October is Cyber Security Awareness Month!  And although we don't think that Cyber Security awareness is something to cover just once in the year,  we are dedicating this month to raising awareness about digital safety.

A cyber attack on nursery chain, Kido claims to have stolen photos, names and addresses of around 8,000 children.  The information includes parental details and carers and safeguarding notes.

The Cyber Assessment Framework (CAF) is cyber security guidance for organisations that play a vital role in the day-today life in the UK and organisations should look to it as guidelines for helping keep data safe.

Given the Public Sector Fraud Authority estimates that every year between £39.9 billion and £58.5 billion of taxpayer's money is subject to fraud and error, it's no wonder the UK Government has published some guidance about fraud awareness.

With the recent Data Use and Access Act, organisations must now be more precise than ever about how they handle data rights concerns; the complaints process for data rights is clarified and formalised. This article discusses best practice around which complaints process to use when you receive a complaint.

Joe Tidy, BBC's Cyber correspondent has published a blog about cyber crime in schools following the ICO issuing a warning about the 'worrying trend' of students hacking their own school and college IT systems for fun or as part of dares. We explore the situation and what you should do when it happens.

Parents of a school in Birmingham are concerned that a school has accidentally shared a spreadsheet which contained student names for children in Year 7 to Year 11 and parental contact details.

We've updated and added some new policies, including the Data Protection Policy, Model Redaction Guidelines, Data Rights Complaints Process, Freedom of Information Policy, SAR Procedure Template, SAR Response Template, Subject Access Request Clarification Template.  This article shows an amendments made to the documents.

The latest release of the "Keeping Children Safe in Education" guidance brings important updates for schools and colleges, including points relating to the rapidly evolving digital landscape.  Most of the changes in this year's guidance are technical.

We've published a new e-learning module for 2025 data protection training.

We'll be at the annual CST Conference at the ICC, Birmingham, October 16ht & 17th on stand A12.

The recent data breach involving Online SCR, an online provider of single central record (SCR) services, has put the personal data of education staff at risk.  The breach was a result of a cyber attack on a subcontractor.

As schools begin to welcome back students, staff and new joiners, the focus is on the new academic year: curriculum planning, safeguarding and operational logistics.  An equally critical and statutory area that demands attention is data protection and cyber security compliance.  Adhering to data protection law isn't just about avoiding fines; it's about protecting sensitive personal data of children, their families and staff.

The Murky Panda (also known as Silk Typhoon) is a cyber threat that has had significant activity since 2023 and has targeted government, technology, academic, legal and professional services. Currently there are reports of the threats only in North America, however, as the Murky Panda has previously targeted compromises in the cloud, it is assumed that they will easily transition to attacks further afield. The threat group is a China-nexus group

The ICO Accountability Framework is a crucial tool for any organisation handling personal data, providing a structured approach to data protection compliance. When applied to the Department for Education (DfE) Digital Standards, it becomes a powerful mechanism for schools and trusts to ensure their technology and data practices are not only efficient but also legally compliant and secure.

The DfE has published the report for their consultation: Narrowing the Digital Divide in Schools and Colleges, with the conclusion that schools can and want to meet the standards by 2030.

We often see a rise in the number of Subject Access Requests received by schools at the end of term or at the end of the academic year.  This article, therefore, covers guidance and support around subject access requests, how to recognise them and how to respond.

A secondary school in Cornwall close for two days due to a 'cyber incident'.

This podcast episode delves into the often-overlooked but crucial topic of records management within the school environment. It breaks down the lifecycle of a record from creation to disposal, highlighting the legal framework schools operate within, including the Data Protection Act 2018, UK GDPR, and the Freedom of Information Act 2000. The episode also explores the consequences of non-compliance, the importance of a robust Records Management Policy, and the specific considerations for handl

Join us for our latest podcast episode breaking down the key changes introduced by the UK's new Data (Use and Access) Act (DUAA), explaining its phased rollout and objectives.

It clarifies that the Act amends, rather than replaces, existing data protection laws like the UK GDPR and Data Protection Act 2018. The discussion covers the shift from the ICO to the Information Commission, the introduction of 'Recognised Legitimate Interests' as a lawful basis for processing data, refined

The UK's data governance is undergoing change with the Data (Use and Access) Act (DUAA) receiving Royal Ascent and passing onto the statue books on 19th June 2025. Though it is becoming law, additional guidance is yet to emerge on the detail - some of the Act's provisions need a commencement order to take effect, with the next one expected on October 1, 2025. However, some parts of the Act will come into force imme