The headteacher of a grammar school has left her role after sending parents a list of the teachers going on strike.
The Headteacher at King Edward VI Five Ways Grammar school in Birmingham had
This article is a reminder that Microsoft will stop support for both Windows Server 2012 and Windows Server 2012 R2 after October 10th 2023. Keeping software up to date on devices is best practi
This article lists the ways that Data Protection Education can be contacted for general data protection queries, data breaches, subject access requests and freedom of information requests.
While all
The following article talks about how a school thwarted a cyber attack, more through luck than judgement. Our advice is for the whole organisation to be cyber aware and review how your orga
With the increase in Cyber crime against schools in the UK we are focusing in on what can be done to help prevent cyber crime in a way mangeable for school budgets.
Given the current financial pressure on schools it is very likely there are devices in schools running out of date software. This article looks at the most recent version of Windows that support has
Highly confidential documents from 14 schools in the UK have been leaked online by hackers. The Vice Society has been behind a high-profile string of attacks on schools across the UK and the USA
What does the NCSC 2022 Annual Review, published this week, mean for schools? It’s been a busy year for education already with school budgets hit by unplanned teacher pay rises and doubling energy b
A giant of the adtech industry in France has recently been fined for breaching the European Union data protection regulation. A multi year investigation has been conducted by France’s national priva
We’ve discussed in the past the use of biometric systems in UK schools, and how privacy advocates have expressed concern over the collection of the biometric data of students. They feel that not onl
Cybersecurity should be seen as a key element of normal working practices.
On the 10th October 2022 the DfE issued updated cybersecurity standards for schools. Given most of the standards should al
Facebook gets a small win in Europe
EU regulators are currently at odds on how to prevent Facebook’s parent company, Meta from transferring EU user data to the US. The draft decision, made in Irela
Google urges Android partners to apply latest security patches
Google releases a monthly security bulletin, and in their recent edition they have outlined their latest patches for Android systems, wh
Recently we’ve been breaking down the Online Safety Bill, which had an updated and strengthened version published by the government recently, and it had gone through parliamentary scrutiny. So far w
The government have recently published an updated version of The Online Safety Bill, after it has gone through Parliamentary Scrutiny. The outcome of this is, according to the government, a stronger a
Over the coming weeks we’ll be publishing a series of articles on the Online Safety Bill. Today, as an introduction, we’ll look through the basics of the Bill, and what it means for organisations
Officials in Denmark have recently carried out a risk assessment around the risks posed by Google when processing personal data for schools. As a result of this investigation, schools in Denmark have
Our first cyber security story involves another new Whatsapp scam where cyber criminals are posing as Whatsapp user's friends and family and asking them to send them money. Scammers send the victim a
Children Aged 10 and Older
Children aged 10 and older can be arrested, interviewed and charged with criminal offences and, if found guilty, they will receive a criminal record. The UK has the you
Disney Sign New Automated Advertising Deal
Disney have recently signed a new deal with a global ad tech company called The Trade Desk which will allow brands to to use targeted automated advertising
Parents and guardians with parental responsibility often use SAR’s as way to obtain the educational record of their children. There appears to be two reasons why this may be the case. Firstly, no
Earlier this year, in response to the conflict between Russia and Ukraine, NCSC urged organisations to focus on heightening their cyber security programme. Since the beginning of the conflict, there h
In the future, there could be less fines being handed out to Public sector organisations, according to the ICO’s new data protection regulator. The thought behind this comes from the idea that using
There are fresh data privacy concerns surrounding Tiktok, after a report by BuzzFeed has brought into question the validity of TikTok’s claim that they had started routing US users’ data to US-bas
Potential Changes to ‘Cookies’
As part of the Government’s proposed changes to data protection laws, one of the areas that would see changes is the practices around cookie consent. Curren
A new article by The Washington Post discusses how App companies are using loopholes in privacy law to harvest the personal data of children. Geoffrey Fowler, a technology columnist, provides a worryi
The Human Rights Watch have recently published a report on the relation between virtual schooling and data tracking. The report finds that there is a potentially worrying gap between how kids use onli
The first story we’ll be discussing is one involving Facebook, and Mark Zuckerberg. Recently, a new lawsuit has been filed against Zuckerberg by Attorney Karl A. Racine. Zuckerberg is being sued for
With the ICO’s Children’s Code being brought into effect last year, it is now a legal requirement that organisations that deal with children’s data uphold their rights as a priority, accor
In this edition of cyber news roundup, we’ll be looking at the continuing cyber threat to health and education sectors, the risks that app stores pose to users, and 2021’s most exploited vulnerabi
There has been a new report published on the use of biometric data in schools. The report is entitled ‘The State of Biometrics 2022: A Review of Policy and Practice in UK Education’, and you can f
Amazon’s latest entry into the smart home device technology is their Astro bot, which they describe as:
“The household robot for home monitoring, with Alexa. When you're away, use the Astro app t
The Record of Processing can often seem like a daunting process to undertake- but it’s important to view it as exactly that- a process. Documenting the processes your organisation carries out is an
In April's Cyber News Update, we take a look at breaches that have impacted Funky Pigeon and WhatsApp, as well security updates and cyber threat advice.
