simple tips:

  • Send email via secure or encrypted systems – if you have to send personal data electronically, wherever possible, don’t use unencrypted or unsecure email. Tools like Egress are designed for sending information securely. Similarly, uploading a document to a secure shared area and notifying the recipient that it is there is a better solution than sending it by email.

     

  • Use shared drives or servers instead of email – if you are sharing data within your organisation, it is better practice to save documents to shared drives (whether on internal servers or in the cloud) and notify colleagues that the document is there, rather than emailing documents between you. That way, everyone is working from the most up-to-date version of the document and it is unlikely to be accidentally sent outside of your organisation by an email address being input incorrectly.
  • Password protect email attachments – if you have no other alternatives to sending a document by email, ensure that it is password protected before it is sent. Then, send the password by a different medium – for example, by phone. If the email ends up with an incorrect recipient by mistake, they won’t be able to open the attachment. You will also identify quickly if your intended recipient hasn’t received the email when you contact them with the password.
  • Use Word Templates – if you have a blank form that you send out to people, save it as a Word Template. This means that the recipient MUST save it as a separate file before the send it back. This reduces the risk of you sending out a ‘blank’ form later on which accidentally has a previous person’s information still completed.
  • Remove Metadata – this is referred to in our FOI Request guidance as well. Metadata on a file can reveal personal information such as the original author of the document. This can be done by following the steps found here.

Price Freeze for 2020-2021 and Referral Discount

We also mentioned this last month but we wanted to confirm that we are able to freeze the price of our DPO service for another year. This allows us to continue to offer our service at as cost-effective a level as possible to you and ensure that money stays in the classroom. We are still offering a 10% referral discount as well and there will be a number of schools benefiting from that this year!

UK councils’ benefits pages push credit card adverts – BBC

City watchdog admits revealing customers’ details – BBC

Met Police remove 374 names from gangs matrix – BBC

Guess what? GDPR enforcement is on fire! – ZDNet

90% of UK Data Breaches Due to Human Error in 2019 – InfoSecurity Magazine

This Shocking Privacy Gaffe Is Why We Should Never Trust Google With Personal Data – CCN

Facebook was repeatedly warned of security flaw that led to biggest data breach in its history – The Telegraph

PhotoSquared data leak puts thousands of users at risk – TechRadar

UK Google users could lose EU GDPR data protections – The Guardian

Samsung Electronics says UK website error exposed data of 150 customers – Reuters

​Please contact us if you do have further questions at GDPR@schoolpro.uk.

SchoolPro TLC Ltd (2020)
SchoolPro TLC is not responsible for the content of external websites.