News

An update this week from the ESFA has reported a change in requirements regarding IT security for colleges and special post-16 institutions (SPIs).

The ICO have issued a reprimand to a school that did not follow due diligence when introducing facial recognition technology (FRT).

The recent news has been full of the global IT outage that affected many systems over the weekend, including airlines and patient access.  Although the incident was not caused by a cyber attack, it is important to note that it was a cyber incident which affects everyone.

A cyber incident is an event with threatens the confidentiality, integrity or availability of information systems, networks or the information they contain.

Review our previous article: What's a Cyber

Plans for the new government to introduce legislation for cyber security, digital and data were outlined in the King's speech on 17 July 2024.

We've updated our end of term and end of year guidance, alongside advice for privacy considerations for special occasions (which also normally occur at the end of term).

As you all prepare to pack up for the Summer, we would like to remind you about the benefits of pre-holiday cyber hygiene.
Many of the cyber attacks that we see on schools happen on the first day of a long weekend or a holiday - that's because the threat actors know in some instances it might be a good while before anyone notices.  

Ageing and out of date technology is an every day challenge for most schools and small businesses, but is there a risk?

We are asked a lot about retention schedules and keeping file when a pupil moves onto another school.  
This short video explains the basics behind data retention and the implications of keeping data for longer than required.



  Knowledge Bank
We have a retention schedule on our Knowledge Bank portal where you can check the retention period for all types of files in  your organisation.

Visit our Records Management Best Pract

This article is for all schools, colleges and multi academy trusts as a first step towards looking at the DfE Digital Standards for Schools and Colleges.


These standards should be used as guidelines to support your school or college use the right digital infrastructure and technology.

The SLT digital lead is usually someone with teaching experience. They will act as a link between: 

technical staff  the SLT  curriculum leads

This article discusses what a cyber incident is and what you should do if you experience one.  The important thing to note is that this isn't a full-blown cyber attack, but you should still go through various reporting and risk management processes.

We've been asked by some of our customers what they need to consider when thinking about using AI to improve job efficiency as a time saving exercise or part of CPD, so staff related.
This article puts together some available resources as an initial step.

Unfortunately, a school has declared a 'significant critical incident' after it was targeted in a cyber attack.

Regular cyber training for staff is crucial given the amount of systems involved in running organisations.  Schools and Trusts should be doing this annually as advised by the DfE Cyber Security Digital Standards.

Latest Update 23rd May (pm):

Lord Sikka reports on X at 4:12pm:
Because of the general election the Data Protection and Digital Information Bill passed by the Commons has fallen in the Lords.
Govt was seeking 24/7 powers to snoop on the bank accounts of recipients of benefits and state pension.
Govt avoided defeat in the Lords by giving in.

It is over for now...it is highly unlikely that a new administration (if there is one) will adopt this legislation. We

The DfE have announced a new update to the DfE Digital Cyber Security Standards for Schools and Colleges.

The BBC have recently reported that due to the number of cyber attacks on schools that the ICO have seen an increase of 55% since 2022 of cyber incidents in the education and childcare sector.

The ICO has published a report today about 'learning from the mistakes of others'.  Given that cyber security is a crucial part of protection information and it is important to note that security breaches frequently lead to information breaches.

NHS Dumfries and Galloway has confirmed some children’s mental health data has been published by criminals following a cyber attack.    

The aftermath of cyber attacks on schools and multi academy trusts is rarely documented or shared, so it was refreshing to see this video made in conjunction with GovernorHub.

The Vale Federation is made up of two special schools, Booker Park and Stocklake Park who have worked with Data Protection Education for a number of years on compliance and data protection. They are based in Aylesbury and are committed to safeguarding and promoting the welfare of children and young people.

The DfE have recently published updates to their Data Protection toolkit.  Previously there had been very little guidance in the toolkit about how to respond to Subject Access Requests.  There is now a specific section on this and an extra update about responding to other data rights requests such as changing, deleting or restricting of personal information.