The Department for Digital, Culture, Media and Sport have recently published their annual report from their Cyber Security Breaches Survey. As part of this, they have also published a report which loo
2022 Security Breach Report Published
The Cyber Security Breaches Survey for 2022 has recently been published by The Department for Digital, Culture, Media and Sport- the full version of which you ca
VPN’s have become commonplace over the past couple of years, with every content creator out there having at some point been sponsored by Nord VPN (other VPN providers are available). VPN's are mostl
Organisations in Ukraine are the target of Destructive Malware
Agencies in the US and Australia have published alerts in response to a recent increase in cyber threats to organisations in Ukraine
Data Protection Education are leading specialists in Data Protection for Schools and Trusts, with the key service that we offer being a Data Protection Officer (DPO) service. Under UK GDPR, Public Aut
Recently there has been an annual study published by Ponemon Institute (sponsored by Experian) entitled “Is Your Company Ready for a Big Data Breach?”. The study looks at the state of breach prepa
When we talk about information security and cybersecurity, those that write about this area can often use complex and technical terms, assuming that the reader has the required knowledge to fully unde
Microsoft Azure Breach Leads to Student Data Exposure
Researchers and Clario published a report which outlined how an open Microsoft Azure repository indexed by a public search engine which needed
It’s been far too long since we’ve checked in with Facebook (now Meta), and their ongoing mission to make as much money as possible from our data, so we thought we would discuss the Metaverse, wit
The NCSC has provided some insight and guidance changes on Security practices in the past week which will be the topic of this week’s cyber update. Below is a summary of their guidance, with some ad
The 1st of January, the 25th of December, and the 28th of January- the three biggest dates in the calendar each year for being New Years Day, Christmas Day and of course, Data Privacy Day.
Retention of Child Protection Information is for 25 years from the DOB of the Pupil
The Education (Pupil Information)(England) Regulations 2005 (SI 2005/1437 states that pupil records should be
With cyber threats increasing every month, we’ll be looking to provide weekly updates on the different cyber security threats that have taken place recently to highlight all the different ways in wh
At Data Protection Education, we are carrying out an ongoing project on assessing potential organisations that our schools are either currently contracted with to supply a product or service, or may i
With great power comes great responsibility and internet companies should be starting to appreciate and take more seriously the responsibilities they hold further to the publication of the report by t
Email is the classic GDPR issue - it's not about the system where we store things, it's about the process and how that data is used. So ask yourself, what is the content of the email and what does it
A recent study conducted by Check Point Research which can be found at the bottom of this article has found that there has been a 29% increase in cyberattacks on organisations in the education sector
Cyber attacks are on the up, and with the education sector seeing the highest number of cyber attacks of any sector since the start of the pandemic, as well as the highest increase in attacks in that
Our news story this week is from TechCrunch, who have an article regarding The European Data Protection Board (EDPB), who have called for the EU to phase out, and eventually prohibit the use of target
On the 10th of November 2021, The Supreme Court announced their long awaited decision regarding a lawsuit between Mr Lloyd and Google. The court found unanimously in favour of Google, and dismissed th
With biometric technology becoming more and more prevalent in society, the governance of the personal data that organisations collect from using this technology has recently been a topic of discussion
Another week, another Facebook story. Don’t worry, we're not slowly becoming a Facebook news outlet, they just keep making headlines in the world of data protection, and this time seemingly for a po
On September 9th, the UK Government published their Consultation Paper on Reforms to the UK Data Protection Regime-'Data: A New Direction', where they outlined proposed changes to GDPR since leavin
How to share this year’s Nativity play online safety
Schools will have good intentions in wanting to share this year’s Nativity play online. But how do you ensure you do this safely and adhere to
Over the past few years, there has been a positive drive towards imposing greater regulations on organisations and how and when they collect user data. Users now have more control than ever on being a
As we’ve spoken about before in past articles, since the pandemic there has been a worrying increase in cyber attacks, with the education sector seeing the highest increase and total number of attac
Judge rules that Amazon Ring doorbells breach GDPR:
A judge in Oxford County Court has ruled that audio recordings from an Amazon Ring doorbell have breached data protection laws. The case involved a
With cyberthreats becoming an increasingly worrying issue for organisations and the security of the data they hold, we thought it would be beneficial to write a weekly cyber security threat report
The ICO has published a new code of practice entitled the ‘Data Sharing Code’. The code came into force on October 5th 2021, after being published on September 14th 2021. DLA Piper provides a good
Under UK GDPR, organisations that hold personal information/data about people have a responsibility to ensure that that data is being dealt with in line with the relevant legislation.
