• 0800 0862018
  • This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Mon - Fri 8:00 - 17:00
Boy with headphones writing with a pencil. White text at forefront of photo saying Sharing information could change his life. Think. Check. Share.

The ICO have published a 10 step guide to sharing information to safeguard children or young people from physical, emotional or mental harm. 

The new guidance addresses concerns from organisations and frontline workers that may be scared to share information for fear of falling foul of data protection law.

Cyber attack in orange text on a computer screen

A number of schools have recently been victims of cyber attacks, some of whom we have been working with to determine the extent of the data breaches. 

The current attacks seem to be directed at secondary schools causingsome to close for a week or work on reduced hours, while systems and data are recovered.

Cyber in blue text, resilience in orange text on a comnputer screen with all things cyber related around

We wanted to highlight an organisation called the National Cyber Resilience Centre Group which consists of nine regional centres in the UK that were set up to strenghten the reach of cyber resilience across the business community.

A coalitiion of police, government, large employers and organisations and academia are supporting the growth of the Cyber Resilience Centre Network.

Best practice in white chalk on a blackboard, orange background, data protection education logo in blue

We've put all the specific school and trust related data protection guides, documents and queries into one area to make it easier for you.

As data protection is closely linked to cyber security the section covers guidance for raising staff awareness with cyber security and other guidance.

Email on a pink key on a white keyboard

The ICO has recently published new guidance about bulk email communications following a number of data breaches caused by the incorrect usage of CC and BCC (carbon copy and blind carbon copy). 

Emails sent to the wrong person or emails copied rather than blind copied to customers/parents are the most common data breaches seen and are often because someone is rushing or under pressure.

Be cyber aware in orange text on a blue background above a mobile phone and padlock. Also the Data Protection Education logo

The time following a cyber attack can be very stressful, and in the heat of the moment it can be difficult to know what the best thing to do between working out what went wrong, how to recover and what went missing, it can be hard to know where to start first.

We provide some help and guidance in our Information and Cyber Security Best Practice Area, which also includes the checklist:  document What to do immediately after a Cyber Attack (58 KB) .

A smart mobile phone with emojis relating to social media coming out the surface on a white background.  Text: Data Protection Education Social Media Policy

We've created a model Social Media Policy.  The policy outlines guidelines and expectations for the use of social media platforms by individuals and employees associated with an organisation. 

The primary aim of the policy is to ensure responsible, respectful and effective use of social media while protecting the organisation's reputation and interests.

Pile of newspapers

Microsoft has recently announced the planned retirement of the Microsoft A1 Licenses for Education.  According to Program Updates in Microsoft 365 for Education page the main reason is to limit storage.  Free, unlimited storage plans have become prohibitive and have become a large vector for security risks and fraud. 

Cyber attack in red text on a computer screen with blue text

We've produced a document to provide help and guidance in the event of a cyber attack.  The document is part of our Information and Cyber Security Best Practice Area and covers:

This document gives a list of who to contact and what to do just after a cyber attack.  It covers:

Robot pointing their finger on a computer screen in blue

For those outside the computing world, it feels as though AI (Artificial Intelligence) has suddenly appeared and having a huge impact on the rest of the world.  Artificial intelligence is intelligence demonstrated by computers, as opposed to human or animal intelligence.  'Intelligence' encompasses the ability to learn to reason, to generalise and to infer meaning. 

Freedom of Information text on a key on a white computer keyboard

The Information Commissioner's Office have recently put Leicester City Council forward as an FOI (Freedom of Information) best practice example. An FOI refers to a request under the Freedom of Information Act. The Act allows any individual or organisation to make a request to a public authority for information they have recorded. 

Cyber attack in red text on a computer screen

Surrey Police are investigating a fraud and computer misuse allegation at AQA, England's largest exam board which follows the recent data breach reported by Cambridgeshire Policy into a data breach with the exam boards at OCR and Pearson. Full article: AQA also hit by exam paper cyber attack.

Ransomware Vice Society in pink writing

This article was originally published in January 2023, but has been updated with some additional information, following further ransomware attacks on schools in the UK. Highly confidential documents from 14 schools in the UK have been leaked online by hackers.  The Vice Society has been behind a high-profile string of attacks on schools across the UK and the USA in recent months.

Photo of a laptop logged into the Data Protection Education Knowledge Bank, showing the Dashboard

If you are a group of organisations such as a multi academy trust and a member of the central team,  it can be useful to view all of the organisations/schools and the main organisation/trust details all at once in several of the Knowledge Bank pages to give an overview.  When your organisation are added into the Knowledge Bank, we will have tagged them all appropriately.

Be Cyber Aware in orange text on a blue computer with Data Protection Education Logo

This article is one in a series of articles about raising cyber awareness in an organisation.  We visit a number of organisations through our data walks and often discuss the use of USB sticks with staff and are told that they are not allowed.  Yet we will see them in use during the walk.  A verbal/written policy is not the same as prevention and detection.  This article will discuss methods for detection and why.

