Schools, colleges and universities risk hefty fines if they fail to keep private information secure, as the Information Commissioners Office cracks down data security lapses, warns Syscap, a leading independent funder to the education sector.
The Information Commissioners Office (ICO) issued 68 warning notices for data security lapses in the last year (to June 30 2012), up 51% from 46 the previous year.
The ICO has also ramped up its use of fines,* issuing 15 fines worth £1.8 million in the last 12 months (to June 30 2012), compared to just six fines worth £431,000 in the previous year.
Syscap points out that the overwhelming majority of fines have been against public bodies, with a number of warnings issued to education providers.
With the ICO cracking down, schools are at a higher risk than other kinds of organisations, like businesses, which have better management structures in place to properly monitor and track their ICT equipment. Syscap says this leaves them more open to fines when data is lost.
Recent warnings issued against education providers include:
- Holly Park School – follows the theft of an unencrypted laptop containing personal data relating to pupils
- Phoenix Nursey School – following loss of a device containing details of pupils, parents and guardians
- Godalming College – following an inadvertent blanket email to students containing sensitive information
- Durham University – following disclosure of personal information in training materials published on its website
- Association of School and College Leaders – following theft of a laptop containing sensitive personal data
Philip White, Chief Executive, Syscap, comments: “Schools are increasingly falling foul of the ICO. It’s clear that the ICO is starting to take a much more proactive stance in penalizing data lapses, so this is something that schools, colleges and universities need to take very seriously.”
“Schools need to take a business-like approach to securing their data, or they could be at risk of hefty fines in the near future.”
The ICO recently launched a best practice guide on how small businesses could keep their data secure. Syscap says that schools and other education providers would do well to take note of its guidance.
Philip White continues: “With almost all data now stored electronically, many organisations put safeguards in place to ensure that sensitive data is kept secure. Unfortunately, some schools, universities and colleges lack the resources and organizational structure to do this and are therefore more prone to lapses in data security.”
“Budgets throughout the education sector have been stretched since the recession, so upgrading old or out-of-date IT equipment has been put on the backburner for some time now. This has left some old or dilapidated systems open to data lapses.”
“There are steps that schools can take to safeguard themselves, such as encrypting files on memory sticks, or password protecting databases containing sensitive information. However, these simple steps are often overlooked, especially in busy environments such as schools.”
Syscap recently launched a new technology ‘Life-Cycle Asset Finance’ facility for schools, which enables them to procure, manage and track their ICT equipment. It can also include proper disposal of the equipment at the end of its useful life, and ensure that data is wiped. from hard drives to US DoD Data security standards.
* These fines are called “Monetary Penalty Notices”.
Please submit your comments below.
Do you have something to say about this or any other school management issue which you'd like to share? Then write for us!