We will be releasing the Phishing Simulation to all schools over the next three weeks. We are currently finalising scenarios and implementation materials prior to final user testing and release.
At Data Protection Education, we are currently working on contacting all school suppliers with the aim of receiving all of their privacy policies and data agreements to ensure they are being GDPR comp
The Children’s Code
The first update from the ICO is that the transition year for the introduction of The Children’s Code (also known as The Age Appropriate Design Code) has passed, with the code
Recording staff vaccination data
Firstly, a couple of links as reference...though they don't really tell you the answer - especially the second one which doesn't seem to have been updated post-August
Schools in Brighton and Hove have received the following Freedom of Information request:
1. Please send me copies/scans/digital files that record individual racist/religious incidents/bullying incid
Many schools in Brighton may have received a Freedom of Information Request relating to the ‘Racial Literacy training 101’ as part of the Brighton & Hove Educators of Colour Collective (BHECC)
We've looked at the importance of an adequacy decision to allow the free-flow of data between the United Kingdom and Europe in our earlier articles on Brexit. Finally, although in reality quite quickl
These protocols aim to ensure that online lessons with pupils when working from home, are safe, secure and continue to provide high-quality education using a virtual platform.
This is guidance for
We've had some questions now that the privacy notice in the COVID-19 National Testing Programme: Schools & Colleges handbook has been published.
The link to the Handbook seems to be broken, but
Users of Class Dojo will recently have noticed that a requirement to provide consent for international data transfers was included to the login screen.
It is a requirement under the Freedom of Information Act and ICO to set out your commitment to making certain classes of information routinely available, such as policies and procedures, minutes of me
As we all know, on 31 December 2020, the Transition Period (sometimes also referred to as the “Implementation Period”) under the EU-UK Withdrawal Agreement will come to an end. And one of the are
We've had a few questions recently about parents and students recording conversations with members of staff, both covertly or overtly without seeking permission. This article only covers recordings ma
We know the jargon can be confusing. As can the timelines for responding to the various requests that you receive.
Is it a month? Or 30 days? Are those working days?
So here's a little chart to simp
The ‘Five Eyes’ is an alliance between Australia, Canada, New Zealand, the United Kingdom and the United States of America. Its purpose is to provide a multilateral agreement for military and secu
UPDATE 08/10/20 11:00am
WisePay are sending emails to all affected customers with a secure download link containing the lists of affected users. These are customers who used a payment card between F
We've recently had more than one breach reported where physical files have got lost in the post.
In such cases, the sender remains the data controller and is responsible for ensuring that the optimum
The National Cyber Security Centre, a part of GCHQ, is supporting educational establishments to keep criminals out of their networks after a spike in ransomware attacks. The rise in attacks was r
According to the Government's scientific group Sage the risk of coronavirus to pupils in the classroom is "very, very small, but not zero” https://www.bbc.co.uk/news/health-52770355 and Sage have pu
{slider Department for Education}
Email:This email address is being protected from spambots. You need JavaScript enabled to view it.
document.getElementById('cloakd219adeb0d99411a8c9f6d3b36ced058
DfE Planning Guide for Early Years and Childcare Settings (DfE published 24.5.20)
DfE Planning Guide for Early Years and Childcare Settings (DfE published 24.5.20)
https://www.gov.uk/gover
Adapted from: https://www.dataprotection.ie/en/organisations/know-your-obligations/data-protection-impact-assessments#how-do-i-know-if-a-dpia-should-be-conducted
The GDPR does not prescribe the exac
We have added publication scheme model templates in the FOI Best Practice area for academies as well as maintained schools.
Difference between the High Level and Detailed Publication Scheme
Some of you may have seen in the press the long-running legal dispute of Various Claimants vs Morrisons, which after starting in the High Court in 2017 has finally seen a ruling issued by the Suprem
The Government has provided some guidance on the avoidance of disinformation online.
https://sharechecklist.gov.uk/
What is disinformation?
Disinformation is the deliberate creation or disseminatio
In light of recent ICO reprimands to schools it is important schools remember best practice for managing photos. The formal legal warnings issued by the ICO recently to schools both related to the pro
At times like these, we often hear that "data protection goes out of the window" or "safeguarding and public safety trumps GDPR". In fact, though there are incredible pressures on everyone, data prote