The word cyber insurance in blue on a computer screen with a finger pointing at it

This article is about cyber insurance in the public sector, particularly in relation to schools.  Cyber insurance is a special type of insurance intended to protect businesses from internet-based risks, and more generally risks relating to information technology infrastructure and activities.  It is also known as cyber liability insurance or cyber risk insurance. 

Cyber attack in red text on a computer screen with blue computer code

This article is an article about DDos attacks and is part of a series of articles about different types of cyber attacks. Denial-of-service (DoS) attacks are a type of cyber attack targeting a specific application or website with the goal of exhausting the target system’s resources, which, in turn, renders the target unreachable or inaccessible, denying legitimate users access to the service.

Cyber attack in red text on a computer screen with other random computer text

Manchester University was hit by a cyber attack last week, with the possibility that personal data was stolen by the attacker.  A statement was made on their website by Patrick Hackett, Registrar, Secretary and Chief Operating Officer:

"Regrettably, I have to share with you the news that the University is the victim of a cyber incident. It has been confirmed that some of our systems have been accessed by an unauthorised party and data have likely been copied. Our in-house ex

Cyber attack written in computer text on a computer in red

This article is about a recent cyber attack on Leytonstone School.  The school in Waltham Forest has been closed since half term after it was targeted and a significant amount of personal data was accessed.

The school is still closed to all pupils other than those taking their GCSEs because the school currently does not have a single central record (SCR), sometimes referred to as a single central register.  An SCR is a statutory requirement for all schools and academies in E

  1. The ICO Reprimands a school
  2. Be Cyber Aware: Firewalls
  3. Subject Access Requests (SARs)
  4. Be Cyber Aware: Cyber attacks and transparency. A no blame culture
  5. Cyber Attack: Dorchester School
  6. Knowledge Bank Role Types: Admin, Staff and Trustee
  7. Types of Cyber Attacks: Password Attacks
  8. Be Cyber Aware: Why regular software updates are important
  9. Cyber Security Breaches Survey 2023
  10. World Password Day - May 4th
  11. Cyber Attack: Wiltshire School
  12. Keeping your IT systems safe and secure
  13. Types of Cyber Attacks: DDoS Attacks
  14. Types of Cyber Attacks: Phishing
  15. Types of Cyber Attacks: The Insider Threat
  16. Why your data is profitable to cyber criminals
  17. Using WhatsApp in Schools
  18. The Changes to Data Protection in the UK
  19. Knowledge Bank Updates
  20. Types of malware and how they are linked to data protection
  21. Striking Data Breach
  22. Windows Server 2012 & 2012 R2 Retirement
  23. How to contact us for support, subject access requests, data breaches and FOI's
  24. YouTube breached child protection laws
  25. How a school fought back after a cyberattack
  26. Types of Cyber Attacks - Credential Stuffing
  27. January Cyber update - How Can Schools Help Prevent Cyber Attacks?
  28. End of Windows 8.1 Support
  29. Assigning courses to staff using to-dos
  30. How the Record of Processing Can Help You
  31. Information Security Basics: What are VPN's?
  32. What does a Data Protection Officer Do?
  33. Are you ready for a Data Breach?
  34. Blog: Best Practice on the Retention of Child Protection Information
  35. Carrying out Supplier Due Diligence
  36. Email and retention periods
  37. How Long Should You Keep Personal Data For?
  38. The Education sector now at highest risk of cyber attacks
  39. How to Assess your Data Security
  40. Schools Blocked from Using Facial Recognition Systems
  41. Sharing this year’s Nativity play online
  42. A quick introduction to the Phishing Simulation tool
  43. The Children's Code
  44. Recording vaccination of staff
  45. B&H FoI: Racist/religious incidents/bullying
  46. Cyber Attacks
  47. Protocol for Setting Up and Delivery of Online Teaching and Learning
  48. Class Dojo International Data Sharing
  49. Model Publication Scheme: Amendments, Improvements and Updates
  50. Child friendly privacy notices
  51. Transparency
  52. Parents and students covertly recording conversations
  53. SAR? ER? FOI?
  54. Secure file transfer of files using Royal Mail
  55. Emergency contacts and consent
  56. Key elements of a successful DPIA
  57. FOI Publication Schemes
  58. SHARE: Avoid disinformation online
  59. Best Practice for Managing Photos and Video
  60. New Drip Feeds: Recognise and Respond to Subject Access Request
  61. When to contact the Data Protection Officer?
  62. National child measurement programme
  63. Make sure DPE is your registered DPO with the ICO
  64. Compliance Manager released
  65. Headteacher fined for breach of data protection legislation
  66. Emails – good practice and minimising the risk of a data breach