Schools and colleges urged to make data secure

The Royal Academy of Engineering has recently brought out a report, Dilemmas of Privacy and Surveillance. 

This might seem to have little to do with schools and colleges. However, it argues, for example, that shoppers should be allowed to buy goods and services without revealing their identity to the companies which provide them and that there should be strict scrutiny of the use of loyalty cards to prevent data from being abused.

Schools and colleges are increasingly using electronic identity devices to give access to services, including cashless canteens. It is important to remember that the data manager and data holder are responsible for ensuring that data is collected only for a declared purpose; that it should be collected with consent; and that it must not be passed on or used in any other way.

Failure to ensure security adequate to the sensitivity of the information may put the data holder in danger of the law. The more personal the information and the more open to misuse, the higher the security must be.

Schools and colleges should be wary of falling into this trap and should ensure that any information they collect is appropriately secure and that any agent they use also has appropriate security in place and can be trusted to maintain it.

The report also challenges the need for data holders to have all the information that is collected. In other words, it warns against collecting information simply because it can be done. It will be interesting to see whether the DfES and local authorities take note of this advice.